Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Directory Permissions for GP Software Installations

December 20, 2013, 8:05 am
$
0
0

I am trying to create a group policy to do a Software Installation to some of my clients. I have created the policy and pointed the software to the UNC path of the distribution point and the policy will fail every time no matter what user or computer tries to install the policy. The software distribution point is a share I created and set permissions on myself. It is not the default permissions set by windows when you initially create a folder and shares. I tried modifying the policy and made the distribution point point to the NETLOGON share and when I do it this way my users are then installing the software no problem. I think this is boiling down to a directory permissions issue but I can't seem to figure out what the differences are. Hopefully someone can tell me what the correct permissions should be so I can resolve this issue.

If I go to the distribution share I created  from the clients machine I can get to the share and see the MSI file and even start the setup no problem. So I am not sure why it won't work if it can get that far for me.

I am not using DFS either.

Thanks!

-Scott


Search

IE trusted sites with server 2003 schema

December 23, 2013, 11:48 am
$
0
0

We have a 2008R2 DC with all fsmo roles. A 2003 DC server. The domain is server 2003 schema.Workstations from XP SP3 to Windows 8.

We setup a GPO for IE to push out trusted sites and favorites. At this point we are updating the object on the 2003 server, but it does not seem to be working when we update some items in the list. I have done some searching on this and it seems there are some bugs in 2008 with a 2003 schema.We tried to make the changes on the 2008 server previously and had issues so we continued to modify in 2003 in the past.

Questions.

1 Should this work making the changes directly on the 2003 server in GP manager?

2 Do we need to load any updates on the server/clients? I read about a Group policy extensions patch from MS. If so where do I get this, and what systems does it need to run on?

3 Do we need to update the schema to 2008 in order to modify the GPOs on the 2008 server? Or just install some fixes to the server?

thank you

GPO 2012 RDS Desktop Session - Hide All Application Arrow

December 20, 2013, 4:55 am
$
0
0

Does anyone have any ideas how to hide the all apps arrow on the metro interface please?

running a SBS 2011 server with Win 2012 Std RDS for remote workers.

Many thanks

EventID 4625 cant identifiy process/service that generate such event

December 11, 2013, 10:15 am
$
0
0

I have a server with a local administrator (is not part of the domain). Each second, our Active Directory register 8-10 failed login attempts with that user. Obviously the event generated is correct since that local username does not exist in AD.

 

So, I tried to identify wich process/service tries to connect with AD like 2000 - 3000 times in a day but the event log detail does not have any reference.

 

BTW, we have contracted a Managed Security Services to correlate events trouhg SIEM solution. These people says this failed attempts are security events but they dont have any idea of what could be (Im sure that this isnt an intrusion, hacking attempt). Since Im not an expert and the MSS didnt have an answer, I will apreciate any actions that you could recomend me.

 

The log is always the same, I paste the XML file.

 

-             System

                              -             Provider

                                              [ Name]              Microsoft-Windows-Security-Auditing

                                              [ Guid] {54849625-5478-4994-A5BA-3E3B0328C30D}

                                              EventID              4625

                                              Version               0

                                              Level     0

                                              Task       12544

                                              Opcode              0

                                              Keywords          0x8010000000000000

                              -             TimeCreated

                                              [ SystemTime] 2013-12-02T20:33:36.370882500Z

                                              EventRecordID 520119383

                                              Correlation

                              -             Execution

                                              [ ProcessID]       532

                                              [ ThreadID]        584

                                              Channel              Security

                                              Computer          ADexample.com

                                              Security

-             EventData

                              SubjectUserSid S-1-0-0

                              SubjectUserName         -

                              SubjectDomainName    -

                              SubjectLogonId              0x0

                              TargetUserSid   S-1-0-0

                              TargetUserName           localserverusername

                               TargetDomainName     serverexample

                               Status   0xc000006d

                              FailureReason   %%2313

                              SubStatus          0xc0000064

                              LogonType        3

                              LogonProcessName       NtLmSsp

                              AuthenticationPackageName   NTLM

                              WorkstationName         serverexample

                              TransmittedServices      -

                              LmPackageName           -

                              KeyLength          0

                              ProcessId           0x0

                              ProcessName   -

                              IpAddress          -

                              IpPort   -

<

Backing Up GPOs with Server 2012

March 14, 2013, 1:40 pm
$
0
0

I have added a member server as Windows 2012 Standard to our domain.  I try to backup all the GPOs in the domain using GPMC from the 2012 server but I get an error stating "The specified server cannot perform the requested operation". 

The domain and forest are still at 2008 R2 level and I figured that should not make a difference since I am just trying to use GPMC to backup the GPOs. 

