Hey,
I need some help importing admx files to our Windows Server 2012 DC.
All the tutorials I could find where only for windows server2008 or 2008R2.
Like this one tut one. But on server 2012 I could not find the sysvol in the Windows directory
↧
How do I add admx files on Server 2012
↧
Confused about ADMX files? Missing IE Maintenance GPO
I have not yet had need to worik with adding Aministrative Templates to 2008 R2 domains before - until recently, all the default stuff that comes with 2008 R2 was enough.
I have a domain-wide GPO set under User Config > Policies > Windows Settings > Internet Explorer Maintenance to provide some company-standard URLs under Favorites. Today I went to edit them and found that the IE Maintenance option is gone form this GPO.Also we just put IE 10 on these systems maybe a week or so ago and from what I've read, putting IE10 in the mix is what made this IE Maintenance GPO option disappear and there's no way to get it back.
I'm still reading about how to handle this but so far I gather my best choice is to find some IE10 admx file. I've never worked with admx files before. Right now I'm reading through a few documents:
Using Administrative Templates (a subsection of Technet's IE 10 deployment documentation)
http://technet.microsoft.com/en-us/library/jj822355.aspx
Managing Group Policy ADMX Files Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc709647.aspx
I'm not done reading either of these but already one question comes up. In the Using Admin Temmplates document it says the following:
You can create a central store that provides all administrators who edit domain-based Group Policy Objects (GPOs) access to the same set of Administrative Template files. The central store is an administrator-created folder on SYSVOL that provides a single centralized storage location for all Administrative Template files (ADMX and ADML) for the domain. Once you create the central store, the Group Policy tools use only the ADMX files in the central store and ignore ADMX versions stored locally. The central store is optional; if you do not create it, the Group Policy tools use the local ADMX files. The root folder for the central store must be namedPolicyDefinitions (that is, %SystemRoot%\SYSVOL\domain\policies\PolicyDefinitions). For more information about creating a central store, seeScenario 1: Editing the Local GPO Using ADMX Files.
First, I would think any organization would prefer to hvae all this stuff centralized so why this is optional is beyond me, but as I said I'm new to this stuff. But what confuses me is whether or not I should do this central store. My concern is that if I create it, what if upgrading some future version of IE introduces a new admx file that I don't know about (or any patch or other upgrade other than IE causing need for a new admx) and places it in the local PolicyDefinitions folder of the domain controller. I don't know how to be notified of when a new admx file is needed so as I see it, the product (IE in this case) will get updated, but since I don't know about a need for an admx file, GPO breaks because I didn't think to put a new admx in the central store. This method of management doens't sound ideal to me.
Cna anybody advise on what is the best practice here? Thank you.
↧
↧
Problems creating an IE10 policy with only a single setting in it
Hi guys,
I am trying to only push a single setting out to users with IE10. I have been going through the GPP stuff and clicking on F8 everywhere, except for a F6 on my one setting, but it still brings in several more settings which I do not want to specify. Does anyone know how I can apply a GPO the only contains the following item? Trusted Sites -> "Enable Websites in less privedged web content zone can navigate into this zone" Is is possible to apply only that single settings and leave everything else undefined?
Thanks,
Dan
Dan Heim
↧
How to apply Computer Configuration Policy to a particular user/group
I have set a GPO settings which is available only under Computer Configuration.
I have applied this settings to a group. Only few users are members of that group. I want that if the user will login to any of the machine in the domain, this policy should apply.
How can this be happened?
Thanks Chandan
↧
Group Policy Folder Redirection to SkyDrive Pro
I would like to know, if it is possible, to use Group Policy, Folder Redirection, to redirect my users Home Drive, to their Office 365 SkyDrive Pro, in the cloud. Currently all users home drives are redirected to a on premise file server. Can Group Policy redirect it to SkyDrive Pro?
I know that I can use the SkyDrive Pro app, that comes with the Office 2013 install, to redirect a local share and do offline file sync, but I would like to get this data off the on premise file server and move it to SkyDrive Pro and then do offline file sync to the local PC. I want to automate as much as possible, for my users.
Thank you,
Ed
↧
↧
cannot create scheduled task, access denied
Windows Server 2003 R2
I am logged in as a local administrator and cannot create a scheduled task:
[Task Scheduler]
The new task could not be created.
The specific error is:
0x80070005: Access is denied.
Try using the Task page Browse button to locate the application.
