Announcement

Collapse
No announcement yet.

terminal server 2003 , user profie problems

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • terminal server 2003 , user profie problems

    Hi

    We have 2 win2k3 64b act as terminal server on two 2008 srv dc and one 2003 dc

    when a user/administrator log on the the server his user created localy and not roaming .

    we have defined folder redirection to the users , the folders are working fine , but i get this error on the event viewer
    rivileged Service Called:
    Server: Security
    Service: -
    Primary User Name: administrator
    Primary Domain: ************
    Primary Logon ID: (0x0,0x977E3BA)
    Client User Name: -
    Client Domain: -
    Client Logon ID: -
    Privileges: SeTcbPrivilege

    i have edited the GPO for the "create global objects" added the Domain admin and the authanticaed users
    also the same fo the "inpersonate a client after authe..."

    but still with no success

    please advice

    TK

  • #2
    Re: terminal server 2003 , user profie problems

    Hi,

    Can you give the full error log?

    Is gpresult indicated that the GPO applied?!
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: terminal server 2003 , user profie problems

      Hi

      this is the gpresult

      Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
      Copyright (C) Microsoft Corp. 1981-2001
      Created On 01/04/2010 at 10:01:18

      RSOP data for ******\administrator on SRV-TERMINAL03 : Logging Mode
      -------------------------------------------------------------------
      OS Type: Microsoft(R) Windows(R) Server 2003 Enterprise
      Edition
      OS Configuration: Member Server
      OS Version: 5.2.3790
      Terminal Server Mode: Application Server
      Site Name: ******
      Roaming Profile:
      Local Profile: C:\Documents and Settings\administrator.******.
      Connected over a slow link?: No

      COMPUTER SETTINGS
      ------------------
      CN=SRV-TERMINAL03,OU=SERVERS,DC=******,DC=XXX,DC=XX,DC=XX XX
      Last time Group Policy was applied: 01/04/2010 at 09:27:19
      Group Policy was applied from: SRV-DC.******.XXXX.XXX.XXXil
      Group Policy slow link threshold: 500 kbps
      Domain Name: ******
      Domain Type: Windows 2000
      Applied Group Policy Objects
      -----------------------------
      All ****** Servers Policy
      Default Domain Policy
      Local Group Policy
      The following GPOs were not applied because they were filtered out
      -------------------------------------------------------------------
      XXXX_Deploy
      Filtering: Denied (WMI Filter)
      WMI Filter: Is XP
      ****** Domain Policy
      Filtering: Disabled (Link)
      The computer is a part of the following security groups
      -------------------------------------------------------
      BUILTIN\Administrators
      Everyone
      BUILTIN\Users
      NT AUTHORITY\NETWORK
      NT AUTHORITY\Authenticated Users
      This Organization
      SRV-TERMINAL03$
      Domain Computers

      USER SETTINGS
      --------------
      CN=Administrator,CN=Users,DC=******,DC=XXX,DC=XXX, DC=iXXXl
      Last time Group Policy was applied: 01/04/2010 at 10:00:11
      Group Policy was applied from: SRV-DC.******.XXXX.XXXX
      Group Policy slow link threshold: 500 kbps
      Domain Name: ******
      Domain Type: Windows 2000
      Applied Group Policy Objects
      -----------------------------
      Default Domain Policy
      The following GPOs were not applied because they were filtered out
      -------------------------------------------------------------------
      XXXcToN
      Filtering: Denied (Security)
      XXXX_Deploy
      Filtering: Disabled (GPO)
      Map Q to XXXX
      Filtering: Denied (Security)
      Local Group Policy
      Filtering: Not Applied (Empty)
      The user is a part of the following security groups
      ---------------------------------------------------
      Domain Users
      Everyone
      Debugger Users
      Offer Remote Assistance Helpers
      Remote Desktop Users
      BUILTIN\Users
      BUILTIN\Administrators
      REMOTE INTERACTIVE LOGON
      NT AUTHORITY\INTERACTIVE
      NT AUTHORITY\Authenticated Users
      This Organization
      LOCAL
      RemoteAdmin
      Group Policy Creator Owners
      Domain Admins
      Schema Admins
      Exchange Public Folder Administrators
      Exchange View-Only Administrators
      Exchange Organization Administrators
      Enterprise Admins
      Exchange Recipient Administrators
      DL_ExTerminalUsers
      Denied RODC Password Replication Group
      Offer Remote Assistance Helpers
      CoSign Admins
      C:\Documents and Settings\administrator.******.000>


      as for the error on the event in order


      1. Event id 522
      Logon attempt using explicit credentials:
      Logged on user:
      User Name: SRV-TERMINAL03$
      Domain: XXXX
      Logon ID: (0x0,0x3E7)
      Logon GUID: -
      User whose credentials were used:
      Target User Name: administrator
      Target Domain: XXXXX
      Target Logon GUID: {55fc4556-2dee-0217-0911-059611b71f14}

      Target Server Name: localhost
      Target Server Info: localhost
      Caller Process ID: 10708
      Source Network Address: XXX.XX.XXX.XXX
      Source Port: 53337


      For more information, see Help and Support Center at


      Event id : 528

      Successful Logon:
      User Name: administrator
      Domain: XXXX
      Logon ID: (0x0,0x1E8760C
      Logon Type: 10
      Logon Process: User32
      Authentication Package: Negotiate
      Workstation Name: SRV-TERMINAL03
      Logon GUID: {55fc4556-2dee-0217-0911-059611b71f14}
      Caller User Name: SRV-TERMINAL03$
      Caller Domain: XXXX
      Caller Logon ID: (0x0,0x3E7)
      Caller Process ID: 10708
      Transited Services: -
      Source Network Address: XXX.XX.XX.XX
      Source Port: 53337


      For more information, see Help and Support Center at

      event id : 576



      Special privileges assigned to new logon:
      User Name:
      Domain:
      Logon ID: (0x0,0x1E8760C
      Privileges: SeSecurityPrivilege
      SeBackupPrivilege
      SeRestorePrivilege
      SeTakeOwnershipPrivilege
      SeDebugPrivilege
      SeSystemEnvironmentPrivilege
      SeLoadDriverPrivilege
      SeImpersonatePrivilege

      For more information, see Help and Support Center at


      : event id 577
      Privileged Service Called:
      Server: Security
      Service: -
      Primary User Name: administrator
      Primary Domain: XXXXX
      Primary Logon ID: (0x0,0x1E8760C
      Client User Name: -
      Client Domain: -
      Client Logon ID: -
      Privileges: SeTcbPrivilege
      For more information, see Help and Support Center at

      Thanks

      TK
      Last edited by tulik23; 4th January 2010, 09:13.

      Comment


      • #4
        Re: terminal server 2003 , user profie problems

        OK, its look like GPO filtering issue "The following GPOs were not applied because they were filtered out".

        http://technet.microsoft.com/en-us/l...86(WS.10).aspx

        http://support.microsoft.com/kb/260370

        http://www.windowsnetworking.com/art...up-Policy.html
        Best Regards,

        Yuval Sinay

        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

        Comment


        • #5
          Re: terminal server 2003 , user profie problems

          Hi Yuval

          the GPO that are denied are usless , they should be deny

          what else i can check ?

          thanks

          Comment


          • #6
            Re: terminal server 2003 , user profie problems

            Well, we need to see some Folder Direct GPO applied to users...
            Best Regards,

            Yuval Sinay

            LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

            Comment

            Working...
            X