Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Computer cannot run the logon script when domain users is added into the local 'power users' group or local 'administors' group?

December 24, 2012, 4:20 am
$
0
0

Hi!

I have built a domain and add several computers into the it.

I create a group policy  to execute a powershell script  when user logon the domain computer,

and the script is to map a shared storage space to loal driver such as z:.

Since the domain users will be added to the local 'users' group when the computer joined to the domain,

so when I  login the domain computer with the domain user , it will execute the logon script correctly and the mapping is ok.

But after i add the group 'domain users' to the  local 'power users' group or 'administrators' group, 

when I login again, the logon script is  not executed ,and there's no mapping created. the very strange thing is :

1. i can run the script manually , and the mapping driver is created normally.

Did anyone have met this problem ? any suggestion please!

Thank you very much!

Best guards

chu

Chu Qiu

Search

How to set PEAP as default EAP type of wireless network

December 25, 2012, 1:26 am
$
0
0

I want to login wireless AP using 802.1x PEAP, but client using Smart card or other certificate as default, so login will fail.

I want to make PEAP as default EAP type for any wireless network connection of all client computer in AD domain, instead of Smart card or other certificate.

I don't want to add wireless network connection in group policy.



Export and Import Domain Group Policy

December 25, 2012, 1:41 am
$
0
0

Hiiiiii

this is the first post that I inserted in Microsoft forum.

I have two domains in two different forest.

one dc is windows server 2003 R2 SP2 and another dc is win 2008 R2 with forest and domain functional level 2008 R2.

I want to export all group policy objects from windows 2003 and import in to the new dc with server 2008 R2.

would you please help me step by step for doing this?????

:-)

Mahsa

Issues with adding TCPIP printer using group policy preferences

September 27, 2009, 4:43 pm
$
0
0

Are there known issues with using the TCPIP option for deploying printers in Group Policy Preferences. We are trying to deploy Canon networked colour photocopiers as printers at our sites to the computers at that site using preferences and selecting the TCPIP Printer option in the computer configuration section of the policy.


What happens is that the computers (Vista SP2) getting the printer applied will get to the Please Wait screen before the login screen and not proceed any further (sits there with the little circle spinning, have left it there for over half an hour several times to see if it proceeds, but never gets past the Please Wait screen). I have come across this KB Article (http://support.microsoft.com/kb/973772) which resolves the issue of the computer stopping responding when applying the preference, but all it does now is time out and skip applying the printer preference.


I can see that the computer accesses the server (Win 2008) where the printer is installed as a shared printer to provide a distribution point for the drivers and printer settings and reads driver files out of the spoolss share reasonably early in the Please Wait screen on the client computer

I have added the drivers into the Printer Management console on the Client, and have installed the correct drivers on the server.

I can manually install the printer without problems, using TCPIP and using the Shared printer on the Server


The following is what shows up when I turn trace logging on (from a Win7 Client):

2009-08-17 15:48:53.399 [pid=0x378,tid=0x440] Starting class <Printers>.

2009-08-17 15:48:53.399 [pid=0x378,tid=0x440] Handle Children.

2009-08-17 15:48:53.399 [pid=0x378,tid=0x440] {C3A739D2-4A44-401e-9F9D-88E5E77DFB3E}

2009-08-17 15:48:53.399 [pid=0x378,tid=0x440] Starting class <PortPrinter> - LPT-S20ICT.

2009-08-17 15:48:53.399 [pid=0x378,tid=0x440] Starting filter [AND FilterSite].

2009-08-17 15:48:53.399 [pid=0x378,tid=0x440] Adding child elements to RSOP.

2009-08-17 15:48:53.399 [pid=0x378,tid=0x440] Passed filter [FilterSite].

2009-08-17 15:48:53.399 [pid=0x378,tid=0x440] Filters passed.

2009-08-17 15:48:53.399 [pid=0x378,tid=0x440] Adding child elements to RSOP.

