[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Windows 2003 Group Policy Problems

Posted on 2007-12-03
15
Medium Priority
?
232 Views
Last Modified: 2010-03-17
I'm having a crazy problem with Widnows 2003 group policy on my Winodws 2003 Citrix 4.5 server. Here is the deal. My Citrix server is in it's own OU/ I have followed the Microsoft KB article on how to apply Group Policies to a terminal server for secrity. Please note loop back processing in enabled. Here is the problem after I locked down everything from the Microsoft article I decided to take it one step further by removing access to the Control panel. via User Configuration. I logged off and logged in with my test user account and all was perfect the control panel was gone. After a couple of days I decided to remove the hide control panel setting. So I went into my Group Policy Management Console and set the control panel access to not configured. I ran gupdate /force on the server logged off and logged in again and the control panel was  still missing. I have tried everything reboots, selecting the enforce check box  no over ride nothing works. Yet, when I run the group policty result of policy wizard it shows that the control panel should be present. Yet for some resome the Citrix server will not display the control panel. Any thoughts on this?
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
15 Comments
 
LVL 6

Expert Comment

by:Spot_The_Cat
ID: 20395253
Try setting it to disabled rather than not-configured.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 20395305
tried it didn't work.......
0
 
LVL 6

Expert Comment

by:Spot_The_Cat
ID: 20395506
I've just tried it with an XP client and it worked fine. May be an issue with W2K3 - I'll try it with that and let you know.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 20

Author Comment

by:compdigit44
ID: 20395515
thanks
0
 
LVL 6

Expert Comment

by:Spot_The_Cat
ID: 20395526
Works fine on W2K3 too.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 20395539
Ok then any idea what could be causing this not to work?
0
 
LVL 20

Author Comment

by:compdigit44
ID: 20395628
Could the fact the server is running Citrix have anything to do with this?
0
 
LVL 6

Expert Comment

by:Spot_The_Cat
ID: 20395876
As it's a user configuration issue I'm fairly certain that Citrix shouldn't affect the application of the Group Policy.

Check the setting in HKEY_CURRENT_USER\SOFTWARE\Windows\CurrentVersion\Policies\Explorer

NoControlPanel will be set to 1 if it is being enforced bu policy.

If it's not (eg. it's set to 0 or not there at all) then then policy update has been accepted but not refreshed.  Try killing explorer through task manager and then start it again if needs be. Hopefully Control Panel will be back.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 20395938
Noting for control panel is listed under this registry setting for admin because I'm blocking this GP from Domain and Enterprise Admins. how can I check this setting if I log in as a regular user if I removed the run menu from the start menu bar?
0
 
LVL 6

Expert Comment

by:Spot_The_Cat
ID: 20396162
If the user is logged in you should be able to check for the key under HKEY_USERS whilst logged in as administrator on the Citrix server.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 20396265
Ok when I log in as a regular user via citrix then login to the server with my admin account and go the HKCU -> user GUID -> Software -> Policies -> Windows the only folders listed user this are System and Task Scheduler none of which reference the control panel....
0
 
LVL 6

Expert Comment

by:Spot_The_Cat
ID: 20396303
You don't want to look at HKCU as that'll be the admin accounts hive. It's HKEY_USERS - they'll be listed by SID. You can look up which SID you're looking for under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. All you need to do is identify the users SID by the profileimagepath and then look in the relevant users profile hive.

Hope that makes sense.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 20396325
Sorry I ment to say HKUser before this is the key that I was referring to
0
 
LVL 6

Accepted Solution

by:
Spot_The_Cat earned 2000 total points
ID: 20396946
Therefore the policy setting has been updated.

There should be something for "Start Menu & Taskbar" as you said that you'd removed run from the start menu. Check that 'Disable programs on Settings Menu' isn't checked that will remove Control panel among other things. If it's not that ->

What happens with a reboot? This should cause all copies of Explorer to be removed from memory and therefore you should be certain that the new policy has been refreshed.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 20399941
it worked!!!! thanks
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question