A
Asif Shah
Guest
Re: Administrator Consoled in Can not install software
Thanks for the insight Hank.
What GPO settings are talking about in particular? As Vera suggested I have
the "Permissions compatible with Windows 2000 Users" in TSC already selected.
I also have the windows installer GPO setting disabled. What other GPO can I
touch. I will be changing the NTFS permissions today like Vera suggested.
Thanks.
"Hank Arnold (MVP)" wrote:
> I'm a little confused... We control the installation of software by GPO.
> No one except someone in the Administrators group can install software
> on *ANY* computer (server, workstation, laptop, etc.)....period. In
> addition, we have a firewall (part of the Sophos End Point Security)
> that will not allow *any* program to run that has not been added to the
> firewall security.
>
> We still have W2K servers with TS installed. I've never seen this
> problem. I'm forwarding this to my work id and I'll see what I can find.
>
> To be honest, I can't guarantee I'll get to it today (Monday). This is
> typically my busiest day with several weekly reports due in the AM, I
> have to deal with all the problems the nurses have had over the weekend
> with their laptops and remote access as well as some major issues that
> just came up due to a vendor telling us that we need to spend a
> significant amount of $$ that is not in the budget. You haven't lived
> until you work for a non-profit and try to get IT money that isn't in
> the budget... :-(
>
> --
>
> Regards,
> Hank Arnold
> Microsoft MVP
> Windows Server - Directory Services
>
> Vera Noest [MVP] wrote:
> > Well, as I wrote, I don't remember the details of a W2K TS. During
> > installation, you are asked to choose the "Compatibility mode". Is
> > there anyting in tscc which mentions that? If so, you chould choose
> > "Permissions compatible with Windows 2000 Users".
> >
> > Anyone else maybe, who has access to a W2K TS?
> > _________________________________________________________
> > Vera Noest
> > MCSE, CCEA, Microsoft MVP - Terminal Server
> > TS troubleshooting: http://ts.veranoest.net
> > ___ please respond in newsgroup, NOT by private email ___
> >
> > =?Utf-8?B?QXNpZiBTaGFo?= <AsifShah@discussions.microsoft.com>
> > wrote on 02 aug 2008 in
> > microsoft.public.windows.terminal_services:
> >
> >> I am looking at the Terminal Services Configuration - Server
> >> Settings, which setting do I change. I dont see anything that
> >> says "relaxed security".
> >>
> >> "Vera Noest [MVP]" wrote:
> >>
> >>> OK, seems like the Terminal Services was installed with relaxed
> >>> security. It's a long time ago that I worked with W2K TS, so
> >>> I'm unsure about the details, but I believe that you can check
> >>> (and change?) this in Terminal Services Configuration - Server
> >>> settings.
> >>>
> >>> You'll have to further secure the server with NTFS permissions
> >>> on the file system. At the minimum, modify the NTFS permissions
> >>> as follows:
> >>> %SystemDrive%, %SystemRoot%, %ProgramFiles% and
> >>> %SystemRoot%\system32 :
> >>> System - Full Control
> >>> Administrators - Full Control
> >>> Authenticated Users - Read & Execute
> >>>
> >>> _________________________________________________________
> >>> Vera Noest
> >>> MCSE, CCEA, Microsoft MVP - Terminal Server
> >>> TS troubleshooting: http://ts.veranoest.net
> >>> ___ please respond in newsgroup, NOT by private email ___
> >>>
> >>> =?Utf-8?B?QXNpZiBTaGFo?= <AsifShah@discussions.microsoft.com>
> >>> wrote on 01 aug 2008 in
> >>> microsoft.public.windows.terminal_services:
> >>>
> >>>> Vera,
> >>>>
> >>>> My appoligies for adding to an older thread. I just thought
> >>>> since you were dicussing a similiar problem I would post my
> >>>> issue. I will keep in mind nex time.
> >>>>
> >>>> I am the administrator and I am trying to restrict all
> >>>> non-admin users from installing software on the server. This
> >>>> is on a Windows 2000 server. How can I check if I installed
> >>>> TS with full security. Apprently something is not setup
> >>>> right, because few days ago I discovered that new software
> >>>> were installed, some games and Mozilla Firebox. I checked
> >>>> with my admins and they didnt. So it had to have been a
> >>>> regular user. No other user has right like us admins. I even
> >>>> did a test. I logged in as a normal user whose password I
> >>>> knew and I was able to download and install Firefox and other
> >>>> software.
