I have a windows xp and 7 joined to a windows server 2003 and that server 2003 has Enterprise CA installed now I want to request a digital certificate from a windows 7 or xp.
Can someone give me some info please?
Thanks.
I have a windows xp and 7 joined to a windows server 2003 and that server 2003 has Enterprise CA installed now I want to request a digital certificate from a windows 7 or xp.
Can someone give me some info please?
Thanks.
I am working with Windows 7 x86 Enterprise machines and trying to configure AppLocker for different application development teams. We do not want them to have full administrative access to their machines but we do want them to have control over their programs.
One of the teams needs to be able to adjust regedit.exe (HKLM > Software > Oracle) binaries. I have set the Application Identity service to auto start on boot and made sure AppLocker properties had a check next to configured for executables and enforce rules.
I imported the default rules and added a PATH rule for regedit.exe and allowed for a specific domain user. I have also set the allow for all files in the windows folder for the domain user.
The problem is this doesn't work and they still get errors when trying to change keys in the registry. Any advice? We do not have Group Policy set for Applocker. I am thinking if it isn't defined then it isn't managed. Would a GPO have to be created before this would work?
Hi there,
I've recently started testing SRP on my test users/workstations.
I created a GP with SRP turned on where i have "Enforcement" set as "All users except local administrators"
What I've noticed: if a user is a member of Domain Admins group and that group is a part of Local Users on a particular machines, that user is prevented from performing administrative tasks...even though intuitively it should not.
I read that the "Security Filtering" of the GP i created has default "Authenticated Users" which is the reason Domain Users are not excluded from the GP.
So I replaced Authenticated Users with Domain users and now my Domain Admins user is able to perform administrative tasks just fine.
My question is: How does this impact the security and enforcement of SRP? Obviously Authenticated Users is set by default for a reason. Before i settle for the aforementioned solution, I would like to be sure I am not not creating a serious security flaw.
Please advise,
Thank you!
2008 R2 domain with mostly windows 7 clients running ie8. upcoming project to upgrade them to ie11.
I copied the inetres.admx and inetres.adml files from the PolicyDefinitions folder on a windows 8.1 PC with ie11 and pasted them into the central store.
I created a new GPO that configures "access data across domains" to "disabled" from user configuration/policies/administrative templates/windows components/internet explorer/internet control panel/security page/internet zone.
I logged into four test machines with the same user account.
windows 7 with ie8
windows 7 with ie9
windows 8 with ie10
windows 8.1 with ie11
all four machines show this setting correctly Disabled with my GPO as the winning GPO in RSOP, but *only* the ie8 machine properly shows this setting as Disabled in its Internet Settings. the ie9, ie10, and ie11 machines all have the setting Enabled in their Internet Settings.
full disclosure: there is an old-school Internet Explorer Maintenance GPO in place that sets this to Enabled. but in theory, that GPO should only affect the ie8 and ie9 machines, right? and yet the ie8 machine is the only one getting the correct setting from my new administrative template GPO.
is there an easy way in GPMC to tell if i'm actually working with the ie11 version of inetres.admx or not? some setting that's new for this version?
Hi everyone,
It's simple to setup IE 10 to open two tab as home page but I can't find this feature for IE 11. Is that possible with IE 11?
Thanks
Flavio Ribeiro
Is there a GPO or registry edit that will remove the option of "Show Desktop Icons"?
Accessed from, right click desktop > view > show desktop icons.
Hi all,
I have a XP machine that is a member of Win2008 domain and the local
administrator account is locked out
whenerver i restart xp machine automaticaly locked out admin accounts.
how to unlock the xp or windows 7 machines local admin accounts over gpo.
Regards,
Udaiyar
Dear Exprt,
I have script to run (computer configuration) on logon and its run after computer restart however is there any other way to run this policy without restarting computer or any other place in GP to add script to run without restarting machine.
