Solved

"Allow logon locally" - User Rights Assignment - applied, but not taking effect

Posted on 2014-11-12
6
58 Views
Last Modified: 2015-06-28
Hi,

I've recently set a new GPO to restrict the 'Allow logon locally' to Administrators, Power Users and Backup Operators.

Resultant Set of Policy shows this policy applies without a problem:

2.JPG
Yet when I launch gpedit.msc on the machine, it shows the following:

1.JPG
The policy seems to be applying, but not taking effect. The settings above are locked and I cannot manually modify them.

Does anyone have any idea why this is happening? Restarting the computer, running gpupdate /force, setting the GPO as 'Enforced' does nothing. Surely this setting should be overridden by the policy I have set?

Thanks in advance for any help.

Adrian
0
Comment
Question by:arbrctb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 4

Expert Comment

by:bominthu
ID: 40437279
If you would like to know which policy applied to client machine in domain environment, you should run rsop.msc in RUN

Not gpedit.msc

Gpedit.msc is for Local machine group policy.
0
 

Accepted Solution

by:
arbrctb earned 0 total points
ID: 40437296
Hi,

I've just gone back to this and the policy has now applied.

I'd already ran a gpupdate /force and restarted twice - is there any reason why this policy has only taken effect now?

Thanks,
Adrian
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40438033
If you have ran Gpupdate it should be updated in next restart.

If it is not, you need to check in your server event viewer if there is anything related to GPO
0
 

Author Comment

by:arbrctb
ID: 40444712
Thanks for your help.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40855323
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question