[OK]
My research lead me to look look in the Group Policy Object Editor for:
Windows Settings > Security Settings > File System > %SystemRoot%\Tasks
On this machine, there is no "File System" folder. In the MSDN Library, I find:
"The File System folder is available only in Group Policy objects associated with domains, OUs, and sites. The File System folder does not appear in the Local Computer Policy object."
I am logged in as a local administrator and cannot create a scheduled task:
[Task Scheduler]
The new task could not be created.
The specific error is:
0x80070005: Access is denied.
Try using the Task page Browse button to locate the application.
[OK]
My research lead me to look look in the Group Policy Object Editor for:
Windows Settings > Security Settings > File System > %SystemRoot%\Tasks
On this machine, there is no "File System" folder. In the MSDN Library, I find:
"The File System folder is available only in Group Policy objects associated with domains, OUs, and sites. The File System folder does not appear in the Local Computer Policy object."
Any ideas?
↧
This operation has been cancelled due to restrictions in effect on this computer. Please contact your systems administrator
Here is our environment: Windows Server 2008 x86 SP2 Terminal Server running Citrix XenApp5.0 with Office 2007 installed. We have a Group Policy to restrict users from access the server's C:\ drive. When our users open or save a Microsoft
Word, Excel, etc. document they are presented with the following error. "This operation has been cancelled due to restrictions in effect on this computer. Please contact your systems administrator." When our users click on the OK button it
allows them to open or save the document. If I remove the restriction to C:\ from our Group Policy, then everything is working fine. Please tell me how to fix this problem. Thanks.
↧
Default Domain Policy
hi,
in our organisation we have a password policy configured on windows 2008 R2 default domain policy... with at least 7 characters, password age 90 days.
now our management want to change it with 8 characters...
now i am planning to deploy GP on OU level not on default domain policy... hence i created a new policy and applied it to a OU but it inherits with default domain policy...
even i created the new OU for testing.. and on the OU - right click - ckeck the "block inheritance" even no use... still the new policy not applying to the test OU.
need an expert light on it... with a best practice...
Note: the policy we want to deploy OU wise and then want to remove the password policy from the default domain policy.
thanks in advance
↧
Error when Copying a GPO
Hi,
When copying a GPO I get this error
[Warning] The security principal [Local Admins] cannot be resolved. The task will continue; however, there might be unresolved security principals in the destination GPO.
This has never occurred before so not sure what has changed. I cannot see the [Local Admins] listed in the delegation etc. So no idea where this is referenced.
Any ideas on how to resolve.
Phil
↧
↧
Cannot create scheduled task, access denied
Hi,
I am trying to create a schedule task through application.
I am facing the error during task save 0x80070005: Access is denied.
I tried running Start - Run - CMD - C:/windows - CACLS TASKS /E /G builtin\administrators:F
command
Also given Remote Activation permissions in dcomcnfg. Right-click My Computer-> Properties Under COM Security, click "Edit Limits" for both sections. I have given the user I want remote access, remote launch, and remote activation.
Still giving same error.
Any suggestion is appreciated.
my self Mustaque Ahmad , B.Tech Computer Engg
↧
Allow Domain Users to Change Their Time On Workstation
Is there a way to allow authenticated users on the domain to change their time on their workstations? Ive added Domain Users, Domain Computers and Users to the Computer Configuration/Policies/Windows Settings/Security Settings/Local Policies/User Rights Assignment in the Default Domain Policy but nothing seems to change. Ive forced the GP update as well.
Any help would be appreciated.
↧
GP for User Software shows Succeeded, but not installed.
I have a group policy that installs Management Report for a group of users. On Windows 7 clients it installs fine.
On Windows 8 clients it does not yet it shows the following message in the event logs and GPResults logs.
The assignment of application Management Reporter Viewer from policy ManagementReporterInstall succeeded.
I have always thought that the above line meant the software was installed successfully.
Anyone have any ideas why it shows succeeded, yet not get installed?
↧
GPO Internet Explorer Maintenance missing in WS 2008 R2
Hi all
suddenly I missed the Internet Explorer Maintenance in WS 2008 R2, when I show the settings tab on the GPO it self its showing properly, but I cant find it when I try to edit.
any assistance on that ?
↧
↧
Group policy problem with IE10 and IE11
Hi,
We are trying to pushing proxy setting through group policy.
Everything is working fine but the issue is with IE 10 and IE 11.
This policy is not applying for clients which contains IE 10 and IE11.
