Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Group policy not being applied completely......

December 20, 2012, 4:01 pm
$
0
0

I have created basically a duplicate group policy for a new group of users.  The new policy is COM-IRP.  It is filtered on the com-computers (where the users computer objects are located) and on com-irp (user accounts)

In that policy are items such as desktop shortcuts, and drive mappings to network shares, but the only thing that shows up right now is the network shares.  I have also added the com-irp users group into computer administrators group using this same policy.  

The big problem is that when a user who signs in, and is IN the com-irp group, they are unable to install any programs as they are told they don't have admin rights.

Did I miss something?????

It is set as:


Search

Preventing window minimise with group policy

December 20, 2012, 7:34 am
$
0
0

Hi,

I've been setting up a highly restrictive GPO to force certain users to get a kiosk mode IE window with a predefined address and no ability to do anything else aside log off.

All I seem to be missing is to prevent the user from using the Alt+Space+N shortcut which partially minimises the window, enables them to view the desktop and have access to the IE window's explorer bar.  Any idea where I might find the GPO setting (or registry key, if one doesn't exist) to prevent this?

Thanks.

"Validate server certificate" option is unexpected to check in Wired network (IEEE 802.3) policies in windows XP SP3

December 21, 2012, 3:30 am
$
0
0

Hi All,

I gone through all GPO's forums reg,. this issue i need conclusion on this issue here is my scenario for Wired Network Client Access GPO(PEAP).

GPO-Server: Windows server 2008 R2

Clients: XP SP3,Windows 7

Policy:  Wired network (IEEE 802.3) policy

Authentication Method: PEAP(no need of CA server)

 i create policy and deployed to my test machines, here for windows 7 machines the policy applied successfully but for windows XP machines am getting 

"Validate server certificate" option is unexpected, i verified in server there its unchecked.

  I just gone through with the below URL to trouble shoot

http://blogs.technet.com/b/asiasupp/archive/2010/11/03/validate-server-certificate-option-is-unexpected-to-check-in-wired-network-ieee-802-3-policies.aspx

Is this policy will not work in server 2008 R2 and Windows XPSP3 environment?

Could any one help on this!


Thanks Kalyan

Client Won't be Sync with Server Time, Any Possibilities ?

December 21, 2012, 4:36 am
$
0
0

Hi,

I need My server time won't be sync with AD time, I need that server 10 min increase with AD time for some Application purpose. Any possibilities ? we have only one NTP server. But changing NTP server time that is not possible. Once we change the server time automatically it will come with AD time. Let me know any possibilities. 

Please reply ASAP.

Thanks in Advance. 

Hari 

GPO results on PC are different between automatic group policy processing and gpupdate /force

December 21, 2012, 7:25 am
$
0
0

This is really stumping me. I have a Forest level Server 2008R2 domain, and a Windows 7 SP1 Enterprise x64 client. I have a chain of rather complex GPOs that apply at the domain, OU, subOU etc level. The GPO modeler makes it look like the "right" thing should happen.

When I log in to a standard user account on the client computer and test the GPO settings by opening a command window and doing gpupdate /force, the "right" thing happens and the GPOs apply like I expect.

If I then wait 90 minutes for the gpo update to occur automatically, *different* settings seem to apply.

Specifically I've set a computer policy to hide "switch user". This works after a gpupdate /force, and the ctrl-alt-del screen doesn't show "Switch User". If I come back later after presumably the group policy auto refresh, the "switch user" comes back on the ctrl-alt-del screen. Every time I manually update the policy, that entry comes into force.

Why would the auto refresh of group policy not do *the same thing* as running gpupdate /force? It seems like they *should* do the same thing.

Windows 7 Folder Redirection = Access denied

January 24, 2010, 6:32 pm
$
0
0
I have a GP to redirect My Documents to \\server\share\%username%\Documents.

If this user has never logged on before the Documents folder IS created but the following errors appear in the event log:-

Failed to apply policy and redirect folder "Documents" to "\\server\share$\userid\Documents".

Redirection options=0x1218.

The following error occurred: "Can not create folder "\\server\share$\userid\Documents"".

Error details: "Access is denied.

