Gain access to delete account from RSoP

I followed the advice but the security policy sertting options are greyed out so I can not add user/group or remove the user.  TSInternetUser is not showing in active directory but the other offending user is.  That offending user no longer exist on our domain.
cettechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kollenhCommented:
I'm not sure I completely understand your question but let me give it a shot:  You want to edit a domain policy to remove a user?  Is the policy adding a user to a local group on domain computers?  
Regardless of what you want to do, if you're unable to edit a domain policy, it is becuase you lack the proper permissions.  Are you logged in as a domain admin?  Or running the Group Policy Manager as a domain admin?  You are using the Group Policy Management console, right?  If not, go download it before you do anything else: http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
If you are running as a domain admin and still having problems, find the policy in question under "Group Policy Objects" in the GPMC and highlight it.  Then choose the 'Delegation' tab on the right and make sure that the account you're using has "Edit settings" effective permissions.  If not, add it provided you DO have "modify security" permissions.  If you have neither, see if an account listed does have permissions and try using that account and/or contacting that user for assistance.
If I've not cover what you're trying to achieve, please be more specific and I'll do what I can.
HTH
0
cettechAuthor Commented:
I was adding to comments to another problem that happen in which I am having the same problem... security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
I followed that advice but I'm unable to delete the user since it's greyed out.  Also after further investigation I see that all add accounts under foreign security principals are all just s-XXX icons
0
kollenhCommented:
Still a little unclear exactly what you're trying to do - add/remove accounts I understand but where, inside a policy?  On a policy?  Can you walk me through the steps you take to get to the point of seeing all the "XXX" icons?
0
cettechAuthor Commented:
Start -> Run -> RSoP.msc
the red X was on Allow log on locally.  Clicked on the properties of that setting and I found a user TSInternetUser listed that is not in my active Directory but the options are greyed out.
I then went into Active Directory Users and Groups, users, search for the TSInternetUser which is not listed.  I proceeded to click on the ForeignSecurityPrincipals only to find that all accounts are just s -XXX.  We had problems with our AD and I'm not sure what built in rights were listed and/or needed.
0
kollenhCommented:
Ok, I see.  You're not really looking at Group Policy with that but rather the resultant set of policies that have been applied.  If I run that on my computer, I get some VERY strange results back, too.
Go to Start --> Administrative Tools --> Group Policy Management.  If you don't have it, download and install it from the link I sent you earlier.  It simplifies GP management in a big way.
Then run 'gpresult' from the command line on your computer and see what policies are being applied.  Work your way through the list in the GPMC until you find the one that is adding that user.  It may be tedious but that should get you what you want.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.