> >>>>
> >>>> The only thing I have done is disable the windows installer
> >>>> but seems like that only works for software that use windows
> >>>> installer to install itself. The article I read from
> >>>> Microsoft that talks about this GPO mentions this condition.
> >>>> What else can I do? What else can I check?
> >>>>
> >>>> Thanks.
> >>>>
> >>>> "Vera Noest [MVP]" wrote:
> >>>>
> >>>>> Asif, you seem to append to an old thread which was about
> >>>>> the opposite of your problem. That's very confusing. Next
> >>>>> time, please start a new thread and clearly state your
> >>>>> problem.
> >>>>>
> >>>>> What exactly is it that you want to achieve? I'm assuming
> >>>>> that your are the Administrator of a TS, and that you want
> >>>>> to prohibit users to install software, is that correct? Or
> >>>>> do you want to disable this for all users, including
> >>>>> Administrators?
> >>>>>
> >>>>> If you just want to take away this possibility for normal
> >>>>> users, the answer is that they don't have the proper rights
> >>>>> any way, assuming that you run on Windows 2003 and have
> >>>>> installed Terminal Services with "Full Security". They can
> >>>>> install applications in their home folder, but can't add or
> >>>>> replace system files, dll's etc.
> >>>>>
> >>>>> _________________________________________________________
> >>>>> Vera Noest
> >>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
> >>>>> TS troubleshooting: http://ts.veranoest.net
> >>>>> *----------- Please reply in newsgroup -------------*
> >>>>>
> >>>>> =?Utf-8?B?QXNpZiBTaGFo?=
> >>>>> <AsifShah@discussions.microsoft.com> wrote on 01 aug 2008:
> >>>>>
> >>>>>> Vera,
> >>>>>>
> >>>>>> I have disabled the windows installer but that only
> >>>>>> applies to software installations that use windows
> >>>>>> installer to install itself. There are other installs that
> >>>>>> dont use windows install. e.g. installing Mozilla Firefox.
> >>>>>> I have the GPO you mentioned for the windows installer
> >>>>>> enabled but i can still install firefox........what else
> >>>>>> can i try?
> >>>>>>
> >>>>>> "Vera Noest [MVP]" wrote:
> >>>>>>
> >>>>>>> OK, thanks for the feedback, I'm glad that your problem
> >>>>>>> is solved! It's a bit puzzeling though that the problem
> >>>>>>> didn't disappear by configuring the GPO setting in the
> >>>>>>> domain-wide GPO applied to the TS, since those settings
> >>>>>>> override the local policy.
> >>>>>>>
> >>>>>>> _________________________________________________________
> >>>>>>> Vera Noest
> >>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
> >>>>>>> TS troubleshooting: http://ts.veranoest.net
> >>>>>>> ___ please respond in newsgroup, NOT by private email ___
> >>>>>>>
> >>>>>>> =?Utf-8?B?VE0=?= <TM@discussions.microsoft.com> wrote on
> >>>>>>> 14 nov 2007 in
> >>>>>>> microsoft.public.windows.terminal_services:
> >>>>>>>
> >>>>>>>> Thanks for your help it was the local policy that was
> >>>>>>>> still turned on.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> "Vera Noest [MVP]" wrote:
> >>>>>>>>
> >>>>>>>>> Did you run Resultant Set of Policies, as I suggested
> >>>>>>>>> in my previous post? That would tell you exactly which
> >>>>>>>>> policy has the setting configured.
> >>>>>>>>> You can edit the local policy with gpedit.msc
> >>>>>>>>>
> >>>>>>>>> If you get this error message even when you are logged
> >>>>>>>>> in at the physical console of the server, then it
> >>>>>>>>> seems that Windows Installer is disabled completely,
> >>>>>>>>> not only for installations from within a TS session.
