I implemented a GPO for a computer lab of Win7 desktops a few months ago through WS2008R2 group policy. I was in the lab today working on a computer and noticed that a specific GPO was never applied. I opened cmd and ran gpupdate /force and then restarted the computer. The GPO was then applied. These computers turn on/shutdown five days a week. How come the GPO was not applied months ago?
The GPO is a registry entry that updates pagefile settings.
The GPO 
Already a thread in security (see link below), but no resolution. Automatic policy creation applied on Program Files (x86), Program Files, ProgramData created. Everything else works as expectected. This is ocurring for any user -- regular or admin without Applocker restrictions being applied. Ready to bite the bullet and submit a case, but the support web site would not take my credit card. A sign somebody out there has an answer?
So now I am starting to use windows 8.1 and Windows 2012 R2. DCs are 2012R2, Forest Level 2012 R2, Domain Level 2012 R2. Folder Redirection works for Windows 7, Windows 8, 2008, 2008 R2, 2012. Does not work for Windows 8.1/2012R2. No errors are logged in event viewer, says completed successfully. GPResult /v only says:
Folder Redirection
------------------
N/A
Group Policy Results Wizard says:
| Component Name | Status | Time Taken | Last Process Time | Event Log |
|---|---|---|---|---|
| Group Policy Infrastructure | Success | 218 Millisecond(s) | 11/9/2013 12:28:30 PM | View Log |
| ConfigMgr User State Management Extension. | Success | 32 Millisecond(s) | 11/9/2013 12:28:30 PM | View Log |
| Folder Redirection | Success | 31 Millisecond(s) | 11/9/2013 12:28:30 PM | View Log |
I have tried disabling all other policies (computer and User) except the one that has the folder redirection with no luck. I have tried putting Folder redirection in its own GPO, no luck.
NONE of the following are checked in the Folder redirection (but I have tried it both ways for each):
DCDiag returns no errors. Sysvol is replicating properly between both DCs
Everything else EXCEPT Folder redirection applies properly.
Thanks!
I am trying to create a set of shared desktops in our office to act as 'bullpen kiosk' workstations, where a number of people will be logging in concurrently, but still having their own desktop. However, I want to use GPO to make the desktop experience for each user the exact same (i.e. same shortcuts on the taskbar, same desktop icons, same printer mappings, etc.) The only thing that should differentiate the look and feel of each user's desktop is anything they modify AFTER they have logged (i.e. documents and shortcuts on the desktop, wallpaper colors, etc.)
I seem to remember that MS had created a toolkit that made this kind of 'uniform desktop for kiosk mode' configurations, very simple but I'm having trouble finding those tools.
Machines are all Windows 7, with Windows 2008 R2 AD domain on the backend.
Any recommendations?
Hi,
I'm trying to redirect the appdata folder for users due to a performance impact on network file shares. Currently we have AppData redirected to:
\\filerserver\Redirect$\%username%\
I've modified the GPO User config\Policies\Windows Settings\Folder Redirection\App Data Roaming. I have the following configured:
Target
Basic - Redirect everyone's folder to the same location
Target folder location - redirect to the local userprofile location
Settings
Grant user exclusive rights to AppData(Roaming)
Move the contents of AppData to the new location
Policy Removal
Redirect the folder back to the local profile when policy is removed
The issue I have is that my GPO redirect settings do not work for end uers straight away, I have to delete the local user profile first using the computer properties
remove profile GUI tool.Once I do that, login with my test user and then browse %AppData% the folder redirection has worked.
1.Why is this and does anyone know how to get around the need to delete the user profile?
2. Not all of the AppData folders are copied from the roaming location on \\fileserver to the local profile (c:\users\), which causes a loss of settings (i.e. Outlook config and printers). I'm not using roaming profiles and I don't know how the GPO would even know where to copy the user's roaming data from.
Thanks in advance
Hi all,
I want to disable the MS excel 2010 and internet for the certain domain users on the windows 7 client using group policy on the server 2008 R2.
Can someone help me?
Many thanks !!!!
We have recently introduced a couple of Windows 8 computers in our network, and we are having issues applying the Internet Explorer Proxy Server settings.
We use a Microsoft TMG 2010 server as our proxy server for accessing the internet. We have been using a GPO with the following settings to automatically configure our Windows 7 computers running IE9 with the appropriate Proxy settings:
User Configuration\Policies\Windows Settings\Internet Explorer Maintenance\Connection/Proxy Settings
This GPO has worked beautifully for our Windows XP and Windows 7 users with IE 7, 8 and 9. Now with Windows 8 and IE10, this no longer works. I’ve therefore added a Windows Server 2012 Domain Controller to the network, and using GPMC on that new DC, I created a new GPO with the following settings:
User Configuration\Preferences\Control Panel Settings\Internet Settings\Internet Explorer 10
Now, seeing as these are preferences, it’s a little different. But, I’ve “checked off” the option “Use a proxy server for your LAN” as well as “Bypass proxy server for local addresses”. Then I click on “Advanced” and setup all my proxy settings the way I would like them, including the proxy server name, port and exceptions list.
