GPO/local policy hell-EnableLinkedConnections (elevation)..

M

markm75

We initially had the problem that when you, for instance, ran NotePad as
"Administrator", the mapped drives for our domain were not visible under my
computer..

I found the solution in the registry entry of EnableLinkedConnections,
setting the value to 1..

So at one point i made a custom admx file for this setting, which shows up
in GPO or local policy under Computer Config.. Admin. Tools..
"EnableLinkedConnections" folder with settings of enable/disable/not
configured on the right..

I think i must have gotten something wrong here.. but my new test Virtual PC
machine is working fine with elevation.. i checked and the registry setting
was in place...

I had created a 2003 GPO that would use the admx file (I updated the admx
files on the network so they were there etc too).. i called it Vista
Specific.. it had this setting..

So this is all well and good on the test machine.. the setting takes
effect.. but on every other vista machine (4 of them) the setting gets
"erased" when i do a gpupdate /force on the local machine if i manually put
it in..

I think the problem is related to "local policy" overriding it, even though
local policy also seems to have the setting enabled.. I tried removing the
setting (not configured) in local policy and refreshing things, now the test
machine is not keeping the setting.. its getting wiped, despite the "vista
specific" server based gpo..

Any thoughts on how to fix this...

I'm confused on this local policy effect.. I guess modifying the local
policy affects all vista machines, even though this isnt through the group
policy manager on the server?

Is it best practice to NOT modify the local policy even if a domain admin
and use the admx files on a 2003 server GPO setting instead (like i'm also
doing)?

I think i have some sort of conflict here but i'm not sure where or what to
fix..

Thanks
 
M

Mark L. Ferguson

When Vista is upgraded to SP1, it loses the normal interface for
policy(secpol), and reverts to gpedit.msc. There is an add-on available. I'm
really not sure if the changes will apply to you, but this is certainly
worth a look.
Security Policy Settings New for Windows Vista:
http://technet2.microsoft.com/Windo...34af-4a6b-937f-324e1862244b1033.mspx?mfr=true
Download details Group Policy Preference Client Side Extensions for Windows
Vista (KB943729):
http://www.microsoft.com/downloads/...Cx4M3/fydciXgAhUYokhIoSXWbNPP8cTfRGtLJ0mAuw==
--
Was this helpful? Then click the Ratings button. Voting helps the web
interface.
http://www.microsoft.com/wn3/locales/help/help_en-us.htm#RateAPostAsAnswer
Mark L. Ferguson
..
 
M

markm75

Mark L. Ferguson said:
When Vista is upgraded to SP1, it loses the normal interface for
policy(secpol), and reverts to gpedit.msc. There is an add-on available. I'm
really not sure if the changes will apply to you, but this is certainly
worth a look.
Security Policy Settings New for Windows Vista:
http://technet2.microsoft.com/Windo...34af-4a6b-937f-324e1862244b1033.mspx?mfr=true
Download details Group Policy Preference Client Side Extensions for Windows
Vista (KB943729):
http://www.microsoft.com/downloads/...Cx4M3/fydciXgAhUYokhIoSXWbNPP8cTfRGtLJ0mAuw==
--
Was this helpful? Then click the Ratings button. Voting helps the web
interface.
http://www.microsoft.com/wn3/locales/help/help_en-us.htm#RateAPostAsAnswer
Mark L. Ferguson
.
Click to expand...

Actually i have done all that so far..

This is what i am doing.. i'm using GPMC from a vista box to set
the enableLinkedConnections to a value of 1 (so that mapped drives will show
up in elevated programs).. (where i can see my other 2003 server group
policies as well).. i've also put the admx file out on the 2003 server so
that it works..

But for some reason it seems like the local policy is wiping this out now
(ie: i'm on vista.. i do a gpedit.msc).. even from a vista box just editing
the local policy, i see my entry for the enablelinkedconnections here as
well (i think because the admx file is on the local vista box as well)..
whether i
try turning it on, on the server and/or turning it on or off via gpedit on
the local policy.. i cant get any combo of these settings to stick.

I'm not real clear on this.. but i thought that the domain policy set from
GPMC whether from the vista box or from 2003.. would override any local
policy settings done by using gpedit.msc on a vista box alone?

I think it is here that the confusion may be occurring.. ie: best bet is to
use GPMC from say a vista box or 2003 server and set vista policies here
correct?

(If so.. how can i undo the gpedit.msc local policy, short of going in and
**choosing disable on say the computer config section, which i think does
work
and make the mapped drives setting stick)?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Vista setup 1
VISTA Policy - User's Folder 1
local policy 9
UAC changeable in policies?? 4
local security policy does not get applied 2
GPO for Vista 1
can't modify local security settings 2
Sidebar no longer loads 3

Top