> >>>>>>>>> That setting can be found in Computer Configuration -
> >>>>>>>>> Administrative Templates - Windows Components -
> >>>>>>>>> Windows Installer "Disable Windows Installer"
> >>>>>>>>>
> >>>>>>>>> Other troubleshooting tools could be:
> >>>>>>>>>
> >>>>>>>>> 223300 - How to Enable Windows Installer Logging
> >>>>>>>>> http://support.microsoft.com/?kbid=223300
> >>>>>>>>>
> >>>>>>>>> 221833 - How to enable user environment debug logging
> >>>>>>>>> in retail builds of Windows
> >>>>>>>>> http://support.microsoft.com/?kbid=221833
> >>>>>>>>> _______________________________________________________
> >>>>>>>>> __ Vera Noest
> >>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
> >>>>>>>>> TS troubleshooting: http://ts.veranoest.net
> >>>>>>>>> ___ please respond in newsgroup, NOT by private email
> >>>>>>>>> ___
> >>>>>>>>>
> >>>>>>>>> =?Utf-8?B?VE0=?= <TM@discussions.microsoft.com> wrote
> >>>>>>>>> on 14 nov 2007 in
> >>>>>>>>> microsoft.public.windows.terminal_services:
> >>>>>>>>>
> >>>>>>>>>> Well I have went through on the domain controller
> >>>>>>>>>> and removed the group policy for that server.
> >>>>>>>>>> Even when consoled and logged in as Administrator it
> >>>>>>>>>> still gives that error.
> >>>>>>>>>>
> >>>>>>>>>> Is there any chance a setting could have been set
> >>>>>>>>>> locally on that server. If so where does a person
> >>>>>>>>>> look to find out if it has been reset?
> >>>>>>>>>>
> >>>>>>>>>> thanks for your response
> >>>>>>>>>>
> >>>>>>>>>> "Vera Noest [MVP]" wrote:
> >>>>>>>>>>
> >>>>>>>>>>> Given the error message that you get, I'm still
> >>>>>>>>>>> convinced it's a GPO setting. Have you tried
> >>>>>>>>>>> resultant set of Policies?
> >>>>>>>>>>>
> >>>>>>>>>>> ____________________________________________________
> >>>>>>>>>>> ___ __ Vera Noest
> >>>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
> >>>>>>>>>>> TS troubleshooting: http://ts.veranoest.net
> >>>>>>>>>>> ___ please respond in newsgroup, NOT by private
> >>>>>>>>>>> email ___
> >>>>>>>>>>>
> >>>>>>>>>>> =?Utf-8?B?VE0=?= <TM@discussions.microsoft.com>
> >>>>>>>>>>> wrote on 08 nov 2007 in
> >>>>>>>>>>> microsoft.public.windows.terminal_services:
> >>>>>>>>>>>
> >>>>>>>>>>>> Thanks for the reply
> >>>>>>>>>>>>
> >>>>>>>>>>>> I found an article on doing that and it still
> >>>>>>>>>>>> isn't working. I have even restarted the terminal
> >>>>>>>>>>>> server to try and fix the issue.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Could there be a registry setting on the server
> >>>>>>>>>>>> itself that would prevent installations?
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> "Vera Noest [MVP]" wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>> Sounds like you want to enable this GPO setting:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Computer Configuration - Administrative
> >>>>>>>>>>>>> Templates - Windows Components - Windows
> >>>>>>>>>>>>> Installer "Allow admin to install from Terminal
> >>>>>>>>>>>>> Services session"
> >>>>>>>>>>>>> _________________________________________________
> >>>>>>>>>>>>> ___ ___ __ Vera Noest
> >>>>>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
> >>>>>>>>>>>>> TS troubleshooting: http://ts.veranoest.net
> >>>>>>>>>>>>> ___ please respond in newsgroup, NOT by private
> >>>>>>>>>>>>> email ___
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> =?Utf-8?B?VE0=?= <TM@discussions.microsoft.com>
> >>>>>>>>>>>>> wrote on 08 nov 2007 in
> >>>>>>>>>>>>> microsoft.public.windows.terminal_services:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> I am having an issue installing programs
> >>>>>>>>>>>>>> consoled in and logged in as admininstrator.
> >>>>>>>>>>>>>> It keeps giving the message of "The system
> >>>>>>>>>>>>>> administrator has set policies to prevent this
> >>>>>>>>>>>>>> installation"
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I don't know of any policy set to prevent this
> >>>>>>>>>>>>>> from even happening for the administrator. I
> >>>>>>>>>>>>>> have went to the lengths of removing the group
> >>>>>>>>>>>>>> policy for the users and trying it again
> >>>>>>>>>>>>>> without any luck.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Does anyone know how to reset everything on
> >>>>>>>>>>>>>> that server or any suggestions.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>> TM
>
>
Thanks for the insight Hank.
