We help IT Professionals succeed at work.

Gain access to delete account from RSoP

756 Views
Last Modified: 2012-06-27
I followed the advice but the security policy sertting options are greyed out so I can not add user/group or remove the user.  TSInternetUser is not showing in active directory but the other offending user is.  That offending user no longer exist on our domain.
Comment
Watch Question

Commented:
I'm not sure I completely understand your question but let me give it a shot:  You want to edit a domain policy to remove a user?  Is the policy adding a user to a local group on domain computers?  
Regardless of what you want to do, if you're unable to edit a domain policy, it is becuase you lack the proper permissions.  Are you logged in as a domain admin?  Or running the Group Policy Manager as a domain admin?  You are using the Group Policy Management console, right?  If not, go download it before you do anything else: http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
If you are running as a domain admin and still having problems, find the policy in question under "Group Policy Objects" in the GPMC and highlight it.  Then choose the 'Delegation' tab on the right and make sure that the account you're using has "Edit settings" effective permissions.  If not, add it provided you DO have "modify security" permissions.  If you have neither, see if an account listed does have permissions and try using that account and/or contacting that user for assistance.
If I've not cover what you're trying to achieve, please be more specific and I'll do what I can.
HTH

Author

Commented:
I was adding to comments to another problem that happen in which I am having the same problem... security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
I followed that advice but I'm unable to delete the user since it's greyed out.  Also after further investigation I see that all add accounts under foreign security principals are all just s-XXX icons

Commented:
Still a little unclear exactly what you're trying to do - add/remove accounts I understand but where, inside a policy?  On a policy?  Can you walk me through the steps you take to get to the point of seeing all the "XXX" icons?

Author

Commented:
Start -> Run -> RSoP.msc
the red X was on Allow log on locally.  Clicked on the properties of that setting and I found a user TSInternetUser listed that is not in my active Directory but the options are greyed out.
I then went into Active Directory Users and Groups, users, search for the TSInternetUser which is not listed.  I proceeded to click on the ForeignSecurityPrincipals only to find that all accounts are just s -XXX.  We had problems with our AD and I'm not sure what built in rights were listed and/or needed.
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.