When this new group policy gets applied to my Windows 8 PC, the only setting that gets applied is the “Use a proxy server for your LAN”. It does not configure the name or port of the proxy server nor does it configure the exceptions list. If I go back to the GPMC, and edit the new GPO, the settings are all there. However, if I just view the settings from the main GPMC screen (without opening the GPO itself), I don’t see all of those settings (again, only the one “Use a proxy server…”)
What am I missing???
Hi,
We have a small domain for our organisation. when we include a machine in doamin, as soon as the machine gets in domain "DOMAIN USERS" groups get added in local machine "USERS" group in local user and groups.
If i remove the DOMAIN USERS from the USER group. After policy gets refreshed or restrat the it again appears in the list.
Due to the any domain user is able to access this machine instead only the one to whom its been assigned.
In our GPO we have not mention this policy to add any group in local machine USERS group.
IS this a default behaviuor of windows ? How can i oversome this issue? I want to add manually a user account in the local USER GROUP list which will not be removed by policy.
Hi
I've created a GPO to turn on Network Discovery on our company laptops as our AV server isn't able to discovery a number of clients for an update roll out. I've enabled the both "Turn on Mapper I/O (LLTDIO) driver" and "Turn on Responder (RSPNDR) driver" in Computer Configuration > Policies > Administrative Templates > Network > Link-Layer Topology Discovery. I've set it to only apply to the Domain network. I then applied the policy to the OU containing the laptops and scoped it to the default Authenticated Users group.
Group Policy Modeling shows that the policy is applying. However, Network Discovery is still turned off on laptops that should be applying it.
David
Setting this policy on Server 2008 (not R2) domain controllers has no effect on users that are not domain admins. We have set this policy in the domain controller default policy. A user that is not a domain admin cannot create a global object, specifically a page file backed file mapping. We have been performing this operation on previous operating systems without issues. On a Server 2008 system that is not a domain controller this policy performs as expected. Is there an additional policy affecting this privelege? Is there a known issue on 2008 domain controllers?
Hi,
I am using active directory of Windows Server 2008 R2 x64. I have a proxy server from Microsoft TMG 2010.
What I need to do is I need to add Proxy server settings to the browser via the GPO. How can I do it?
Thanks in advance.
Yosh
Dear all,
Could you give some advice for Hardware purchasing? I would appreciate for this advice very much.
My question is :
How to prepare a good laptop so that I can do test for learning Windows 2008 R2?
And how can I get such testing version of win2008 R2 from Internet?
Thank you
Franklin hong
We currently have GP's setup for managing Home Pages and Favorites within IE to our users and it works great.
However since the new IE10 & 11 along with Mozilla Firefox, we have no options within the GP module to manage Home Pages and Favorites as well as settings for IE10-11, and Mozilla.
Does someone have any ideas of how to setup GP to manage IE10-11, and Mozilla?
Thank you.
We tried to move a user to a new computer, but even after numerous log offs, restarts, gpupdate's the redirection of his desktop and documents is not happening.
One thing I noticed when doing a gpupdate /force was that it didn't give me the warning saying that some settings can't be applied till logoff and do i want to log off now, which i thought it usually did. It just goes through and updates both
user and computer then is done.
How can I start to troubleshoot this?
Hello,
I have 2 Server 2008 R2 vms (VMware esxi 5.1 U1) running as DCs. When I create a new GPO on the PDC emulator and then open GP management console on the other DC (targeted at itself not the PDC, the object is there but the configuration is missing and I get the error "The system cannot find the file specified." This is only for newly created GPOs, all my GPOs older than a month or so, work just fine.
DCdiag, dfsdiag, repadmin /syncall, all run without generating any errors. I'm not sure where else to look or what troubleshooting to do.
Any help would be greatly appreciated.
I just loaded up a fresh copy of Server 2012 R2 in VMWare and made it a Domain Controller. To get a feeling of it before I deploy it.
All the Windows updates have been done.
Ran the Group Policy Results Wizard and got these alerts.
Default Domain Controller Policy Alert: AD / SYSVOL Version Mismatch
Default Domain Policy Alert: AD / SYSVOL Version Mismatch
I found that there is a hot fix for this for Server 2012.
http://support.microsoft.com/kb/2866345
But when I run the hot fix it tells me that "The update is not applicable to your computer"
So how do i fix this issue? Dont want to deploy Server 2012 R2 to my live enviorment only to have issues.
Hi,
I have 02 domain controllers Windows Server 2012 and another third domain controller thatthephysical serverhadproblem andwas removedfrom the NTDSUTIL tool. Actually the funcional level is "Windows Server 2012".
The following error is presente in event log of my domain controllers and when i execute GPUPDATE /FORCE in my workstations:
The processing of Group Policy failed. Windows attempted to read the file \\lopes.local\SysVol\lopes.local\Policies\{644ABCBC-6F33-4769-BB54-A5D88B5BEF61}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
OBS: The GPO GUID in the event log is not presente in sysvol share.
Network comunication with the domain controllers and workstation is working.
Best regards,
Paulo Mira.
I'm trying to add the admx files for Office 2013 (will try for 2010 later). I followed the support article on how to create the PolicyDefinitions folder, and then copy the en-us directory and admx files in to that folder.
when I open the editor to make changes, the old policies are gone. I only list policies for Office2013 (Outlook doesn't even show up).
Am I missing an important step here?