What GPO settings are talking about in particular? As Vera suggested I have
the "Permissions compatible with Windows 2000 Users" in TSC already selected.
I also have the windows installer GPO setting disabled. What other GPO can I
touch. I will be changing the NTFS permissions today like Vera suggested.
Thanks.
"Hank Arnold (MVP)" wrote:
> I'm a little confused... We control the installation of software by GPO.
> No one except someone in the Administrators group can install software
> on *ANY* computer (server, workstation, laptop, etc.)....period. In
> addition, we have a firewall (part of the Sophos End Point Security)
> that will not allow *any* program to run that has not been added to the
> firewall security.
>
> We still have W2K servers with TS installed. I've never seen this
> problem. I'm forwarding this to my work id and I'll see what I can find.
>
> To be honest, I can't guarantee I'll get to it today (Monday). This is
> typically my busiest day with several weekly reports due in the AM, I
> have to deal with all the problems the nurses have had over the weekend
> with their laptops and remote access as well as some major issues that
> just came up due to a vendor telling us that we need to spend a
> significant amount of $$ that is not in the budget. You haven't lived
> until you work for a non-profit and try to get IT money that isn't in
> the budget... :-(
>
> --
>
> Regards,
> Hank Arnold
> Microsoft MVP
> Windows Server - Directory Services
>
> Vera Noest [MVP] wrote:
> > Well, as I wrote, I don't remember the details of a W2K TS. During
> > installation, you are asked to choose the "Compatibility mode". Is
> > there anyting in tscc which mentions that? If so, you chould choose
> > "Permissions compatible with Windows 2000 Users".
> >
> > Anyone else maybe, who has access to a W2K TS?
> > _________________________________________________________
> > Vera Noest
> > MCSE, CCEA, Microsoft MVP - Terminal Server
> > TS troubleshooting: http://ts.veranoest.net
> > ___ please respond in newsgroup, NOT by private email ___
> >
> > =?Utf-8?B?QXNpZiBTaGFo?= <AsifShah@discussions.microsoft.com>
> > wrote on 02 aug 2008 in
> > microsoft.public.windows.terminal_services:
> >
> >> I am looking at the Terminal Services Configuration - Server
> >> Settings, which setting do I change. I dont see anything that
> >> says "relaxed security".
> >>
> >> "Vera Noest [MVP]" wrote:
> >>
> >>> OK, seems like the Terminal Services was installed with relaxed
> >>> security. It's a long time ago that I worked with W2K TS, so
> >>> I'm unsure about the details, but I believe that you can check
> >>> (and change?) this in Terminal Services Configuration - Server
> >>> settings.
> >>>
> >>> You'll have to further secure the server with NTFS permissions
> >>> on the file system. At the minimum, modify the NTFS permissions
> >>> as follows:
> >>> %SystemDrive%, %SystemRoot%, %ProgramFiles% and
> >>> %SystemRoot%\system32 :
> >>> System - Full Control
> >>> Administrators - Full Control
> >>> Authenticated Users - Read & Execute
> >>>
> >>> _________________________________________________________
> >>> Vera Noest
> >>> MCSE, CCEA, Microsoft MVP - Terminal Server
> >>> TS troubleshooting: http://ts.veranoest.net
> >>> ___ please respond in newsgroup, NOT by private email ___
> >>>
> >>> =?Utf-8?B?QXNpZiBTaGFo?= <AsifShah@discussions.microsoft.com>
> >>> wrote on 01 aug 2008 in
> >>> microsoft.public.windows.terminal_services:
> >>>
> >>>> Vera,
> >>>>
> >>>> My appoligies for adding to an older thread. I just thought
> >>>> since you were dicussing a similiar problem I would post my
> >>>> issue. I will keep in mind nex time.
> >>>>
> >>>> I am the administrator and I am trying to restrict all
> >>>> non-admin users from installing software on the server. This
> >>>> is on a Windows 2000 server. How can I check if I installed
> >>>> TS with full security. Apprently something is not setup
> >>>> right, because few days ago I discovered that new software
> >>>> were installed, some games and Mozilla Firebox. I checked
> >>>> with my admins and they didnt. So it had to have been a
> >>>> regular user. No other user has right like us admins. I even
> >>>> did a test. I logged in as a normal user whose password I
> >>>> knew and I was able to download and install Firefox and other
> >>>> software.
