?
Solved

Computer Policy Object won't stay set.

Posted on 2011-03-04
8
Medium Priority
?
837 Views
Last Modified: 2012-05-11
W2K8 Std server, Remote Desktop role added. There are three levels of connections, 1) Don't allow, 2) Allow Connections for computers running any version .. and 3) Allow connections with Network Level Authentication (more secure).  My server defaults to the NLA.  I don't want this level as it prohibits my primary users from remoting into their application server.  The server defaults to NLA because of a local group policy.  Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security.  The last setting is: Require user authentication for remote connections by using Network Level Authentication.  If I Disable or Not configure this setting, upon server reboot, it's enabled.  This prohibits my users from accessing the desktop of the server.  This server has 5 network GPO's applied to it, all of those GPO's has this setting as Not configured.  I don't know where, upon server restart, this setting is enabled from.  Putting a hack on a client PC is not a fix for us.  We have 4 other servers in this OU all setup by the same person this is not an issue on any of the other 4 servers.  
This particular Local Computer Policy will not hold the setting I choose.

Thanks Experts
0
Comment
Question by:PrincessTours
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 35047787
Is this server a DC?  If it is, check the Default Domain Controller Policy.

You can always run GPRESULT /v on that server and output it to a text file.  The text file should contain all the policies that applied to it and what settings can from where.
0
 

Author Comment

by:PrincessTours
ID: 35057609
Thanks Netman66,
Nope not a DC, simple member server.  I will run GPRESULT and see what I get.
0
 

Author Comment

by:PrincessTours
ID: 35058429
Ran GPRESULT no Remote Desktop Settings.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 51

Accepted Solution

by:
Netman66 earned 1500 total points
ID: 35059076
What if you disable it in a network GPO?

0
 
LVL 51

Expert Comment

by:Netman66
ID: 35059153
Have you also attemted to set this from the right-click context menu on My Computer>Remote tab?
0
 

Author Comment

by:PrincessTours
ID: 35072436
I have set the Network GPO to disabled.  I will let that replication go through then test.  Also when the GPO is in effect my options are not available from the Remote tab...that is usually where I see that the GPO is in effect.  I can't make any changes. :(

Thanks Netman66 I will let you know the result.
0
 

Author Closing Comment

by:PrincessTours
ID: 35089528
Tough one.  It's a MSFT thing.  Funny how disabling enables when Not Configured is supposed to do the same thing.  All 500 points Netman66.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 35090288
Actually, registry settings don't revert when simply placed back into Not Defined, you have to "toggle" it to the opposite, let it apply and then set to Not Defined.  Had I realized that is what was happening based on your explanation I would have offered that up first.

Glad to help.

Thanks!
NM
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question