Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Default Printer

May 16, 2013, 12:19 pm
$
0
0

Hello,

Is there a way to add multiple printers to a domain, so that every computer will have all the available printers, but depending on that computer's physical location it changes the default printer?

I am using Windows Server 2012, and 30+ Windows 7 Pro workstations.

I started to add the printers via "Print Management", right-clicking the printer and selecting "Deploy with Group Policy..." which I attached to computers. But I am not sure how to make certain ones default.

I know working from with "Group Policy Management" you can add printers and specify "Item-Targeting" but still i don't know how this would let me set the default printer, also how does this coincide with "Print Management"? 

Thanks,

Wes

Search

MSS Settings (registry entries)

May 16, 2013, 10:45 am
$
0
0

I have being assigned to look into a group of users which either they belong to the same OU or different one, but looking at these MSS settings, some users can query the registry and other users can not. I have ran the gpresults and I can not find the settings explicit as others registries I might see. I know some are being configure because when I query the registry in some users I get an entry; such as

reg query HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v DisableIPSourceRouting.    

1. Which is best approach to narrow down where exactly these settings are overwritten.

2. I there a tool that allows me to do this.....or the process needs to be done manual...

3. I read an article which says in roder to see these settings in the GPO editor, I need to include the .adm template for this   
    settings. which is the easier way, some say revise the inf file. (Machines are in a Windows 2008R2 and Windows 7)

These are the settings, threre are more but these are the only one that the scanner complains.

CCE-8513-4:MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes

CCE-9348-4:MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)

CCE-9426-8:MSS: (KeepAliveTime)How often keep-alive packets are sent in milliseconds

CCE-9458-1:MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses (could lead to DoS)

michael john ocasio

Windows Seven lost it's DHCP IP address

May 16, 2013, 4:32 am
$
0
0

Hi,

I see phenomenon on my Windows Embedded stations, when my DHCP server is down Workstations IP address
are not kept but address with 169.x.x.x are configured on the Workstation this phenomenon is maybe because my workstations can't ping the gateway so a new IP is granted with 169.x.x.x address.... But why my station can't keep it's IP address assign by the DHCP until the bail expiration....

I've tried du configured in registry the key "DontPing Gateway", like proposed in M$ KB 958336 but no more results.        

 Have you already seen this problem ?

Many thank in advance for your answer.

best regards

Raymond


Windows 8 and IE10 not accepting Proxy Settings via Group Policy

December 20, 2012, 10:45 am
$
0
0

We have recently introduced a couple of Windows 8 computers in our network, and we are having issues applying the Internet Explorer Proxy Server settings.

We use a Microsoft TMG 2010 server as our proxy server for accessing the internet. We have been using a GPO with the following settings to automatically configure our Windows 7 computers running IE9 with the appropriate Proxy settings:

User Configuration\Policies\Windows Settings\Internet Explorer Maintenance\Connection/Proxy Settings

  • “Enable Proxy Settings” : Checked
  • “Address of proxy” : server.domain.local
  • “Port” : 8080
  • “Use the same proxy server for all addresses” : Checked
  • “Exceptions” : Here we have a list of several internal or partner sites that should not be proxied.

This GPO has worked beautifully for our Windows XP and Windows 7 users with IE 7, 8 and 9. Now with Windows 8 and IE10, this no longer works. I’ve therefore added a Windows Server 2012 Domain Controller to the network, and using GPMC on that new DC, I created a new GPO with the following settings:

User Configuration\Preferences\Control Panel Settings\Internet Settings\Internet Explorer 10

Now, seeing as these are preferences, it’s a little different.  But, I’ve “checked off” the option “Use a proxy server for your LAN” as well as “Bypass proxy server for local addresses”. Then I click on “Advanced” and setup all my proxy settings the way I would like them, including the proxy server name, port and exceptions list.

When this new group policy gets applied to my Windows 8 PC, the only setting that gets applied is the “Use a proxy server for your LAN”. It does not configure the name or port of the proxy server nor does it configure the exceptions list. If I go back to the GPMC, and edit the new GPO, the settings are all there. However, if I just view the settings from the main GPMC screen (without opening the GPO itself), I don’t see all of those settings (again, only the one “Use a proxy server…”)

What am I missing???

Which Group POlicy is taking effect ?

