I would assume there has to be some way for GPOs to know "not" to execute when confronted with a logon validated via share access or something, a standard logon "from the network". But I agree, it would be nicer to see something specific, especially when dealing with service or batch logons which may actually need to interact a little without being truly "interactive"
On 27 July 2011 13:22, Bonnie Miller <midnit...@gmail.com> wrote: > Argh... fixed the problem with our inbound e-mail... > > Yes, the testing we were doing yesterday showed that if we logged on > interactively with the "service account", the policies would apply. If we > wiped that profile and just let it log on as a service, user policies were > not showing up (using regedit to view the settings for that account > remotely). > > I found one reference here: > http://technet.microsoft.com/en-us/library/cc784268(WS.10).aspx > next to "winlogon.exe" that makes me think user policies only apply to an > interactive logon, but I was hoping to find something more specific one way > or the other. > Thanks, > -Bonnie > On Tue, Jul 26, 2011 at 1:41 PM, Miller Bonnie L. < > mille...@mukilteo.wednet.edu> wrote: > >> Does anyone know the outcome of the following?**** >> >> ** ** >> >> Domain-member workstation (W7 SP1 or Wxp SP3).**** >> >> Domain-member user account.**** >> >> User account is configured to logon as a service on the workstation (set >> up as a service account).**** >> >> ** ** >> >> When the workstation is started up, do user-based GPO settings apply to >> the service account when it “logs on”?**** >> >> ** ** >> >> ** ** >> >> We have a very specific need to set the proxy configuration for a service >> account, but not for the computer as a whole (when no user is logged on), so >> we can’t use proxycfg/netsh. Trying to set this using GPO “User >> Config\Policies\Windows Settings\Internet Explorer Maintenance” section, >> like we do for our other user accounts. If we log on interactively with the >> account, the settings show up. If you let the account log on as a service >> and view the settings remotely via regedit, they are not being set.**** >> >> ** ** >> >> Is this the way it is supposed to work? I can’t seem to find a good >> reference for this scenario. Would GPPs maybe work better?**** >> >> ** ** >> >> Thanks,**** >> >> Bonnie**** >> >> ~ Finally, powerful >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ****** IMPORTANT INFORMATION/DISCLAIMER ***** This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress...... * * The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. * * In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets** ** At Home yesterday. * * We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! * * The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
