Local System Policy not Applied to AD Account

[Tone]

Existing

Windows 2000 TS SP3 Servers with Citrix XPe using Kix Logon Scripts
and Local System Policies

All works well, Current NT Security group names pickup their relevant
Policy Group object, Admin account works OK, as does the Backup
Operators account. The the security groups are also parsed through the
Kix Logon script for relavant drive maps, and registry settings etc

Problem
Windows 2003 AD being setup
New AD Account created
Logging into to existing Windows 2000 TS Citrix Servers (Note NEW AD
Account permissioned against relevant Citrix Desktop and added to
Local Policy andKix Logon Script)

When I log in with the new AD account the logon script finds the AD
account and applies the relevant settings for that account, however
the local system policy doesn't seem to recognise the AD account and
as such supplies it with the Default User policy.
I have tried to use the NT short name for the security group in the
old Windows 2000 policy but it still does not recognise the AD
account.

Question.
Will 2003 AD accounts pickup old Win2k Local System Policies (The
existing KIX logon scripts pickup the new AD Account), or do you have
to define EVERYTHING via GPO's ??

I am investigating the amount of work that will need to be undertaken
to migrate our existing infrastructure to a new AD Domain. Obviously
if we can in theory Lift and Shift the existing servers great as it
will give us more time to rebuild servers to 2003 and integrate them
fully within the AD.

Thanx
Tony

 

[ptwilliams]

Question.
Will 2003 AD accounts pickup old Win2k Local System Policies (The existing
KIX logon scripts pickup the new AD Account), or do you have to define
EVERYTHING via GPO's ??

Hmmm...that's something I've never thought about or put to the test. I
would think that if there are not conflicting GPO settings then the LGPO
should apply - as it applies to all users of the computer.

Anyway, for TS/Citrix boxes you may find this article helpful:
-- http://support.microsoft.com/?id=260370

One of Loopback processing's main uses is for TS boxes.


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
Existing

Windows 2000 TS SP3 Servers with Citrix XPe using Kix Logon Scripts
and Local System Policies

All works well, Current NT Security group names pickup their relevant
Policy Group object, Admin account works OK, as does the Backup
Operators account. The the security groups are also parsed through the
Kix Logon script for relavant drive maps, and registry settings etc

Problem
Windows 2003 AD being setup
New AD Account created
Logging into to existing Windows 2000 TS Citrix Servers (Note NEW AD
Account permissioned against relevant Citrix Desktop and added to
Local Policy andKix Logon Script)

When I log in with the new AD account the logon script finds the AD
account and applies the relevant settings for that account, however
the local system policy doesn't seem to recognise the AD account and
as such supplies it with the Default User policy.
I have tried to use the NT short name for the security group in the
old Windows 2000 policy but it still does not recognise the AD
account.

Question.
Will 2003 AD accounts pickup old Win2k Local System Policies (The
existing KIX logon scripts pickup the new AD Account), or do you have
to define EVERYTHING via GPO's ??

I am investigating the amount of work that will need to be undertaken
to migrate our existing infrastructure to a new AD Domain. Obviously
if we can in theory Lift and Shift the existing servers great as it
will give us more time to rebuild servers to 2003 and integrate them
fully within the AD.

Thanx
Tony