When we open the properties of the 'Debug Programs' policy in the server's Local Security Settings, the 'Add User or Group' button and 'Remove' buttons are greyed out. Somehow three users are currently listed, but we can't add more.
Our theory is that these priviliges are being populated by Active Directory (a different 2003 sp2 server on our network), but we're not sure how. We see a Group called "Debugger Privileges" in our Active Directory server, and added the user there, but it doesn't appear to be propogating to the other servers on the domain.
Can anyone help? Let me know if you need more information.
To set the "Debug Programs" policy in other member servers in your domain, you need to assign a domain group policy to these servers. You can follow the steps below:
In Active Directory Users and Computers, right-click the target server's container (OU) to which you want to link the GPO, click Properties, and then click the Group Policy tab.
Create a new GPO for giving debug privileges on servers, and then give the new GPO a descriptive name.
While the new GPO is selected, click Edit. This starts the Group Policy Object Editor.
Open and then right-click Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment | Debug Program in the GPO, and then click Add new user or group button.
Click the Advanced button.
Click the find now button.
Select your user logon name and then click the ok button.
Click the ok button 2 more times.
Run "gpupdate /force" on the target servers.
Run "rosp.msc" to verify whether the "Debug Programs" group policy has been applied.
If you want to configure this policy for DCs, you need to modify the above policy in ADUC's default domain controller policy.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.