AFAIK User GPOs only apply to Interactive and Terminal Services logon types – not batch, service, network logon. I’m trying to find a reference though…
From: Miller Bonnie L. [mailto:[email protected]] Sent: Wednesday, 27 July 2011 10:04 PM To: NT System Admin Issues Subject: RE: FW: GPOs applying to a service account Thanks Chris—I agree that what you are saying is probably true (that is the result we’re getting), but I’m not seeing it stated clearly in the technet information. If that is the case, then I don’t think user-applied GPPs will work for what we are trying to do either. Computer GPPs might work if we apply a specific registry setting to computers for the HKCU of the account in question, but we’ll need to do more testing. From: Christopher Bodnar [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Wednesday, July 27, 2011 5:36 AM To: NT System Admin Issues Subject: Re: FW: GPOs applying to a service account This might help: http://technet.microsoft.com/en-us/library/cc785665(WS.10).aspx User GPO's won't be applied until a user logs on. A service that has a specific account configured in the "Log On" section isn't really logging on as far as group policy is concerned. Chris Bodnar, MCSE, MCITP Technical Support III Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected]<mailto:[email protected]> Phone: 610-807-6459 Fax: 610-807-6003 From: Miller Bonnie L. <[email protected]<mailto:[email protected]>> To: "NT System Admin Issues" <[email protected]<mailto:[email protected]>> Date: 07/27/2011 05:49 AM Subject: FW: GPOs applying to a service account ________________________________ Resending this since I didn’t see it post nor get a notification from Lyris—sorry if it posts twice. From: Miller Bonnie L. Sent: Tuesday, July 26, 2011 1:41 PM To: 'NT System Admin Issues' Subject: GPOs applying to a service account Does anyone know the outcome of the following? Domain-member workstation (W7 SP1 or Wxp SP3). Domain-member user account. User account is configured to logon as a service on the workstation (set up as a service account). When the workstation is started up, do user-based GPO settings apply to the service account when it “logs on”? We have a very specific need to set the proxy configuration for a service account, but not for the computer as a whole (when no user is logged on), so we can’t use proxycfg/netsh. Trying to set this using GPO “User Config\Policies\Windows Settings\Internet Explorer Maintenance” section, like we do for our other user accounts. If we log on interactively with the account, the settings show up. If you let the account log on as a service and view the settings remotely via regedit, they are not being set. Is this the way it is supposed to work? I can’t seem to find a good reference for this scenario. Would GPPs maybe work better? Thanks, Bonnie ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
