| Author | Messages | |
petertjohnson
Posts:17
 | | 02/04/2010 1:53 PM |
| Hi
I've got a weird one here which has me scratching my head.
I've got a Windows 7 Professional machine, it was upgraded from Vista, on which I've got a GRP applied to log the desktop after so many minutes. I can see the setting having taken affect as the dialog boxes have been gareyed out. However the desktop never actually locks.
Upon doing some troubleshooting I noticed that the GPRESULT is returning the user as being in a group that he is not in on the DC's. When I run whoami /groups it returns the correct lists of groups.
Any ideas?
Regards
[cid:image001.jpg@01CAA5B1.86074BE0]
Peter Johnson
I.T Architect
United Kingdom: +44 1285 658542
South Africa: +27 11 252 1100
Swaziland: +268 442 7000
Fax:+27 11 974 7130
Mobile: +2783 306 0019
xxxxxxxxxxxxxxxx
This email message (including attachments) contains information which may be confidential and/or legally privileged. Unless you are the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message or from any attachments that were sent with this email, and If you have received this email message in error, please advise the sender by email, and delete the message. Unauthorised disclosure and/or use of information contained in this email may result in civil and criminal liability. Everything in this e-mail and attachments relating to the official business of Peterstow Aquapower is proprietary to the company.
Caution should be observed in placing any reliance upon any information contained in this e-mail, which is not intended to be a representation or inducement to make any decision in relation to Peterstow Aquapower. Any decision taken based on the information provided in this e-mail, should only be made after consultation with appropriate legal, regulatory, tax, technical, business, investment, financial, and accounting advisors. Neither the sender of the e-mail, nor Peterstow Aquapower shall be liable to any party for any direct, indirect or consequential damages, including, without limitation, loss of profit, interruption of business or loss of information, data or software or otherwise.
The e-mail address of the sender may not be used, copied, sold, disclosed or incorporated into any database or mailing list for spamming and/or other marketing purposes without the prior consent of Peterstow Aquapower.
No warranties are created or implied that an employee of Peterstow Aquapower and/or a contractor of Peterstow Aquapower is authorized to create and send this e-mail.
[cid:image002.jpg@01CAA5B1.86074BE0]
| | | |
| omar
Posts:75
| | 02/04/2010 5:36 PM |
| Check AD users and computers on each of your domain controllers to be sure that the group membership for that user is actually updated/replicated correctly.
at least that is where I would start.
Also- there are some groups (I cant remember the term) that users are members of automatically- like authenticated users, domain users and the such.
Have you tried running gpresults from GPMC on different DC's and from the desktop in question to see if you can find some disparity?
Omar
________________________________
From: xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On Behalf Of Peter Johnson [xxxxxxxxxxxxxxxx]
Sent: Thursday, February 04, 2010 5:48 AM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Weird one
Hi
I’ve got a weird one here which has me scratching my head.
I’ve got a Windows 7 Professional machine, it was upgraded from Vista, on which I’ve got a GRP applied to log the desktop after so many minutes. I can see the setting having taken affect as the dialog boxes have been gareyed out. However the desktop never actually locks.
Upon doing some troubleshooting I noticed that the GPRESULT is returning the user as being in a group that he is not in on the DC’s. When I run whoami /groups it returns the correct lists of groups.
Any ideas?
Regards
[cid:image001.jpg@01CAA5B1.86074BE0]
Peter Johnson
I.T Architect
United Kingdom: +44 1285 658542
South Africa: +27 11 252 1100
Swaziland: +268 442 7000
Fax:+27 11 974 7130
Mobile: +2783 306 0019
xxxxxxxxxxxxxxxx
This email message (including attachments) contains information which may be confidential and/or legally privileged. Unless you are the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message or from any attachments that were sent with this email, and If you have received this email message in error, please advise the sender by email, and delete the message. Unauthorised disclosure and/or use of information contained in this email may result in civil and criminal liability. Everything in this e-mail and attachments relating to the official business of Peterstow Aquapower is proprietary to the company.
Caution should be observed in placing any reliance upon any information contained in this e-mail, which is not intended to be a representation or inducement to make any decision in relation to Peterstow Aquapower. Any decision taken based on the information provided in this e-mail, should only be made after consultation with appropriate legal, regulatory, tax, technical, business, investment, financial, and accounting advisors. Neither the sender of the e-mail, nor Peterstow Aquapower shall be liable to any party for any direct, indirect or consequential damages, including, without limitation, loss of profit, interruption of business or loss of information, data or software or otherwise.
