compdigit44
asked on
Windows 2003 Group Policy Problems
I'm having a crazy problem with Widnows 2003 group policy on my Winodws 2003 Citrix 4.5 server. Here is the deal. My Citrix server is in it's own OU/ I have followed the Microsoft KB article on how to apply Group Policies to a terminal server for secrity. Please note loop back processing in enabled. Here is the problem after I locked down everything from the Microsoft article I decided to take it one step further by removing access to the Control panel. via User Configuration. I logged off and logged in with my test user account and all was perfect the control panel was gone. After a couple of days I decided to remove the hide control panel setting. So I went into my Group Policy Management Console and set the control panel access to not configured. I ran gupdate /force on the server logged off and logged in again and the control panel was still missing. I have tried everything reboots, selecting the enforce check box no over ride nothing works. Yet, when I run the group policty result of policy wizard it shows that the control panel should be present. Yet for some resome the Citrix server will not display the control panel. Any thoughts on this?
Try setting it to disabled rather than not-configured.
ASKER
tried it didn't work.......
I've just tried it with an XP client and it worked fine. May be an issue with W2K3 - I'll try it with that and let you know.
ASKER
thanks
Works fine on W2K3 too.
ASKER
Ok then any idea what could be causing this not to work?
ASKER
Could the fact the server is running Citrix have anything to do with this?
As it's a user configuration issue I'm fairly certain that Citrix shouldn't affect the application of the Group Policy.
Check the setting in HKEY_CURRENT_USER\SOFTWARE \Windows\C urrentVers ion\Polici es\Explore r
NoControlPanel will be set to 1 if it is being enforced bu policy.
If it's not (eg. it's set to 0 or not there at all) then then policy update has been accepted but not refreshed. Try killing explorer through task manager and then start it again if needs be. Hopefully Control Panel will be back.
Check the setting in HKEY_CURRENT_USER\SOFTWARE
NoControlPanel will be set to 1 if it is being enforced bu policy.
If it's not (eg. it's set to 0 or not there at all) then then policy update has been accepted but not refreshed. Try killing explorer through task manager and then start it again if needs be. Hopefully Control Panel will be back.
ASKER
Noting for control panel is listed under this registry setting for admin because I'm blocking this GP from Domain and Enterprise Admins. how can I check this setting if I log in as a regular user if I removed the run menu from the start menu bar?
If the user is logged in you should be able to check for the key under HKEY_USERS whilst logged in as administrator on the Citrix server.
ASKER
Ok when I log in as a regular user via citrix then login to the server with my admin account and go the HKCU -> user GUID -> Software -> Policies -> Windows the only folders listed user this are System and Task Scheduler none of which reference the control panel....
You don't want to look at HKCU as that'll be the admin accounts hive. It's HKEY_USERS - they'll be listed by SID. You can look up which SID you're looking for under HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows NT\CurrentVersion\ProfileL ist. All you need to do is identify the users SID by the profileimagepath and then look in the relevant users profile hive.
Hope that makes sense.
Hope that makes sense.
ASKER
Sorry I ment to say HKUser before this is the key that I was referring to
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it worked!!!! thanks