Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

windows could not connect to the group policy client service

December 26, 2012, 8:25 am
$
0
0

I know this forum has similar questions, but none of them have answered my problem so far.

Case:

My parents have moved to a new place, so they received a new modem with build-in wi-fi.

I had an old Gigabyte wi-fi-adapter, so I mounted it, and after some trouble I had the right drivers,

and the connection to the modem was established.

Their computer is encrypted, so on boot you have to enter a password to access the drive, and then Windows 7 Home x64 will automatically boot

into the desktop since there's only one administrator account on the PC.

The error pop-up is "windows could not connect to the group policy client service", and in event viewer I can see two errors.

First error Screenshot:

dl.dropbox.com/u/19374914/error1.jpg

Second error Screenshot:

dl.dropbox.com/u/19374914/error2.jpg

Hope someone has a qualified guess.


Search

Problem Windows 8 logon script not working from windows server 2008 R2

November 28, 2013, 6:38 pm
$
0
0

Is a very simple logon script for mapping drive purpose .... PLS take note Domain users can access and run this script for domain users using windows XP / WINDOWS VISTA / WINDOSWS 7 and only  users " WINDOWS 8.1 " Does NOT run at all . the script I put on logon script in Windows server 2008R2 group policy

Manually run the script on WINDOWS 8.1 is 100 % perfect so it is definitely not my logon script issue , PLS any guidance pls share for me ok ?? thanks

Below is my script syntax ;-

@echo off
REM Login.bat Version 1.0
REM Exit if user has logged on to the Server
IF %COMPUTERNAME%.==SL2011. GOTO END
REM Delete pre-existing drive mappings
REM
REM Map M: to SL2011 on sl2011
NET USE M: /DELETE >nul
NET USE M: \\SL2011\sl2011 /YES >nul
REM
REM Map Y: to AccScan on rss2
NET USE Y: /DELETE >nul
NET USE Y: \\rss2\Public\AccScan /YES >nul
REM


Using less than (

December 1, 2013, 9:16 pm
$
0
0

I am trying to create a GPP using client side targeting that creates a registry key only when machines that fall into a selected name range. 

i.e BAS016 through to BAS019 get a registry key created 'Bacon' everything else get 'tofu'

I can get client side targeting to create my test registry key when I use the following query with a greater than or equal to, 

SELECT name FROM Win32_ComputerSystem WHERE name >= '%[BAS]015'

However when I reverse it, when using a less than or equal to it doesn't work

SELECT name FROM Win32_ComputerSystem WHERE name <= '%[BAS]019' 

This also happens when using the straight < operator

Any help is greatly appreciated.

Regards,

Martin 

Display name and GPO audit

November 27, 2013, 1:39 am
$
0
0

Hi,

I seem to have a hard time to figure out the following:

I want to be able to monitor deletion of GPO's and which person who did this. For now i'm able to get the event id's ok (5141), the problem is i only get the DN of the policy.

When i create a GPO it gives me the display name of the policy and that is what i want!

Is there a way for AD to show me display name of the policy instead of only DN when deleting a GPO?

Kind regards,

Eirik



Issue deploying software using GPO

November 27, 2013, 8:16 am
$
0
0

HI ,

In our environment while we are deploying a software (22MB size msi package) using GPO method we are getting two issues:

1.The software getting installed to the desktop (specifiedlly win 7 64 bit) but the settings not getting registered on system registry .

2.It is showing in the list of applied policy while seeing gpresult.but the the actual software is not found in system.

Also Can anyone please help,if there is any time duration for a gpo applied on client?

Disabling start menu Items via group policy

December 2, 2013, 5:14 am
$
0
0

Hi All,

We want to disable following items from appearing under start menu for all users. We only want log off to appear under start menu. Can you please confirm GPO\GPP settings which can be configured for this to  be disabled for all Winxp machines

  • Start > Programs>Accessories
  • Start > Programs> Startup
  • Start > Programs>Internet Explorer
  • Start > Programs>Windows Media Player

Configurin network sharings

December 2, 2013, 7:19 am
$
0
0
I have Windows Server 2012 as DC and something about 30 worsktations that is part of domain. Is it possible to replace all network shares on worsktations (force hide al items in network neighborhood list) to custom share that I've created?