May 16, 2013, 6:32 am
$
0
0

I have a terminal server consisting of 7 blades and I have users  randomly tellinmg me that they are being logged off at the same time. I have allready check group policymanagement and this is what i have below. As you can see from below my active session limit and idel session  limit is never. Inspite of this my users are complaiaing that they are being logged off at the same time in a random motion and all most allways mid-stroke. So basically it happens while they are working..Can someone help ?  I see in my gp management windows logs on the server I see the information "

EVent id 5324 "Group Policy received the notification EndShell from Winlogon for session 10, 9, 4 etc etc ."

Can someone help ?

This is what i have set in my gpo

End session when time limits are reached - Enabled

Set time limit for active but idle  remote desktop - Enabled

Idle session limit :  Never
PolicySettingComment
Active session limit : Never
PolicySettingComment
End a disconnected session                                                    30 minutes


application control

May 16, 2013, 1:18 pm
$
0
0
hi all here is the situation we have lots of legacy access 2003 databases which we don't want users updating so we are installing office 2010 without access 2010, but it  is set to install on first run we are then just installing access 2003  for user to launch the db which does not prompt to update and also we don't have any compatibly issues. but i need to stop users launching access 2010 which there is  a shortcut in the start menu. some user will need to install  and run access 2010 so i was thinking of a ad group which would allow users to launch the icon, but i cant seem to set the file permissions on C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\msaccess though gp any suggestions or better ideas would be great

Server 2008 R2 Shutdown client computers after scheduled updates

May 16, 2013, 6:37 pm
$
0
0

Hey there

Platform: SBS 2011
We would like to schedule automatic updates on client computers after hours and then shut them down after they have been installed.
Alternatively we could schedule updates at an earlier time with restarts as necessary, and then shut down the computers at a later time. Are there any GPO settings that can allow us to do either of these things?

Thanks in advance

MIS5000

Complexity password Policy

May 6, 2013, 10:25 pm
$
0
0

Hi,

Currently we have a simple password policy which is not complex.

Now we are going to deploy Complexity password Policy.

If we deploy this Complexity password Policy today, does all the ( 3000 users ) user need to change their simple password to complexity password today .? or do they need to change when the password expiration date comes.?

========================================================
Our Setup:

Domain : Windows 2008 R2
Forest & Domain Level : Windows 2003

--------------------------------------------------------
Current Policy Setting :

Enforce password history      1  
Maximum password age         90 days
Minimum password age         0 days
Minimum password length     6 characters
========================================================

Planning do deploy following Complexity password Policy:

Enforce password history       3
Maximum password age        60 days
Minimum password age          0 day
Minimum password length        8
Password must meet complexity requirements    Enabled

=======================================================

Any Ideas Please.

Thank You.

Regards,Ali

Search

Group Policy Office 2013 One Note File location

May 1, 2013, 4:01 pm
$
0
0

Hello,

i have download the adml and admx-files for office 2013.

I want to publish to default file open/save location for Microsoft One note 2013.

I didn`t find this in the GPO-options.

Are there any options for achieve this?

Thx

insall snow agent through GPO Without reboot on servers and clients.

May 16, 2013, 9:53 pm
$
0
0

Hi

I tried to install the snow agent software on servers through GPO but the installation will take effect after reboot...

My issue is i want to install the agent software without reboot any help in this regard is welcome....

thanks in advance.......

GPO to Allow Mouse Pointer Change but no Other Control Panel Access

November 15, 2012, 11:55 am
$
0
0

We have a windows 2008 server and windows 7 clients. I want to allow users to change mouse properties…pointers, pointer trail, etc…

But I don’t want them to have any other Control Panel capabilities.

I copied an existing GPO and changed the following settings.

“Prohibit access to the Control Panel” set to “Not configured”

“Show only specified Control Panel items” set to “Enabled” and Microsoft.Mouse added

“Force classic Control Panel view” set to “Enabled”

Now when I login with an account assigned that GPO I open Control Panel and only see the Mouse but when I try to launch it I get the “Restrictions” dialog box.

Another really confusing thing to me is I copied a GPO that doesn’t allow access to Control Panel, but when I change the “Prohibit access to the Control Panel” from Enabled to Not configured and do a gpupdate /force then logout and log back in, it doesn’t seem to have any change, meaning I can still open Control Panel even when this is enabled?!? I opened up both GPO’s side by side and did a stare and compare and even when these are identical things don’t work the same. The existing GPO restricts Control Panel access while the other does not??

Any ideas of what I might be doing wrong?

Thanks for help.

