might it be worth running something like filemon and regmon and checking whats happening?
On 1/26/07, Bart Van den Wyngaert <[EMAIL PROTECTED]> wrote:
That opens the snap-in... So through the Control Panel it doesn't work, directly running the .cpl it does. Still don't understand it totally though... On 1/25/07, Darren Mar-Elia <[EMAIL PROTECTED]> wrote: > > > > > You would not get a permissions problem from that admin. templates policy. They just don't work that way. So my guess is its something else. What happens, as administrator, when you run "appwiz.cpl" from a command prompt? > > > > Darren > > > > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bart Van den Wyngaert > Sent: Thursday, January 25, 2007 4:31 AM > > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] "Add or Remove Programs" GPO > > > > > > > > > > I did, but the local administrators group has full control on the file. And ofcourse, my AD admin account is part of the local administrators group on the workstations (naturally). > > > > > > That's the reason I absolutely don't have a clue, I don't see the relation in restrictions put in place and the effect on the admin account and when I start looking for that error message, I don't make progress either... > > > > > On 1/25/07, Grillenmeier, Guido <[EMAIL PROTECTED]> wrote: > > > > So what is the NTFS security on C:\WINNT\System32\rundll32.exe? The error message could naturally be a false hint, but might as well check it out. > > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bart Van den Wyngaert > Sent: Donnerstag, 25. Januar 2007 12:00 > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] "Add or Remove Programs" GPO > > > > > > No NTFS or other restrictions set in that GPO or the PC GPO. > > > Only some other restrictions like no access to control panel, no messenger, ... stuff. > > > > > > These apply to the specific Users OU + Computer OU, making a User & PC configuration for those PC's + Users (certain department). > > > > > > My admin account is totally somewhere else in the directory without those GPO's applied to. The restrictions in the Computer GPO are also not set to block the admin. I can drilldown the Computer GPO if you want, as I don't see any relevant setting in it. Otherwise I would be blocking myself and that's just the point I don't want... > > > > > > Thanks, > > > Bart > > > > > On 1/25/07, Grillenmeier, Guido <[EMAIL PROTECTED]> wrote: > > > > What other things did you change in the same or other GPOs that apply to the machine you're logging on as admin? If you've applied some lockdown GPOs for file-system permissions, those will also apply for your admins > > > > /Guido > > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bart Van den Wyngaert > Sent: Mittwoch, 24. Januar 2007 17:38 > To: ActiveDir > Subject: [ActiveDir] "Add or Remove Programs" GPO > > > > > > Hi, > > > > > > I've set a GPO for some users that restricts usage of "Add or Remove Programs" (User Configuration\Administrative Templates\Control Panel\Add or Remove Programs). This GPO is linked to a specific OU where those users reside. > > > > > > But now I have even with admin accounts to which the GPO doesn't apply (totally different OU location and so on...) problems with opening the interface, it refers to security that is not correct on C:\WINNT\System32\rundll32.exe > > > > > > Is this normal?! Did I miss something before setting this GPO? > > > > > > Thanks, > > > Bart > > > >
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
