Solved

Using Group Policy Results Wizard for different domain

Posted on 2009-05-12
3
255 Views
Last Modified: 2012-05-06
Hi AD Experts :)

My setup is a bit strange and as below:

Forest root: domain.com
Domains: Toronto.domain.com, Washington.domain.com, LosAngeles.domain.com

I am a domain admin for Toronto.domain.com only.

There is a server in the Washington domain named Server1.washington.domain.com, and a user in our domain Toronto\User1.

User1 wants to carry out some work on Server1, but wants to ensure that he has full permissions. He is a local Admin on Server1, but is worried that there maybe GPO's that would prevent him doing any work (such as shutting down etc).

I tried to run GP Results Wizard on Server1, but I receive an error saying that I do not have enough permissions. What can I do here to get a GP result type thing to show what GPO's, if any, will be blocking what actions?

Our Forest level is Windows 2003, and Server1 is Windows 2003 Server too.
0
Comment
Question by:Joe_Budden
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
BryanMI earned 500 total points
Comment Utility
He should be able to run the resultant set of policy under his account for his username on that server.  You probably won't be able to do it as you don't have permission on that server.

Get him to login and walk him through running this to see what's going on.
0
 
LVL 1

Author Comment

by:Joe_Budden
Comment Utility
Hi Bryan,

So I need to install GPMC on Server1? How would I run resultant set of policy on the server?

Thanks!
0
 
LVL 5

Expert Comment

by:BryanMI
Comment Utility
If your user has the GPMC on his desktop, or you have it on your desktop and can get him to do a runas or logon to your desktop, you can do it from there.  You can put in the server name instead of using the local computer in the RSOP wizard, to get results for another machine.  In this case, you could enter your server name and get the policy results.

The big thing here is that it has to run under the account of the user who does have that admin access to server1.  Technically, it can run from anywhere as long as he is the one to run it.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now