Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

"Group Policy Registry" (CSE) is failing with EventID 7016

March 14, 2014, 7:40 am
$
0
0

Hi,

I'm stuck at troubleshooting the group policy processing on a W2k8 R2 Terminal Server. On this machine the CSE Group Policy Registry Component is failing with ErrorCode 11. (I'm sorry but the editor does not allow me to insert xml yet)

I was not able to find any source in technet or msdn regarding Group Policy Registry ErrorCode 11 nor able to get any further debugging operable, that gives me more hands-on-details on this problem. Furthermore I was not able to determine the GPO causing the CSE failing, neither with RSOP nor Eventlogs.... With the group policy modeling wizard i just get "GP Registry failed" listed in Component State Overview with the subtle message "An attempt was made to load a file with an incorrect format."

How can i get to the bottom of this?


Search

Password Complexity Requirements in Server 2012

March 14, 2014, 7:56 am
$
0
0

Hi all,

I just want to confirm something.  Based on what I've read, it appears that the Group Policy password complexity requirements hasn't changed from Server 2003 to 2008 to 2012 -- it requires the use of 3 of the 5 character classes (upper case alpha, lower case alpha, digit, special character, Unicode).  Our organization wants to make the complexity requirements more stringent (for example - require upper case, lower case, digit, AND special character).  Is this true?  I was hoping that Server 2012 offers more flexibility, but it looks like the complexity requirements are the same as before.

It seems like our options are 1) a third-party solution, or 2) modify the Windows password filter (passfilt.dll).  What are some good third-party solutions for this?  Is there any documentation out there that shows how to modify the password filter, if we chose to go that route?

Thanks in advance for any assistance.

GPO to delete a unique regkey from HKCU?

March 11, 2014, 9:08 am
$
0
0

Hi guys,

We have an application that writes a random-named regkey to HKCU/Software/Microsoft/Windows/CurrentVersion/Run each time it runs.  I am told that the application would also delete that key, but that it is failing because our users are not admins and do not have permissions to edit the registry.

I know that if that regkey did always have the same name, that I could use a User-GPP registry setting to always delete it.  Is there another way that I can have a GPO run an elevated script against the HKCU hive?  I think the User GPO Logon scripts run under their context, which does not have permissions.  I know if it was HKLM I could use a startup script, but not sure how I can run an elevated script to remove a HKCU key.  This is not a one time settings and trying to set something up that would run continuously(every login or shutdown, etc.)

Thanks

Dan Heim




Change Favorite folder location target using script

March 4, 2014, 1:37 pm
$
0
0

Hi, 

I am trying to create a script to change the internet explorer favorites folder location.

So far i thought about having a simple batch that executes a .reg with:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites"="C:\\Folder\\Folder1\\Folder2\\Favorites"

But this is not really working :)

How to stop Internet Explorer upgrade to IE 10 & IE 11

March 10, 2014, 8:12 pm
$
0
0

Dear All,

How to stop Internet Explorer upgrade to IE 10 & IE 11 

In our environment we have around 300 workstations.I need to stop all of the machine users from manually downloading and installing IE.Also how do it stop the IE from updating using Group policy on windows server 2008 & windows server 2003.

All users machine are on windows 7.

Basically i want all users to get restricted to IE9.

Thanks ..

Mike...

Regards, Mike ||Persistent Work Triumphs||

Set IE Home Page - Multiple Tabs

February 21, 2013, 10:43 am
$
0
0

I know how to set the default home page for IE using GPs.  Is there a way to add a default webpage to existing user defaults?  For example, if a user had yahoo.com set as their default webpage, is it possible to add another default webpage that opens in an additional tab using GPs?  We'd like to set our company internal Sharepoint site as a default homepage, but not remove or alter users existing default pages as well. 

Thanks!

Eric

GPO Default Question

March 13, 2014, 7:26 pm
$
0
0

I created a new GPO.  It made a bunch of IE changes on a per-user bases.  It did "not" modify the security level for zones.   This GPO was applied to a production OU that had over 1,500 users inside of it.   Within 30 min no one could get out onto the Internet.  The security level for zones was set to Maximum (all the way up)

Why? If this setting was not touched what could cause it to do this?  I do know there were other GPO's that were applied to this same OU that also had IE settings.  So when the 2nd GPO was applied does it somehow "default" back to the strongest zone security?

Lost in GPO land

Server 2012 Changing the Local Administrator Password with GPO

November 8, 2012, 2:58 pm
$
0
0

Using preferences – Control Panel Settings – Local Users and Groups does not appear to work for the Server 2012 built-in Administrator account. When I force the GPO I get the following error message in the application log.

The computer 'Administrator (built-in)' preference item in the '2012ServerLocalAct {1A18ACB2-A2FC-4BB3-81A9-7C4564132ED9}' Group Policy Object did not apply because it failed with error code '0x8007055b Cannot perform this operation on built-in accounts.' This error was suppressed.

I am able to make changes to the Guest account.

Any suggestions for Server 2012?

Search

Proxy Settings

March 12, 2014, 5:53 am
$
0
0

Hi,

I have configured a policy to segregate some of the office through a proxy server using GPO 2012.  I configured it using the user configuration/preferences/control panel settings/internet settings option and now I need to remove the policy.

