We initially had the problem that when you, for instance, ran NotePad as
"Administrator", the mapped drives for our domain were not visible under my
computer..

I found the solution in the registry entry of EnableLinkedConnections,
setting the value to 1..

So at one point i made a custom admx file for this setting, which shows up
in GPO or local policy under Computer Config.. Admin. Tools..
"EnableLinkedConnections" folder with settings of enable/disable/not
configured on the right..

I think i must have gotten something wrong here.. but my new test Virtual PC
machine is working fine with elevation.. i checked and the registry setting
was in place...

I had created a 2003 GPO that would use the admx file (I updated the admx
files on the network so they were there etc too).. i called it Vista
Specific.. it had this setting..

So this is all well and good on the test machine.. the setting takes
effect.. but on every other vista machine (4 of them) the setting gets
"erased" when i do a gpupdate /force on the local machine if i manually put
it in..

I think the problem is related to "local policy" overriding it, even though
local policy also seems to have the setting enabled.. I tried removing the
setting (not configured) in local policy and refreshing things, now the test
machine is not keeping the setting.. its getting wiped, despite the "vista
specific" server based gpo..

Any thoughts on how to fix this...

I'm confused on this local policy effect.. I guess modifying the local
policy affects all vista machines, even though this isnt through the group
policy manager on the server?

Is it best practice to NOT modify the local policy even if a domain admin
and use the admx files on a 2003 server GPO setting instead (like i'm also
doing)?

I think i have some sort of conflict here but i'm not sure where or what to
fix..

Thanks

When Vista is upgraded to SP1, it loses the normal interface for
policy(secpol), and reverts to gpedit.msc. There is an add-on available. I'm
really not sure if the changes will apply to you, but this is certainly
worth a look.
Security Policy Settings New for Windows Vista:
[url]http://technet2.microsoft.com/WindowsVista/en/library/90a564b9-34af-4a6b-937f-324e1862244b1033.mspx?mfr=true[/url]
Download details Group Policy Preference Client Side Extensions for Windows
Vista (KB943729):
[url]http://www.microsoft.com/downloads/details.aspx?FamilyID=ab60dc87-884c-46d5-82cd-f3c299dac7cc&displaylang=en&Hash=SFt%2bCzRtDEwDfK%2bjb33cMrcAaGezMgO6aYhsLTRcY%2bGCx4M3%2ffydciXgAhUYokhIoSXWbNPP8cTfRGtLJ0mAuw%3d%3d[/url]
--
Was this helpful? Then click the Ratings button. Voting helps the web
interface.
[url]http://www.microsoft.com/wn3/locales/help/help_en-us.htm#RateAPostAsAnswer[/url]
Mark L. Ferguson
..

"markm75" <markm75@discussions.microsoft.com> wrote in message
news:A15767FE-CD75-4C50-81A9-BFD973EB5DEC@microsoft.com...[color=blue]
> We initially had the problem that when you, for instance, ran NotePad as
> "Administrator", the mapped drives for our domain were not visible under
> my
> computer..
>
> I found the solution in the registry entry of EnableLinkedConnections,
> setting the value to 1..
>
> So at one point i made a custom admx file for this setting, which shows up
> in GPO or local policy under Computer Config.. Admin. Tools..
> "EnableLinkedConnections" folder with settings of enable/disable/not
> configured on the right..
>
> I think i must have gotten something wrong here.. but my new test Virtual
> PC
> machine is working fine with elevation.. i checked and the registry
> setting
> was in place...
>
> I had created a 2003 GPO that would use the admx file (I updated the admx
> files on the network so they were there etc too).. i called it Vista
> Specific.. it had this setting..
>
> So this is all well and good on the test machine.. the setting takes
> effect.. but on every other vista machine (4 of them) the setting gets
> "erased" when i do a gpupdate /force on the local machine if i manually
> put
> it in..
>
> I think the problem is related to "local policy" overriding it, even
> though
> local policy also seems to have the setting enabled.. I tried removing
> the
> setting (not configured) in local policy and refreshing things, now the
> test
> machine is not keeping the setting.. its getting wiped, despite the "vista
> specific" server based gpo..
>
> Any thoughts on how to fix this...
>
> I'm confused on this local policy effect.. I guess modifying the local
> policy affects all vista machines, even though this isnt through the group
> policy manager on the server?
>
> Is it best practice to NOT modify the local policy even if a domain admin
> and use the admx files on a 2003 server GPO setting instead (like i'm also
> doing)?
>
> I think i have some sort of conflict here but i'm not sure where or what
> to
> fix..
>
> Thanks[/color]

