Group Policy Filtering: Denied (Security)
At our workplace we are running a Windows 2003 standard edition with Terminal service. Recently I created an OU, put it in Terminal server as well as the DC and the Terminal service Users security group into the OU. Later I also added two group policies to the OU in which one is for Terminal Servers and the other one is for Terminal service users.
As my title says itself I even added Terminal service users security group to the Security Tab under Terminal service users group policy and selected "Read" and "Apply Group Policy" Allow, also made some changes on the user interface, such as disable active desktop and redirect "Start Menu". I think I was correct so far, right? Then why I’m getting this problem? I even tried running Resultant Set of Policy but it shows everything OK.
Do anyone of you guys have been through this problem? How can i fix it?
RE: Group Policy Filtering: Denied (Security)
Hey guys, i ran gpresult and found this some more information.
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 30/03/2005 at 12:13:43 PM
RSOP data for Domain\abc on Server1 : Logging Mode
-------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003, Standard
Edition
OS Configuration: Additional/Backup Domain Controller
OS Version: 5.2.3790
Terminal Server Mode: Application Server
Site Name: Default-First-Site
Roaming Profile:
Local Profile: C:\Documents and Settings\abc
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=SERVER1,OU=Terminal Servers,DC=Domain,DC=Domain,DC=com,DC=au
Last time Group Policy was applied: 30/03/2005 at 12:13:35 PM
Group Policy was applied from: Server1.Domain.Domain.com.au
Group Policy slow link threshold: 100 kbps
Domain Name: Domain
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Default Domain Controllers Policy
Default Domain Policy
Local Group Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Terminal Service Users
Filtering: Denied (Security)
All Terminal Servers
Filtering: Denied (Security)
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
Terminal Server Computers
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
Windows Authorization Access Group
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
SERVER1$
Domain Controllers
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Terminal Server Computers
Resultant Set Of Policies for Computer
---------------------------------------
Software Installations
----------------------
N/A
Startup Scripts
---------------
N/A
Shutdown Scripts
----------------
N/A
Account Policies
----------------
GPO: Default Domain Policy
Policy: MaxServiceAge
Computer Setting: 600
GPO: Default Domain Policy
Policy: MaxTicketAge
Computer Setting: 10
GPO: Default Domain Policy
Policy: MaxClockSkew
Computer Setting: 5
GPO: Default Domain Policy
Policy: MaxRenewAge
Computer Setting: 7
Audit Policy
------------
GPO: Default Domain Controllers Policy
Policy: AuditPolicyChange
Computer Setting: Success
GPO: Default Domain Controllers Policy
Policy: AuditPrivilegeUse
Computer Setting: No Auditing
GPO: Default Domain Controllers Policy
Policy: AuditDSAccess
Computer Setting: Success
GPO: Default Domain Controllers Policy
Policy: AuditAccountLogon
Computer Setting: No Auditing
GPO: Default Domain Controllers Policy
Policy: AuditObjectAccess
Computer Setting: No Auditing
GPO: Default Domain Controllers Policy
Policy: AuditAccountManage
Computer Setting: Success
GPO: Default Domain Controllers Policy
Policy: AuditLogonEvents
Computer Setting: No Auditing
GPO: Default Domain Controllers Policy
Policy: AuditProcessTracking
Computer Setting: No Auditing
GPO: Default Domain Controllers Policy
Policy: AuditSystemEvents
Computer Setting: Success
User Rights
-----------
GPO: Default Domain Controllers Policy
Policy: MachineAccountPrivilege
Computer Setting: Authenticated Users
GPO: Default Domain Controllers Policy
Policy: DenyNetworkLogonRight
Computer Setting: Domain\SUPPORT_388945a0
GPO: Default Domain Controllers Policy
Policy: RestorePrivilege
Computer Setting: Server Operators
Backup Operators
Administrators
GPO: Default Domain Controllers Policy
Policy: TcbPrivilege
Computer Setting: Domain\BackupExec
Domain\Administrator
GPO: Default Domain Controllers Policy
Policy: SystemProfilePrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: DenyServiceLogonRight
Computer Setting: N/A
GPO: Default Domain Controllers Policy
Policy: ServiceLogonRight
Computer Setting: Domain\Administrator
NETWORK SERVICE
Domain\BackupExec
GPO: Default Domain Controllers Policy
Policy: UndockPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: RemoteInteractiveLogonRight
Computer Setting: Administrators
Domain\Terminal Service Users
Remote Desktop Users
TERMINAL SERVER USER
GPO: Default Domain Controllers Policy
Policy: CreatePermanentPrivilege
Computer Setting: N/A
GPO: Default Domain Controllers Policy
Policy: AuditPrivilege
Computer Setting: NETWORK SERVICE
LOCAL SERVICE
GPO: Default Domain Controllers Policy
Policy: TakeOwnershipPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: CreatePagefilePrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: EnableDelegationPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: DebugPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: SystemTimePrivilege
Computer Setting: Server Operators
