Hi, I've been trying to fix this for several days and it's hard to get specific answers from the usual searches. Please can someone help?
I'm not strictly an IT technician, but have been doing a task that involves configuring certain aspects of the security policies. We use Windows Server 2008 R2 as the domain controller and the client machines are mostly Windows 7. We are required to setUser Account Control: Run all administrators in Admin Approval Mode to Enabled. RSOP.msc shows it as enabled on he Windows 7 machine, which is correct, but SECPOL.msc shows it as disabled. I have run gpupdate /force on both machines, restarted the Windows 7 machine, and checked to see if there is any GPO inheritance that might be blocking the setting. The setting is configured to enabled in the GPO with link order 1. This GPO is also enforced, although that shouldn't make a difference as the top level GPO as I understand it. This top level GPO has its scope set to Authenticated Users and Domain Computers. The setting was set to disabled in lower order policies, but I have since set it to "not configured" in these policies.
So the setting is still grayed out in SECPOL.msc, which means something is forcing it to disabled. I don't know what else could be enforcing this setting. Please can someone advise?
I understand RSOP shows the settings that have been evaluated for a user and computer based on the domain policies, whereas SECPOL shows the actual local settings. In this case, I can't make the two match up but I need this setting to be enabled to get sign off on our project.
Many thanks!