Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Computer Policy Object won't stay set.

Posted on 2011-03-04
8
829 Views
Last Modified: 2012-05-11
W2K8 Std server, Remote Desktop role added. There are three levels of connections, 1) Don't allow, 2) Allow Connections for computers running any version .. and 3) Allow connections with Network Level Authentication (more secure).  My server defaults to the NLA.  I don't want this level as it prohibits my primary users from remoting into their application server.  The server defaults to NLA because of a local group policy.  Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security.  The last setting is: Require user authentication for remote connections by using Network Level Authentication.  If I Disable or Not configure this setting, upon server reboot, it's enabled.  This prohibits my users from accessing the desktop of the server.  This server has 5 network GPO's applied to it, all of those GPO's has this setting as Not configured.  I don't know where, upon server restart, this setting is enabled from.  Putting a hack on a client PC is not a fix for us.  We have 4 other servers in this OU all setup by the same person this is not an issue on any of the other 4 servers.  
This particular Local Computer Policy will not hold the setting I choose.

Thanks Experts
0
Comment
Question by:PrincessTours
  • 4
  • 4
8 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 35047787
Is this server a DC?  If it is, check the Default Domain Controller Policy.

You can always run GPRESULT /v on that server and output it to a text file.  The text file should contain all the policies that applied to it and what settings can from where.
0
 

Author Comment

by:PrincessTours
ID: 35057609
Thanks Netman66,
Nope not a DC, simple member server.  I will run GPRESULT and see what I get.
0
 

Author Comment

by:PrincessTours
ID: 35058429
Ran GPRESULT no Remote Desktop Settings.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 35059076
What if you disable it in a network GPO?

0
 
LVL 51

Expert Comment

by:Netman66
ID: 35059153
Have you also attemted to set this from the right-click context menu on My Computer>Remote tab?
0
 

Author Comment

by:PrincessTours
ID: 35072436
I have set the Network GPO to disabled.  I will let that replication go through then test.  Also when the GPO is in effect my options are not available from the Remote tab...that is usually where I see that the GPO is in effect.  I can't make any changes. :(

Thanks Netman66 I will let you know the result.
0
 

Author Closing Comment

by:PrincessTours
ID: 35089528
Tough one.  It's a MSFT thing.  Funny how disabling enables when Not Configured is supposed to do the same thing.  All 500 points Netman66.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 35090288
Actually, registry settings don't revert when simply placed back into Not Defined, you have to "toggle" it to the opposite, let it apply and then set to Not Defined.  Had I realized that is what was happening based on your explanation I would have offered that up first.

Glad to help.

Thanks!
NM
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question