Solved

Gain access to delete account from RSoP

Posted on 2009-03-30
5
646 Views
Last Modified: 2012-06-27
I followed the advice but the security policy sertting options are greyed out so I can not add user/group or remove the user.  TSInternetUser is not showing in active directory but the other offending user is.  That offending user no longer exist on our domain.
0
Comment
Question by:cettech
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:kollenh
ID: 24022164
I'm not sure I completely understand your question but let me give it a shot:  You want to edit a domain policy to remove a user?  Is the policy adding a user to a local group on domain computers?  
Regardless of what you want to do, if you're unable to edit a domain policy, it is becuase you lack the proper permissions.  Are you logged in as a domain admin?  Or running the Group Policy Manager as a domain admin?  You are using the Group Policy Management console, right?  If not, go download it before you do anything else: http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
If you are running as a domain admin and still having problems, find the policy in question under "Group Policy Objects" in the GPMC and highlight it.  Then choose the 'Delegation' tab on the right and make sure that the account you're using has "Edit settings" effective permissions.  If not, add it provided you DO have "modify security" permissions.  If you have neither, see if an account listed does have permissions and try using that account and/or contacting that user for assistance.
If I've not cover what you're trying to achieve, please be more specific and I'll do what I can.
HTH
0
 

Author Comment

by:cettech
ID: 24022368
I was adding to comments to another problem that happen in which I am having the same problem... security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
I followed that advice but I'm unable to delete the user since it's greyed out.  Also after further investigation I see that all add accounts under foreign security principals are all just s-XXX icons
0
 
LVL 5

Expert Comment

by:kollenh
ID: 24022603
Still a little unclear exactly what you're trying to do - add/remove accounts I understand but where, inside a policy?  On a policy?  Can you walk me through the steps you take to get to the point of seeing all the "XXX" icons?
0
 

Author Comment

by:cettech
ID: 24022732
Start -> Run -> RSoP.msc
the red X was on Allow log on locally.  Clicked on the properties of that setting and I found a user TSInternetUser listed that is not in my active Directory but the options are greyed out.
I then went into Active Directory Users and Groups, users, search for the TSInternetUser which is not listed.  I proceeded to click on the ForeignSecurityPrincipals only to find that all accounts are just s -XXX.  We had problems with our AD and I'm not sure what built in rights were listed and/or needed.
0
 
LVL 5

Accepted Solution

by:
kollenh earned 500 total points
ID: 24022812
Ok, I see.  You're not really looking at Group Policy with that but rather the resultant set of policies that have been applied.  If I run that on my computer, I get some VERY strange results back, too.
Go to Start --> Administrative Tools --> Group Policy Management.  If you don't have it, download and install it from the link I sent you earlier.  It simplifies GP management in a big way.
Then run 'gpresult' from the command line on your computer and see what policies are being applied.  Work your way through the list in the GPMC until you find the one that is adding that user.  It may be tedious but that should get you what you want.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now