Solved

Computer Policy Object won't stay set.

Posted on 2011-03-04
8
827 Views
Last Modified: 2012-05-11
W2K8 Std server, Remote Desktop role added. There are three levels of connections, 1) Don't allow, 2) Allow Connections for computers running any version .. and 3) Allow connections with Network Level Authentication (more secure).  My server defaults to the NLA.  I don't want this level as it prohibits my primary users from remoting into their application server.  The server defaults to NLA because of a local group policy.  Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security.  The last setting is: Require user authentication for remote connections by using Network Level Authentication.  If I Disable or Not configure this setting, upon server reboot, it's enabled.  This prohibits my users from accessing the desktop of the server.  This server has 5 network GPO's applied to it, all of those GPO's has this setting as Not configured.  I don't know where, upon server restart, this setting is enabled from.  Putting a hack on a client PC is not a fix for us.  We have 4 other servers in this OU all setup by the same person this is not an issue on any of the other 4 servers.  
This particular Local Computer Policy will not hold the setting I choose.

Thanks Experts
0
Comment
Question by:PrincessTours
  • 4
  • 4
8 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 35047787
Is this server a DC?  If it is, check the Default Domain Controller Policy.

You can always run GPRESULT /v on that server and output it to a text file.  The text file should contain all the policies that applied to it and what settings can from where.
0
 

Author Comment

by:PrincessTours
ID: 35057609
Thanks Netman66,
Nope not a DC, simple member server.  I will run GPRESULT and see what I get.
0
 

Author Comment

by:PrincessTours
ID: 35058429
Ran GPRESULT no Remote Desktop Settings.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 35059076
What if you disable it in a network GPO?

0
 
LVL 51

Expert Comment

by:Netman66
ID: 35059153
Have you also attemted to set this from the right-click context menu on My Computer>Remote tab?
0
 

Author Comment

by:PrincessTours
ID: 35072436
I have set the Network GPO to disabled.  I will let that replication go through then test.  Also when the GPO is in effect my options are not available from the Remote tab...that is usually where I see that the GPO is in effect.  I can't make any changes. :(

Thanks Netman66 I will let you know the result.
0
 

Author Closing Comment

by:PrincessTours
ID: 35089528
Tough one.  It's a MSFT thing.  Funny how disabling enables when Not Configured is supposed to do the same thing.  All 500 points Netman66.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 35090288
Actually, registry settings don't revert when simply placed back into Not Defined, you have to "toggle" it to the opposite, let it apply and then set to Not Defined.  Had I realized that is what was happening based on your explanation I would have offered that up first.

Glad to help.

Thanks!
NM
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
windows 10 versions 3 33
Suggestions on remote printing. 3 29
Whitelisting applications 2 20
Non admin needs to install programs 17 29
Here are the five steps I suggest to every sysadmin to fix the fall-out from a security breach.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question