"Mark L. Ferguson" wrote:
[color=blue]
> When Vista is upgraded to SP1, it loses the normal interface for
> policy(secpol), and reverts to gpedit.msc. There is an add-on available. I'm
> really not sure if the changes will apply to you, but this is certainly
> worth a look.
> Security Policy Settings New for Windows Vista:
> [url]http://technet2.microsoft.com/WindowsVista/en/library/90a564b9-34af-4a6b-937f-324e1862244b1033.mspx?mfr=true[/url]
> Download details Group Policy Preference Client Side Extensions for Windows
> Vista (KB943729):
> [url]http://www.microsoft.com/downloads/details.aspx?FamilyID=ab60dc87-884c-46d5-82cd-f3c299dac7cc&displaylang=en&Hash=SFt%2bCzRtDEwDfK%2bjb33cMrcAaGezMgO6aYhsLTRcY%2bGCx4M3%2ffydciXgAhUYokhIoSXWbNPP8cTfRGtLJ0mAuw%3d%3d[/url]
> --
> Was this helpful? Then click the Ratings button. Voting helps the web
> interface.
> [url]http://www.microsoft.com/wn3/locales/help/help_en-us.htm#RateAPostAsAnswer[/url]
> Mark L. Ferguson
> .
>
> "markm75" <markm75@discussions.microsoft.com> wrote in message
> news:A15767FE-CD75-4C50-81A9-BFD973EB5DEC@microsoft.com...[color=green]
> > We initially had the problem that when you, for instance, ran NotePad as
> > "Administrator", the mapped drives for our domain were not visible under
> > my
> > computer..
> >
> > I found the solution in the registry entry of EnableLinkedConnections,
> > setting the value to 1..
> >
> > So at one point i made a custom admx file for this setting, which shows up
> > in GPO or local policy under Computer Config.. Admin. Tools..
> > "EnableLinkedConnections" folder with settings of enable/disable/not
> > configured on the right..
> >
> > I think i must have gotten something wrong here.. but my new test Virtual
> > PC
> > machine is working fine with elevation.. i checked and the registry
> > setting
> > was in place...
> >
> > I had created a 2003 GPO that would use the admx file (I updated the admx
> > files on the network so they were there etc too).. i called it Vista
> > Specific.. it had this setting..
> >
> > So this is all well and good on the test machine.. the setting takes
> > effect.. but on every other vista machine (4 of them) the setting gets
> > "erased" when i do a gpupdate /force on the local machine if i manually
> > put
> > it in..
> >
> > I think the problem is related to "local policy" overriding it, even
> > though
> > local policy also seems to have the setting enabled.. I tried removing
> > the
> > setting (not configured) in local policy and refreshing things, now the
> > test
> > machine is not keeping the setting.. its getting wiped, despite the "vista
> > specific" server based gpo..
> >
> > Any thoughts on how to fix this...
> >
> > I'm confused on this local policy effect.. I guess modifying the local
> > policy affects all vista machines, even though this isnt through the group
> > policy manager on the server?
> >
> > Is it best practice to NOT modify the local policy even if a domain admin
> > and use the admx files on a 2003 server GPO setting instead (like i'm also
> > doing)?
> >
> > I think i have some sort of conflict here but i'm not sure where or what
> > to
> > fix..
> >
> > Thanks[/color]
>[/color]

Actually i have done all that so far..

This is what i am doing.. i'm using GPMC from a vista box to set
the enableLinkedConnections to a value of 1 (so that mapped drives will show
up in elevated programs).. (where i can see my other 2003 server group
policies as well).. i've also put the admx file out on the 2003 server so
that it works..

But for some reason it seems like the local policy is wiping this out now
(ie: i'm on vista.. i do a gpedit.msc).. even from a vista box just editing
the local policy, i see my entry for the enablelinkedconnections here as
well (i think because the admx file is on the local vista box as well)..
whether i
try turning it on, on the server and/or turning it on or off via gpedit on
the local policy.. i cant get any combo of these settings to stick.

I'm not real clear on this.. but i thought that the domain policy set from
GPMC whether from the vista box or from 2003.. would override any local
policy settings done by using gpedit.msc on a vista box alone?

I think it is here that the confusion may be occurring.. ie: best bet is to
use GPMC from say a vista box or 2003 server and set vista policies here
correct?

(If so.. how can i undo the gpedit.msc local policy, short of going in and
**choosing disable on say the computer config section, which i think does
work
and make the mapped drives setting stick)?

I would have expected it to stick. I would expect the local gpedit setting
to be over-ridden. I think GPMC is not gaining control of the local
registry. It's not giving you expected behavior, and I don't think it's your
technique that is failing.
You are going to have to take it to an admin newsgroup to see if they can
reproduce your bug.
I would try microsoft.public.windows.server.general for a reference to a
policy newsgroup. I admit that I think this will probably end up as another
of the registry 'default Permissions' problems that come up frequently on
this group. This was happening long before SP1. Elevation in Vista has some
very tight controls.
--
Mark L. Ferguson
..