 

Folder redirection does then not work.  The logged on user can manually create files/folder in \\server\share$\userid or in \\server\share$\userid\Documents


The same policy works correctly under Windows XP however it sets it to "My Documents" rather than "Documents".

So I have two questions:-

How can I resolve the issue with Folder redirection not working?
When it does work, if a user logs on to a Win 7 pc and then logs on to a Win XP pc will their documents all be in the same place?  (or some in my docs, some in docs?)



Disable USB drive on Remote Desktop Server / Terminal Server

December 21, 2012, 12:18 am
$
0
0

I have an issue as mention below.

OS: Windows 2008 R2 with Domain Controller / Terminal Server on the same Server

Want to disable USB Pen Drive

Try to disable pen driver via GPO it gets disable for all users including Admins.

Want to disable for few users and allow to admins.

Regards,

GJ

Help please hackers have lock'd my user's account,or should i say that once i use the accounts my sceen go black.

December 22, 2012, 6:53 am
$
0
0
Hackers have caused me a major problem,when i use one of my user accounts my sceen go black;the funny thing about this is that i still have access to my user guest account.there are some programs i can download to help me out but i can use them because i don't have admin. control.Is there a way that i can get admin.control through my guest account?
Search

Disable group policy settings in an image

December 21, 2012, 3:00 pm
$
0
0

Hello

I have an Acronis backup image that I am trying to restore to a new machine - to do this, I need to disable the Device Installation Restrictions in the image.  I have the ability to modify the image's registry and file system before the restore.

I have deleted the following key: HKLM/Software/Policies/Microsoft/Windows/Device Installation, but it apparently did not work correctly.

Are there any other registry keys or local policy files that I can delete so that the restored machine does not enforce these policies until it rejoins the domain and pulls the policies back down from the DCs?

Thanks

how to duplicate printers to the same windows 2003 R2 SP3 server?

December 22, 2012, 9:37 am
$
0
0

 I have install a windows 2003 R2 SP3 with print manager to deploy 60 printers by GPO.

I have 2 differents printers A and B: now only one A printer is on  line and the others printers will be deliver in a few months. I want to anticipate and prepare now the server.

Is it possible to duplicate the A printer and which need to be modified in addition to the tcp/ip port ?

is it possible  to prepare the B printers which are not on line? I know that set up a printer queue with a printer off line ask me the printer network card model ?

thanks

How to update profile parameters for many users at once?

December 18, 2012, 5:57 pm
$
0
0

Hi Everyone,

I am running Windows Server 2008 R2 as standalone but with Domain Controller setup. As you can see in the picture below all my 75 users do not have anything setup for "Start the following program at logon:". I would like to add something there and tick the check mark. How can I automate this job rather than going through each and every user login?

Thanks,

GPO on Terminal Server Windows 2008R2 64-bits security filtering for one user but applied to everyone

December 22, 2012, 10:02 am
$
0
0

Hi All,

I just created a new GPO and linked it to the OU in which the user/group reside. I only want to apply this GPO to one particular user/group so I added this user/group to security filtering and removed authenticated users. When you look under Delegation the following groups/users are shown:

  • Domain Admins
  • Enterprise Admins
  • Enterprise Domain Controllers
  • System
  • User/Group (I added through Security Filtering)

Then when I log into the system with a user not mentioned in security filtering it still applies the policy.

The environment is Windows 2008R2 64-bits running Terminal Services and users logon with RDP.

I hope someone can help me out with this one......

Group Policy Result from 2nd DC --> Greyed out

December 5, 2012, 7:06 am
$
0
0

Hello,

i am running 2 domain controllers

DC1: Server 2012

DC2: Server 2008 r2

When running "Group Policy Result" from Server 2012 all relevant information is available.

When running "Group policy Result" from the 2nd DC (Server 2008 R2), i receive the following screen :

When disabling the Firewall on the the client for running this GP Result, the options are NOT greyed out and everything is working fine.

I am having a GPO with some Firewall Exceptions for WMI, but it seems they are only working from the "primary" Domain controller?

how can i fix this, so i can run a gpresult from the 2nd DC, with no options greyed out when running GPresult?

Edit : Same problem when running GPResult from all other Member-Servers. So how can i change this, that every server has the ability to GPresult without the greyed out printscreen!

