?
Solved

Locked Desktops

Posted on 2011-03-20
2
Medium Priority
?
342 Views
Last Modified: 2012-05-11
Hi

We run Terminal Services with Citrix and most of our users have locked desktops and using a single locked desktop. The problem arises when something goes wrong its a noghtmare to fix. First off i can t get into the profile folder even tho im an administrator second for doing something simple like re creating a corrupt Outlook 2007 profile becasue the desktop is locked and there is no access to control panel i'm not sure how i can easily get that sorted with having to temp remove the user from the lock down group
Is there something im missing here? any wasy way to manage these users?
0
Comment
Question by:kingcastle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 8

Accepted Solution

by:
ActiveDirectoryman earned 1000 total points
ID: 35177172


Are you using  terminal services profiles or roaming profiles?

If you are using roaming profiles for the users administrators by default do not have access to newly created profiles.  You can change this by enabling the " Add the Administrators security group to the roaming user profile share" group policy.  
Please clarify in detail what your terminal server configuration is.
0
 
LVL 37

Assisted Solution

by:Carl Webster
Carl Webster earned 1000 total points
ID: 35177541
You need to deny the lockdown group policy from being applied to your admin.  On the GPO page, the last tab is Delegation IIRC.  Click the tab and then down in the bottom right corner, click that button.  Scroll down find your admins or add your admins and then find the setting Apply Group Policy and select the Deny box.  Now the policy will not apply to your admins (after the policy refreshes) and you can do what you need to do.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question