The e-mail address of the sender may not be used, copied, sold, disclosed or incorporated into any database or mailing list for spamming and/or other marketing purposes without the prior consent of Peterstow Aquapower.
No warranties are created or implied that an employee of Peterstow Aquapower and/or a contractor of Peterstow Aquapower is authorized to create and send this e-mail.
[cid:image002.jpg@01CAA5B1.86074BE0]
| | | |
| DarraghOShaughnessy
Posts:161
| | 02/04/2010 6:53 PM |
| Do you trust this whoami.exe to return all nested group membership? Are
you querying a global catalogue? Remember, you must query a global
catalogue fro universal group membership
Regards,
Darragh O'Shaughnessy
IT Services Department
E-Mail: xxxxxxxxxxxxxxxx
<mailto:xxxxxxxxxxxxxxxx>
Ext: 2562
Direct Dial In: 01-7994028
Web Site: www.vhi.ie
Help the environment. If you need to print this email consider using Eco
Font to save ink: http://www.ecofont.eu/ecofont_en.html
<http://www.ecofont.eu/ecofont_en.html>
This e-mail and any files transmitted with it contain information which
may be confidential and which may also be privileged and is intended
solely for the use of the individual or entity to whom it is addressed.
Unless you are the intended recipient you may not copy or use it, or
disclose it to anyone else. Any opinions expressed are that of the
individual and not necessarily that of Vhi Healthcare. If you have
received this e-mail in error please notify the sender by return. This
footnote also confirms that this e-mail message has been Swept for the
presence of computer viruses.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Omar Droubi
Sent: 04 February 2010 17:31
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Weird one
Check AD users and computers on each of your domain controllers to be
sure that the group membership for that user is actually
updated/replicated correctly.
at least that is where I would start.
Also- there are some groups (I cant remember the term) that users are
members of automatically- like authenticated users, domain users and the
such.
Have you tried running gpresults from GPMC on different DC's and from
the desktop in question to see if you can find some disparity?
Omar
________________________________
From: xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On
Behalf Of Peter Johnson [xxxxxxxxxxxxxxxx]
Sent: Thursday, February 04, 2010 5:48 AM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Weird one
Hi
I've got a weird one here which has me scratching my head.
I've got a Windows 7 Professional machine, it was upgraded from Vista,
on which I've got a GRP applied to log the desktop after so many
minutes. I can see the setting having taken affect as the dialog boxes
have been gareyed out. However the desktop never actually locks.
Upon doing some troubleshooting I noticed that the GPRESULT is returning
the user as being in a group that he is not in on the DC's. When I run
whoami /groups it returns the correct lists of groups.
Any ideas?
Regards
Peter Johnson
I.T Architect
United Kingdom: +44 1285 658542
South Africa: +27 11 252 1100
Swaziland: +268 442 7000
Fax:+27 11 974 7130
Mobile: +2783 306 0019
xxxxxxxxxxxxxxxx
This email message (including attachments) contains information which
may be confidential and/or legally privileged. Unless you are the
intended recipient, you may not use, copy or disclose to anyone the
message or any information contained in the message or from any
attachments that were sent with this email, and If you have received
this email message in error, please advise the sender by email, and
delete the message. Unauthorised disclosure and/or use of information
contained in this email may result in civil and criminal liability.
Everything in this e-mail and attachments relating to the official
business of Peterstow Aquapower is proprietary to the company.
Caution should be observed in placing any reliance upon any information
contained in this e-mail, which is not intended to be a representation
or inducement to make any decision in relation to Peterstow Aquapower.
Any decision taken based on the information provided in this e-mail,
should only be made after consultation with appropriate legal,
regulatory, tax, technical, business, investment, financial, and
accounting advisors. Neither the sender of the e-mail, nor Peterstow
Aquapower shall be liable to any party for any direct, indirect or
consequential damages, including, without limitation, loss of profit,
interruption of business or loss of information, data or software or
otherwise.
The e-mail address of the sender may not be used, copied, sold,
disclosed or incorporated into any database or mailing list for spamming
and/or other marketing purposes without the prior consent of Peterstow
Aquapower.
No warranties are created or implied that an employee of Peterstow
Aquapower and/or a contractor of Peterstow Aquapower is authorized to
create and send this e-mail.
| | | |
|
|