About Ed Hands

 I have been working in the IT field for over twenty years.  

In addition to spending time with my beautiful wife and two lovely daughters,  I enjoy practicing the guitar, Tae Kwon Do, reading, and grilling out  I am always trying to plan the perfect road-trip with my family.  Hopefully there will be coffee.

The purpose of this blog is to journal my experience in the IT field and hopefully provide a useful guide to those doing likewise.  And to journal my random musings on technology, computers, or whatever else strikes my fancy.  Adult ADD FTW!!!!  Ohhh...look...something shiny....


Follow me!
Technology Blogs
technology blogs
Web Directory
OnToplist is optimized by SEO
Add blog to our directory.
ping web site via FeedShark
Shameless Self-Promotion



$100 (1) 2010 (1) 2011 (1) Active Directory (2) activecho (1) AD (1) air-watch (1) Android (7) Anger (1) App (1) app catalog (3) Apple (11) Apple iPad (3) Apps (3) AVI (2) bad science (1) Barracuda (1) Barracuda Networks (1) batch file (2) Beatles (1) best commercial (1) Blogger (1) Blogs (1) Boardwalk Empire (1) cancer (1) Cannot Get Mail (1) CDW (4) certprincipalname (1) cessation (1) Chantix (1) Christ (2) Cisco (1) Cisco VPN (2) climate (1) CNET (1) coffee (1) collaboration (1) comcastbusiness.net (2) distribution group (1) DOS (2) dropbox (1) DVD (1) EMC (1) Enlightenment (1) Evernote (3) Exchange (2) Exchange 2010 (4) Fallout 3 (1) family (1) FlexClone (1) Flipboard (1) Funny (1) GAL (1) Galaxy (1) Galaxy Tab (4) global warminig (1) God (1) GoodPlayer (1) Google (3) Google Toolbar (1) Gorilla Glass (1) GPO (2) Graditude (1) hacker (1) HDMI (1) horror (2) hotels (1) HP (4) humor (1) idiots (1) IE8 (1) IE9 (1) iftt.com (1) Internet Explorer (1) ios (1) iPad (5) iPhone (7) Jamie Foxx (1) Japanese (1) kuerig (1) Lefthand (1) magic (1) Mail list (1) MDM (1) Media Streaming (2) Meditation (4) Michael Richards (1) Microsoft (1) Middle East (1) MKV (2) MobilEcho (2) Movies (3) Murdoch (1) NBC (1) NetApp (5) Netflix (2) Network (3) Nook (1) NPR (1) OAB (1) Office (2) Only connect to proxy servers that have this principal name in their certificate (1) outlook (1) Outlook 2010 (1) Outlook Anywhere (1) OWA (1) Photos (1) quit (1) quit smoking (1) racist (1) rant (1) Rants (2) Resolutions (1) Resturants (3) Road Trip (1) Samsung (3) Saturday Night Live (1) science (1) Screen Shot (1) Seattle (2) security (1) Shattered (1) Shortcuts (1) smoking (1) SMP-N100 (1) SnapDrive (1) SNL (2) software (1) Sony (1) spam (2) spam filter (3) Spirituality (1) Squarespace (1) starbucks (1) Streaming (2) Super Bowl (1) Superbowl 2011 (1) Superbowl XLV (1) System Restore (1) Task (1) Teaching (1) Television (1) The Daily (1) top commercial (1) top ten (1) Touchpad (4) Training (1) Travel (2) Users (2) Verizon (1) verizon.net (1) VMWare (2) vsphere (1) WD TV (2) wd tv live (1) WDTVLIVEPLUS (2) web (1) webOS (3) Western Digital (2) Windows 7 (5) Windows Server (3) Wisconsin Dells (1) worst commercial (1) WPA (1) WPA2 (1) XBox 360 (1) XML (1) ZDNet (1) Zen (13) zombie (1)
« System Restore Fun!!! | Main | Repost of "My Wife is a Teacher" »

GPO, Deny local Logon, and end users....

Today I got a bit of a shock while trying to do some troubleshooting on a new server.  I could not access the resource monitor to see what was causing some odd interface delays.  Finally I looked and the server was logged on by one of my domain users.  This is very interesting as I have domain users blocked from logging into my servers locally.

(As an FYI, I accomplished this by having a separate GPO for servers and domain controllers.  Then I edit the GPO and under Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment I define the “Deny log on locally” policy and add the user group I want to block (in my case, Domain Users) to that group.)

Anyway, it seems that I added the server to the domain and left for lunch.  Then, in what must have been the minute after I left, this end user went into the server room (which doesn’t have any physically security because we are just moving in to a new building) and logged into the server.  The oddity here is that I must have added it to the domain and not rebooted.  Then this guy came in and logged me off and him on and went about doing his business (he wanted to show someone the security cameras which is extra humorous as the security cameras aren’t even on any of the network servers) and then walked away.

So I returned from lunch and nothing seemed to be working quite right.  Everything seemed sluggish and I couldn’t do a Resource Monitor (it said I didn’t have permission…) and things just seemed off.  But then I had to leave and return back to the main office.  I touched on it again on Friday but couldn’t seem to find a cause.  But finally today I figured it out when I saw the end user’s name on the start menu.  I called him and asked him if he logged into a server.  “No.  Not me” he said.  I gave him some more detail like the specific time and date and suddenly his memory was restored.  I told him he wasn’t allowed in the server room at all much less touch the servers.  “But the door was open” he claimed.  A moot point, I said, since none of the doors in the entire office had been put on yet.  That didn’t give him a right to touch it.

So here I am, checking and rechecking everything to see if he did any damage or anything nefarious.

Ugh…end users….

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>