Thanks

GPresult on Windows 8.1

September 23, 2013, 1:55 pm
$
0
0

Hello,

on my windows 8.1 RTM i have many GPO`s with the following result :

The same GPO is working OK on windows 8/Windows 7.

Also :

Any idea howto fix this?

Thx


Configuring VPN Group Policy Access for Groups

August 9, 2013, 1:32 pm
$
0
0

I have a question, I was tasked with configuring user authentication through our firewall. What management wants to do is configure our Fortigate firewall to allow users to access the internal network using their LDAP user name and password.

What should happen is a user should be able to do is use the foritgate client and connect to the firewall using SSL and access the network. Access should be based on a user's membership of a particular group.

As an example: User uses VPN client to connect, if the user is not a mamaber of a group that has access he gets denied access to the internal network, then based on membership the user recieves access to resources linked to their group.

What I need to do is to configure user group to first be either approved or denied access based on group membership based on membership to a group. Second i need of users to have access to only certain resources based on their membership.

I need to try to do this through group policies, don't think i could do this through policies on the firewall as there is a hundred or so groups that will need to be configured this way, and there are several hundred firewall that will need to be configured.

Using GP to enforce a default setting - Good or bad?

December 27, 2013, 1:26 pm
$
0
0

I have seen many organizations enable a policy and set it to the normal default value. As I understand, every policy you enable takes up processing time when GP is applied. Why would this be done and what is the value of using GP to enforce a setting that would normally default?

Example: "By default, file downloads are disabled for the Restricted sites zone. However, we recommend using Group Policy to enforce this restriction of the Allow File Downloads setting to ensure that users cannot download files when they are in the Restricted sites zone."

Thanks! 



Charlie Newman

Search

IE8 Automatic detect setting uncheck

June 1, 2012, 4:25 am
$
0
0

Hi All,

I need your help to uncheck  the IE automatic detect settings via GPO, already i have configred my GPO, which i havent enabled the automatic detect settings. But still my users are not able to browse the intranet pages due to this setting enabled automatically in the IE8. Kindly help me how to fix this issue, as i have gone through so many forums, but i couldnt get a solid answer for this.

IE, Disable 'Automatically Detect Settings' Via GPO

November 8, 2009, 7:10 pm
$
0
0
Hi guys,

We have recently been having a small problem with IE, whereby the 'automatically detect settings' check box will get ticked - resulting in our users not being able to traverse our proxy server.

I use the User Configuration > Policies > Windows Settings > IE Maintenance > Connection to set up our proxy settings, however I can't see an option to explicitly disable the 'automatically detect settings' check box.

Is this located somewhere else in an admin template, or am I simply missing an option that is right in front of me?

Thanks.

Glen

Uncheck automatically detect settings of IE

June 20, 2013, 2:20 am
$
0
0

Hi

I need to uncheck only "automatically detect settings" on XP workstation.

I searched lots of Google but could not right solution.

how can I Uncheck the Internet explorer "Automatically detect settings"

June 20, 2013, 12:43 am
$
0
0

Hi

I need to uncheck only "automatically detect settings" on XP workstation.

I searched lots of Google but could not right solution.

Turn off Auto Detect Settings in IE using GPO

June 3, 2010, 12:21 am
$
0
0

As a follow-up on some kind of bug in sharepoint ( http://social.technet.microsoft.com/Forums/en/sharepointgeneral/thread/f3dbe651-be99-491b-8c6c-fc4792ae0b22 ) I need to turn off Auto detect settings in IE on all my clients, as this speeds up sharepoint on many clients.

 

"The Internet Explorer Maintenance settings can be set in two modes: policy mode (to enable by Computer Configuration\Administrative Templates\System\Group Policy\Internet Explorer Maintenance policy processing) or preference mode(to enable by right-clicking Internet Explorer Maintenance)." (snipped from http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/57d81da5-de30-4930-8649-197d204b2a6c )


Well, I have problem configuring Automatically detect settings. I have no trouble changing other parts of the same policy (changes are applied to all my computers), e.g. trusted sites and such. However I cannot turn off Auto Detect settings. I wonder if unchecking Auto Detect Settings really means "no change"/unconfigured?

Is the only option then to use a hardcoded reg change?
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\ControlPanel\Autoconfig ?

GPO to disable IE LAN Auto detect Settings server 2008 R2

April 15, 2013, 3:41 pm
$
0
0

I know its been discussed a lot.  But the posts I have seen seem a bit older and just haven't been working.  Many referenceInternet Explorer Maintenance in GPO which no longer exists in 2008 R2.  And we have tried the posts we found on this issue.  But nothing is sticking.  To be clear, we are trying to disable/uncheck any occurrence of Internet Options > Connections > LAN Settings >deselect "Automatically detect settings"

Anything new/current to get this to stick for my domain users? Getting this set is important to SharePoint use.

