Windows 7 Clients on 2003 DC Group Policy Problem

-

we have windows 7 enterprise clients managed server 2003 r2 ent domain controller. know need server 2008 realize group policy compatibility here's problem in meantime.

i didn't build windows 7 image, is, domain user can run gpedit.msc , make alterations in parts of local machine policy (those not controlled policy objects of server 2003).

if restrict authoring under user configuration > administrative templates > windows components > microsoft management console, applies exact same restrictions administrators. in fact can lock admins out of mmc , related components.

the funny part is, when user access gpedit.msc, don't uac prompt, whereas if administrator (local or domain), uac prompt.

until server 2008, there anyway rectify this? users should have no access group policy editing features, yet image i'm working with, can , do, , have necessary rights turn on , off settings under both machine , user administrative template settings.

totally stumped here...any assistance appreciated.

 
> have windows 7 enterprise clients managed server 2003 r2 ent
> domain controller. know need server 2008 realize
> group policy compatibility here's problem in meantime.
>
 
no, don't. client not care dc,
thing need schema update able use wireless policies
and bitlocker ad integration. else (regarding gpos)
file system (sysvol) based.
 > if restrict authoring under user configuration > administrative
> templates > windows components > microsoft management console,
> applies exact same restrictions administrators. in fact can
> lock admins out of mmc , related components.
 
then apply appropriate security filter policy - exclude
administrators group.
 
> funny part is, when user access gpedit.msc, don't
> uac prompt, whereas if administrator (local or domain),
> uac prompt.
>
 
this result of mmc.exe's manifest - has "highestavailable", ,
that means "normal user - no prompt", "admin user - prompt". same
true event viewer.
btw: sure not - accident possibly - local
administrators? if can make changes through gpedit.msc,
believe in fact admins...
 
regards, martin
 
no not evil, if know doing: or bad gpos?
wenn meine antwort hilfreich war, freue ich mich über eine bewertung! if answer helpful, i'm glad rating!


Windows Server  >  Group Policy



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering ...
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema ...
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more