Solved

Display properties on one workstation still blocked by group policies even though they are turned off.

Posted on 2008-10-17
12
910 Views
Last Modified: 2012-05-05
Hi experts,

Using SBS 2003 Standard R2 with seven clients running XP Pro. I had used the group policies found at:

Default Domain Policy --> User Configuration--> Administrative Templates --> Control Panel-->Display

I had enabled all of them except for the Screen Saver executable name. I did this after setting up all of the clients so that no users ould change their desktops, screensavers, etc.

When a user tried to right click and choose properties to get to Display Properties or go to Display Properties in the Control Panel, they would get an error message stating that the admin has not allowed this. Or, they would just see a whited out window.

I needed to add a new monitor and wanted to change the settings from 800 X 600 to the highest resolution. I changed all of the group policy settings so that all of them were not configured.

After each client was logged off and back on, they could all access the Display Properties window. But, for some reason and unfortunately, the only computer which could not was the one with the new monitor. Given that it was a new monitor with a new driver, it was set at the default 800 X 600 setting and, thus, the icons and application were huge.

Luckily, I finally noticed when right clicking on the desktop to get to Properites that nVidia's setting could be accessed from the dropdown menu. I was then able to change the resolution to the correct settings.

But, I sitll cannot access the Display Properties window. Again, I can see it, but it is basically "whited out." It is kind of a mute point since I am going to lock down the users' abilities to change the desktop and screen savers again, but I am curious as to why it is doing this, and I may need to change a different setting down the road.

I should say I have also tried rebooting the server and the particular workstation.

Thanks in advance.
0
Comment
Question by:Bert2005
  • 6
  • 3
  • 3
12 Comments
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
Comment Utility
Hello Bert2005,
    *Start>Run>rsop.msc
    *Let the computer collect the settings applied by GPOs. When done, locate "Default Domain Policy --> User Configuration--> Administrative Templates --> Control Panel-->Display" section and see if this computer gets this polcy setting, if yes, run "gpupdate /force", if not, most probably the user currently looged on that gets whited out tabs does not have administrative rights on local computer. Try logging in with a domain admin account, or join current user to administrators group on local computer.

Regards
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Hi MrHusy,

Thanks for the comment. I ran the rsop.msc command, which brought up a window called Resultant Set of Policy on the client computer. Under User Configuration (FYI both my username on Room202 - RSoP and User Configuration had red circles with X's in the middle on top of the icons under the Console Root folder.

Browsing to the Display section, all of the following settings are shown and are enabled and a grayed out:

Hide Desktop tab
Prevent changing wallpaper
Hide Appearance and Themes tab
Hide Settings tab
Hide Screen Saver tab
Password protect the screen saver
Screen Saver timeout

On this particular computer, while multiple users who are domain users only log into the other workstations, I am the ONLY one who uses this computer. I am both a local administrator on this computer as well as a domain admin.
0
 
LVL 5

Expert Comment

by:talkinsmak
Comment Utility
Try removing it from the domain then rejoin it. You could make the changes while it is off the domain but that should not be necessary.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
Comment Utility
"had red circles with X's in the middle " that indicates GPOs do not apply to this computer successfully. Right-click local are network>Repairing the NIC, then running gpupdate /force may resolve the issue. Also make sure this computer points do domain controller as preferred DNS server in TCP/IP properties. If no joy, removing&rejoining the client should correct the issue
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Hi talkinsmak

Well, I tried everything MrHusy suggested. I think removing and reconnecting to the domain would probably work. Easy enough, but then the display is working. I wonder if I should just let it be. Frustrating that I could lock everyone down and yet I am still the only one not working correctly. Of course, I would still not be able to do anything if I shut it down due to group policy?

Why does the window come up on PCs when GP is in effect as a whiteout rather than just an error message that states the administrator has not allowed this?
0
 
LVL 5

Assisted Solution

by:talkinsmak
talkinsmak earned 100 total points
Comment Utility
I am guessing something was corrupted on the pc.  Somethings are not worth fighting about.  I am pretty sure that the fast repair would have been to remove then add back to the domain.  I have a team of 5 in our desktop group.  Together they service 1500+ clients plus associated peripherals.  These guys have to be efficient or they will get buried.

Although our nature tells us to figure it out (remember taking apart the toaster as a kid?), some times the most efficient way to resolve the problem is to admit defeat early and show the machine who is really boss by either a reimage or a remove from the domain.

Hope it all works out for you.

John
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:Bert2005
Comment Utility
OK, I admitted defeat. Removed from domain then added back. It added flawlessly. But, it still doesn't allow the Display Settings to appear. Very strange. I guess I should stick with toasters, lol.

0
 
LVL 5

Expert Comment

by:talkinsmak
Comment Utility
OK, lets get basic here.

Did you have to install a driver for this new monitor or did you just accept the plug and play detection?

Do all the users have the same display adapter? The same exact computer?  Have you tried putting the new monitor on another system?

Did you see if the problem exists while off the domain?

Let me know.  We'll get you through this.
John
0
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 400 total points
Comment Utility
Bert2005,
   I am assuming you are still geting the rsop as grayed out. I suggest you to create a new profile. Restart the computer, log on to local machine instead domain with an admin account other than yours, then rename the profile folder in documents and settings to somethng else. In next logon, a new profile will be created. Als1 run gpresult and see if domain policy is somehow filtered out or not.

Regards
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
John,

Thanks for hanging with me. Had to install a new driver for the new monitor (Samsung). All the PCs use an nVidia card (same one). Basically the exact same computer -- actually all ordered to the same exact specs, memory, processor, etc. I haven't tried putting the new monitor on another system.

Good question while off the domain. Can I just log in to a local account. I would hate to reconnect to the domain again. Not a huge deal reconnecting, but I then have to reinstall Trend Micro from the server (again not a big deal, but...)

MrHusy,

Yes, still getting rsop grayed out. I will try those things. Let you know.
0
 
LVL 1

Author Closing Comment

by:Bert2005
Comment Utility
I apologize for splitting the points when one answer may have been the one that helped the most. It is in my nature to say thanks and reward those who have been helpful. I hope this doesn't affect anyone's overall standing with EE. Thanks.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Changed the profile and everything is good. Thanks guys.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now