Domain Audit Policies not showing up on member server

December 29, 2013, 11:23 pm
$
0
0

Hello,

I have a Domain level GPO that has the audit policies enabled to success  and failure.

I have a member server called Documents and I want to setup basic file and folder auditing.

When I run the auditpol /get /category:*   ; I do not show the proper audit categories enabled?  I only show account management enabled for success and failure... but the Object Access audit category is set to no auditing.. even though my global GPO has the Object Access category enabled?

It seems that my member server is not get the audit GPO updates?

When I try to use the local policy editor on the member server it shows that I cannot modify the audit policy categories because  the settings are  controlled by the Domain GPO?

I just want to setup basic file and folder auditing?

Search

User extensions: not found, Machine extensions:not found

January 2, 2014, 1:01 am
$
0
0

Hi

Last couple of days i was used the tools that name is gptools.exe have get the reports,

but one things that make me confused that has given below.

User extensions: not found
Machine extensions:not found

Please guide to me what is the above mean.

Regards, Md Ehteshamuddin Khan All the opinions expressed here is mine. This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

Trying to apply regedits via GPO to Outlook

January 2, 2014, 3:47 am
$
0
0

I am trying to apply regedits via GPO for Office Outlook to direct sent mails to shared mailboxes sent items box when shared mailbox is used using register items described here http://community.office365.com/en-us/forums/158/p/193942/578860.aspx#578860 and herehttp://support.microsoft.com/kb/2843677/en-us. We have Office 2013.

For GPO I found instructions from here http://social.technet.microsoft.com/Forums/windowsserver/en-US/83eb3681-5349-4353-b3ad-65b06b9cb3c0/applying-registry-edits-via-gpo?forum=winserverGP but there is no Office folder inHKEY_CURRENT_USER\Software\Microsoft folder. I am using Win2012R2 server.

How to get these regedits done?

AGPM 402 Server Upgrade

January 2, 2014, 2:46 pm
$
0
0

I am trying to upgrade our AGPM server to 4.0.2 from 4.0 and running into the following error "wizard ended prematurely because of an error"  I checked the log file and I see the follow errors.  Not sure how to fix, I verified the AGPMService Account is Domain Admin and it has permissions to Temp folder and access to archive folder...

2014-01-02 17:44:07.963 [pid=0x1a74,tid=0xee4] DsWriteAccountSpn() failed. [ hr = 0x8007202b "A referral was returned from the server." ]
2014-01-02 17:44:07.963 [pid=0x1a74,tid=0xee4] Leaving MsiWriteAccountSpn(). [ hr = 0x8007202b "A referral was returned from the server." ]

Gpresult html report creation not working for computer settings

January 2, 2014, 7:40 am
$
0
0

When I try and run a gpresult. all I get is this at the command prompt (as administrator). 

gpresult /h c:\report.html
ERROR:

The error is particulary helpful ;-)
I can successfully create a xml file with /x report.xml . Its a pain to read though.
Also group policy results is also broken. I get the message:

An error occurred while generating report:
An unknown error occurred while the HTML report was being created.

I have read the fixes involving editing install.ins to remove the imported zones. This doesn't fix the issue.

It only occurs when I want the results from the computer settings. User settings work fine.

The environment is Windows 7 with Server 2008 R2 DCs. We have 3 2012 servers where gpresult works when processing computer settings.

GPO Issue - Server 2008 R2

December 31, 2013, 3:28 am
$
0
0

Hi Guys,

I am using a existing GPO with a few RDSH settings like Security, Licensing, RDCB settings, session time out limits etc.

Of course the user configuration settings are disabled and the policy is linked to a OU with the RDSH Computer objects. Security filtering is default => Authenticated users.

The policy is working fine for every user. So far so good :)

But, i would like to change the session time out limits for just 1 specific user.

So i thought i create a copy of the existing policy, change the settings in the policy and link the GPO to the same container. 

Furthermore on the new GPO i have added the specific user account to the delegation tab and checked the apply group policy checkbox and for the authenticated users i cleared the checkbox for apply group policy.

Furthermore i changed the security settings on the existing GPO. I have added the specific user account to the delegation tab and denied the policy.

After a while, and some gpupdate /force commands i didnot received the specific setting.

When i run a Group policy result (GPM) for the user i noticed that the old policy for the user is applied and the new policy is denied. 

I can't see why? Please help :) 

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>