Hello
I just created a GPO in order to redirect the "documents" folder out of the user's profile.No problems with that but just an observation. Any files that are being redirected they have a small recycling looking icon next to them.
Can this be removed without stopping the redirection?
Many thanks
Hello,
I've a problem with the Policy "Setting Display information about previous logons during user logon".
It is applied correctly on computer, but I can't login anymore and message "Security policies on this computer are set to display information about the last interactive logon. Windows could not retrieve this information. Please contact your network administrator
for assistance" is appearing.
My home test domain has 2008 R2 functionality level since months, and I've raised my company infra level functionality to 2012 this morning. Both domain are making the same error.
This is non-sense, so any idea how to troubleshoot it ? Thanks in advance ! ;-)
PS : I was able to remove it in order to login again, no worries on this one...
We have a Windows 2008 Active Directory (not R2), which is running 2008 forest and domain functional levels. Our clients are running Windows 7 with Internet Explorer 8. We have a need to upgrade the clients to Internet Explorer 11 and use Group Policies to manage IE 11 on them, specifically proxy settings and compatibility modes. We understand that Group Policies have changed for IE 11.
We have two questions:
Can IE 11 be managed by Group Policies on Windows Server 2008?
If so, how?
Thanks, Drew
Good Morning,
We are running Server 2012 as our PDC.
Can you please confirm do I need to install the below to get Admin Templates for Windows 8.1 installed?
Kind Regards,
John
Hello
I'm looking for a way to Kill RDP connection with idle & disconnected state. the server's owners usually connect to the servers from their PCs to the servers using the Remote Desktop Connection and they forget to disconnect properly. some left disconnected connections cause an issue later for those user where their AD accounts get locked out due to reset their password.
now I want to apply a group policy on all servers in the domain to do:
our domain is windows 2008 R2 (native) and the we have a mix of OS running on the member servers. we have a few windows server 2003 R2 and the majority is windows server 2008 and windows server 2008 R2.
any idea is highly appreciated....
Systems Specialist
Hello,
I found an interesting issue where I set a GPO to control the firewall policy to "Block (default)" the inbound connections, however that setting is not completely enforced. It still allows an administrator to alter it from "Block (default)" to "Block all connections". Why is the GPO not forcing the setting I provided?
In more detail:
The settings i'm referring to are in:
The GPO is set explicitly to "Block (default)", however this option can still be changed once the GPO is applied.
GPO Setting:
GPO result on server where the policy is applied:
Thanks,
Paul
Hello,
I recently built a Server 2012 R2 domain controller and added it to my domain. When trying to edit the default domain policy I get the following error:
I can make edits to other GPO objects. All the other domain controllers are Server 2008 and are able to edit that GPO. The issue is on the Server 2012 box only. I've checked the delegated permissions, I'm a domain admin, and have opened GPMC as administrator. Does anyone know what I'm missing? Thank you for your time.
Tino
Hello,
Is there any way to identify Surface tablets via. WMI filters? If not WMI, is there another way? I have some specific GP settings I'd like to apply to only our Surface tablets.
Thanks,
Greg
Hi,
The Question:
How do I get the effected computers back to standard processing: Computer policy before User policy
The history:
I have tried to overrule a GPO on one computer to set the screen saver and power settings, and it did work,
But I realized that I did apply this setting to all Client Computers in the domain and that was not so good, then I tried to remove this setting,
but the computers will not disable the Loopback setting, if I run Gpupdate and Gpupdate /force and sync
on a computer not effected the command prompt look like this.
gpupdate
Updating Policy...
Computer Policy update has completed successfully.
User Policy update has completed successfully.
On a computer effected with loopback it look like this.
gpupdate
Updating Policy...
User Policy update has completed successfully.
Computer Policy update has completed successfully.
The envent log has this:
The loopback policy prossing mode is "No loopback mode"
PolicyProssingMode0
------
Client computers is Windows 7, 8, 8.1
Hello, the problem I am having is having Safe Senders and Safe Recipients imported into Outlook 2007 SP2 from group policy. It simply won't append the list. The environment is the following:
Clients: Windows XP Professional with SP3 installed. MS Office 2007 with SP2 installed.
Server: Windows 2008 SBS with SP2 installed.
What I have setup and tried:
1. Installed the ADMX files correctly on the server and created a GPO with the Outlook settings I need:
- Specify path to Safe Senders and Recipients files. Location: \\SERVER\netlogon\SafeSenders.txt
2. Attached the GPO to the correct OU (users are in the OU).
3. Installed the client side extensions from this link: http://www.microsoft.com/en-us/download/details.aspx?id=3628 on the Windows XP machines.