"markm75" <markm75@discussions.microsoft.com> wrote in message
news:BEB207B9-F93B-4962-964B-DC1B9D269738@microsoft.com...[color=blue]
>
>
> "Mark L. Ferguson" wrote:
>[color=green]
>> When Vista is upgraded to SP1, it loses the normal interface for
>> policy(secpol), and reverts to gpedit.msc. There is an add-on available.
>> I'm
>> really not sure if the changes will apply to you, but this is certainly
>> worth a look.
>> Security Policy Settings New for Windows Vista:
>> [url]http://technet2.microsoft.com/WindowsVista/en/library/90a564b9-34af-4a6b-937f-324e1862244b1033.mspx?mfr=true[/url]
>> Download details Group Policy Preference Client Side Extensions for
>> Windows
>> Vista (KB943729):
>> [url]http://www.microsoft.com/downloads/details.aspx?FamilyID=ab60dc87-884c-46d5-82cd-f3c299dac7cc&displaylang=en&Hash=SFt%2bCzRtDEwDfK%2bjb33cMrcAaGezMgO6aYhsLTRcY%2bGCx4M3%2ffydciXgAhUYokhIoSXWbNPP8cTfRGtLJ0mAuw%3d%3d[/url]
>> --
>> Was this helpful? Then click the Ratings button. Voting helps the web
>> interface.
>> [url]http://www.microsoft.com/wn3/locales/help/help_en-us.htm#RateAPostAsAnswer[/url]
>> Mark L. Ferguson
>> .
>>
>> "markm75" <markm75@discussions.microsoft.com> wrote in message
>> news:A15767FE-CD75-4C50-81A9-BFD973EB5DEC@microsoft.com...[color=darkred]
>> > We initially had the problem that when you, for instance, ran NotePad
>> > as
>> > "Administrator", the mapped drives for our domain were not visible
>> > under
>> > my
>> > computer..
>> >
>> > I found the solution in the registry entry of EnableLinkedConnections,
>> > setting the value to 1..
>> >
>> > So at one point i made a custom admx file for this setting, which shows
>> > up
>> > in GPO or local policy under Computer Config.. Admin. Tools..
>> > "EnableLinkedConnections" folder with settings of enable/disable/not
>> > configured on the right..
>> >
>> > I think i must have gotten something wrong here.. but my new test
>> > Virtual
>> > PC
>> > machine is working fine with elevation.. i checked and the registry
>> > setting
>> > was in place...
>> >
>> > I had created a 2003 GPO that would use the admx file (I updated the
>> > admx
>> > files on the network so they were there etc too).. i called it Vista
>> > Specific.. it had this setting..
>> >
>> > So this is all well and good on the test machine.. the setting takes
>> > effect.. but on every other vista machine (4 of them) the setting gets
>> > "erased" when i do a gpupdate /force on the local machine if i manually
>> > put
>> > it in..
>> >
>> > I think the problem is related to "local policy" overriding it, even
>> > though
>> > local policy also seems to have the setting enabled.. I tried removing
>> > the
>> > setting (not configured) in local policy and refreshing things, now the
>> > test
>> > machine is not keeping the setting.. its getting wiped, despite the
>> > "vista
>> > specific" server based gpo..
>> >
>> > Any thoughts on how to fix this...
>> >
>> > I'm confused on this local policy effect.. I guess modifying the local
>> > policy affects all vista machines, even though this isnt through the
>> > group
>> > policy manager on the server?
>> >
>> > Is it best practice to NOT modify the local policy even if a domain
>> > admin
>> > and use the admx files on a 2003 server GPO setting instead (like i'm
>> > also
>> > doing)?
>> >
>> > I think i have some sort of conflict here but i'm not sure where or
>> > what
>> > to
>> > fix..
>> >
>> > Thanks[/color]
>>[/color]
>
> Actually i have done all that so far..
>
> This is what i am doing.. i'm using GPMC from a vista box to set
> the enableLinkedConnections to a value of 1 (so that mapped drives will
> show
> up in elevated programs).. (where i can see my other 2003 server group
> policies as well).. i've also put the admx file out on the 2003 server so
> that it works..
>
> But for some reason it seems like the local policy is wiping this out now
> (ie: i'm on vista.. i do a gpedit.msc).. even from a vista box just
> editing
> the local policy, i see my entry for the enablelinkedconnections here as
> well (i think because the admx file is on the local vista box as well)..
> whether i
> try turning it on, on the server and/or turning it on or off via gpedit on
> the local policy.. i cant get any combo of these settings to stick.
>
> I'm not real clear on this.. but i thought that the domain policy set from
> GPMC whether from the vista box or from 2003.. would override any local
> policy settings done by using gpedit.msc on a vista box alone?
>
> I think it is here that the confusion may be occurring.. ie: best bet is
> to
> use GPMC from say a vista box or 2003 server and set vista policies here
> correct?
>
> (If so.. how can i undo the gpedit.msc local policy, short of going in and
> **choosing disable on say the computer config section, which i think does
> work
> and make the mapped drives setting stick)?[/color]