2009-08-17 15:48:56.345 [pid=0x378,tid=0x440] Error installing printer drivers [ hr = 0x80070bcb "The specified printer driver was not found on the system and needs to be downloaded." ]

2009-08-17 15:48:56.355 [pid=0x378,tid=0x440] Properties handled. [ hr = 0x80070bcb "The specified printer driver was not found on the system and needs to be downloaded." ]

2009-08-17 15:48:56.365 [pid=0x378,tid=0x440] EVENT : The computer 'LPT-S20ICT' preference item in the 'Site Settings - TEST POLICY {2D5A97AD-88A8-429A-AD2F-A36B3BA9E09F}' Group Policy object did not apply because it failed with error code '0x80070bcb The specified printer driver was not found on the system and needs to be downloaded.'%100790273

2009-08-17 15:48:56.365 [pid=0x378,tid=0x440] Error suppressed. [ hr = 0x80070bcb "The specified printer driver was not found on the system and needs to be downloaded." ]

2009-08-17 15:48:56.365 [pid=0x378,tid=0x440] Completed class <PortPrinter> - LPT-S20ICT.

2009-08-17 15:48:56.365 [pid=0x378,tid=0x440] Completed class <Printers>.

 

The XML of the preference is:

-<PortPrinter clsid="{C3A739D2-4A44-401e-9F9D-88E5E77DFB3E}" name="LPT-S20ICT" status="LPT-S20ICT" image="1" changed="2009-08-25 03:26:00" uid="{FE300609-9B4B-4D69-9DD5-F774E7F778F1}" removePolicy="1" bypassErrors="1">
 <PropertieslprQueue="" snmpCommunity="public" protocol="PROTOCOL_RAWTCP_TYPE" portNumber="9100" doubleSpool="0" snmpEnabled="0" snmpDevIndex="1" ipAddress="LPT-S20ICT" action="R" location="" localName="ICT - Canon iR1024iF" comment="" default="0" skipLocal="0" useDNS="1" path="\\ict01\canoniR1024" deleteAll="0" />
-<Filters>
 <FilterSitebool="AND" not="0" name="ICT" />
 </Filters>
 </PortPrinter>


Any assistance would be appreciated as it’s something we’ve been trying to do for a little while now without much luck.

Cheers
Daniel

 

 

Terminal Server users can't log in with new DC

November 28, 2012, 10:57 am
$
0
0

Hi All

 We had an environment with a 2003 x86 DC and a separate 2008 R2 terminal server. About 20 HP Thin clients authenticate in and receive various desktops from the 2008 TS. There are about 5 GPOs setup.

The 2003 Server was reaching eol so a new 2008 R2 was brought in. I ran adprep on the 2003 and the new 2008 is now acting as a DC after dcpromo along with the 2003 x86. I thought everything had replicated over. As a test before any final decommisioning steps on the 2003 DC or operation role changes we shut it down to be sure all was ok. The Thin Clients could NOT authenticate in when making their RDP to the Terminal Server. "No Domain Controller is available to process the request". As soon as the 2003 was brought up they could sign in. While the 2003 was down I could log in to the new 2008 R2 DC and see all the GPOs and user accounts.

Any obvious thoughts? I will say that two years ago I replaced a 2003 Terminal Server with the current 2008 R2 terminal server and that was smooth (for the most part after I found out we needed new licenses).

The security database on the server does not have a computer account for this workstation trust relationship

December 25, 2012, 1:22 am
$
0
0

Please help - Four machines with Windows 2008 R2, I encountered a login problem. I'm getting the message "The security database on the server does not have a computer account for this workstation trust relationship." Previously, I used the account 'CN\Administrator' to log on windows. But today I made some update to 'Domains and trusts' in domain controller(my domain is cn.xx.com) and reboot my comuputer. After reboot, I can't logon my comupter with above error message.

I tried to use account adiministrator@cn.xx.com to log on, but failed. I also used other accounts that created in domain controller, but also failed.

Now I have no way to log in my comupter, How can I log into my computer?

 

Any help would be appreciated.

Best wishes

Frank

How to push down group policy from domain controller to a client after changes was made to the GPO.

March 30, 2009, 1:29 am
$
0
0
Hi,

I've a domain created and have created various test GPO policies. Can I ask how to push down a GPO from a domain controller to a client straight away after policy was modifed or created.

Let say for a certain OU or computer DN 

Problem with GPP Item Level Targeting to Security group using environment variable

December 25, 2012, 9:39 pm
$
0
0

Hi,

I'm not sure whether this is possible using GPP Item level targeting or if I'm hitting a bug, but I'm having difficulty setting up a preference to add the logon user to a local group when using item level targeting to a security group.

what I'm doing:

  1. Create AD group and populate user account into it: 'MEL Remote Desktop Users'
  2. Setting an environment variable for the site name (e.g. %SiteCode% = "MEL") using GPP
  3. Create a preference to add the current user to the 'Remote Desktop Users' group.
  4. Attempt to use item level targeting to check whether the user is a member of the security group using the environment variable %SiteCode% variable, e.g. : '%SiteCode% Remote Desktop Users'  (note : I can't use the browse button and select the group as the group name and SID changes for each site).

this doesn't seem to work..  although:

  • from the traces I can see the environment variable definitely exists when the item is being processed.
  • when I remove the security group target the preference applies without problem.

I've noticed when I enter free text 'Domain Users' the ILT will evaluate as true and the user will be populated into the group. Other groups do not seem to work correctly when entered manually?

Can anyone advise if this should work?  or if there is another approach which may work better (LDAP query? WMI Filter?)

Thanks!

Search

group policy- wall paper

December 25, 2012, 11:01 pm
$
0
0
we are planning to implement a group policy for commen wallpaper for all computers in our domain(1000 computers). What is the recomended size of the image file

Run a script when a user is added to a group

December 26, 2012, 5:00 am
$
0
0

Do you know how can i success to run a script (PS / Batch), when a user is added to my domain, or a user is added to a group? (When a user is added to a group, i want to run a script)

Can i do this via group policy or event logs.

Regards

Auto-Archive GPO for Outlook 2010 - What happens when the PST reaches max size?

November 30, 2012, 1:01 am
$
0
0

Hi guys,

I have a Windows Server 2003 domain controller on which I have imported the Outlook 2010 ADM templates.

I have applied some settings for Auto-Archiving.

Once the settings are applied to a User Object in AD, and Auto-Archive runs for the first time, it creates a PST file called ARCHIVE.PST.

So far so good.

When creating my GP, there was an option to specify the MAX PST Size and an option to reject any items when a PST reaches value X

I set the value in both areas to 10000MB (10GB).

So what happens when this limit is reached?

Will the Auto-Archive GP:

1. Detect the Auto-Archive MAX size has been reached a create a new PST called ARCHIVE2.PST?

2. If step 1 is true, will the GP then automatically update the path to the new PST file in Outlook 2010 (File > Options > Advanced > AutoArchive Settings > Move old items to: <THIS IS THE PATH OF WHERE ARCHIVE.PST WAS>

OR

1. Will the user be prompted with a message that ARCHIVE.PST has reached its MAX size, please create a new PST

2. The user then has to manually create a new PST

3. The user finally has to manually change and point to the new PST file in Outlook 2010 (File > Options > Advanced > AutoArchive Settings > Move old items to: <THIS IS THE PATH OF ARCHIVE2.PST>

Any help would be greatly appreciated.

Thanks,



Clear cookies on IE 8 exit

April 20, 2012, 9:39 am
$
0
0
I'm trying to setup a GPO that will set IE to delete cookies when the browser is closed. I found the policy, "Empty Temporary Internet Files folder when browser is closed," but nothing for cookies specifically. The other requirement is that this GPO should apply only to members of a computer group (not to all PCs a user logs into). How do I accomplish this? Thanks.

Server 2003 - Internet Explorer Maintenance - Group Policy - Content Advisor - Approved/Allowed Disapproved/Blocked Websites Not Applying w/ IE 8

December 20, 2012, 12:57 pm
$
0
0

My server is Windows 2003 Small Business Server 32-bit

The clients are Windows XP 32-Bit with Service Pack 3.

I receive no error messages, but the websites are still accessible.

I have been trying to set this up for a few days now spending quite a few hours each day looking at the dozens of posts, threads, forums, articles, KB's, etc.

I've read so much and yet I can't seem to find out why the computers applied with this GPO are taking all configuration settings except for the Approved/Dissaproved Websites.

Basically everything works, all the settings that I've disabled and file menu hiding, etc. all work.

GPResult even shows the approved/dissaproved websites but Internet Explorer is not acknowleding it at all.

Normally the "Content Advisor" should come up and ask for a password when visiting any site without a rating or a site that has not been allowed but it does not show up.