Server: Windows Server 2008 R2
Client: Windows 8 and Windows 7
↧
Printer policy applied after 2nd logon
Hi,
We have a User group policy which map printers for our users. This is done at "User configuration -> Preferences -> Control Panel Settings -> Printers" and not done by so called printer deployment policy.
In this policy we have defined a removal of all shared printer connections as order 1. Order 11 is set to map a certain printer with an Update action and has item-level targeting set. This printer will be mapped to the user as default only when the computer on which the user logged on is located in a certain OU.
What we try to achieve, is that when a user logs on to a certain set of computers the printer in that same room is mapped and become their default printer. When a same user logs on to any other computer, the printer must be removed and must not be used.
What happens now is as follows:
When a users logs on to a computer in the specific room, the printer is mapped and set as default. When the user logs off, this printer is written as the default printer in the roaming user profile. When the user logs on to a computer in a different room, the printer is still there and set as default. This will remain so until the user logs off and logs on again. So to let this work the user basically needs to logon twice on a computer in a different room.
What can be causing this and how to solve it?
Kind regards,
Jasper Kimmel
↧
TCP/IP Printer installs - How do I get the proper driver settings?
I saw an older thread relating to this but I thought I would start a new one to revisit this thought. I want to deploy my printers as TCP/IP and not rely on a shared print server. This is in case the print server goes down, the users
will still be able to print. How can I get my driver settings to propagate to the users? We use HP printers with settings like Printer Status Notifications, what tray to use, pages per sheet, duplexing, etc. We also use Zebra label printers
with custom stock sizes and tear-off values.
↧
Internet Explorer settings using Group Policy Preferences
Hello,
I have a very annoying (and frustrating) problem setting the correct Internet Explorer settings for my users using GPP (as Internet Explorer Maintenance is deprecated and I can't use it anymore).
I want to set the right connection settings (Proxy with Pac and disable automatically detect correct settings), but those are grayed out!!
I see others have reported the same problem already, but I couldn't find a suitable answer...
Thanks for any help!
Regards,
Geoffrey
↧
↧
Searching GPOs For Specific Server
We are getting ready to decomission a server. We have a lot of GPOs setup and I have found a few that reference this server (folder redirection, etc).
Is there any way to search through every GPO for any settings that reference the server name? I can search by GPO name but I can't figure out how to search all the settings for anything pointing to that server. Just want to make sure we don't miss any settings when we decommision the server.
↧
Extreme slow login on Server 2008 R2 TS at Group Policy Preferences - Printers
I see references to this problem everywhere, going back to 2010. However I'm not finding any real answers.
I have Group Policy Preferences installing printers to Terminal Server Users. I have one policy that applies to 4 terminal servers. One of them is a 2008 R2, the others are 2003 x64. Only for the 2008 R2 server, after all of the printers show (in event viewer) as successfully loaded, there is a long hang. I have many printers applied to me, and that results in my load time being the longest of all at about 3 minutes. I am an administrator on the machine. Others have the exact same problem, just a bit less pronounced depending on the number of printers.
The policy preference is set to UPDATE, so it's not loading the driver... again, the printer is already successfully applied.
I've tried setting UAC to "Never" on the server. No effect. I've played with the Point and Print policy at both computer and user level, finally just setting both to disabled, but prior to that setting them to Enabled with the "do not show warning" on both settings. No effect (which makes sense since that is for non-admins and I am having this problem as an admin).
My logging pasted below shows this same thing in all cases.
Is there an answer to this that I am just not finding?
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Filters passed.
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Adding child elements to RSOP.
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Set user security context.
2013-12-06 09:11:44.289 [pid=0x388,tid=0xca0] Set system security context.
2013-12-06 09:14:13.873 [pid=0x388,tid=0xca0] Set user security context.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] Set system security context.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] Properties handled.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] RunOnce value created [SUCCEEDED(S_FALSE)]
↧
GPO - Internet Explorer 10 setttings
All of our Servers are on Windows 2008 R2, and our Workstations are on Windows 7 based OS.
We are planning to update IE to version 10 on all internal computers. When i tried to set some new security settings for IE10 via GPO i noticed that i'm missing the whole group of IE10 relevant settings. (e.g. Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn on Enhanced Protected Mode)
The workstation that I’m opening Group Policy Management console is Windows 7 with Internet Explorer 8.
Also, i tried opening GPM console on Windows 2008 R2 server with IE 10 - but still wasn't able to find those settings.
What I’m missing?
Big B
↧