Administrators
GPO: Default Domain Controllers Policy
Policy: DenyBatchLogonRight
Computer Setting: N/A
GPO: Default Domain Controllers Policy
Policy: BackupPrivilege
Computer Setting: Server Operators
Backup Operators
Administrators
GPO: Default Domain Controllers Policy
Policy: CreateTokenPrivilege
Computer Setting: DOMAIN\Administrator
DOMAIN\BackupExec
GPO: Default Domain Controllers Policy
Policy: ChangeNotifyPrivilege
Computer Setting: Pre-Windows 2000 Compatible Access
Authenticated Users
Administrators
Everyone
DOMAIN\Administrator
GPO: Default Domain Controllers Policy
Policy: SyncAgentPrivilege
Computer Setting: N/A
GPO: Default Domain Controllers Policy
Policy: ProfileSingleProcessPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: LoadDriverPrivilege
Computer Setting: Print Operators
Administrators
GPO: Default Domain Controllers Policy
Policy: InteractiveLogonRight
Computer Setting: Account Operators
Administrators
Backup Operators
DOMAIN\IUSR_WPS4
DOMAIN\IUSR_WPS5
DOMAIN\IUSR_WPS5DP
DOMAIN\UniverseUsers
Print Operators
Server Operators
GPO: Default Domain Controllers Policy
Policy: RemoteShutdownPrivilege
Computer Setting: Server Operators
Administrators
GPO: Default Domain Controllers Policy
Policy: IncreaseBasePriorityPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: NetworkLogonRight
Computer Setting: Administrators
Authenticated Users
DOMAIN\IUSR_WPS4
DOMAIN\IUSR_WPS5
DOMAIN\IUSR_WPS5DP
DOMAIN\IWAM_WPS4
DOMAIN\IWAM_WPS5
DOMAIN\IWAM_WPS5DP
ENTERPRISE DOMAIN CONTROLLERS
Everyone
Pre-Windows 2000 Compatible Access
GPO: Default Domain Controllers Policy
Policy: LockMemoryPrivilege
Computer Setting: DOMAIN\Administrator
GPO: Default Domain Controllers Policy
Policy: ShutdownPrivilege
Computer Setting: Print Operators
Server Operators
Backup Operators
Administrators
GPO: Default Domain Controllers Policy
Policy: SecurityPrivilege
Computer Setting: DOMAIN\Exchange Enterprise Servers
Administrators
GPO: Default Domain Controllers Policy
Policy: AssignPrimaryTokenPrivilege
Computer Setting: DOMAIN\IWAM_WPS5DP
DOMAIN\Administrator
DOMAIN\IWAM_WPS5
DOMAIN\IWAM_WPS4
NETWORK SERVICE
LOCAL SERVICE
GPO: Default Domain Controllers Policy
Policy: SystemEnvironmentPrivilege
Computer Setting: Administrators
GPO: Default Domain Controllers Policy
Policy: IncreaseQuotaPrivilege
Computer Setting: DOMAIN\IWAM_WPS5DP
DOMAIN\Administrator
DOMAIN\IWAM_WPS5
DOMAIN\IWAM_WPS4
Administrators
NETWORK SERVICE
LOCAL SERVICE
GPO: Default Domain Controllers Policy
Policy: BatchLogonRight
Computer Setting: DOMAIN\IWAM_WPS5DP
DOMAIN\IWAM_WPS5
DOMAIN\IWAM_WPS4
DOMAIN\SUPPORT_388945a0
LOCAL SERVICE
DOMAIN\IUSR_WPS4
DOMAIN\IIS_WPG
DOMAIN\IUSR_WPS5
DOMAIN\Administrator
DOMAIN\SQLDebugger
DOMAIN\IUSR_WPS5DP
GPO: Default Domain Controllers Policy
Policy: DenyInteractiveLogonRight
Computer Setting: DOMAIN\SUPPORT_388945a0
DOMAIN\SQLDebugger
Security Options
----------------
GPO: Default Domain Policy
Policy: TicketValidateClient
Computer Setting: Enabled
Event Log Settings
------------------
N/A
Restricted Groups
-----------------
N/A
System Services
---------------
N/A
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: Local Group Policy
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}\Description
Value: 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\Shadow
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\NoGPOListChanges
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861}\NoSlowLink
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}\SaferFlags
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\fSingleSessionPerUser
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}\NoSlowLink
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}\NoSlowLink
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\WindowsMediaPlayer\GroupPrivacyAcceptance
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}\NoGPOListChanges
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}\NoBackgroundPolicy
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDisconnect
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}\Description
Value: 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}\NoGPOListChanges
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}\NoSlowLink
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
KeyName:
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\WindowsMediaPlayer\QuickLaunchShortcut
Value: 110, 0, 111, 0, 0, 0
State: Enabled
GPO: Local Group Policy
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\DefaultLevel
Value: 0, 0, 4, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}\NoBackgroundPolicy
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}\Description
Value: 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\MaxInstanceCount
State: disabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\fPromptForPassword
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\NoSlowLink
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861}\NoGPOListChanges
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\Windows\System\GroupPolicyRefreshTimeOffsetDC
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}\NoGPOListChanges
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\KeepAliveInterval
