Hello,

I have a startup login script running locally in the computer I have around 1000 computers

my question

how I can remove that script from the machine via GP

Thanks

FZ2H

Disabled Point and Print restrictions. This should be all that is required right? Because that's what Microsoft say and yet again I'm having my time wasted and my stress levels risen because of their BS.

So, restrictions are disabled. I can 100% confirm this via gpresult export. There's nothing that should be conflicting with this.

But on a server 2008 client/TS when I attempt to install a network printer I get a prompt saying "To use the shared printer ..... you need to install the printer driver on your computer...."

With a button to "Install Driver" showing UAC symbol or cancel.

Clicking the "Install Driver" UAC button locks up the explorer windows. No UAC window ever appears or any other prompt, but clicking anywhere in the now broken window gives a "error beep".

Microsoft... Stop THIS FUCKING BULLSHIT AND JUST MAKE NETWORK PRINTERS WORK. I followed your instructions. There are no "restrictions"... Why isn't it "just working" like it apparantly should? Are your staff liars? Are MS liars? Who is at fault here?

I see references to this problem everywhere, going back to 2010.  However I'm not finding any real answers.

I have Group Policy Preferences installing printers to Terminal Server Users.  I have one policy that applies to 4 terminal servers.  One of them is a 2008 R2, the others are 2003 x64.  Only for the 2008 R2 server, after all of the printers show (in event viewer) as successfully loaded, there is a long hang.  I have many printers applied to me, and that results in my load time being the longest of all at about 3 minutes.  I am an administrator on the machine.  Others have the exact same problem, just a bit less pronounced depending on the number of printers. 

The policy preference is set to UPDATE, so it's not loading the driver... again, the printer is already successfully applied.

I've tried setting UAC to "Never" on the server.  No effect.  I've played with the Point and Print policy at both computer and user level, finally just setting both to disabled, but prior to that setting them to Enabled with the "do not show warning" on both settings.  No effect (which makes sense since that is for non-admins and I am having this problem as an admin).

My logging pasted below shows this same thing in all cases.

Is there an answer to this that I am just not finding?

2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Filters passed.
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Adding child elements to RSOP.
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Set user security context.
2013-12-06 09:11:44.289 [pid=0x388,tid=0xca0] Set system security context.
2013-12-06 09:14:13.873 [pid=0x388,tid=0xca0] Set user security context.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] Set system security context.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] Properties handled.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] RunOnce value created [SUCCEEDED(S_FALSE)]

Guys,

Advice me in the below scenario,

I need to apply two group policy on one OU , is this possible..?

Ranjith

ranjith

Hi,

My domain consist of 230 client desktops, each one has a shared temp folder which is mapped locally. The user of each folder is set to "Everyone" with a full restriction, this is a requirement for or local applications. My DS is WS 2008 Ent. SP2, and my clients are mixed with Windows XP, Vista and Windows 7.

People tends to mis-use this location by saving non work related files and others. I would like to apply a quota to this remote folder so that i can specify the size that our application would only require using GPO. Please help on how to do this.

Thanks and Regards,

Hi,

We have a User group policy which map printers for our users. This is done at "User configuration -> Preferences -> Control Panel Settings -> Printers" and not done by so called printer deployment policy.

In this policy we have defined a removal of all shared printer connections as order 1. Order 11 is set to map a certain printer with an Update action and has item-level targeting set. This printer will be mapped to the user as default only when the computer on which the user logged on is located in a certain OU.

What we try to achieve, is that when a user logs on to a certain set of computers the printer in that same room is mapped and become their default printer. When a same user logs on to any other computer, the printer must be removed and must not be used.

What happens now is as follows:

When a users logs on to a computer in the specific room, the printer is mapped and set as default. When the user logs off, this printer is written as the default printer in the roaming user profile. When the user logs on to a computer in a different room, the printer is still there and set as default. This will remain so until the user logs off and logs on again. So to let this work the user basically needs to logon twice on a computer in a different room.

What can be causing this and how to solve it?

Kind regards,

Jasper Kimmel

Dear All,

I have Windows 2003 domain environment, client IE version has been upgraded to 10 and above.

Now the problem we are facing is the IE proxy settings are not getting applied to client.

Please any one can help me on this.

Regards

PK

Hello,

I've got Windows Server 2012, I've set the GPO limit user profile but one notebook client has a problem: I know the appdata folder which is synchronized doesn't include appdata\local and appdata\localLow, but in this client these folder are included and then it's impossibile to synchronized the user profile.

In another client in the same domain works well.

Please help me.

Thanks

Hi,

We are looking to implement a "Quarenteen OU" for new machines that join our domain.  I've found out how to change the behavior of assigning machines to a different OU than the Computers OU using the redircmp command.   Does anyone have a good "template" resource of default security polices to assign a new Server/destkop machine that gets placed into such a quarenteen OU to ensure its secure before moving it to a different/seperate OU?  I'm currently looking for knowledge base articles that cover this.  Any help would be greatly appreciated.

Thanks,

Kevin C.