Randy

Group Policy Modelling Wizard fails with Red Cross for Component Status for Computer and User status

November 5, 2012, 6:09 am
$
0
0

Hi,

I am working at a school and been asked to solve a problem that has been hwere for a long time. When I run the Group Policy Modeling Wizard under Group Policy Management UI always get an error for component status for both user and computer as shown below:

Component NameStatus
Group Policy InfrastructureFailed

Group Policy Infrastructure failed due to the error listed below.

More data is available.

Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.

Additional information may have been logged. Review the application event log on the domain controller on which the simulation was run for events between 05/11/2012 13:49:10 and 05/11/2012 13:49:11.

Looking in Event Viewer I see errors event ID 1080 and 1030 with errors

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1080
Date:  05/11/2012
Time:  13:49:10
User:  NT AUTHORITY\SYSTEM
Computer: BDC
Description:
Windows cannot search for Organizational Unit hierarchy. (10). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date:  05/11/2012
Time:  13:49:10
User:  NT AUTHORITY\SYSTEM
Computer: BDC
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I have run DCDIAG and no errors. I have spent alot of time looking with no success.

The server is running windows 2003 and is fully patched with a second windows 2008 DC. As i said I have only been here a week and its a school scenario.

Also if I run the Resultant Set of Policy Wizard I get a similar result with nice red crosses for user and computer components.

Does anyone have any ideas on how to solve this problem? All help gratefully received and appreciated.

Event ID's 4624 Not Logged

May 17, 2013, 7:36 am
$
0
0

We have a primary and secondary domain controller that are not logging user logins or logoffs. There are a few occasional event ID 4624's but they appear to be all for service accounts and not actual end users.

The local security policy's on both controllers list no auditing so I thought for sure that was my issue but come to find out (with a bit of research on this site) local security policy will say that even if it is being overridden by a group policy on a domain controller.

Local Security Policy:

Policy Security Setting
Audit account logon events      No auditing
Audit account management        No auditing
Audit directory service access  No auditing
Audit logon events              No auditing
Audit object access             No auditing
Audit policy change             No auditing
Audit privilege use             No auditing
Audit process tracking          No auditing
Audit system events             No auditing

With this in mind I ran rsop.msc to verify GPO is overriding local audit policies.

RSOP Results:

Policy Computer Setting Source GPO
Audit account logon events Success, Failure Default Domain Controllers Policy
Audit account management Success, Failure Default Domain Controllers Policy
Audit directory service access Success, Failure Default Domain Controllers Policy
Audit logon events Success, Failure Default Domain Controllers Policy
Audit object access No auditing Default Domain Controllers Policy
Audit policy change Success, Failure Default Domain Controllers Policy
Audit privilege use Success, Failure Default Domain Controllers Policy
Audit process tracking Success, Failure Default Domain Controllers Policy
Audit system events Success, Failure Default Domain Controllers Policy
So I am not quite sure where to go from here, even though RSOP says it should be auditing, both controllers are not logging 4624's for end users. Does anybody have any futher trouble shooting they could offer for me to get 4624's logging the way they should be?

Bug in gpo software installation

May 17, 2013, 7:36 am
$
0
0

I think there might be a bug in Server 2012 installation of software through GP. 

I have a GPO that includes different software that I apply to all PC, ie: chrome, firefox, flash.

I removed flash from the GPO and I have it setup to uninstall the program when it falls out of scope. After I did that, both chrome and firefox disappeared from the settings tab but still appear when you edit the GPO. I did a gpupdate on a PC and it uninstalled all 3 programs even though I only removed Flash. I selected redeploy for Chrome and Firefox and Chrome now show up in the settings tab. I did gpupdate again and both programs reinstalled. 

Can anyone reproduce this?

WMI filter for < IE10

May 15, 2013, 2:31 am
$
0
0

Hi,

Anyone know if I can create a WMI filter for pre IE10 machines only which we can then use to target a Software installation GPO.

Reason being that with IE10 Adobe Flash Player is built-in and a separate install of Flash is not allowed but we do want that separate install of Flash on any machines which do not already have it built-in.

I have to admit to having never used WMI filters before.

Thanks,
  Nick

Search

WMI Filtering when namespace does not exisit on GPMC compluter

May 17, 2013, 7:53 am
$
0
0

GPMC WMI filter wizard takes its namespaces from teh machine on which the GPMC console is running.  In a WS2008 or later domain running GPMC on the server makes many target anmespaces for workstations unavailable event though the policies can be created and run. 

Does anyone know how to best handle this issue.

