Hi, I have about 150 computers and need Group Policy changed for some settings, I cant change anything over the domain, each PC will require me to log on with admin and change these settings. Is there any way I could try and write a script that would make
this a lot faster? Any help would be amazing, thanks
↧
Group Policy
↧
How to find a GPO setting?
We have an HKCU setting being set via GPO. It is for some Cisco phone software. It enters an IP address into the HKCU reg key. We need to change the IP address that gets set. The issue is when I go into the Group Policy Manager tool on a DC there are no Group Policy Objects named Cisco. I've looked in the Default Domain Policy and it's not there.
How can you search all group policy objects to find 1 setting? We have over 1,000 so I don't want to look at each one.
On a machine that gets this setting I did a GPRESULT /V and I don't see anything in the output that tells me which GPO Object is setting this.
Any help would be great.
mqh7
↧
↧
Internet Explorer Branding failed due to the error listed below Server 2012 R2
After upgrading my AD and 1 DC of my two DC's to Server 2012 R2 I am seeing the error.
Internet Explorer Branding failed due to the error listed below.
The specified procedure could not be found.
This is because the Group policy "Internet Explorer Branding" is defined.
All discussion groups I have been able to find, suggest going onto the Windows 2008 R2 DC and use GPEDIT to remove this policy. Unfortunately, it does not appear where it should.
How do I delete it?
Thanks
↧
AppLocker Blocking Word and Excel
Already a thread in security (see link below), but no resolution. Automatic policy creation applied on Program Files (x86), Program Files, ProgramData created. Everything else works as expectected. This is ocurring for any user -- regular or admin without Applocker restrictions being applied. Ready to bite the bullet and submit a case, but the support web site would not take my credit card. A sign somebody out there has an answer?
Michael Faulkner
↧
Best Practice: Deploying Group Policy to Users on different OUs
Greetings, everyone! I am needing some advice on how to deploy some group policy objects to specific users stored on different OUs.
Let me set the stage: I work for a large school district, and have recently taken over the district's career center. The idea behind the career center is that students from different high schools around the city come in to take classes based on their choice
of career, such as radio broadcasting or auto mechanic and such. The AD structure is set up so that each school has their own OU. When a user (staff, student, etc.) is assigned to a school OU, they automatically are added to
their school's security group (i.e. EASTHIGH-STUDENT), and that when any user moves from one school to another, we have to move their AD account to that school's OU, which will remove the security group from the old school and apply the new school
security group.
For the career center, since we have students coming from different buildings every day, rather than trying to find a way to move their AD account from their high school OU to the career center OU, the previous techs created generic accounts (such as tv001, tv002, etc.) in AD and stored them in the career center OU. This way, teachers can assign students that particular generic account so that they can access the drives and printers from the career center, as well as access the career center network drives while they are at their home high school.
Since I have moved to the career center, and apparently I have more knowledge about group policy than most of the techs in the district, the district system engineers want me to remove all of the generic accounts from the career center OU, and have students use their own AD accounts. Obviously I also want to do this since the generic accounts are very confusing to me, but I'm trying to figure out the best way to do this.
For simplicity sake, I'm just going to start off by figuring out how to set up a group policy for mapping the career center drives. Now, I obviously know that the best way would be to create security groups for each career area, and that we would need to add students to those groups so that only those particular students would get the GPO for the career center, but my question is where would I like the group policies to? Do I need to link it at the root of the domain so that every OU is hit? Just curious about this.
Thanks!
↧
↧
Forbide - Mobile Removable Devices / Media Removable Devices
Hi everyone!
I have a problem about IT-security.
In our company we are using Windows 7 Professional/Enterprise Edition.
We could easily block/forbid using of Storage Devices such as Pen Drives, USB-Flash Drives, SD-Cards via USB port on a Software Level, but we couldn't block/forbid using ofMobile Removable Devices / Media Removable Devices such as Mobile Phones, SmartPhones, Tablets, MP3 Plyaers!
When you connect SmartPhone to PC via USB cable, it is detected as Removable Device (NOT as a Storage Device!) and can be easily used for copying Information from PC.
The question is : "Is it possible to block/forbid Mobile Removable Devices / Media Removable Devices via USB on a Software level, without disable USB ports in BIOS?" Any solution(personal PC configuration or Group Policy) would be great.
Hope for your help!
Thanks a lot in advance!
I have a problem about IT-security.
