I would like to force Windows Update to "receive updates for windows and other products" using group a policy. Is that possible?
I am not using WSUS.
I would like the policy to apply to Win7 / 2008 R2 and newer.
Alternately: Is there another way in which I might force this?
Hello,
I have a Windows Server 2012 R2.
I have configured the Group Policy on it to block the usage of USB - Storage Devices @ user level on the client machines. It works properly for my Windows 7 client machines but it's not working on one of the machine having Windows Server 2008 R2 installed on it (this machine is also a domain client in the same domain).
I will really be thankful if anyone can suggest some solution to this issue.
Please feel free to write back in-case I have missed anything obvious to be shared.
Thanks!
-Vinay Pugalia
If a post answers your question, please click "Mark As Answer" on that post or"Vote as Helpful".
Web : Inkey Solutions
Blog : My Blog
Email : Vinay Pugalia
I just loaded up a fresh copy of Server 2012 R2 in VMWare and made it a Domain Controller. To get a feeling of it before I deploy it.
All the Windows updates have been done.
Ran the Group Policy Results Wizard and got these alerts.
Default Domain Controller Policy Alert: AD / SYSVOL Version Mismatch
Default Domain Policy Alert: AD / SYSVOL Version Mismatch
I found that there is a hot fix for this for Server 2012.
http://support.microsoft.com/kb/2866345
But when I run the hot fix it tells me that "The update is not applicable to your computer"
So how do i fix this issue? Dont want to deploy Server 2012 R2 to my live enviorment only to have issues.
Similar to this post: social.technet.microsoft.com/Forums/en-US/d42a81bc-96de-4af3-bc41-079e88e6ea4a
We have Citrix terminal servers running Windows 2008 R2 and attempting to force PDF files to open with Acrobat versus PDF editing software we have installed for a small subset of users. So I created a Group Policy Preference and added a OpenWith item to the Folder Options to use Acrobat as the default and linked it to a Users OU. However, if I run gpresult the OpenWith setting fails with error code 0x80070005. You can change it to not run in the user's security context which eliminates the error but then it won't actually do anything.
The problem seems to be that when a user sets another program as their default via Windows Explorer the permissions on HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice get changed so that the user is specifically denied the ability to set that key. Remove the special permissions added and the group policy succeeds and changes it back to the default ... until the user changes it back (intentionally or otherwise) and the permissions are changed again.
Any ideas here?Hi,
As soon as I (administrator on my PC) logon to Windows 7, I get a message saying that the Group Policy Client service failed to start. I'm not sure why I'm getting this error even though the dependencies are very much up and running..
Below is the error message I get in the notification area as soon as I logon
Failed to connect to a windows service
Windows could not connect to the Group Policy Client service. This problem prevents stndard users from logging on to the system.
As an administrative user, you can review the System Event Log for details about why the service didn't respond.
Hi,
Can anyone help me to check and check following settings:
Account will be auto lockout after 15 minutes for windows systems. |
Inactive sessions should be terminated after a defined period of inactivity . |
Passwords are not store in clear text. It shall be in encrypted or masked. |
Thanks in advance.
Dider
Hi Technet,
I've recently deployed Windows 7 Enterprise x64 in my environment and am seeing behavior that I don't understand and would like some clarification on.
I'm running Active Directory with a DFL of 2008 R2. All users have a Home Folder mapped via the profile tab in Active Directory that connects to an SMB Share specific to their user account, for example: \\bbcfileserver\users\johndoe
The issues that I'm seeing are best described as follows:
1 - If a user is on the network at the office, and then puts their laptop to sleep / shuts down and goes home (or to any other location), then wakes up their laptop - their mapped drive disappears completely when the computer wakes up and they log in. It's not just there but disconnected with a red x - it's totally gone.
2 - If a user is on the network and puts their laptop to sleep /shuts down and then logs back in later via cached credentials before their network adapter can initialize, their home drive is not mapped at all, and is not available until they wait for the network adapter to connect, log out, and log back in after connecting.
I understand in either case that the drive is not mapping because the user has no network connection - but my question is why it's simply not mapped and unavailable until they do connect to the network. Is there a GP setting I can put in place to make it so the mapping is persistent? Would using folder redirection accomplish this persistent mapping perhaps? My users have VPN connectivity via third party software and often want to work remotely - but have issues with losing their home drive, and it's also troubling to have them log in and out multiple times at the office during the day just to gain access to their home drive.
Any clarification or suggestions on how I can make this better / easier would be greatly appreciated.
Thanks as always!
-Keith
Hi there,
We have a problem with domain users "losing" work due to saving to "My Computer"
In group policy we "Hide these specified drives in My Computer" and "Prevent access to drives from My Computer" for the C: drive in this location:
User Configuration\Administrative Templates\Windows Components\File Explorer
How do we stop people saving to "My Computer"? We weren't even aware that you could do this until we started investigating reports of missing files and found them deep in the appdata folder - places like C:\Users\username\AppData\Roaming\Microsoft\Windows\Network
Shortcuts
Thanks,
Kieran.
Hello,
I hope some one can help me with this. I have installed server 2012 standard join the domain en placed it in the OU TSENV. Now the strange thing is that all policy from the OU above TSENV are applied and shown in gpresult /r but all gpo linked to the TSENV not. I have exactly the same setup for a server 2008 standard and this works. Maybe somehow i have to tell my domain controller that this is a server 2012 version.....?