Disable Access to Windows Explorer or at least to the "network" list in it

December 2, 2013, 12:39 am
$
0
0

Hi,

I recently got a job: A library (with books and stuff, not a dll) wants a special user which library visitors (aka anybody) can use for two and only these two things:

  • Access to a library software
  • Access to Internet (with IE 10)

They have a thin client and this public user will login on a terminal server with 2008 R2.
So i began to completely lock down the (mandatory, by the way) user profile. By now everything is disabled; the user can do absolutely nothing except using a strongly locked down Internet Explorer and the mentioned library software. Everthing is great, except for one single problem:

The user still has access to Windows Explorer when he tries to change the downloads directory through the IE download manager. In the administrative group policy templates for IE, there is no appropriate option for that.

As a result, all servers are visible unter "network" and in some cases, the user even has read permissions to its shares.

Is there any possibility to disable this explorer frame or at least the "network" list in it? For the latter, I've found some registry tweaks, but unfortunately they're system level.

Can anyone help me?








Search

Issue with TS connections

December 2, 2013, 2:14 am
$
0
0

Hi everyone

my company has subsidiaries companies on which I can connect via rdp. Since some days I found that I on most of my local computers I can only rdp on my local servers. I can ping the external server but can not rdp on them.

What I find weird is that only my pdc can and some computers can rdp externally.

I checked my gpo but could not figure out the issue.

How can I troubleshoot what is blocking the access.

ps no access were block on router level nor the external servers. I doubt there is something on my domain gpo.

can anyone help me out of that.

Certificate enrollment web servce GPO enablement failure

November 21, 2013, 10:23 am
$
0
0

2012 Std R2

Added certificate authority role with web services

configuring via library hh831625

I have verified that IIS has the default site ADPolicyProvider_CEP_Kerbos and I copied the URI <a href="https:///ADPolicyProvider_CEP_Kerbos/service.svc/CEP">https://<server>/ADPolicyProvider_CEP_Kerbos/service.svc/CEP

I added a domain GPO per directions Certificate Enrollment Policy Web Services. I am editing the GPO for Computer->Policies->Windows Settings-> Security Settings->Public Key Policies. I double click Certificate Services Client - Certificate Enrollment Policy. I enable the policy and ADD certificate enrollment policy list. I paste the above URI, Authentication type is "Windows Integrated". When I validate server I get the following error:

An error occurred while obtaining certificate enrollment policy

URI:https://<server>/ADPolicyProvider_CEP_Kerbos/services.svc/CEP

Error: The remote endpoint does not exist or could not be located. 0x803d00d (-21434855939 WS_E_ENDPOINT_NOT_FOUND)

Help with this final validation is appreciated. Logged on as administrator with domain admin rights and enterprise Admins rights

John Lenz

Log on Locally - revert back

November 21, 2013, 2:02 am
$
0
0

Hi

I've discovered that our "allow log on locally" has been changed from the default rather than just adding user groups to the appropriate user group on the local machine. 

will the allow log on locally revert back to default if we set to not configured, and how would I test that? or will I need to add the default members back in?

  • Workstations and Servers

    • Administrators

    • Backup Operators

    • Power Users

    • Users

    • Guest

Kind regards

Matt

Group policy not updating registry for WSUS settings

October 11, 2013, 4:44 am
$
0
0

Hello

A few months back we replaced our WSUS server, and updated the GPO to point our clients at the new server.
Once I'd spotted some of them starting to appear in the WSUS console I assumed that everything was ok and moved on to the next problem.

We've since spotted that a significant number of our machines - about half at a quick glance - haven't registered.
If I look in the registry on one of the problem machines it still shows the old WSUS address.

I've double and triple checked that they should be getting the "new" server address - group policy modelling wizard clearly shows that it should be there.

I've also made a harmless change in that GPO (desktop wallpaper) and that *is* being applied which confirms that I'm getting and processing (at least some of) the GPO I expected.

If I do a GPUpdate /force on some of the problem machines I get "The processing of Group Policy failed because of an internal system error" half a dozen times. In the Windows System log there are event ID 1125 from Group Policy , repeating the message above.

If I look at the Group Policy Operations log I see Error 7016, but that just says "Completed Registry Extension Processing in xxx milliseconds" or similar.

I have tried so far....
Removing the PC from the domain and rejoining - no change.
Moving it to an entirely different OU with a new GPO that's applied - no change, still have the incorrect registry settings for WSUS.
Deleting secedit.sdb followed by gpupdate /force - no change.
Manually editing the registry to update the WSUS settings - they come back after a reboot.

New PCs are picking up the correct settings from the current GPO, but I clearly don't want to have to wipe and rebuild half of my machines to fix this.


Any suggestions will be gratefully received.
Any suggestions that fix it will be *very* gratefully received.

group policy to enable some taskbar right-click items does not work, why??