Value: 5, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\Windows\Installer\EnableAdminTSRemote
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\WindowsMediaPlayer\DesktopShortcut
Value: 110, 0, 111, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\Windows\System\GroupPolicyRefreshTimeOffset
Value: 30, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\NoBackgroundPolicy
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}\NoSlowLink
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\DeleteTempDirsOnExit
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\PerSessionTempDir
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Security_zones_map_edit
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows
NT\Reliability\ShutdownReasonOn
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\Windows\System\GroupPolicyRefreshTime
Value: 90, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\Windows\System\GroupPolicyRefreshTimeDC
Value: 3, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoSplash
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}\NoGPOListChanges
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\WFHomeDir
Value: 68, 0, 58, 0, 92, 0, 82, 0, 101, 0, 109, 0,
111, 0, 116, 0, 101, 0, 32, 0, 85, 0, 115, 0, 101, 0, 114, 0, 32, 0, 80, 0,
114, 0, 111, 0, 102, 0, 105, 0, 108, 0, 101, 0, 115, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}\NoGPOListChanges
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\fNoRemoteDesktopWallpaper
Value: 1, 0, 0, 0
State: Enabled
GPO: Local Group Policy
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}\SaferFlags
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Conferencing\NoRDS
Value: 1, 0, 0, 0
State: Enabled
RE: Group Policy Filtering: Denied (Security)
The second half of the result from gpresult
GPO: Local Group Policy
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}\SaferFlags
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoUpdate
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}\NoBackgroundPolicy
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\Windows\Installer\DisableUserInstalls
Value: 2, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}\NoBackgroundPolicy
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoUpdateCheck
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoJITSetup
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}\NoSlowLink
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}\NoSlowLink
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}\SaferFlags
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\KeepAliveEnable
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Security_options_edit
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Policies\Microsoft\Windows\System\GroupPolicyMinTransferRate
Value: 100, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}\NoBackgroundPolicy
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows
NT\Reliability\ShutdownReasonUI
Value: 3, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}\NoBackgroundPolicy
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope
Value: 0, 0, 0, 0
State: Enabled
GPO: Local Group Policy
KeyName:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}\Description
Value: 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName:
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWelcomeScreen
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\NoGPOListChanges
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows\Group
Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}\NoGPOListChanges
Value: 1, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\WFHomeDirUNC
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\fDisableAutoReconnect
Value: 0, 0, 0, 0
State: Enabled
GPO: All Terminal Servers
KeyName: Software\Policies\Microsoft\Windows NT\Terminal
Services\WFHomeDirDrive
Value: 90, 0, 58, 0, 0, 0
State: Enabled
USER SETTINGS
--------------
CN=abc,OU=test TS,DC=Domain,DC=Domain,DC=com,DC=au
Last time Group Policy was applied: 30/03/2005 at 12:13:35 PM
Group Policy was applied from: Server1.Domain.Domain.com.au
Group Policy slow link threshold: 500 kbps
Domain Name: DOMAIN
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Terminal Service Users
The user has the following security privileges
----------------------------------------------
Bypass traverse checking
Add workstations to domain
Resultant Set Of Policies for User
-----------------------------------
Software Installations
----------------------
N/A
Logon Scripts
-------------
N/A
Logoff Scripts
--------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
N/A
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
----------------------------------------
N/A
Internet Explorer Connection
----------------------------
N/A
Internet Explorer URLs
----------------------
N/A
Internet Explorer Security
--------------------------
N/A
Internet Explorer Programs
--------------------------
N/A
RE: Group Policy Filtering: Denied (Security)
Hello Ronan, as per my experience I would not recommend you to move your DC from the Domain Controllers OU. The reason is quite good as Microsoft itself won’t support that. Also in case you’re your settings are applied on the Computer Configuration you will need to make sure that you have enabled Loopback Processing in your Group Policy.