Windows XP Embedded and GPO settings (continued)
Posted on Monday, 26th May, 2008 in Life
Well, as I said in my previous post, I do have some weird things happening. Apparently adding the domain user to the local group “Administrators” makes everything just works fine, yet he can’t do administrator like stuff (like turning off the write protection, changing local user accounts, …).
Also, if you’re looking for a smart way of how to add a certain global group (as in Active Directory group) to a local group, try this:
1 | NET LOCALGROUP Administrators /ADD DOMAIN\GROUPNAME |
That simple, doesn’t even need the usual credentials to lookup the object, it apparently bypassed that step *shrug*.
And yet another weird thing is: if I run a certain command from a deployment script, it gives me different result as a manual execution of said script would give me .. *shrug*
1 2 3 4 5 6 | NETDOM JOIN %COMPUTERNAME% /domain:barfoo.org \ /OU:"OU=Thinclients,OU=Computers,DC=barfoo,DC=org" \ /UserD:%ADMIN% /PasswordD:somepass \ /User0: Administrator /Password0:Administrator NET LOCALGROUP Administrators /ADD BARFOO\Domain-Users |
If I put that into a rsp (that is Wyse Device Manager script), it ain’t working. Would I be executing it myself without the WDM, everything works like a charm … *yuck*
[...] my Windows XP Embedded thin clients as well as my Windows Server 2003 systems where showing this real *weird* behaviour when applying group policies, or more precise the user based configuration of a group [...]
[...] thin clients as well as the terminal server would only load user based group policy if you are a member of the group of local administrators. While that’s ok for the thin clients (users can’t actually change something unless [...]