Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Registristy path for checking " Service accounts must be blocked from interactive login"

January 23, 2014, 9:49 pm
$
0
0
Can anyone please help me to get the registristy path for checking " Service accounts must be blocked from interactive login"
Search

Where can I download Group Policy Health Check Tool v.1.0?

April 4, 2013, 12:23 pm
$
0
0

I once saw a screenshot of this tool (Group Policy Health Check Tool v.1.0) from some document.  However, when I search on line for it, it looks like this tool simply does not exist.  Can someone help me?

GPO login message on clients still active when disabled.

January 25, 2014, 3:11 pm
$
0
0

GPO login message has been disabled.. Servers are ok and don't show it. Clients however, still show login disclaimer. I have searched all the GPO and can't figure out why..? I have recently migrated the domain from Xenserver to Hyper-v with disk to vhd. Thought i'd ask before remove - rejoin??

Cheers

J


Internet Explorer Branding failed due to the error listed below Server 2012 R2

January 23, 2014, 1:32 pm
$
0
0

After upgrading my AD and 1 DC of my two DC's to Server 2012 R2 I am seeing the error.

Internet Explorer Branding failed due to the error listed below.

The specified procedure could not be found.

This is because the Group policy "Internet Explorer Branding" is defined.

All discussion groups I have been able to find, suggest going onto the Windows 2008 R2 DC and use GPEDIT to remove this policy. Unfortunately, it does not appear where it should.

How do I delete it?

Thanks

Desktop copying on Windows 8!

January 25, 2014, 11:13 pm
$
0
0

ROAR! Desperate for a tech expert! So basically, I'm trying to clear away desktop items into folders and they continue to "copy" them so now I have something like three of each thing on my item on my desktop and now I'm angry!

Can anyone help pls! <3 How do I make them stop copying.

Forbide - Mobile Removable Devices / Media Removable Devices

January 21, 2014, 9:35 pm
$
0
0

Hi everyone!

I have a problem about IT-security.

In our company we are using Windows 7 Professional/Enterprise Edition.

We could easily block/forbid using of Storage Devices such as Pen Drives, USB-Flash Drives, SD-Cards via USB port on a Software Level, but we couldn't block/forbid using ofMobile Removable Devices / Media Removable Devices such as Mobile Phones, SmartPhones, Tablets, MP3 Plyaers!

When you connect SmartPhone to PC via USB cable, it is detected as Removable Device (NOT as a Storage Device!) and can be easily used for copying Information from PC.

The question is : "Is it possible to block/forbid Mobile Removable Devices / Media Removable Devices via USB on a Software level, without disable USB ports in BIOS?" Any solution(personal PC configuration or Group Policy) would be great.

Hope for your help!

Thanks a lot in advance!

Changing the location of software package in GPO

January 24, 2014, 3:29 am
$
0
0

Hi Guys,

I currently have a GPO that installs a software package for me, I have have to move the location of my packages to a different location. Is there a way to edit my GPO to pint to the new software location without deleting and recreating the GPO?

Note: I use windows server 2008R2 and my client machines use win 7

Thanks

Writing a script for VSSADMIN

January 23, 2014, 9:30 pm
$
0
0

Hello,

I am a sysadmin working at the enterprise level at my company running server 2008 R2 and windows 7. There are over 1000 systems to include workstations and servers. I need to enable shadow copy to the servers by using a GPO. I can write the VSSADMIN and get it to a batch file so I can put it in a GPO. The problem I am having is, how can i set the VSSADMIN to look at all available volumes on the server? not all servers have the same amount of volumes or the same drive letters. is there a wild card that i can use that when it hits a server that it will shadow copy how ever many volumes the systems has?

Thank you

Al

Search

Windows 8 and User Rights - Access store but not install other programs

January 15, 2014, 1:10 pm
$
0
0

Hi, I wonder if someone can help,

I am trying to find out if it is possible through Active Directory to set up a group policy so that a user will be able to install apps from the windows store but be unable to install any other applications. I have seen that the store can be enabled or disabled from windows server 2012, but have yet to find out if this is sufficient to allow store installs but no other external applications.