Support@Mytechnet.me
We are using GP to map all of our network drives to users. Most of our laptop users that work remotely, when they login the drives are disconnected but they are still mapped. Once they connect to the VPN, they can access those drives. Others laptop users that we have, when they login to their machines, the drives are not mapped. When they VPN in the drives are still not mapped or connected.
I need the drives to stay mapped on those end users machines once they leave the network, so when they VPN in, the drives will not be accessible.
I am testing an existing GPO Preference with Windows 8 that renames the Builtin Administrator account and sets the password. It works on XP and Win 7 but not on Win 8. RSOP reports that the GPO completed successfully but provides the following additional information:
Group Policy Local Users and Groups completed successfully.
Additional Information:
The computer 'Administrator (built-in)' preference item in the 'Test_Policy {guid}' Group Policy Object did not apply because it failed with error code '0x8007052a This operation is disallowed as it could result in an administration account being disabled,
deleted or unable to logon.'%%100790273
Sounds like there is a setting somewhere that is preventing changes to the builtin administrator account, but I can't find our where it is to toggle it off. Any ideas?
Hello,
How do you uncheck the (IE8) "Display intranet sites in compatibility view" through group policy? I read several conversations regarding the this default setting, however I did not see how this can be done.
Thanks
I need to modify the permissions on reg key ofHKEY_LOCAL_MACHINE\Appid\{86F80216-5DD6-4F43-953B-35EF40A35AFEE} so it hides the wireless key in windows 7 so people cannot view it. I have 500 systems to set this up on as I need to remove the CElevatedWLANUI and any other groups and replace it with domain admins so that is the only group that can see it. I do not want to have to modify this key on 500 systems as it would take a long time.
How can I modify this key permssions on the reg key value and then deploy it via Group Policy to all workstations.
Dear Sir,
I am applying Group Policy on windows server 2003 Enterprise it is working but my all User System Operating system is Windows XP is working 100% but my for system user Windows 7 Professional this wallpapers Group Policy is not working on windows 7 only wallpaper problem user system screen is black .this is my problem Please Help me . thanks.
I have a Win Svr 2012 r2 std DC of which I'm tasked to create a group policy for all users to have a specific internet explorer shortcut to all employee PC's Desktop, and PINNED to the start bar.
How can you do this easily? Please provide step by step please.
Thank you,
Hi,
my startup VB script not working on Windows 7. The script should install or uninstall office 2010 based on group membership.
I tested scipt on Windows XP and everything works. When I run script manually, it works.
Quite similiar batch file works, office are installed but not same functionality for me.
I turn UAC off, bot not working.. Also add dword EnableLinkedConnections but nothing change.
Batch file works but VBScript not!
Any advice? Thx
We have recently moved from Windows 2003 server to 2008 R2, and from XP clients to Windows 7. I am now trying to get folder redirection to work. I am trying to keep it as simple as possible. I only need to redirect the documents folder to an existing network share. I created a GPO specifically to do this. I configured the offline files. I have set the user home directory in AD, and verified the environment variable is correct on the client system. I am trying to get it to work with my account, which has full administrator rights - and I have exclusive ownership to my home folder. In the GPO I have set the documents folder to do a basic redirect to the users home directory. It will not redirect. I have enabled userevent logging, and have the following information below. I continue to get the event log warning message that folder redirection policy application has been delayed until the next logon...which happens at every logon, so I know this is not expected behavior, at least not an expected result. Any help would be greatly appreciated.
CheckGPOs: No GPO changes but called in force refresh flag or extension Folder Redirection needs to run force refresh in foreground processing
ProcessGPOList: Extension Folder Redirection returned 0x0.
Also - I have selected grant exclusive access to user home directory on the second page of the GP documents option.
Hi,
In our company we use SCCM 2012 SP1 to deploy Office 2013 to all our client machines. The problem is when a client open its outlook, he/she need to confiure all settings. How I can configure this automatically?
Thanks in advance.