someone help me to create a security group & place into all windows 7 machines as domain administrator i am not sure what is difference between creating own security group replicate into all machines & after joning into domain by default domain admin group will come
sccmghost@hotmail.com
Hello
I have to configure a standard setting for IE8, delete browsing history.
"Delete browsing history on exit" should be on, and only "Temporary internet files" should be selected.
The user must be able to change these settings. The next policy sync should reset that.
Now, while I can do the settings for IE10, it's greyed out for IE8.
IE10:
IE8:
How can I achieve this?
Maybe with registry settings?
Thanks
Leandro
We have taken a series of servers and set the local GPOs to harden them (and we have added a few registry values). Each server type was hardened as much as possible, tested for functionality, scanned for compliance, and tailored to meet regulatory edicts.
Now I would like to take each system and convert the GPOs I have set to a policy I can import into an OU. In the past I have done this manually but there has to be a way to automate it. Any suggestions?
Thank you for suggestions and pointers.
Hello,
I want to install Windows Media Player on multiple machines by using a GPO. Anyone who knows how to do this? Because I have little experience doing this. but figured this should be pretty easy. Any other way is appreciated, as long as it is managable.
Thanks in advance.
Rense Hartog
Hi, I'm actually trying understand how the gpo works when you create a conflict in thesame gpo.
So, I've created a new GPO with "Prevent changing proxy settings" and linked it to the domain, with the default filter. (for testing purposes).
When:
On Computer Configuration: "Prevent changing proxy settings" is Enabled
On User Configuration: "Prevent changing proxy settings" is Disabled
Result: "Prevent changing proxy settings" = Enabled
When:
On Computer Configuration: "Prevent changing proxy settings" is Disabled
On User Configuration: "Prevent changing proxy settings" is Enabled
Result: "Prevent changing proxy settings" = Enabled
And just to be sure:
On Computer Configuration: "Prevent changing proxy settings" is Disabled
On User Configuration: "Prevent changing proxy settings" is Disabled
Result: "Prevent changing proxy settings" = Disabled
In this case it looks that the most restrictive is applied, is it a particular case (no luck for my test)? or each potentially conflicting settings has a predefined result (like: computer configuration win, user configuration win, most restrictive configuration win...)?
Regards,
L.H.
Hi,
I have configured a policy to segregate some of the office through a proxy server using GPO 2012. I configured it using the user configuration/preferences/control panel settings/internet settings option and now I need to remove the policy.
Within 2012 they have removed the reset internet explorer to defaults option and leaving the configuration blank doesn't seem to help. Please can anyone suggest a way to remove the proxy policy setting without going to each users machine and removing it manually.
Thanks in advance.
I have a client that has 1 main site and 3 smaller satellite sites. They only have one (yes 1) server for all of their clients. There is a 100MB connection between so bandwidth is not an issue. The server is 2008 R2, clients are a mix of XP and Windows 7. I have deployed client side extensions to the XP clients.
My project: Install a new network printer in each site (its the same printer for all 4 sites), configure clients to use printer in their site via GPO.
Each site has its own OU with users in their respective site OU. Normally, if this were a single site I could add the print services role, install the drivers for the printer on the print server, and use GP preferences; User config -> Preferences -> Control Panel -> Printers -> add new TCP/IP and then apply this to the users OU. The problem is that it requires a local name and local path, which would require a local print server in each site.
Is there a way to use GP to add a printer to each client computer (and set as default) throughout multiple sites, while only having the One server in 1 out of 4 sites?
All help is greatly appreciated!
NOTE: when I say site, I mean physical location, it is all one domain.
Hello All,
need suggestion, allow specific user/group of user to permit logon the specific/group of computers.
My primary DC is windows server 2003 and i have two other DC's which are windows server 2008 R2.
I am trying to apply a group policiy which is not applying
Computer Configuration-Administrative Templates-System-Device Installation-Allow remote access to the plug and play interface- enable please do guide me
Our Customer requested to configure some security settings of IE10 and I cannot find all desired options to configure. Missing options I cannot find are;
- Privacy level slide lock
- "Never allow websites to request your physical location" (I found registry values, but it will not become mandatory then)
- Pop-up blocker allow-list is empty on IE10 machine, but on IE8 machine I see our internal server list which I create in GPO.
- User is able to create new Dial-up or VPN connection via IE. How I can prohibit this?
