Solved

Computer Policy Object won't stay set.

Posted on 2011-03-04
8
824 Views
Last Modified: 2012-05-11
W2K8 Std server, Remote Desktop role added. There are three levels of connections, 1) Don't allow, 2) Allow Connections for computers running any version .. and 3) Allow connections with Network Level Authentication (more secure).  My server defaults to the NLA.  I don't want this level as it prohibits my primary users from remoting into their application server.  The server defaults to NLA because of a local group policy.  Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security.  The last setting is: Require user authentication for remote connections by using Network Level Authentication.  If I Disable or Not configure this setting, upon server reboot, it's enabled.  This prohibits my users from accessing the desktop of the server.  This server has 5 network GPO's applied to it, all of those GPO's has this setting as Not configured.  I don't know where, upon server restart, this setting is enabled from.  Putting a hack on a client PC is not a fix for us.  We have 4 other servers in this OU all setup by the same person this is not an issue on any of the other 4 servers.  
This particular Local Computer Policy will not hold the setting I choose.

Thanks Experts
0
Comment
Question by:PrincessTours
  • 4
  • 4
8 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 35047787
Is this server a DC?  If it is, check the Default Domain Controller Policy.

You can always run GPRESULT /v on that server and output it to a text file.  The text file should contain all the policies that applied to it and what settings can from where.
0
 

Author Comment

by:PrincessTours
ID: 35057609
Thanks Netman66,
Nope not a DC, simple member server.  I will run GPRESULT and see what I get.
0
 

Author Comment

by:PrincessTours
ID: 35058429
Ran GPRESULT no Remote Desktop Settings.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 35059076
What if you disable it in a network GPO?

0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 51

Expert Comment

by:Netman66
ID: 35059153
Have you also attemted to set this from the right-click context menu on My Computer>Remote tab?
0
 

Author Comment

by:PrincessTours
ID: 35072436
I have set the Network GPO to disabled.  I will let that replication go through then test.  Also when the GPO is in effect my options are not available from the Remote tab...that is usually where I see that the GPO is in effect.  I can't make any changes. :(

Thanks Netman66 I will let you know the result.
0
 

Author Closing Comment

by:PrincessTours
ID: 35089528
Tough one.  It's a MSFT thing.  Funny how disabling enables when Not Configured is supposed to do the same thing.  All 500 points Netman66.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 35090288
Actually, registry settings don't revert when simply placed back into Not Defined, you have to "toggle" it to the opposite, let it apply and then set to Not Defined.  Had I realized that is what was happening based on your explanation I would have offered that up first.

Glad to help.

Thanks!
NM
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Three simple tips to quickly and efficiently back up and protect the contents of your PC and Mac®.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now