Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Networking with Windows Vista Networking issues and questions with Windows Vista. (microsoft.public.windows.vista.networking_sharing) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
Problems with Group Policy with restricted user account
We have had one administrator using Vista since the start of the year. Now
we want to bring Vista into use for a group of restricted user accounts, and by that, I mean that they aren't power users or administrators or anything like that. It seems clear to date that MS has put a whole pile of extra security stuff into Vista that just makes it that much harder for a domain administrator to set up a PC if the users are not power users and don't have any particular rights on the local machine. The reason it is clear is we are seeing issues, errors and problems that don't show up when someone whose account has privileges logs onto a machine. The experience is completely different from Windows XP; these issues simply aren't seen there at all. For example, I kept getting errors when I tried to run GPUpdate and would be told that the new policy could not be applied. After a lot of toing and froing, trying to find out about the problem, I found a suggestion that I needed to give the Domain Computers group security access to the Organisational Unit in Active Directory where the computer's account was stored. This fixed the problem. The main problem that I am still having with the logon is that Folder Redirection policy cannot complete. This is pretty important because the user can't get access to their documents, which are stored in a shared location on the server and are not accessible in their usual profile location. The event logged for this problem is as follows: Log Name: System Source: Microsoft-Windows-GroupPolicy Date: 13/10/2008 9:01:06 p.m. Event ID: 1085 Task Category: None Level: Warning Keywords: User: HCS\year9 Computer: CYC-62550.hcs.local Description: Windows failed to apply the Folder Redirection settings. Folder Redirection settings might have its own log file. Please click on the "More information" link. Event Xml: Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event" System Provider Name="Microsoft-Windows-GroupPolicy" Guid="{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}" / EventID1085/EventID Version0/Version Level3/Level Task0/Task Opcode1/Opcode Keywords0x8000000000000000/Keywords TimeCreated SystemTime="2008-10-13T08:01:06.464Z" / EventRecordID2754/EventRecordID Correlation ActivityID="{A792D6E6-705B-4ACC-A548-016BF5B27D70}" / Execution ProcessID="1080" ThreadID="3544" / ChannelSystem/Channel ComputerCYC-62550.hcs.local/Computer Security UserID="S-1-5-21-1131366045-2363284717-2431634961-1704" / /System EventData Data Name="SupportInfo1"1/Data Data Name="SupportInfo2"3847/Data Data Name="ProcessingMode"1/Data Data Name="ProcessingTimeInMilliseconds"7453/Data Data Name="ErrorCode"1003/Data Data Name="ErrorDescription"Cannot complete this function. /Data Data Name="DCName"\\DC01.hcs.local/Data Data Name="ExtensionName"Folder Redirection/Data Data Name="ExtensionId"{25537BA6-77A8-11D2-9B6C-0000F8080861}/Data /EventData /Event -- |