September 23, 2013, 6:40 am
$
0
0

We have several XenApp servers, with a XenApp User Default Policy in Group Policy.

All the servers involved are Windows Server 2008 R2 SP1, recently patched.

I've done the following to have the taskbar items of 'cascade windows, show windows stacked, show windows side by side' ENABLED -- to be USED:

To use Group Policy to SHOW the menus that appear when you right-click the Taskbar, Start menu, and clock,disable the Disable context menu for taskbar object at
User Configuration\AdministrativeTemplates\Start Menu & Taskbar.

The above three taskbar items are STILL greyed out despite running gpupdate /force on the AD/domain controler wherein this setting is configured. All the other taskbar right-click items appear normally, but the greyed-out items people now WANT to use...

Where and how should I look for what could be overriding this?? I've looked at all our group policies already...

Thank you, Tom

Is Loopback Processing needed?

December 2, 2013, 10:16 am
$
0
0

I am deploying printers for the company I work for via Group Policy Preferences > User Configuration > Shared Printer. I have one group policy for all of our copiers. For each copier, I have "Remove this item when it is no longer applied" checked, and am using Item-Level targeting to a specific OU. For example, I have the Accounting Copier item-level targeted to the Accounting OU, which contains a Users and Computers OU. I also have "Point and Print Restrictions" disabled in both Computer Configuration and User Configuration. I found my printers will not deploy properly without that disabled.

What I have accomplished is that all printers are being deployed depending on which OU a given computer resides in. For example, any computer in the Accounting OU will receive the Accounting Copier as in my above example, because of the Item-level targeting.

This is all working with Loop-back processing enabled. I found that if I disable it and run a gpupdate /force command to a computer that just joined the Accounting OU for example, will not get any printers.

Is this correct? Do I need Loop-back processing enabled for this set up or is something else going on that I am not aware of?

Multiple wallpaper using GPO

December 2, 2013, 3:57 pm
$
0
0

Hi All,

I am using windows 2008 R2 server and Active directory. I need to apply multiple wallpaper to my desktop machine using GPO. Whether its possible to change wallpaper with regular time interval (Cyclingthrough) using GPO.

Search

This action requires administrator privileges

January 22, 2013, 6:42 pm
$
0
0

Dear Sir,

When I want to change the setting of HPM402dn (add the custom paper size),

it will pop "this action requires administrator privileges"

I have change the security of that printer everyone full control, but only domain administrator can add the custom paper size.........

Would anyone help me?


Office 2013 Trusted Locations increase

December 3, 2013, 1:31 am
$
0
0

Hi,

Creating a Office 2013 policy and one of the requirements is to use Trusted Locations BUT we require more than the 20 available in the template.  Can any advise how we address this?  The requirement is to have 40 (ish) Trusted Locations.

Thanks for your time

GPO not working for working for servers

December 3, 2013, 1:50 am
$
0
0

Hi,

I have an active directory with two windows 2012 servers which are the dns (I have just changed my infraestructure from  physical to virtual (vmware) ).

My problem is that the GPO that I have created and linked to the OU where are the servers (2003, 2008 and 2012) do not work. I have tried to remove and create the GPO again but the same problem.

However, all the policies linked to the wxp and w7 of the domain work properly.

Can anybody help me?

Thanks a lot.

Regards.

Group Policy Client service does not start

November 10, 2012, 1:48 am
$
0
0

Hi,

As soon as I (administrator on my PC) logon to Windows 7, I get a message saying that the Group Policy Client service failed to start. I'm not sure why I'm getting this error even though the dependencies are very much up and running..

Below is the error message I get in the notification area as soon as I logon

Failed to connect to a windows service
Windows could not connect to the Group Policy Client service. This problem prevents stndard users from logging on to the system.
As an administrative user, you can review the System Event Log for details about why the service didn't respond.

Event ID 1030 (GroupPolicy) Errors - Incorrect Domain Controller?

December 3, 2013, 8:43 am
$
0
0

Hello all,

I have multiple Terminal Servers (Windows 2003/2008) on a network that are generating tons of 1030 Group Policy Event ID errors within Windows Event Viewer. The details of the error indicate that the DCName is our Sharepoint server. The Sharepoint server USED to be the old Domain Controller, but is no longer. We currently have two DC's labeled as DC1 and DC2. I'm new to Windows server management, and was looking for a quick fix. I learn by doing, and your feedback is greatly appreciated.

I guess I understand what the problem is. The Terminal Servers think Sharepoint is the DC, which it is not. So basically, how would I tell my Terminal Servers that DC1 is the DC they need to pull Group Policy updates from?

Thanks.








Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>