Hello, Could you please share your thoughts what can be the nature of that issue?
Descriptions:
There is AD OU1 and the container on it: OU1/Test1.
There are about 30 users accounts in OU1/Test1 and they have the same GPO and permissions granted for AD "Group1" within that container:
- delegated: "Group1" full access to all accounts.
- delegated: "Read and write Account Restrictions".
- all accounts have the attribute "admincount=0".
- full access to the attributes :
- msTSProfilePath
- msTSHomeDirectory
- msTSHomeDrive
- msTSAllowLogon
Issue:
1. using an account belonging to "Group1" I have full access to half of 30 accounts INCLUDE the access to the accounts attribute "Remote Desktop Services Properties. - there is NO issue.
2. using an account belonging to "Group1" I have full access to half of 30 accounts EXCLUDE the access to the accounts attribute "Remote Desktop Services Properties - Access is denied".
What's wrong can be here?
Thank you