Even after setting this up the lists still will not import into Outlook 2007. What I have tried and other notes:
- Clients have access to the \\SERVER\netlogon share area. Verified through Windows Explorer.
- Tried forcing group policy update using gpupdate /force No results.
- Tried logoff and reboot combinations on client machines and still no results.
- gpresult returns the GPO is applied (but clearly it's not working).
New to setting this up to Windows XP clients, works on Windows 7 clients flawlessly. Ideas? Solutions? Thanks.
Rob Holmes
My AD has a domain contoller with 2008 r2. Client PCs are Windows 7 and xp.
I have several JPEG files in a share location which I want to run as slides in Screensaver.
I can successfuly change screensaver in Win7 pcs via GPO.
But please tell me how to set the screensaver in XP PCs to run the slides in the shared location via GPO.
AND, If I am to create 2 GPOs for Win7 and XP, then how should I deploy both in a way without any confilict. ?
please Help.
I have a Windows 2008 R2 domain with windows 7, and Windows XP SP3 client workstations.
I have a group policy to deny all access to removable storage in policies/administrative templates/system in user configuration (actually its in the computer configuration as well)
The problem is the policy is having no effect on the Windows XP machines. It works perfectly on Windows 7 machines.
Group policy in general is working on the Windows XP machines, as I can successfully map drives, push out scheduled tasks, and push out printers. (All preferences I know and I have GP Preferences client side extensions installed).
Its almost like the windows XP machines can't "understand" the admin templates from Windows Server 2008 R2.
Do I need to install something on the windows XP machines? What could be the problem?
Recently i have installed server 2008 enterprise edition(x64). It is a only an active directory with DNS in my organization. but the problem i'm facing is the group policy client service "gpsvc"failed to start. when i checked event viewer i got following errors:
-The Group Policy Client service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
event viewer details:
System
- Provider
[ Name] Service Control Manager
[ Guid] {555908D1-A6D7-4695-8E1E-26931D2012F4}
[ EventSourceName] Service Control Manager
- EventID 7000
[ Qualifiers] 49152
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2012-01-06T10:52:10.000Z
EventRecordID 38629
Correlation
- Execution
[ ProcessID] 0
[ ThreadID] 0
Channel System
Computer ad.norvic.com
Security
- EventData
param1 Group Policy Client
param2 %%1053
I just loaded up a fresh copy of Server 2012 R2 in VMWare and made it a Domain Controller. To get a feeling of it before I deploy it.
All the Windows updates have been done.
Ran the Group Policy Results Wizard and got these alerts.
Default Domain Controller Policy Alert: AD / SYSVOL Version Mismatch
Default Domain Policy Alert: AD / SYSVOL Version Mismatch
I found that there is a hot fix for this for Server 2012.
http://support.microsoft.com/kb/2866345
But when I run the hot fix it tells me that "The update is not applicable to your computer"
So how do i fix this issue? Dont want to deploy Server 2012 R2 to my live enviorment only to have issues.
I'm wondering if anyone else out there has run into the same issue as I am seeing. The environment is all Server 2012(not R2), with Windows 8.1 clients.
I configure a GPO that is linked to the entire domain/authenticated users and contains a Windows Vista and Later wireless network profile. Let's call it "GPO_Wireless. It is configured to automatically connect it to a specific SSID, the encryption settings are unimportant, as I've tried numerous approaches. In our case, we're trying to do EAP-TLS with the NPS role. We have the CA rolled out, NPS has a proper cert, and the clients are auto-enrolling for both Computer and User certs. This is all verified as working. We've also tried straight password authentication.
I refresh group policy on a Windows 8.1 client and see that Computer Policy "GPO_Wireless" is being applied to the client. I restart the computer, but it does not connect to the wireless network.
I run "netsh wlan show profiles" and under "Group Policy Profiles(read only)" it is blank.
I run gpresult /r /scope computer again, and it shows "GPO_Wireless" is being applied.
The last note is that Windows 7 clients can connect to the wireless just fine.
Today all of a sudden all of our workstations are pulling updates straight from Microsoft. I've looked at our default domain policy and WSUS is all set to "not configured" We have hundreds of GPO's so how can you find the one that is doing this?
OR
What else could cause a global change like this if not GPO's?