THanks

Group Policy Reporting

January 27, 2014, 1:39 am
$
0
0

Hi,

We have Active Directory implemented with more than 13000 Clients. We have created different OU's based on divisions and departments. We have applied different GPO's based on requirements. We sometime face issues with Clients at different locations that the group policies don't get applied properly due to some desktop related problems.

I need to have a tool or software deployed which can provide us the report as to which clients are not having GPO's applied and generate other GPO reports.

Can't change domain users password on Windows 7 Professional 64-bit joined to Windows 2003 server domain

January 22, 2014, 11:59 pm
$
0
0
We have succesfully joined pcs to Windows 2003 server domain but pc domain users of Win7 pc can't change password because Windows says a massage such that "Unable toupdate the password.The valueprovided for the newpassworddoes not meet thelength, complexity,orhistoryof the domain.", in every pc.

I have:
- done a "gpresult /V" on the pc and here there are the password policies:
...
        Criteri account
        ---------------
            Oggetto Criteri di gruppo: Criteri password
                Criterio:            MaximumPasswordAge
                Impostazione computer:  90

            Oggetto Criteri di gruppo: Criteri password
                Criterio:            MinimumPasswordAge
                Impostazione computer:  N/D

            Oggetto Criteri di gruppo: Default Domain Policy
                Criterio:            LockoutBadCount
                Impostazione computer:  N/D

            Oggetto Criteri di gruppo: Criteri password
                Criterio:            PasswordHistorySize
                Impostazione computer:  N/D

            Oggetto Criteri di gruppo: Criteri password
                Criterio:            MinimumPasswordLength
                Impostazione computer:  8
...

- on the pc, executed "secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose", advised in a forum, and then "gpupdate": computer and user policies updated succesfully;

- checked that in the registry there isn't the "HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network" key: ok, there isn't;

- tried to enter in pc with a new domain user: windows let me change manually the password the first time (Ctrl-Alt-Canc - Change password), then, the second time, can't change password no more with the message above again ("Unable toupdate the password.The value...").

What can I do to find out what is wrong?

Thanks

Event ID 1202 0x534 on Windows 2008 R2 member server

January 27, 2014, 8:01 am
$
0
0

I'm getting the following error on two of my Windows 2008 R2 member servers, but not on my domain controllers. I've followed the instructions and found the account that is causing this issue. It's a local account in "logon as a service", but when I run MMC.exe to remove the account it's not there. How can I resolve this?

 

Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done. Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events". Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions: 1. Identify accounts that could not be resolved to a SID: From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log The string following "Cannot find" in the FIND output identifies the problem account names. Example: Cannot find JohnDough. In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe"). 2. Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts: a. Start -> Run -> RSoP.msc b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X. c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors. 3. Remove unresolved accounts from Group Policy a. Start -> Run -> MMC.EXE b. From the File menu select "Add/Remove Snap-in..." c. From the "Add/Remove Snap-in" dialog box select "Add..." d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add" e. In the "Select Group Policy Object" dialog box click the"Browse" button. f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.

GPresult on Windows 8.1

September 23, 2013, 1:55 pm
$
0
0

Hello,

on my windows 8.1 RTM i have many GPO`s with the following result :

The same GPO is working OK on windows 8/Windows 7.

Also :

Any idea howto fix this?

Thx


how to make logon script with parameter

January 27, 2014, 4:48 am
$
0
0

hi all

can anyone help me with how i make

the login script must do

name and password as parameter and

drive map making  (I:\) path: \\192.168.10.10\data
drive map making  JI:\) path: \\192.168.10.10\directie
drive map making  (P:\) path: \\192.168.10.10\home

i'm new to this.

thanks in advance

Central Store ADMX Update

January 27, 2014, 3:04 am
$
0
0

Hi All,

I've taken over a service that updated to Win7 from Vista. The central store was created for vista GPOs and is still using the vista ADMX templates.

There are still a small number of Vista machines in use and quite a few policies with specific registry entries etc defined and I wanted to know if updating the central store with the Win7 ADMX / ADML files would have any impact on this, or if its "safe" to import them?