Please anyone with any ideas of what I am doing wrong, I can post screen shots, do file dumps, anything - someone help me please.

Joe


IE proxy connection settings policy filtering

December 26, 2012, 12:01 pm
$
0
0

I have proxy settings through GPO, in the user configuration/windows settings/IE maintenance/connecton/proxy settings

i have the policy applied to an OU with users accounts in it NO computer accounts. no problems its working fine,

what i need to do is filter out an IP range  10.x.x.x ,so user who logon to a machine in that subnet dont get the proxy settings applied to them. How can i get this to work ?

thanks ,

Clickonce Applications

December 26, 2012, 10:08 am
$
0
0
Our organization deploys software that utilizes Microsoft Clickonce. Recently we have had our software developer create a publishing point on our local server so that when the applications start they can update or install from the local publishing point. The challenge we now face is trying to get all of the users switched to this new version of software that points to the local server.

Because of the Clickone nature of these applications I am looking at having to access every terminal the users have accessed and uninstalling the current version and then reinstalling the new version. Not a huge issue except that I am looking at about 60 users and over half of them access the application on two or more workstations.

We are running Windows Server 2008 R2 and the majority of the workstations are Windows 7 Pro with approximately 14 stations still running XP.

Is there a way through logon scripts or GP to uninstall the old application and then install the new application? I have nearly non-existing scripting skills but I am willing to learn more if someone thinks that is the route to go. ANY help is appreciated, thank you.

Search

spfarmadministrator account kept modify GPO policies?

December 26, 2012, 5:57 pm
$
0
0

Hi,

I found that spfarmadministrator accout kept modify some GPOs, and I couldn't find it through \\domain\sysvol\domain\XX\XX\Policies\{GUID}

And each time it modifies a different GPO (the GUID were different each time)

Anyone know what that is?

Query GPO display name through LDAP protocol?

December 26, 2012, 6:59 pm
$
0
0

Hi,

Given an GUID of a GPO, can I find the displayed name (in gpmc.msc) through LDAP protocol? 

Just that when an Administrator modified an GPO object, I'd like to know the name of it.

Tool to generate report of installed applications through GPO

April 8, 2011, 1:33 am
$
0
0

Hi Frinds,

I have configured Software deployment policy to deploy MSI packages on client machines. now i want the detailed report that is that package or software installed in client machines or not. is that any tool available to detect the same. i have googled but not get success.

if anyone have this kind of tool or software then please provide me the detail.

Thanks in Advance,

Mahi Jhala

windows could not connect to the group policy client service

December 26, 2012, 8:25 am
$
0
0

I know this forum has similar questions, but none of them have answered my problem so far.

Case:

My parents have moved to a new place, so they received a new modem with build-in wi-fi.

I had an old Gigabyte wi-fi-adapter, so I mounted it, and after some trouble I had the right drivers,

and the connection to the modem was established.

Their computer is encrypted, so on boot you have to enter a password to access the drive, and then Windows 7 Home x64 will automatically boot

into the desktop since there's only one administrator account on the PC.

The error pop-up is "windows could not connect to the group policy client service", and in event viewer I can see two errors.

First error Screenshot:

dl.dropbox.com/u/19374914/error1.jpg

Second error Screenshot:

dl.dropbox.com/u/19374914/error2.jpg

Hope someone has a qualified guess.


The processing of Group Policy failed. Windows attempted to read the file......please help

December 26, 2012, 7:45 pm
$
0
0

Hello all-

I am currently trying to update group policy (specifically folder redirects) from a new Windows Server 2008 in my office... the server acts as both an AD DS and file server for client computers, all running Windows XP and 7.

Here are the steps I am currently taking:

1. i change some policy setting and try to gpupdate or gpudate /force, but after few second, appear below error message, please kindly as i newbie in server.

The processing of Group Policy failed. Windows attempted to read the file \\<FQDN>\SysVol\<FQDN>\Policies\{04EC3EEE-2108-419D-A5D6-7BCF98F6A90A}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

Of course the system cannot find the file specified because the folder does not exist in the sysvol folder. I am wondering why Windows is trying to read from this location when it does not exist, and is not the new group policy I created!  I have no other group policies linked or enforced to any other OU/Domain/etc.  Any help resolving this issue would be greatly appreciated.

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>