Ctrl+Shift+B

Compilations by Steve Majewski
posts - 208, comments - 140, trackbacks - 2

My Links

News


The ideas contained herein are mine and mine alone, and do not reflect the beliefs of my employer, family, friends, faith, or society in general. Reader discretion advised.


Memberships

Article Categories

Archives

Post Categories

Resources

Blogroll

Podcasts

Miscellaneous
<< Windows Vista RC2 | Home | Cable Modem Troubles >>

Vista Group Policy Issues

During my previous Vista RC 2 build, I had a problem starting Window Firewall and Terminal Services once I connected the computer to a domain. I eventually gave up looking and rebuilt the machine. I then exported the policies for review after attaching to a domain. This allowed me to see what policies were being changed by the domain. It turned out I had a secondary policy that was only supposed to be applied to my Application Pool accounts instead of all Authenticated Users. When I filtered that policy by the appropriate group and rebooted, all was right with the world.

I won't bother with detailed information on how to fix this, since I assume most people playing around with Server 2003 at this level will know about what I am talking. Contact me if you'd like more details, and I'll see what I can rustle up.

Here were my default policies in Vista RC 2:

Policy Security Setting
Access Credential Manager as a trusted caller
Access this computer from the network Everyone, Administrators, Users, Backup Operators
Act as part of the operating system
Add workstations to domain
Adjust memory quotas for a process LOCAL SERVICE, NETWORK SERVICE, Administrators
Allow log on locally Guest, Administrators, Users, Backup Operators
Allow log on through Terminal Services Administrators, Remote Desktop Users
Back up files and directories Administrators, Backup Operators
Bypass traverse checking Everyone, LOCAL SERVICE, NETWORK SERVICE, Administrators, Users, Backup Operators
Change the system time LOCAL SERVICE, Administrators
Change the time zone LOCAL SERVICE, Administrators, Users
Create a pagefile Administrators
Create a token object
Create global objects LOCAL SERVICE, NETWORK SERVICE, Administrators, SERVICE
Create permanent shared objects
Create symbolic links Administrators
Debug programs Administrators
Deny access to this computer from the network Guest
Deny log on as a batch job
Deny log on as a service
Deny log on locally Guest
Deny log on through Terminal Services
Enable computer and user accounts to be trusted for delegation
Force shutdown from a remote system Administrators
Generate security audits LOCAL SERVICE, NETWORK SERVICE
Impersonate a client after authentication LOCAL SERVICE, NETWORK SERVICE, Administrators, SERVICE
Increase a process working set Users
Increase scheduling priority Administrators
Load and unload device drivers Administrators
Lock pages in memory
Log on as a batch job Administrators, Backup Operators
Log on as a service
Manage auditing and security log Administrators
Modify an object label
Modify firmware environment values Administrators
Perform volume maintenance tasks Administrators
Profile single process Administrators
Profile system performance Administrators
Remove computer from docking station Administrators, Users
Replace a process level token LOCAL SERVICE, NETWORK SERVICE
Restore files and directories Administrators, Backup Operators
Shut down the system Administrators, Users, Backup Operators
Synchronize directory service data
Take ownership of files or other objects Administrators

Technorati tags: , , ,

Print | posted on Tuesday, October 17, 2006 10:05 AM

Feedback

No comments posted yet.

Post Comment

Title  
Name  
Email
Url
Comment   
Please add 3 and 5 and type the answer here:

Powered by:

Copyright © Steve Majewski