Assume namespace required is: root\cimv2\Applications\MicrosoftIE

This is how MS has filtered for IE in the past.  This namespace was available on WS2003 but is not on WS2008 and later but we need it to filter for IE versions on XP, WS2003 and other workstations.

What is the best or recommended way to handle this situation?

¯\_(ツ)_/¯


Group Policy Scheduled task to run only if connected on the network

May 17, 2013, 8:01 am
$
0
0

Hello everyone

I'm not sure if this is possible, but I wanted to post here and get any suggestions I can. I have created a script that collects from logs from a program our mobile users depend on in the field. The script copies a few log files that the program saves to the local drive which we can use to diagnose problems if the user reports they are have difficulties. As our users work in the field a lot, scheduling a time to work with them is one of the largest delays we have in getting problems resolved.

To combat this, the script I have created will copy these log files to a shared folder on our network which could then be references should users complain they have experiencing issues. The script works as designed, but I am unsure the best way to set up the scheduled task.

I would like to create a Group Policy scheduled task for OU these computers are in, but the task should only run when the computer is connected to our network. Ideally, if possible, I would like to be able to have the task run as soon as it detects a connection to the network - but I do not see options to allow this.

Does anyone have any suggestions on how to set up a task to run only if connected to our network, or when it connects?

Richard A Jahnke

Force a specific Theme not coming down via GPO

December 4, 2009, 4:12 am
$
0
0
Hi all,

I have a quite weird problem on my Windows 2008 + Windows 7 only environment.

I am trying to force a specific theme (aero) and therefore configured the following GPO:

user configuration\policies\administrative templates...(ADMX files)...\Control Panel\Personalization\Load a specific Theme

in the Path to theme field I have tried one at a time without success:

%systemroot%\resources\themes\aero.theme
%windir%\resources\themes\aero.theme
c:\windows\resources\themes\aero.theme
%systemroot%\resources\themes\aero

However I still get the Windows Classic theme upon logging in.

I have run gpresults and the GPO is being applied to the end-user

We are currently using a Mandatory profile for end-users, so I am not sure whether this is to blame.

Has anyone got any ideas or come across such a problem???

Comments are appreciated.

Printers Deployment via GPO

May 17, 2013, 8:21 am
$
0
0

Hi everybody,

please let me crarify first my network configuration and proceed to my question.

We have a domain.

Domain controller is windows server 2003 standard edition, with it' schema upgrade to the schema of windows server 2008 R2, via the adprep32.exe procedure.

Print server is a windows server 2008 R2, joined to the above domain. I've used the group policy management in this server to create gpo's for printer deployment.

I've created a gpo in each organizational unit from this server according to this article http://www.windowsnetworking.com/articles-tutorials/windows-2003/Deploying-Printers-Group-Policy-Windows-R2.html

Because in every OU i have both pc's that running XP and Windows 7, I've used the pushprintersconnections.exe as a startup script(per machine).

After that i used the print management console in the windows 2008 server in order to deploy the printers. Let me say here that, before using the console to link each printer to a gpo, I 've installed the printers to the windows 2008 server by adding a new printer and giving it's printer's IP. The server found the printer in the network and installed everyone by adding the driver for each.Did the driver installed only the windows server 2008 x64 driver for the printers? what if I want to deply these printers to xp clients? What about the drivers?

After making each GPO Enforced I ONLY saw the correct printers ONLY TO xp clients and with the sign "Unable to Connect" next to them, to each XP client! None of the windows 7 clients got the printers, although the get some other policies, just fine?

Can someone help me?Any question, I will answer immediatelly!

Thnks!

 

check used history of my usb.

May 17, 2013, 8:43 am
$
0
0

i left my usb in a public area around 30 mins. i found it at the end.

but how can i check the "used history" to know whether has or not someone accessed my usb? 

 
Viewing all 19997 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

Nonprofit donates custom home in this East Bay city for Marine injured in...

Nonprofit donates custom home in this East Bay city for Marine injured in...

April 23, 2024, 7:00 am
New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

April 22, 2024, 6:00 am
Ukraine bans military from online gambling amid addiction concerns

Ukraine bans military from online gambling amid addiction concerns

April 22, 2024, 5:17 am
ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

April 20, 2024, 8:08 pm
OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

April 20, 2024, 12:38 pm
National Poetry Month 2024: Maxine Starr

National Poetry Month 2024: Maxine Starr

April 19, 2024, 9:56 am
Vegan Chicken Pot Pie

Vegan Chicken Pot Pie

April 19, 2024, 9:18 am
Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

April 19, 2024, 7:03 am
New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am
Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm