Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

GPP delete shortcuts startmenu etc

January 14, 2014, 5:31 am
$
0
0

I would like to delete some shortcuts in the all users startmenu and some shortcuts on the desktop for the user and also shortcuts in the taskbar for several users.

Tried to make a computer group policy preference for the startmenu but the shortcuts in the start menu are not deleted. %SystemDrive%\programdata\microsoft\windows\start menu\programs\microsoft office\microsoft office Access 2003 and several others like microsoft office  infopath 2003 etc.
Also in the startmenu is a folder beneath the microsoft office like microsoft office-helpprograms, this musts be deleted thru folder delete, must it be empty then?

Why are the shortcuts not deleted, must it be done in a user gpp? The shortcuts are in the programdata so in the all users startmenu...

And the desktop shortcuts must can this be done in the same gpp, must the .lnk be added?

And the thrird is the hardest proberly: a shortcut in the quick taskbar thru gpp delete..

freddie

Search

Roaming Profile at User level simply not copying...no error

January 14, 2014, 12:07 pm
$
0
0

Little rusty on setting this up but if I recall if I choose to setup roaming profiles at the user object level then I simply need to create a share with the appropriate share/NTFS permissions then assign the UNC path in the Profile tab in ADUC?  We are running Win 2008 R2 with Win 7 SP1 clients.

If this is correct then I have done this and the profile will simply not roam...no errors in event log, the test user simply logs in and has a normal local profile.  While I am logged in as this user I can access the above UNC and create a folder so I think permissions are ok.

Originally this computer and test user were in an OU where I set a GPO setting up Folder Redirection.  Thinking that I possibly configured something incorrectly there I moved the user and computer object to a basic OU where only the default domain policy is applied.  No change.

I don't remember getting this part working to be such a hassle so I am at a loss now how to troubleshoot further.

Thanks

Client side extension could not remove computer policy settings for ' ' because it failed with error code '0x8007000d The data is invalid.'

July 13, 2009, 11:21 am
$
0
0
Hello,

We are receiving the following error every 5 minutes in the Apps event viewer on our DC.  Since there is no GPO associated with this error its been even more difficult to find a solution.  Also I am not aware if Policy Maker was used to create the policies.  Any help would be much appreciated!!!

TIA,
Doug

Log Name:      Application
Source:        Group Policy Local Users and Groups
Date:          7/13/2009 10:48:09 AM
Event ID:      8194
Task Category: (2)
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      DC.domain.com
Description:
The client-side extension could not remove computer policy settings for ' ' because it failed with error code '0x8007000d The data is invalid.' See trace file for more details.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Group Policy Local Users and Groups" />
    <EventID Qualifiers="34305">8194</EventID>
    <Level>2</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2009-07-13T17:48:09.000Z" />
    <EventRecordID>25597</EventRecordID>
    <Channel>Application</Channel>
    <Computer>DC.domain.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data>remove</Data>
    <Data>computer</Data>
    <Data>
    </Data>
    <Data>0x8007000d The data is invalid.</Data>
  </EventData>
</Event>

Separate GPO's for computer groups?

January 14, 2014, 8:52 am
$
0
0

Ok, here's my situation.  We have 2 groups I'm trying to work with, normal desktop computers, and then computers in our conference rooms.

For the desktop machines, the users don't have admin rights to install anything, have their printers and network drives mapped and have other settings I want

For the conference rooms I am pretty much setting a common desktop wallpaper that shows our logo, and these machines allow users to install software they want.

I had a problem yesterday when a user told me his mapped drives showed up when he logged into the conference room computer, but he couldn't access the drives, he was denied.

This morning I changed the conference room policy to add a link to the users OU as well as computers, shown here:

It had been linked to just the computers.

My concern is that it appears some of the rules are combining.  Here is the way the desktop policy looks:

When I added the users to the conference room policy users reported that wallpaper they had set on their personal machines was blanked out........ and I don't think that's just by chance.

What can I do to keep these 2 policies separate.  I thought the security filtering would assist with that, but it doesn't appear to be set up correctly.

Can anyone help???

Thanks!
Steve

GPO to push HKCU regkeys to users that do not have permissions to write to the registry?

January 14, 2014, 11:42 am
$
0
0

We run a 2008r2 domain and mostly Win7 clients, but some are still XP.  I need to apply some application settings in an admin template(user), and also need to push a regkey to HkeyCurrentUser for those users.  I would like to use GPP for the regkey, if possible, but the end-users do not have permissions to edit the registry on their computers.  Is this something that would have to be scripted? or can I do this through group policy?

I was thinking that the computer side of Group Policy ran under the System account, but that user side ran under the user's security context?  This is probably an easy one, but any ideas would be appreciated.

Thanks,

Dan

Dan Heim

Server 2012 R2 ADM files for Server 2008

January 14, 2014, 10:24 am
$
0
0
I'm trying to load adm files for Server 2012 R2 into a 2008 Domain. I downloaded and "installed" the adm files but they installed as adml files and I'm unable to load the templates into a policy. I'm just curious what I'm doing wrong and how I can get these policies to work properly in a 2008 domain.

Vincent Sprague

Setting non-Zero DSCP values from application using winsock2 on Windows 2012

January 15, 2014, 1:26 am
$
0
0

Hi,

There are actually several questions:

1.a. Is IP_TOS with IPPROTO_IP for the command setsockopt of the winsock2 interface supported for Windows 2012?

Comment : With setsockopt(ConnectSocket, IPPROTO_IP, IP_TOS, (char*)&tosBits, sizeof(tosBits)) initiated in an application, the DSCP value for a sent ip packet could be set on earlier Windows Version (Windows 2003 Server) and Unix etc. I assume that Windows 2012 is also forced to satisfy the winsock2 interface.

1.b. If yes, what do I have to configure on a Windows 2012 Server that the above setsockopt command remains working?

1.c. If no, how does the alternative code snipped look like and what do I have to configure on a Windows 2012 Server that the alternate code is running?

Best Regards

Proxy Settings per machine - policy or preference?

April 21, 2011, 2:25 am
$
0
0

Can Proxy settings be set under HKLM\Software\Policies\Windows\CurrentVersion\Internet Settings (i.e. can they be set up as a true policy, rather than a preference?)

Search

A processing error occurred collecting data using this base domain controller.

November 27, 2012, 4:23 am
$
0
0

Hello Guys,

I have got a problem using the Windows 8 GPMC.

If I want to use the new "Status" feature, I'm getting this failure:

We have got two 2008 R2 DCs and the rest is Server 2003 R2.
The DC that holds the FSMO roles is also a Server 2003 R2.

The error is the same as described here:
http://social.technet.microsoft.com/Forums/nb-NO/winserverGP/thread/baef3a58-bcae-4336-970a-1e9b4ebc03f8

It seems like GPMC can't get the list of DCs:

MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

how to change homepage in firefox 22 through group policy in windwos 2008 R2

January 15, 2014, 3:45 am
$
0
0

Hi

I need to set homepage or change   homepage in firefox 22 through group policy in windwos 2008 R2

How do you map network on Windows 8.1?

January 15, 2014, 11:05 am
$
0
0
Anyone know how to map network on Windows 8.1? I've searched the web and can't find anything regarding 8.1.  

Group Policy migration between Domains with no trust

January 14, 2014, 5:15 pm
$
0
0

I have been working on the migration of our production domain policies from one domain to another....

Environment information

There are no trusts setup between the domains as per security requirement...however there is no port blocking.  MDOP is not an option due to not being SA licenced.

Both domains are running 2K8R2 DFL and 2K8R2 FFL in a large enterprise environment.  Security group objects/Accounts have been migrated successfully.

What I am wanting is some suggestions of what people have had success with migration of their Policies links and security included to other domains without a trust in place and/or tools including third party tools.  The end Goal would be to get to a state where the policies can be synchronised (repeatable process).  Due to the number of polices required to be migrated it would not be practical to migrate them individually.

Things that I have attempted with little success are using Migration tables to transfer the GPO's (SOM), modifying the XML file updating the GPO links.

The specific issues being experienced is that I can migrate the polices fine, but the GPO links and Security does not seem to come across even when using Migration tables? I am guessing this is due to the source domain not being able to be contacted for SID information?

References to Links of what has been attempted

http://msdn.microsoft.com/en-us/library/aa814145(v=vs.85).aspx

http://technet.microsoft.com/en-us/library/cc781458(v=WS.10).aspx

http://technet.microsoft.com/en-us/library/ee461027.aspx

I have not yet tested the below scripts mentioned but if anyone has please let me know with some examples if possible

http://blogs.technet.com/b/manny/archive/tags/group+policy/

Thank-you in advance,

Karl

GPO policy to control Java JRE dialog in IE

January 15, 2014, 12:09 pm
$
0
0

Hi,

Wondering if anyone can offer some advice on the following:

Currently at our company if a user tries to access a page that uses Java without any JRE installed, here’s the popup that they see:"The page you are viewing uses Java. More information on Java support is available from the Microsoft website"

If a user clicks “OK” then IE proceeds to load the page the user tried to access, but obviously without Java any applets etc. will fail to load. Instead, we want the user to click on “More Info” then IE opens http://go.microsoft.com/fwlink/?LinkId=58658 in a new tab.

Do you know of a way to manage and control this behaviour in IE via Group Policy (i.e. make the correct choice as a background action). Many Thanks !

Creating Scheduled Task using GPP - Problem with "Log on at" trigger and built in accounts

January 15, 2014, 2:20 pm
$
0
0

Hello, everyone.

I'm currently having difficulties to accomplish (what should be) a simple task using GPP.

Objective: Create a schedule task that runs everytime the "built-in local admin" logs into the computer.

Computers are in a domain, but there's a local admin account used by our support staff (as a last resource).

My goal is to condition this task to run only when built-in local admin account is used.

I've tested the concept creating a scheduled task on a local computer (COMPUTER-A) and it Works.
I've set a "At log on" trigger and specified the COMPUTER-A\administrator as the specific user.

When I try to replicate this schedule task through GPP there's a problem on setting the "specific user".

For the GPP to work the "Specific user or group" field should accept a value such as "%ComputerName%\administrator" or some BUILT-IN syntax so it redirects to the appropriate built-in local administrator account on each computer.

Any ideas on how to overcome this obstacle?

Thanks in advance.

group policy behavior

January 15, 2014, 1:37 pm
$
0
0

Greetings,

I would like to confirm if this is normal group policy behavior, or if we have a bug in one of our policies/scripts.

We are running several batch files/scripts using group policy.  Lets say for example I am running the following from different policies: launch1.cmd, launch2.cmd, launch3.cmd

I have configured Task Manager to include the "Command Line" with the view. To do this click the Processes tab, click View, click Select Columns, scroll to the bottom, put a check mark in the Command Line option.

From this view, I can see the policies being run in Task Manager, and I can see batch files being called by policy, launch1.cmd, launch2.cmd, and launch3.cmd.

So my question is, after the policy runs the script, shouldn't the process exit memory when the script finishes?

If I am seeing those scripts in Task Manager, and they don't go away, does this mean something else in group policy is hanging those scripts?

Thanks.

Search

GPresult on Windows 8.1

September 23, 2013, 1:55 pm
$
0
0

Hello,

on my windows 8.1 RTM i have many GPO`s with the following result :

The same GPO is working OK on windows 8/Windows 7.

Also :

Any idea howto fix this?

Thx


Having an issue with user rights assignment in local secuity policy

January 15, 2014, 3:22 pm
$
0
0

I am an issue adding a user to local user rights assignment. I am at a loss of how to fix it. it is greyed out.

Cannot impersonate user : Logon failure: the user has not been granted the requested logon type at this computer.

I have looked at the "default domain policy" but do i look at it from the domain?

Default Behavior for AutoRun not configurable in GPMC

January 15, 2014, 9:20 am
$
0
0

I am not able to configure the Default AutoRun Behavior in my GPMC. It is grayed out for some reason (see below). Any ideas??



Charlie Newman

How to move all files from a folder for a user to a centralized folder on a core server with a GP

January 12, 2014, 1:37 pm
$
0
0

Hello,

I was curious if someone know how to move all the files of a user "local" profile on a Terminal Server to that of a centralized server where the "local" profile of like the user desktop, favorites, setting, etc are stored in the event the local profile on the TS become corrupt it can pull from this server...

The problem I have is no matter what I tell users to save there files to our Y drive that is a folder that is synced across all 6 of our TS servers, users still store files on there desktops, so as you can imagine if one day they are on one server, then next day they could be on another and there files aren't the same.... hence the reason why I want to move all there files to the centralized server so when I redo the profiles from scratch on the TS server in the farm they suck files from the core server and have all of the files they are used to having.... 

So I was curious and I've heard from some this is possible in a GP, but I'd like to move the contents of all 6 TS for each user or if I have to d this on  per user basis I will, just looking for a way to move the files....

GPO assign application unsintall revoke

January 16, 2014, 1:38 am
$
0
0

Is there a possibilty to revoke the command to uninstalled previously assigned application? Case is that this times out and computers in the domain do not boot up becouse of that (Java unistall and dll or similar error on uninstall).

Thank You in advance!


Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>