In our company we are using Windows 7 Professional/Enterprise Edition.
We could easily block/forbid using of Storage Devices such as Pen Drives, USB-Flash Drives, SD-Cards via USB port on a Software Level, but we couldn't block/forbid using ofMobile Removable Devices / Media Removable Devices such as Mobile Phones, SmartPhones, Tablets, MP3 Plyaers!
When you connect SmartPhone to PC via USB cable, it is detected as Removable Device (NOT as a Storage Device!) and can be easily used for copying Information from PC.
The question is : "Is it possible to block/forbid Mobile Removable Devices / Media Removable Devices via USB on a Software level, without disable USB ports in BIOS?" Any solution(personal PC configuration or Group Policy) would be great.
Hope for your help!
Thanks a lot in advance!
↧
adding group policy to non domain computers
is it possible to add gpo's to computers that are not in the domain..we have some "client" computer that only our customers use and we want to have more security to those computers..what is the best way to accomplish this
↧
Changing the location of software package in GPO
Hi Guys,
I currently have a GPO that installs a software package for me, I have have to move the location of my packages to a different location. Is there a way to edit my GPO to pint to the new software location without deleting and recreating the GPO?
Note: I use windows server 2008R2 and my client machines use win 7
Thanks
↧
GP to map drives works except for one
The customer has a relatively new SBS2011 server. I am using GP to map a total of 12 drives depending on the user. I added one today but it is not taking. I limited it to 2 users. Confirmed their permissions but no. With this one I shared a users desktop folder in Redirected Folders. I tried testing it with net use n:\\server\desktop but that did not work. Net use n:\\server\Data\Users\FolderRedirections\hrspecial\Desktop did work. However using that UNC string in the GP still does not work.
What am I missing?
Thanks, John
↧
↧
Proper way to undo Configure slow-link mode setting for Offline Files
In Computer Config/Admin Templates/Network/Offline Files, I have Configure slow-link mode set to Disabled, but I think this is causing performance issues when users are VPN'd in, as in it's forcing them to be in online mode and if they have a large folder, it could take a minute or two for it to open up due to connection speeds.
If I want to undo this setting, what is the proper way to do it? If I set it back to Not Configured does this undo it? Do I have to set it to Enabled, then after a couple days I can set it back to Not Configured? I tried looking online but couldn't find an article that says exactly.
↧
Configure slow-link mode for Windows 7 question
I had slow link mode set to Disabled, but I want to use it with the default values, but it doesn't let me OK out of the screen without setting a value up. So should I just put in a * and latency=80 and that will essentially give me the Windows 7 default values?
Or since I had it disabled, if I set it back to Not Configured would that do the same thing? I know sometimes if something is Disabled, you have to Enable it to undo the original disabling.
↧
Advanced group policy management tool silent install
Hi,
Anyone know how to silently install the AGPM 4.0 client? As I would like to silently deploy it to my windows admins.
Mike
↧
Display messagebox at startup
I have made a batchfile which uninstalles office 2003 and installs office 2010. Office 2010 is configured thru OCT so starts in the batchfile with a msp file.
Uninstalling and installing 2010 is started thru a computer startup script in Group Policy.
Installing goes fine however in the OCT i have configured that the user can see that office is beiing installed, this is however not displayed on the users system. Also build in a command in the batchfile that a screen must displayd that office is beiing installed, also this box is not displayed.
Conclusion: when the batchfile runs thru computer startup policy no info boxes are displayed, nothing is displayed so there is nothing for the user to see when the install is ready, how can i arrange that when installing thru computer startup script?
When starting the setup with the msp from OCT office install the box display are displayed only thru gpo nothing is displayed?
freddie
↧
↧
New Folder Redirection Group Policy is not working
Recently installed a new server on an older network:
Old network server: SBS 2003
New network server: Server 2012 STD
The network is working well and all computers are able to communicate with each other. I have already mapped a few network drives to folders that are located on the server. The owner wants to implement the same Folder Redirection of their Documents folder (Mixture of WIN7 PCs and WINXP) that their old server provided. I used the following Document to create the Folder Redirection:
http://technet.microsoft.com/en-us/library/jj649078.aspx
I then went to each computer and performed a gpupdate /force on each computer than logged off the profile. When I logged off, the sync window (folder redirection?) popped up and still showed that it was trying to transfer/sync with the old server that is no longer on the network. I also logged into the server and the shared folder that I selected for Folder Redirection does not have any data in it.
