Announcement

Collapse
No announcement yet.

How to overwrite Global AD Profile using local login script

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to overwrite Global AD Profile using local login script

    Hi all,

    It is my first time here and I think this forum is very good with lots of useful information.

    First of all, I would like to explain the situation me and my team is suffering.

    I work for a reasonably big company and our IS dept decided to switch everyone to AD.

    When they switch everyone to AD, they didn't bother to check the services required by my team. The minimum we need is IIS, SNMP and WWW in order to run the admin tools required for telephone switches.

    By disabling them in the global profile, I can't use Net Start to start these services. The only thing we can do is to go to services and set them to automatic/manual and use a Net Start bat file I created for them.

    I tried a few things including modifying the registry but the global profile will disable them when the screensaver kicks in, or some random time period.

    I would like to know whether there are any ways I can get around this. My IS dept is extremely unhelpful and refuses to create a new group with the correct services for my guys.

    I don't know and don't want to hack the system. All I need is something that can either overwrites the global profile during logon or a way to block the global profile from getting to my computer so that my registry modification will stay.

    Sorry for the long question and thanks very much for your help.

  • #2
    Re: How to overwrite Global AD Profile using local login script

    this sounds a little shady but o well. as i understand it group policy is being pushed down to stop you from running services?. if thats the case since you have a way to modify the registry you could try to deny everyone write permission to those keys after you change it. if that doesn't work your gonna have to get your IS to not give you that group policy. maby talk to your manager or their manager.
    MCSE 2000\2003, A+
    00000001-00000011-00000011-00000111

    Comment


    • #3
      Re: How to overwrite Global AD Profile using local login script

      Thx pcking999, I will try to change the permission of those services keys.

      My manager is not helping and neither is the head of IS.

      You know what the head of IS told me, he said "well you can just go in and set it to automatic / manual everytime you run it".

      It is like me telling him to restart his computer every time he needs MS Word.. A load of ......

      Anything, thx for the advice and I hope I have can lock those keys down....

      Comment


      • #4
        Re: How to overwrite Global AD Profile using local login script

        You really need to get your IS dept to change the default policy, they can still apply all other settings but miss these certain policy items for your group.

        If it's stopping you from working and thus affecting business productivity then I would raise the issue further up the chain.

        A semi-temp fix can be found here

        http://www.petri.com/killpol.htm (providing you are local admins on the machines).

        topper.
        * Shamelessly mentioning "Don't forget to add reputation!"

        Comment


        • #5
          Re: How to overwrite Global AD Profile using local login script

          Depending on what server OS the IS department only needs to block inheritance of the Existing GPO to your OU and copy everything else and apply it directly to your OU (Thats is assuming all the required users are in the same OU)

          Comment


          • #6
            Re: How to overwrite Global AD Profile using local login script

            Technically, the easiest solution would be to create a new OU, place the computer accounts in it, and configure 'block policies'. A trivial thing that costs no more then 10 minutes. W.r.t. to registry hacks and permissions: don't go there. Even if you will get it to work, it might give you hard-to-solve related problems and on top of that, your successor and colleages will _never_ figure it out.

            However, it looks like you are caught between a rock and a hard place. If I were you, I'd push back. Say to your manager: "central IS is effectively forbidding us to run our applications. There is no reasonable way that I can bypass it. Stand behind me when I talk to IS, or accept that those applications are dead!"

            That's what I'd do. Don't just stand there and take all the sh*t

            Comment


            • #7
              Re: How to overwrite Global AD Profile using local login script

              Thx very much for all the help guys.

              Sorry for the late reply, I was enjoying time off work and looking for jobs at the same time.

              I wish all my managers are as helpful as you guys. When I raised the point, he talked to the head of IS and then I heard NOTHING since. That's almost 2 months ago.

              Everytime I ask him to do something, he makes a call and then NO actions from his calls. Maybe there are, but certainly no actions within a set time.....

              Have a nice day

              Simon

              Comment

              Working...
              X