By GPO all computers should have the possibility to use WMI to the client

See this GPO-setting:

Thx



Internet setting in group policy

December 23, 2012, 2:25 am
$
0
0
how to implement group policy for Internet, If i want to restric some of the user to access the internet. how should i do through group policy in server 2003

Group Policy Preferences Scheduled Tasks not appearing on Windows Server 2008

December 17, 2012, 3:14 pm
$
0
0

Hello everyone:

I'm having an issue trying to deploy a Scheduled task GPP to my Windows 2008 SP2 x86 clients.

The policy does apply (I checked that with gpresult) to the systems but the task doesn't appear in the Task Scheduler, no error events are logged in the system, application and Group Policy Operational event logs. Our 2008 SP2 servers are fully patched with security and critical updates.

This same GPP works fine on Windows 2008 R2 SP1 clients (after using ILT for the OS)

I've tried creating a separate policy targeting only 2008 SP2 to no avail.

Is there something else to try?

Thank you very much.

Regards,

Hernán.

Search

Uninstall one program and replace with another

December 14, 2012, 7:24 am
$
0
0

Hi all,

I am trying to create a GPO that will uninstall McAfee Agent, HIPS and VSE then install Trend OfficeScan without leaving a machine unprotected for more than a few minutes.  I have tried various methods but each one uninstalls McAfee and then doesn't install Trend until after a couple of reboots, which leaves a full session unprotected if a user follows the normal pattern of shutting down in the evening and booting up in the morning.  I only want the GPO to install Trend on a machine that does not have McAfee so have a created:-

  • A script that uninstalls McAfee using msiexec and FrmInst.exe" /forceuninstall.
  • A GPO that sets an environment variable dependent upon the presence of McAfee Framework Service (0 if not present, 1 if present).
  • A WMI that checks for the an environment variable of 0.
  • A GPO that uses the WMI and installs Trend if the WMI returns true.

If I uninstall McAfee using a shutdown script then I want Trend to install at the next boot, thereby not leaving the computer unprotected.  I assume that the environment variable is being set after the WMI has checked its status as Trend does not install until the next restart.

My questions are:-

  • Can a GPO be prompted to install a package if a WMI can return a "false"?  This would mean that I don't have to use the environment variable at all.
  • Can I set the environment variable when in the shutdown script?  I have triedsetx variable "0" but it doesn't seem to work for me.
  • Am I approaching this all wrongly and is there an easy way to achieve this?

I would greatly appreciate any help with this because I really don't want to visit 300 computers to do this process manually.

Netlogon rights and GPO appliance

December 24, 2012, 3:33 am
$
0
0

Hi,

If I deny the user from accessing the DC through network (the netlogon right), would it be a problem for the GPO to be applied, i.e the logon scripts.

I mean, when he tries to use his credentials to open a file on the DC (i.e \\XX\sysvol\domain\XX\XX.vbs), it would fail with "the specific logon right was not granted"; but if he logs on through terminal service first, and access that file later, it works.

So when he logs in, would the script get executed in such a situation? 

Domain client computer software installation problem.

December 24, 2012, 1:36 am
$
0
0
In my organisation i am using active directory concept,I need to install all application softwares with specified domain user account on particular client computer.This specified user account doesn't have permission to install Applicattion software on the other client computers.Please help me.

George

How to set IE9 default homepage intially, but still allow users to change it after

December 24, 2012, 10:43 am
$
0
0

We currently are using this Group Policy setting:

User Configuration/Administrative Templates/Windows Components/Internet Explorer/ Disable changing home page settings

To set the default homepage in IE9 on our Windows 7 computers. This options works great, and we have been using it for a while, however it does also prevent the user from changing the homepage to something else.

Now we want to still have the same default homepage when a user opens IE9, but we want them to have the option to change the homepage, and not have group policy override their change. I've heard a lot of different things regarding ways that this can be done, but I still don't know what the simpliest way is.





"Power Plan vista or later" option not available in Power Option preferences

December 24, 2012, 8:36 am
$
0
0

running ms server 2008.

I want to manage power settings with Group Policy. We have devices that do not reconnect properly when the computer wakes up. However the option to make a power plan (vista or later) does not appear.

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>