We have a Windows 2008 Active Directory (not R2), which is running 2008 forest and domain functional levels. Our clients are running Windows 7 with Internet Explorer 8. We have a need to upgrade the clients to Internet Explorer 11 and use Group Policies to manage IE 11 on them, specifically proxy settings and compatibility modes. We understand that Group Policies have changed for IE 11.

We have two questions:

Can IE 11 be managed by Group Policies on Windows Server 2008?

If so, how?

Thanks, Drew

Hi there,

We have around ~100 computer that are solid state hard drive equipped. Also, we have ~50 computer that have regular 7200 hard drives.

I created a Group Policy that launches a batch script upon user login that terminates a particular service and attempts to "taskkill" a process. Here it is:

sc stop backburner_srv_200
taskkill /F /IM "3dsmax.exe"

The problem is that if a computer, a user logs in to, is solid state hard drive equipped, the above script does not run, or perhaps does not have a chance to run? because solid state hard drive is so fast?

I am at a loss.

Any help would be appreciated!

Thanks,

Hi guys,

We are running a 2008r2 forest and we have both WinXP(SP3) and Win7 clients.  I am trying to deliver a wireless preference to a few hundred clients on the network.  We basically want to tell them that when they do connect wirelessly to prefer a certain SSID, and what credentials to use to connect to that SSID.  I looked through the GPO setting under Computer Policy->Windows Settings->Security Settings->Wireless Network Policies and see how to control the preference, but it does not look like I can deliver the WPA2 password through group policy.  Trying to avoid having to visit a few hundred clients to save/cache a new wireless password.  Anyone have any ideas of the best way I can deliver this with a script or anything else? 

Dan Heim

Hi there,

I am trying to create a script to stop service when a user logs on and start service when a user logs off. In my case, this is done by running a batch script.

The user is a non-admin and I would like to keep it that way.

I am trying to achieve this using Group Policy.

I tried using using (User Configuration\Policies\Windows Settings\Scripts\Logon,Logoff) , but these do not work because the user does not have privileges to run scripts, and I have no idea how to employ "Run as" command in this context.

However, I managed to achieve this by using Scheduler in GPME (Computer Configuration\Preferences\Control Panel Settings\Scheduled Tasks) running it as another user with domain admin rights. That seems to work.(more or less)

I feel that this is really a dirty way of doing this. Could anyone suggest a proper way? It feels like this is a common task an admin would want to perform.

Thank you

We have multiple, load-balanced Citrix servers. Using group policy, I push an .xml file to the users' profile (c:\users\userName\appdata\local). We cannot use roaming profiles or folder redirection. 

When the user logs off, I'd like the .xml file to be copied up to a network share. Is there a way to do this without relying on folder redirection or roaming profiles? I tried a logoff script, that should copy the file, but the script doesn't seem to be running at all. I can tell, because the script also writes a text file to the user's profile, but the text file isn't being created.

Thanks.

Hello,

I've created a GPO to push printer to computers and change user registry settings to set the defaut printer.

In one room it works fine and the polciy applies.

In another room it is not applied and Gpresult /R shows as "Not Applied (Empty)"

I've logged on to all the DCs and checked the GPMC and none of them showed the GPO to be empty or any part of it disabled.

I do have loop back processing enabled, but must have it on for the user's registry to set the default printer.

I tried recreating a similar GPO and it is still the same.

Many restarts and gpupdate /force didn't help.

We have a a few DC's, 2003R2, 2008, 2008R2, 2012

Many thanks

We have this strange issue where 2 GPOs are not getting applied:

The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Disclaimer
            Filtering:  Not Applied (Unknown Reason)

        No Firewall
            Filtering:  Not Applied (Unknown Reason)

DFL: 2003

FFL: 2003

30 DCs running Windows Server 2003 SP2

Member Servers: Windows Server 2008 r2 SP1

Clients: Windows 7 and XP

This is happening on all machines.

Hi,

We have an issue with our laptops where we occasionally get "No Login Servers Available" when trying to login. We have managed to find out that this is because the laptops are losing the wireless GPO and not picking it up from the DC on boot due to no connection to it. I was wondering if there was a way of applying a Local Group Policy through Powershell that would make them attempt to connect to our wireless network?

In case I have not explained the issue well enough:

1.) Our laptops do not pick up the GPOs from our domain on boot occasionally - event logs have been checked, and the machines have been left for extended periods before attempting a login. There is an error in our event logs about it not managing to pick up GPOs from our DC. This results in them not connecting to our wireless network and returning "No login servers available to process the login request".

2.) Would Local Group Policy on these machines work as a workaround?

3.) Is it possible to set Local Group Policy through PowerShell? And if so, how?

4.) Is there a deeper rooted issue that causes this?

Many thanks in advance,

Jon Davies

We rolled out Windows 7 x32 to 1200+ computers and are having random issues with extremely long login times.  Most of the time users can log into the network without issues but I typically have several computers each week that hang at the welcome screen.  In every instance I receive the following errors.  The number of errors is directly related to the amount of time it takes for the computer to log the user in which makes since with the 30 second timeout.