- "Enable Strict P3P Validation" is not found in GPO options
- "Block unsecured images with other mixed content" is not found in GPO options
Maybe I missed something. Thanks for help in advance.
Vincent Sprague
Hi all
suddenly I missed the Internet Explorer Maintenance in WS 2008 R2, when I show the settings tab on the GPO it self its showing properly, but I cant find it when I try to edit.
any assistance on that ?
Hello people!
I created a gpo to dissallowed an appliation to run and set it in a specific OU.
By default, this GPO is applied to Authenticated Users.
I'd like to set this GPO to be apply to all users in the domain less an specific group.
How to do it? I think is with security filtering, isn't it? But why?
My system is W2k8 R2 Standard SP1.
Many thanks.
André Martins
Hi
We are going to be introducing several additional Windows 7 PC's to our network to replace our ageing XP stock.
We run a Windows Active Directory domain with Windows Server 2008 DC and will be adding a Windows 2012 additional DC to replace our existing 2003 DC.
I was looking at the Libraries feature available in Computer in Windows 7. I use this at home and find it very useful. However, although I was initially quite keen to encourage its use in our network I have discovered that it can potentially cause some major headaches which can: result in staff deleting folders from the server when they think they are removing the entries from their Library; renaming folders on the server when they think they are simply renaming the nodes as they appear in their Library. We also have a policy of not storing any data locally and I don't want staff to blindly store work in the Documents node under Libraries which will save documents to their local drives.
I would like to be able to disable this feature via a GPO. Is there a Computer Policy object that will do this? I have had a quick search on the Internet and the methods seem a little convoluted.
I would prefer to use a method supported by Microsoft as opposed to an unsupported hack.
Is there a policy I can set and forget?
Thanks!
Hello all,
I am looking into using GPP to deploy printers for my clients in the network and I did not find out how to do the following:
Let’s say I have a user that has:
1. local printers;
2. network printers manually installed;
3. network printers installed by login script.
Is it possible to delete all existing printers on a computer/user profile before installing new ones using only the GP Preferences? If I use GPP to deploy printers, the already existing ones remain in the user profile. What I want to do is to remove all and then to install only the ones the user is allowed to use.
In my environment I use kixtart scripts and con2prnt to accomplish this. I would like to know if the GPP allow this.
Thank you for your input.
Vlad
Hello,
I have win server 2008 R2 DC SP1 acting like secondary DC in a remote site. made on it two GP one for file redirection and another for offline cashing. all applied to a security group.
this Win7 Pro laptop has his files redirected now but still not available offline. I was not able to fix the issue to make them available and when I tried to remove him from security group and update the GP his files are still redirected and cannot have them opened offline.
I uploaded two pics of both user and computer configuration done on the offline cashing GP. if any can check them and inform me what wrong did I do or what I have to add so the offline cashing works or at least how I make the files back as they were before.
https://onedrive.live.com/?cid=D2D1BFB576CE2DCA&id=D2D1BFB576CE2DCA%21403&v=3
Thanks in advance for your help
Hi,
We are using Windows Server 2003 and Windows XP network. I had made some changes in GPO, but unfortunately the option for ActiveX is disabled from changing at client end. I am able to view this option in IE6 & IE7 under Tools > Internet Options > Security > Custom Level > ActiveX Controls and Plug-ins > Run ActiveX controls and Plug-ins.
The options available with this are Administrator Approved, Disabled, Enabled & Prompt. These are disabled, which i want to change to Enable so users can install required ActiveX controls.
Please tell me or show me the path, where i have made mistake and disabled this option in GPO.
We've got policy established that is supposed to audit failed attempts to access files in the All Users Profile directory, specifically for Symantec applications (Endpoint Protection, BackupExec).
We used Group Policy File Security to define audit policy on %AllUsersProfile%\Symantec\ on both Windows XP / 2003 systems and Windows 2008 / Windows 7 systems. For some reason, on the 2008/7 systems, we're getting repeated messages of 4907 "Auditing settings on object were changed"
I've heard that this could be something to do with the way Windows 2008/7 user a symbolic link for the legacy references for areas such as All Users Profile. Something like the policy attempts to set the audit settings on the sym link, end up propagating to the actual folders, but then detect them missing on the sym link and attempt to reapply. What I'm not sure of is how to fix this in my policy short of defining an absolute path to the version 5 kernel and version 6 kernel separately.
Am I ballpark here as to why the event 4907 is being generated? The low count on this is 264 per object in one week. The high end is 1298 occurrences in the same timeframe.