Solved

How can I turn off the restrictions that prevent logged on users from accessing things such as Control Panel on a Server 2003 server?

Posted on 2011-03-21
5
498 Views
Last Modified: 2012-05-11
How can I turn off the restrictions that prevent logged on users from accessing things such as Control Panel on a Server 2003 server?

Even though a particular domain user has been given administrator rights on the Server 2003 server, he is unable to access Control Panel on the server since access to this resource is not allowed.

When I log onto the server as a domain administrator, I have full administrator rights and can fully modify and change the server settings.

However, when I log onto the server as this particular domain user who does have administrator rights, I am unable to make any of these changes or modifications.

How can I turn off the restrictions that prevent logged on users from accessing things such as Control Panel on a Server 2003 server?

0
Comment
Question by:Knowledgeable
  • 3
  • 2
5 Comments
 

Author Comment

by:Knowledgeable
ID: 35185312
Here is the exact error message (see the screenshot):

“This operating has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.”

Restrictions.png
0
 

Author Comment

by:Knowledgeable
ID: 35185413
I receive the exact same error message if I open a command prompt and type in the following command:

runas /user:administrator@domain.local "control.exe"

Please Note: I have changed the actual domain name above, so as not to reveal the name of the company I am consulting for.

The change that I need to make applies to only this one particular domain user (who regularly establishes Remote Desktop sessions to this server) and has to be made while this user is logged onto the server using his domain account.

I have given the user local administrator rights, and domain administrator rights, but I still continue to receive these errors while I am logged onto the server as him.

There are also lots of other restrictions in place, such as not having the Control Panel icon and not being able to access Control Panel in any other method.

I also don't have the ability to right click while logged on as this user.

The only change that I need to make is to change which Exchange server the user connects to when launching Outlook.

Unfortunately, this is a change that I am unable to make at all until I am able to temporarily disable these security settings.

Once I have made this change to the Exchange server setting within Outlook, I will reapply these security settings.

How can I temporarily disable these security settings for this particular user?
0
 
LVL 14

Accepted Solution

by:
amichaell earned 500 total points
ID: 35185424
There is most likely a Group Policy Object restricting access.  The GPO has mostly likely been denied to the domain admins group, which is why you are able to access, though the user cannot.  From the server's command line run GPRESULT to determine the GPOs in effect on the server.  

Could also be a local policy (Start -> Run -> GPEDIT.MSC).
0
 

Author Comment

by:Knowledgeable
ID: 35185432
Where exactly can I find this security setting within the local Group Management console?
0
 
LVL 14

Assisted Solution

by:amichaell
amichaell earned 500 total points
ID: 35185513
Check under User Configuration -> Administrative Templates -> Control Panel.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2003 Server DNS/FS errors 6 50
Folder Redirection - Disable Offline Synching for PCs 4 29
GPO not showing IE10 in GP Preferences 14 41
Lync 2010 4 24
Synchronize a new Active Directory domain with an existing Office 365 tenant
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question