Log Name:      System
Source:        Service Control Manager
Date:          10/30/2013 8:19:15 AM
Event ID:      7011
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CATECHALP.bgcs.k12.oh.us
Description:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7011</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2013-10-30T12:19:15.461367100Z" />
    <EventRecordID>19317</EventRecordID>
    <Correlation />
    <Execution ProcessID="536" ThreadID="3500" />
    <Channel>System</Channel>
    <Computer>CATECHALP.bgcs.k12.oh.us</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">30000</Data>
    <Data Name="param2">gpsvc</Data>
  </EventData>
</Event>

This morning the tech coordinator was stuck at the welcome screen for 30 minutes with 17 of the above messages until we forced the computer off and logged in successfully.  We rebooted immediately after logging into the computer and logged in a third time without any issues.  I also checked the logs and didn't see or have any issues with the 2nd and 3rd login attempts.  The group policy client service also started successfully about 1 minute before the first error on the first attempt.

I also went through the Applications and Services Logs>Microsoft>Windows>GroupPolicy>Operational logs but didn't see any issues.  Here is the last entry in the log file until the reboot.  All 17 messages didn't generate any information in the GroupPolicy logs.

Log Name:      Microsoft-Windows-GroupPolicy/Operational
Source:        Microsoft-Windows-GroupPolicy
Date:          10/30/2013 8:16:44 AM
Event ID:      4016
Task Category: None
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      CATECHALP.bgcs.k12.oh.us
Description:
Starting Group Policy Folders Extension Processing.

List of applicable Group Policy objects: (No changes were detected.)

7 Default Domain Policy

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
    <EventID>4016</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>1</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2013-10-30T12:16:44.010292800Z" />
    <EventRecordID>37783</EventRecordID>
    <Correlation ActivityID="{95B5B1C8-886C-4A41-AB64-60EE164266E5}" />
    <Execution ProcessID="1260" ThreadID="1404" />
    <Channel>Microsoft-Windows-GroupPolicy/Operational</Channel>
    <Computer>CATECHALP.bgcs.k12.oh.us</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="CSEExtensionId">{6232C319-91AC-4931-9385-E70C2B099F0E}</Data>
    <Data Name="CSEExtensionName">Group Policy Folders</Data>
    <Data Name="IsExtensionAsyncProcessing">true</Data>
    <Data Name="IsGPOListChanged">false</Data>
    <Data Name="GPOListStatusString">%%4101</Data>
    <Data Name="DescriptionString">7 Default Domain Policy
</Data>
    <Data Name="ApplicableGPOList">&lt;GPO ID="{6C77B631-1580-41B1-B63A-D3D593EB84AC}"&gt;&lt;Name&gt;7 Default Domain Policy&lt;/Name&gt;&lt;/GPO&gt;</Data>
  </EventData>
</Event>

Other Information

1. Server OS - Windows 2008 R2 servers. ~20 servers with 7 DC's.

2. Windows OS - Windows 7 x32 SP1 workstation. ~1200

3. This happens on wireless and wired connections.

4. This happens across all hardware and models of laptops and desktops.  Ranging from GX270 - Opti 760, Latitude D510 - Latitude E6410, Latitude 2100 - Latitude 2120's and all models in between.

5. We are currently using SCCM 2012 to deploy images and applications.  The image was created through SCCM using Build and Capture so I never touched the image.

6. The drivers were downloaded from Dell but this is happening on multiple machines so I don't think its driver related.

7. We are using Forefront Antivirus.

8. We upgraded the machines to 2Gig of ram and upgraded them from XP to Windows 7 this summer.

9. We upgraded the servers from Windows 2003 R2 to Windows 2008 R2 this summer just before deploying Windows 7.

10. This is only reported through the helpdesk on less than 10 computers each week but I'm told it happens more frequently when I'm in the buildings.

11. We are using Group Policies to manage almost all aspects of the computer except for printers.  The printer drivers we are using are so slow that it added 60 to 180 seconds to the login time so I moved the printer mapping to a vbscript that is launched through the logon script through a GPO.

Users are holding the power button in to shut down the machine as they can typically log in a second time without issues.  I have heard that a few people have issues logging into the computer the second time but it's normally running by the time I heard about it.

Are there any other logs that I can look at to troubleshoot this issue?  Thanks for taking the time to read this issue.

I am currently testing GPO redirection for "My Document" folder. 

I am not able to synchronize towards the network drive if the profile already exist on the workstation. 

The test are done on a Windows 7 machine and the DC is running 2008 r2 (Forest 2008)

These are the steps I executed:

• If I delete the local profile on the workstation and reconnect (The profile creation on the network gets created and synchronization works perfectly) (This is not a solution because all my current users are using local profiles)
• I activated the GPO to force synchronization at log on and log off

The GPO is configure as follows:

Basic: Redirect everyones folder to the same location

Create a folder for each user under the following path: \\<SERVERNAME>\<SHARENAME>\Username

I unchecked the options:

• Grant the user exclusive rights to documents
• Also apply redirection Policy to Win2000 .... 

Do I need to enable anything else? 

George S.