I´m trying to customize Windows 8.1 visual look By setting some GPO:s, and even when I see with resultant, that my settings are inherited, they has still no visual effect. These settings are:
"Force a specific default lock screen image" - still there is default lock screen, not mine.
"Prevent the wizard from running." - when new user logs in, the wizard is launched.
I´m just wonder, is there a known bug why these settings does not work or has no effect?
Domain Controller: WIN 2008 R2
Client PC: WIN 7 PRO (maps network drives)
Client PC: WIN 8.1 PRO (does not map network drives)
GPO: MapDrives
User Configuration
Policies
| Name | Parameters |
|---|---|
| MAP.bat |
Ran RSOP on WIN 8.1 PRO PC, results include the MAP.bat script, as well as scripts loaded at the Domain Level (GPO1.bat, GPO2.bat)
Domain
WarningBanner
-GPO1.bat
-GPO2.bat
IT OU
MapDrives
-MAP.bat
Running the batch script from the desktop of WIN 8.1 PRO PC maps the drives.
The WIN 8.1 PC is a new PC and the user is a new user in AD (in the proper OU).
Script is:
net use P: \\MyDomain\DFS\IT\public /PERSISTENT:YES
net use S: \\MyDomain\DFS\IT\shared /PERSISTENT:YES
What am I missing in getting the drive to map in 8.1, that otherwise works in WIN 7?
My organization uses browser based Gmail ( IMAP is off for security reasons). We currently have a GPO in place that restricts internet access for users in various AD groups. When accessing Gmail the buttons do not display their texts and users cannot print. I allowed all sites with *.google.com and google.com/* to pass through the GPO. Do I need to allow another domain to come through for this functionality? Any help will be greatly appreciated.
P.S. Google has been no help with this. Wish we had Exchange.
Hi.
I have one windows server 2012 r2 domain controller. From last one month using group policy scheduled task i try to automatically shutdown windows 7 client computer at 10PM every night.I am not getting a proper result.please someone help me...
Hi,
In an environment I have just taken over (Win 7/2K8) I have discovered that they are using Folder Redirection to a network drive which is great, but they appear to also have a custom ADM which is also redirecting their Internet Explorer cookies to this network drive...
I was made aware of this when looking at their network drives (Which are DFS based), and I saw a large amount of DFS warnings due to sharing violations, which when I examined the actual detail of the event logs point directly to these cookies!
I have done a search online and I have seen people ask the question of can it be done and some example ADM files so there clearly is some demand!
But this was just a quick shout out really, does anyone else do this cookie redirection and if so why?
To me personally it seems quite excessive and without it I reckon I can improve their systems on 3 fronts:
What am I missing?
Hi.
I am trying to install application in client system It ask permissions.
How to remove it.
Someone please help me.
Hi All,
I've taken over a service that updated to Win7 from Vista. The central store was created for vista GPOs and is still using the vista ADMX templates.
There are still a small number of Vista machines in use and quite a few policies with specific registry entries etc defined and I wanted to know if updating the central store with the Win7 ADMX / ADML files would have any impact on this, or if its "safe" to import them?
Thanks for your help!
See my Diagram below, I'm running Windows Server 2k8 R2.
I have 2 computers; 1 in a “restricted computers OU” which is blocking inheritance, and 1 in a “HQ Computers OU” which is inheriting all GPOs. I also have a user that is in the “HQ Users OU”.
My question is what policy will be processed if User1 logs into “Client 1” versus the same user logging into the “Restricted Client1”
Am I correct in assuming that the computer policy will be the only policy that is actually blocked by blocking Inheritance in this scenario?
Hi,
to check our Microsoft licenses and value if change the Microsoft License Program I need to obtain the Microsoft software installed on any computer and server of my domain.
Hello,
I am trying to set registry keys for ODBC settings using Group Policy Preferences. All PC's in the domain are Windows 7. In testing, I was able to get this to work. Now that I am trying to create it for production, I am unable to get it to work. I am using the same PC to create for production that I used when I was testing.
The steps I am taking are as follows:
Create a new GPO. Edit the GPO and navigate to the registry node under Computer Configuration, Preferences where I create a new Collection Item. I then right click the new collection item and choose New - Registry Wizard. Using Local Computer, I navigate to [HKLM] > Software > Wow6432Node > ODBC > ODBC.ini
Under the ODBC.ini key are all of the keys and data I want to include in my policy. When I check each key and put a check mark beside each data item in the lower window, my selections in the lower window are not being saved. The check mark shows up at the time but they are gone if I go back to check my work before hitting the finish button. If I go ahead and finish the policy anyway, I only get the keys, not the data items when the GPO is applied.
I have found a work around but it is very cumbersome and isn't a good long term solution. The work around is to go ahead and create the policy, then go back into the collection and expand everything on the left and add each data value to each key one at a time using the All Tasks > Add - menu item.
Any ideas why this is happening? I should also mention when I was "testing", I was hitting the same domain controller as I am when trying to build this for my "production" policy.
Thanks in advance.
I built a Central Store 2 years ago. I just copied the latest IE admx/adml files to the appropriate sysvol location. When I open GPMC and go to a specific GPO, and then go into User Config > Preferences > Control Panel Settings > Internet Settings and then right-click to create a new setting, only IE5/6/7/8 still show up and not 9/10/11. When I looked at the xml code for the admx, it has 9/10/11 in there.
What am I missing or doing wrong to get the new admx/adml file to be recognized by my existing policies so that I can customize specific settings?
TechNet Mikey