Is there something else that I am missing. Is there some sort of configuration on the clients themselves that I need to look for such as some Target Path?
I can provide more information upon request.
↧
ntrights.exe Windows 2008 R2 Resource Kit Tool? Does it exist or is there something similar I can use?
I am running Windows Server 2008 R2 Standard as a DC
I am trying to add users/groups to the following local policies through a GPO, however I need to script it out using something similar to ntrights.exe. I do not want to do it through the GUI because this is going to be a re-occurring process.
Below are the policies I am trying to configure via some kind of command prompt. I do not think I can do this with PowerShell 2.0 even with the import-module grouppolicy cmdlets.
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Debug programs
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Force shutdown from a remote system
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Shut down the system
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Change the system time
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow logon through Remote Desktop Services
Would it be safe to copy the Windows Server 2003 ntrights.exe resource kit tool and try it on Windows Server 2008 R2? I am working on a virtual test lab environment so I can actually take a snapshot before hand but wanted your expert thoughts on it first.
Thank you in advance.
↧
Local User Group memberships, configuration not staying permanent.
I have multiple user accounts created but when I associate a user with the "Remote Desktop Users" group it will only stay for what seems to be a short period of time.
Example:
Day 1: User > JDOE gets assigned as a member of the groups "User" and "Remote Desktop Users"
Day 2: User > JDOE no longer can connect via RDC and when I check his group membership "Remote Desktop Users" is missing, with no human intervention.
What would be causing this?
↧
Group Policy for configuring SNMP service
HI,
I want to configure SNMP service on HP Physical server for communicating with HP SIM server through GPO as need to congifure it on 100 servers.
Though I have configure a policy but its not working.
When I configured manually on HP Physical server its working fine but when I tried to implement through GPO, SNMP stops responding to SNMP requests.
I need a working GPO.
-- Sandeep Gupta
↧
↧
I’m having some trouble with Group Policy Preference Item Level Targeting for printers’ deployment
Hi there,
I have OU with all users and all Windows 8.1 computers. I have created new Company Printers GPO and link it to this OU. Some printers are common for everyone but other are not. Since all users are members of a different AD group…, it kind of make sense (in my case anyway) to target printers deployment based by AD group user belong to. From what I can see so far - all shared common printers have been successfully deployed, but all printers with “Item Level Targeting” (check if user belong to a particular AD group) are not present on clients’ machines?! What did I missed?!
Thank in advance
↧
Multiple Home Page settings not working in Server 2008 R2
I have Windows Server 2008 R2 as a DC & ADC is same 2008 R2 server both with SP1 with IE 11 installed
other Group policies are there & running well.
I had setup two home pages but on user machines its showing & running only one Primary home page.
I have one my intranet site & another home page is our website.
I have enable "Disable changing Primary Home page" & kept my intranet page there.
I have enable "Disable changing Secondary Home page" & kept my website page there.
After gpupdate I can see only one page in users Internet settings. My website page is not at all loading !!!
Scenario 2 :-
I have selected not configured option for "Disable changing Primary Home page" & apply.
I have enable "Disable changing Secondary Home page" and kept Both Intranet & my website page address there.
after Gpupdate its loading 3 pages. Twice same intranet page & one website page.
In group policy configured only two & loading 3 pages?
I need it must show only two pages. Tried all the ways & seems frustrating with Windows Server 2008 R2 Group Policy.
Does anyone succeeded in the multiple home i.e. must load Only TWO pages in the IE browser via Group policy.
All users have 64 bit Windows 7 OS with IE 10 & IE 11 browser installed & updated. Servers has IE 11
↧
Hide all default Aplications and Programes
Hi
I need to Hide the default Programs and applications in windows and allow only company related applications such as ERP application, MS Office package,Acrobat/WinZip. When the user log in to the PC they should see only thees set of applications and rest all need to be Hidden. I have 500+ computers connected to Windows 2008 Server Active directory .How do i do this with GP settings
?
Thanks
Kamal
I need to Hide the default Programs and applications in windows and allow only company related applications such as ERP application, MS Office package,Acrobat/WinZip. When the user log in to the PC they should see only thees set of applications and rest all need to be Hidden. I have 500+ computers connected to Windows 2008 Server Active directory .How do i do this with GP settings
?
Thanks
Kamal
System Admin Danube-
↧