Solved

Computer Policy Object won't stay set.

Posted on 2011-03-04
8
833 Views
Last Modified: 2012-05-11
W2K8 Std server, Remote Desktop role added. There are three levels of connections, 1) Don't allow, 2) Allow Connections for computers running any version .. and 3) Allow connections with Network Level Authentication (more secure).  My server defaults to the NLA.  I don't want this level as it prohibits my primary users from remoting into their application server.  The server defaults to NLA because of a local group policy.  Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security.  The last setting is: Require user authentication for remote connections by using Network Level Authentication.  If I Disable or Not configure this setting, upon server reboot, it's enabled.  This prohibits my users from accessing the desktop of the server.  This server has 5 network GPO's applied to it, all of those GPO's has this setting as Not configured.  I don't know where, upon server restart, this setting is enabled from.  Putting a hack on a client PC is not a fix for us.  We have 4 other servers in this OU all setup by the same person this is not an issue on any of the other 4 servers.  
This particular Local Computer Policy will not hold the setting I choose.

Thanks Experts
0
Comment
Question by:PrincessTours
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 35047787
Is this server a DC?  If it is, check the Default Domain Controller Policy.

You can always run GPRESULT /v on that server and output it to a text file.  The text file should contain all the policies that applied to it and what settings can from where.
0
 

Author Comment

by:PrincessTours
ID: 35057609
Thanks Netman66,
Nope not a DC, simple member server.  I will run GPRESULT and see what I get.
0
 

Author Comment

by:PrincessTours
ID: 35058429
Ran GPRESULT no Remote Desktop Settings.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 35059076
What if you disable it in a network GPO?

0
 
LVL 51

Expert Comment

by:Netman66
ID: 35059153
Have you also attemted to set this from the right-click context menu on My Computer>Remote tab?
0
 

Author Comment

by:PrincessTours
ID: 35072436
I have set the Network GPO to disabled.  I will let that replication go through then test.  Also when the GPO is in effect my options are not available from the Remote tab...that is usually where I see that the GPO is in effect.  I can't make any changes. :(

Thanks Netman66 I will let you know the result.
0
 

Author Closing Comment

by:PrincessTours
ID: 35089528
Tough one.  It's a MSFT thing.  Funny how disabling enables when Not Configured is supposed to do the same thing.  All 500 points Netman66.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 35090288
Actually, registry settings don't revert when simply placed back into Not Defined, you have to "toggle" it to the opposite, let it apply and then set to Not Defined.  Had I realized that is what was happening based on your explanation I would have offered that up first.

Glad to help.

Thanks!
NM
0

Featured Post

To Patch or not to Patch? That is the question!

Don't get caught out like thousands of others around the world in the recent Ransomware Fiasco!
Discuss..
- Why it's not a good idea to wait before Patching
- Sensible approaches to Patching discussed
- Add your feedback, comments and suggestions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question