GPO Problem with 2003 R2 Local System Account

Jerky_san

Weaksauce
Joined
Nov 6, 2009
Messages
113
Alright I've been trying to figure this out for almost two days and I've never heard of this happening truthfully so I'm hoping one of you guys can help me.. Some how on one of our terminal servers the NT Authority\System account has gotten GPO applied to it. We use GPOs to restrict exe usage on our terminal servers but they are in 2 different OU's.. The terminal server OU doesn't have anything but WSUS and some citrix settings in it. So my question is.. is there a way to fix this? We are getting errors about programs unable to run under the system account..
 
I'd start by asking yourself -- should these program launches be running under the system context?

You'll basically have to find out where the GPO was applied and then undo it. Security settings as you describe are most likely applied at the OU of the terminal server. I'd say someone made a change -- either applied a GPO to the wrong OU or moved the computer account to a new OU.
 
The problem I have with the whole matter is how does a local system account such as "NT AUTHORITY\SYSTEM" get GPO applied to it from a DC.. None of the other Terminal servers in the group are doing it. Just this single one. I disjoined it from the domain and made perfectly sure there were no software restrictions and it still has them. The program that's running is the A/V and MOM service..
 
Back
Top