Thanks for your help!


Search

auto shutdown client computer in windows server 2012 domain at night 10 pm using group policy

January 27, 2014, 10:32 pm
$
0
0

Hi.

I have one windows server 2012 r2 domain controller. From last one month using group policy scheduled task i try to automatically shutdown windows 7 client computer at 10PM every night.I am not getting a proper result.please someone help me...

Group Policy for configuring SNMP service

January 24, 2014, 11:13 pm
$
0
0

HI,

I want to configure SNMP service on HP Physical server for communicating with HP SIM server through GPO as need to congifure it on 100 servers.

Though I have configure a policy but its not working.

When I configured manually on HP Physical server its working fine but when I tried to implement through GPO, SNMP stops responding to SNMP requests.

I need a working GPO.

-- Sandeep Gupta

IE, Disable 'Automatically Detect Settings' Via GPO

November 8, 2009, 7:10 pm
$
0
0
Hi guys,

We have recently been having a small problem with IE, whereby the 'automatically detect settings' check box will get ticked - resulting in our users not being able to traverse our proxy server.

I use the User Configuration > Policies > Windows Settings > IE Maintenance > Connection to set up our proxy settings, however I can't see an option to explicitly disable the 'automatically detect settings' check box.

Is this located somewhere else in an admin template, or am I simply missing an option that is right in front of me?

Thanks.

Glen

Trying to understand Offline Files, Sync Center activity

January 28, 2014, 9:16 am
$
0
0

Hi all.  For all these years I'vec never paid much attention to OfflineFiles.  At this point I know I need to.  My typical environment is a domain under 2008 R2 with Windows 7 Pro clients. 

I will do my basic reading to get familiar but right now I have a real world scenario that I suspect won't quickly be answers by documentation. 

I have a user with a Win 7 desktop, domain-joined.  I recently built for him a laptop, also Wni 7 Pro, domain-joined.  I think it only logged in twice perhaps but it worked.  Two days later they went offsite for a week.  This also calls into question my lack of full knoweldge on cached credentials though...but here's what I wonder:

If they log in using the domain creds, should they always be able to log into the computer, even though the domain server is nowhere nearby? (since they're offsite).  Or why does it work like that sometimes and gives no errors, yet other times it logs on but says it can't contact the server so is using a temporary profile? 

What happens to any files created during being logged into this temporary profile?  Would they sync to the domain profile once the user is next properly logged on? 

We are using folder redirection for everything in the domain, so Desektop, Documents, Favorites, everything supported by 2008R2/Win7 redirection is set to do so.  So all desktop contents are on the server in a share - if the user is offsite, what is the expected behavior? 

One other note is that today as I logged into their laptop, now that it is at the office and on the domain network, it is doing 100's of MB of "sync" activity.  The Sync Center has been chugging along for someting like an hour so far, and the NIC stats are showing so far over 1GB of data transfer (nothing else is really happening, WSUS and our antivirus definitions might be it but even then I suspect those are not doing this as this laptop was fully updated).  Plus the Sync Center is actually psinning showing a sync in progress. 

My questions on this are:

What is it syncing?  The user's redirected folders, their network share contents, Outlook cache or something?  When I first booted their laptop, I went to a network share and couldn't see any files - upon reboot it showed them.  Other shares were fine, all are located in the same server volumes - this was just a display issue and the first time I've seen it happen (and the first time I've seen heavy sync activity, hence my suspicion that sync somehow did that). 

Last question, sorry for the bombardment, but does logging out or rebooting cause the Sync Center syncing to restart from the beginning, or does it know to pick up where it left off? 

I'd love to see all my questions answered, but will be grateful if even one of them is as it takes me closer to understanding this stuff more so than not.  Thank you very much. 



Folder redirection - Grant user exclusive rights option change

January 28, 2014, 8:45 am
$
0
0

We currently user folder redirection and it works very well, however in the policy we did not tick the box that says "grant user exclusive rights".

However we have now decided we do want this option, but after enabling it the original users can still get to each others files. How can I make this setting now apply these permissions to current folder re-directions.

Thanks

Dave


Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>