No NTFS or other restrictions set in that GPO or the PC GPO. Only some other restrictions like no access to control panel, no messenger, ... stuff.
These apply to the specific Users OU + Computer OU, making a User & PC configuration for those PC's + Users (certain department). My admin account is totally somewhere else in the directory without those GPO's applied to. The restrictions in the Computer GPO are also not set to block the admin. I can drilldown the Computer GPO if you want, as I don't see any relevant setting in it. Otherwise I would be blocking myself and that's just the point I don't want... Thanks, Bart On 1/25/07, Grillenmeier, Guido <[EMAIL PROTECTED]> wrote:
What other things did you change in the same or other GPOs that apply to the machine you're logging on as admin? If you've applied some lockdown GPOs for file-system permissions, those will also apply for your admins /Guido *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Bart Van den Wyngaert *Sent:* Mittwoch, 24. Januar 2007 17:38 *To:* ActiveDir *Subject:* [ActiveDir] "Add or Remove Programs" GPO Hi, I've set a GPO for some users that restricts usage of "Add or Remove Programs" (User Configuration\Administrative Templates\Control Panel\Add or Remove Programs). This GPO is linked to a specific OU where those users reside. But now I have even with admin accounts to which the GPO doesn't apply (totally different OU location and so on...) problems with opening the interface, it refers to security that is not correct on C:\WINNT\System32\rundll32.exe Is this normal?! Did I miss something before setting this GPO? Thanks, Bart
