Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 921
  • Last Modified:

Display properties on one workstation still blocked by group policies even though they are turned off.

Hi experts,

Using SBS 2003 Standard R2 with seven clients running XP Pro. I had used the group policies found at:

Default Domain Policy --> User Configuration--> Administrative Templates --> Control Panel-->Display

I had enabled all of them except for the Screen Saver executable name. I did this after setting up all of the clients so that no users ould change their desktops, screensavers, etc.

When a user tried to right click and choose properties to get to Display Properties or go to Display Properties in the Control Panel, they would get an error message stating that the admin has not allowed this. Or, they would just see a whited out window.

I needed to add a new monitor and wanted to change the settings from 800 X 600 to the highest resolution. I changed all of the group policy settings so that all of them were not configured.

After each client was logged off and back on, they could all access the Display Properties window. But, for some reason and unfortunately, the only computer which could not was the one with the new monitor. Given that it was a new monitor with a new driver, it was set at the default 800 X 600 setting and, thus, the icons and application were huge.

Luckily, I finally noticed when right clicking on the desktop to get to Properites that nVidia's setting could be accessed from the dropdown menu. I was then able to change the resolution to the correct settings.

But, I sitll cannot access the Display Properties window. Again, I can see it, but it is basically "whited out." It is kind of a mute point since I am going to lock down the users' abilities to change the desktop and screen savers again, but I am curious as to why it is doing this, and I may need to change a different setting down the road.

I should say I have also tried rebooting the server and the particular workstation.

Thanks in advance.
0
Bert2005
Asked:
Bert2005
  • 6
  • 3
  • 3
2 Solutions
 
Alan Huseyin KayahanCommented:
Hello Bert2005,
    *Start>Run>rsop.msc
    *Let the computer collect the settings applied by GPOs. When done, locate "Default Domain Policy --> User Configuration--> Administrative Templates --> Control Panel-->Display" section and see if this computer gets this polcy setting, if yes, run "gpupdate /force", if not, most probably the user currently looged on that gets whited out tabs does not have administrative rights on local computer. Try logging in with a domain admin account, or join current user to administrators group on local computer.

Regards
0
 
Bert2005Author Commented:
Hi MrHusy,

Thanks for the comment. I ran the rsop.msc command, which brought up a window called Resultant Set of Policy on the client computer. Under User Configuration (FYI both my username on Room202 - RSoP and User Configuration had red circles with X's in the middle on top of the icons under the Console Root folder.

Browsing to the Display section, all of the following settings are shown and are enabled and a grayed out:

Hide Desktop tab
Prevent changing wallpaper
Hide Appearance and Themes tab
Hide Settings tab
Hide Screen Saver tab
Password protect the screen saver
Screen Saver timeout

On this particular computer, while multiple users who are domain users only log into the other workstations, I am the ONLY one who uses this computer. I am both a local administrator on this computer as well as a domain admin.
0
 
talkinsmakCommented:
Try removing it from the domain then rejoin it. You could make the changes while it is off the domain but that should not be necessary.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Alan Huseyin KayahanCommented:
"had red circles with X's in the middle " that indicates GPOs do not apply to this computer successfully. Right-click local are network>Repairing the NIC, then running gpupdate /force may resolve the issue. Also make sure this computer points do domain controller as preferred DNS server in TCP/IP properties. If no joy, removing&rejoining the client should correct the issue
0
 
Bert2005Author Commented:
Hi talkinsmak

Well, I tried everything MrHusy suggested. I think removing and reconnecting to the domain would probably work. Easy enough, but then the display is working. I wonder if I should just let it be. Frustrating that I could lock everyone down and yet I am still the only one not working correctly. Of course, I would still not be able to do anything if I shut it down due to group policy?

Why does the window come up on PCs when GP is in effect as a whiteout rather than just an error message that states the administrator has not allowed this?
0
 
talkinsmakCommented:
I am guessing something was corrupted on the pc.  Somethings are not worth fighting about.  I am pretty sure that the fast repair would have been to remove then add back to the domain.  I have a team of 5 in our desktop group.  Together they service 1500+ clients plus associated peripherals.  These guys have to be efficient or they will get buried.

Although our nature tells us to figure it out (remember taking apart the toaster as a kid?), some times the most efficient way to resolve the problem is to admit defeat early and show the machine who is really boss by either a reimage or a remove from the domain.

Hope it all works out for you.

John
0
 
Bert2005Author Commented:
OK, I admitted defeat. Removed from domain then added back. It added flawlessly. But, it still doesn't allow the Display Settings to appear. Very strange. I guess I should stick with toasters, lol.

0
 
talkinsmakCommented:
OK, lets get basic here.

Did you have to install a driver for this new monitor or did you just accept the plug and play detection?

Do all the users have the same display adapter? The same exact computer?  Have you tried putting the new monitor on another system?

Did you see if the problem exists while off the domain?

Let me know.  We'll get you through this.
John
0
 
Alan Huseyin KayahanCommented:
Bert2005,
   I am assuming you are still geting the rsop as grayed out. I suggest you to create a new profile. Restart the computer, log on to local machine instead domain with an admin account other than yours, then rename the profile folder in documents and settings to somethng else. In next logon, a new profile will be created. Als1 run gpresult and see if domain policy is somehow filtered out or not.

Regards
0
 
Bert2005Author Commented:
John,

Thanks for hanging with me. Had to install a new driver for the new monitor (Samsung). All the PCs use an nVidia card (same one). Basically the exact same computer -- actually all ordered to the same exact specs, memory, processor, etc. I haven't tried putting the new monitor on another system.

Good question while off the domain. Can I just log in to a local account. I would hate to reconnect to the domain again. Not a huge deal reconnecting, but I then have to reinstall Trend Micro from the server (again not a big deal, but...)

MrHusy,

Yes, still getting rsop grayed out. I will try those things. Let you know.
0
 
Bert2005Author Commented:
I apologize for splitting the points when one answer may have been the one that helped the most. It is in my nature to say thanks and reward those who have been helpful. I hope this doesn't affect anyone's overall standing with EE. Thanks.
0
 
Bert2005Author Commented:
Changed the profile and everything is good. Thanks guys.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

  • 6
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now