> >>>>
> >>>> The only thing I have done is disable the windows installer
> >>>> but seems like that only works for software that use windows
> >>>> installer to install itself. The article I read from
> >>>> Microsoft that talks about this GPO mentions this condition.
> >>>> What else can I do? What else can I check?
> >>>>
> >>>> Thanks.
> >>>>
> >>>> "Vera Noest [MVP]" wrote:
> >>>>
> >>>>> Asif, you seem to append to an old thread which was about
> >>>>> the opposite of your problem. That's very confusing. Next
> >>>>> time, please start a new thread and clearly state your
> >>>>> problem.
> >>>>>
> >>>>> What exactly is it that you want to achieve? I'm assuming
> >>>>> that your are the Administrator of a TS, and that you want
> >>>>> to prohibit users to install software, is that correct? Or
> >>>>> do you want to disable this for all users, including
> >>>>> Administrators?
> >>>>>
> >>>>> If you just want to take away this possibility for normal
> >>>>> users, the answer is that they don't have the proper rights
> >>>>> any way, assuming that you run on Windows 2003 and have
> >>>>> installed Terminal Services with "Full Security". They can
> >>>>> install applications in their home folder, but can't add or
> >>>>> replace system files, dll's etc.
> >>>>>
> >>>>> _________________________________________________________
> >>>>> Vera Noest
> >>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
> >>>>> TS troubleshooting: http://ts.veranoest.net
> >>>>> *----------- Please reply in newsgroup -------------*
> >>>>>
> >>>>> =?Utf-8?B?QXNpZiBTaGFo?=
> >>>>> <AsifShah@discussions.microsoft.com> wrote on 01 aug 2008:
> >>>>>
> >>>>>> Vera,
> >>>>>>
> >>>>>> I have disabled the windows installer but that only
> >>>>>> applies to software installations that use windows
> >>>>>> installer to install itself. There are other installs that
> >>>>>> dont use windows install. e.g. installing Mozilla Firefox.
> >>>>>> I have the GPO you mentioned for the windows installer
> >>>>>> enabled but i can still install firefox........what else
> >>>>>> can i try?
> >>>>>>
> >>>>>> "Vera Noest [MVP]" wrote:
> >>>>>>
> >>>>>>> OK, thanks for the feedback, I'm glad that your problem
> >>>>>>> is solved! It's a bit puzzeling though that the problem
> >>>>>>> didn't disappear by configuring the GPO setting in the
> >>>>>>> domain-wide GPO applied to the TS, since those settings
> >>>>>>> override the local policy.
> >>>>>>>
> >>>>>>> _________________________________________________________
> >>>>>>> Vera Noest
> >>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
> >>>>>>> TS troubleshooting: http://ts.veranoest.net
> >>>>>>> ___ please respond in newsgroup, NOT by private email ___
> >>>>>>>
> >>>>>>> =?Utf-8?B?VE0=?= <TM@discussions.microsoft.com> wrote on
> >>>>>>> 14 nov 2007 in
> >>>>>>> microsoft.public.windows.terminal_services:
> >>>>>>>
> >>>>>>>> Thanks for your help it was the local policy that was
> >>>>>>>> still turned on.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> "Vera Noest [MVP]" wrote:
> >>>>>>>>
> >>>>>>>>> Did you run Resultant Set of Policies, as I suggested
> >>>>>>>>> in my previous post? That would tell you exactly which
> >>>>>>>>> policy has the setting configured.
> >>>>>>>>> You can edit the local policy with gpedit.msc
> >>>>>>>>>
> >>>>>>>>> If you get this error message even when you are logged
> >>>>>>>>> in at the physical console of the server, then it
> >>>>>>>>> seems that Windows Installer is disabled completely,
> >>>>>>>>> not only for installations from within a TS session.
