I manage a network that is Windows 7 Ent clients and Server 2003 R2 Ent DC
I wanted to experiment with setting GP - Computer Configuration | Administrative Templates | Windows Components | Windows Logon Options -Display information about previous logons during user logon = Enabled. This was set on a Win 7 management station that manages the policy for Win 7 clients in my 2003 DC environment.
I know this policy will not work with a DC that is not at 2008 functional level, so I applied it to an OU with only one test workstation. Well it propagated to my entire network. I had users who could no longer log in because the workstation could not query
the DC for known reasons. That had me freaking out because its a Computer setting, not User, and it was never applied to the OU that holds their computers (??)
This policy, when applied, creates the key - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisplayLastLogonInfo"=dword:00000001
Even when I set the policy object to "Disabled" all the workstations still kept the above reg key at a value of 1 and locked out users. It was only when I set the policy to "Disabled" and "Enforced" could the users log in. I tried removing the policy from the test OU, logging in locally and deleting the key, but as soon as policy refreshed the key returned set to 1.
Even though I had only applied a test policy object to a test OU, I had to attach the policy setting of Disabled and Enforced to their OU to let them log in again (??).
If anyone has a clue what might be going on I would appreciate your advice. Thanks.