> >>>>>>>>> That setting can be found in Computer Configuration -
> >>>>>>>>> Administrative Templates - Windows Components -
> >>>>>>>>> Windows Installer "Disable Windows Installer"
> >>>>>>>>>
> >>>>>>>>> Other troubleshooting tools could be:
> >>>>>>>>>
> >>>>>>>>> 223300 - How to Enable Windows Installer Logging
> >>>>>>>>> http://support.microsoft.com/?kbid=223300
> >>>>>>>>>
> >>>>>>>>> 221833 - How to enable user environment debug logging
> >>>>>>>>> in retail builds of Windows
> >>>>>>>>> http://support.microsoft.com/?kbid=221833
> >>>>>>>>> _______________________________________________________
> >>>>>>>>> __ Vera Noest
> >>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
> >>>>>>>>> TS troubleshooting: http://ts.veranoest.net
> >>>>>>>>> ___ please respond in newsgroup, NOT by private email
> >>>>>>>>> ___
> >>>>>>>>>
> >>>>>>>>> =?Utf-8?B?VE0=?= <TM@discussions.microsoft.com> wrote
> >>>>>>>>> on 14 nov 2007 in
> >>>>>>>>> microsoft.public.windows.terminal_services:
> >>>>>>>>>
> >>>>>>>>>> Well I have went through on the domain controller
> >>>>>>>>>> and removed the group policy for that server.
> >>>>>>>>>> Even when consoled and logged in as Administrator it
> >>>>>>>>>> still gives that error.
> >>>>>>>>>>
> >>>>>>>>>> Is there any chance a setting could have been set
> >>>>>>>>>> locally on that server. If so where does a person
> >>>>>>>>>> look to find out if it has been reset?
> >>>>>>>>>>
> >>>>>>>>>> thanks for your response
> >>>>>>>>>>
> >>>>>>>>>> "Vera Noest [MVP]" wrote:
> >>>>>>>>>>
> >>>>>>>>>>> Given the error message that you get, I'm still
> >>>>>>>>>>> convinced it's a GPO setting. Have you tried
> >>>>>>>>>>> resultant set of Policies?
> >>>>>>>>>>>
> >>>>>>>>>>> ____________________________________________________
> >>>>>>>>>>> ___ __ Vera Noest
> >>>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
> >>>>>>>>>>> TS troubleshooting: http://ts.veranoest.net
> >>>>>>>>>>> ___ please respond in newsgroup, NOT by private
> >>>>>>>>>>> email ___
> >>>>>>>>>>>
> >>>>>>>>>>> =?Utf-8?B?VE0=?= <TM@discussions.microsoft.com>
> >>>>>>>>>>> wrote on 08 nov 2007 in
> >>>>>>>>>>> microsoft.public.windows.terminal_services:
> >>>>>>>>>>>
> >>>>>>>>>>>> Thanks for the reply
> >>>>>>>>>>>>
> >>>>>>>>>>>> I found an article on doing that and it still
> >>>>>>>>>>>> isn't working. I have even restarted the terminal
> >>>>>>>>>>>> server to try and fix the issue.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Could there be a registry setting on the server
> >>>>>>>>>>>> itself that would prevent installations?
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> "Vera Noest [MVP]" wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>> Sounds like you want to enable this GPO setting:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Computer Configuration - Administrative
> >>>>>>>>>>>>> Templates - Windows Components - Windows
> >>>>>>>>>>>>> Installer "Allow admin to install from Terminal
> >>>>>>>>>>>>> Services session"
> >>>>>>>>>>>>> _________________________________________________
> >>>>>>>>>>>>> ___ ___ __ Vera Noest
> >>>>>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server
> >>>>>>>>>>>>> TS troubleshooting: http://ts.veranoest.net
> >>>>>>>>>>>>> ___ please respond in newsgroup, NOT by private
> >>>>>>>>>>>>> email ___
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> =?Utf-8?B?VE0=?= <TM@discussions.microsoft.com>
> >>>>>>>>>>>>> wrote on 08 nov 2007 in
> >>>>>>>>>>>>> microsoft.public.windows.terminal_services:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> I am having an issue installing programs
> >>>>>>>>>>>>>> consoled in and logged in as admininstrator.
> >>>>>>>>>>>>>> It keeps giving the message of "The system
> >>>>>>>>>>>>>> administrator has set policies to prevent this
> >>>>>>>>>>>>>> installation"
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I don't know of any policy set to prevent this
> >>>>>>>>>>>>>> from even happening for the administrator. I
> >>>>>>>>>>>>>> have went to the lengths of removing the group
> >>>>>>>>>>>>>> policy for the users and trying it again
> >>>>>>>>>>>>>> without any luck.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Does anyone know how to reset everything on
> >>>>>>>>>>>>>> that server or any suggestions.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>> TM
>
>