Within 2012 they have removed the reset internet explorer to defaults option and leaving the configuration blank doesn't seem to help.  Please can anyone suggest a way to remove the proxy policy setting without going to each users machine and removing it manually.

Thanks in advance.

Auditing, By EventID Windows Server2012R2 GPO Changes

March 15, 2014, 8:59 am
$
0
0

Good-Afternoon,

I have a urgent question,

When someone changed GPO, Delete, or also Edit, Can it be auditing by eventID?

because i want to get Information about who made any change.

I don't want to work with OutSource Software,

Regards,

sWimeX


Drive Mapping and GPO

March 15, 2014, 9:11 am
$
0
0

I have read just about everything on the web about drive mapping GPO and permissions and still having a problem.

I have a Windows Server 2008 Standard as the DC.  I have a Windows Server 2012 that will be used for DirectAccess and File Server.  On the Windows Server 2012, I have created a Data directory that is not shared.  Underneath this directory, are the folders to be shared.  Each one is Shared with Everybody Read/Write Permission.  Then each folder is disabled from inheritance and the actual Security Group(s) are give Full Control access and Everybody group is removed from NTFS Security.  NOTE: One Group has access to all folders.

On the Windows Server 2008, I created a new GPO called Drive Maps.  There will be about 12 mappings in this GPO.  They are set to Replace under Action, given the location of \\server\Share$, Reconnect is checked and a Label is given, then a drive letter is assigned and Show this drive is checked under Hide/Show this drive.  Under the Common tab,  I have checked Item-level targeting and selected the Security Group(s) that will have access.

The two issues are, not all the drives map for the users that have permissions to the drive(s).   The second is if someone was smart enough to know the shares URL and was not part of the group assigned permissions to that share, can gain access to the share by entering the URL under Map Network Drive.

Not sure why the drives are not mapping when the user has the correct permissions for that share and everything is spelled correctly.  And obviously to prevent them access to the Share, I would need to create a Deny group and add that to the share with the Deny option.  Is that they correct solution?

Any suggestions?

Removing a enforced group policy on a computer

March 15, 2014, 7:01 pm
$
0
0
In one of my OU's, there is an enforced group policy that adds local admins. I tried to create a new OU, disable inheritance, and that enforced group policy still shows up even though it isn't linked to the new OU. Has anyone seen this? I don't get what is going on.

GPO Proxy Settings per User

March 13, 2014, 5:22 am
$
0
0

I've spent days researching this but haven't found a situation quite like it. I have multiple users in a SBS environment. We use roaming profiles exclusively. I have 2 users (user A and user B) in the same OU "No Internet" that have dummy proxy settings to prevent them from using the internet except for specifically allowed sites.  These users log in to two different workstations (PC1 and PC2).  The computers are in the same OU, "Windows7Desktops". 

When User A logs in to PC1, the proxy settings are correctly applied.  When User A logs in to PC2, the proxy settings do not apply.  User B's proxy settings also apply on PC1, but not on PC2.

The workstations are identical builds, the same software is installed on each, both are running the same version of Windows 7 SP1. 

I'm at a loss!  My gut feeling is that there is a setting in the registry for the PCs that is different, but I've been unable to locate it.  Any suggestions would be appreciated.

GPOs policies folders not replicating on additional domain controllers.

April 10, 2010, 7:36 am
$
0
0

I have create GPOs on additional domain controller the Newly created GPOs polices folders created on domain controller are not replicating on other additional domain controllers all running on windows 2008 R2.

Error message display on the client machine on running RSOP.msc

Group Policy Infrastructure failed due to the error listed below. The system cannot find the path specified. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.

New Proxy Setting Not Applying

March 13, 2014, 11:26 am
$
0
0
We are applying a 2 part proxy GPO the computer part is applying but not the user part. We have unlinked and deleted the old policy from the OU but for some reason the old policy is still applying in the user policy. The only difference between the two policy is the proxy info and the cert.

lipanitech | http://www.allamericancomputerrepair.com | A+,Network+,Linux+,Security+,MCTS,HP Pro

Search

Created a USB disable GPO

March 16, 2014, 11:00 am
$
0
0

Dear Friends,

I have disabled USB via GPO for all users and it is working fine, only problem is that like some data card is working find & some data card is not working with USB disable. (Data card is not detecting)

Note: If I enable read access for USB then all data card is working.

How can I solve the problem?

Pradip Sisodiya

Can you merge group policy and local policy settings?

March 4, 2014, 12:44 pm
$
0
0

Hi,

We have an application where we need to add a domain account to the replace a process level tokenright on all our member servers (many thousands)

By default it looks like LOCAL SERVICE and NETWORK SERVICE are added by default to this setting.

Other applications such as IIS,SQL,Acronis and presumably many other applications also populate the setting.

We need to add a domain account into this setting but we don't want to lose any settings that are already set up otherwise this will most likely break applications that are using this setting.

If we set up a GPO to configure this setting the account is added, LOCAL SERVICE and NETWORK SERVICE remain but other accounts are removed. Is it possible to "merge" these settings using group policy. If not how can this be achieved? There are thousands of servers all with potentially different members for this setting.

Thanks.

Benefit for enabling LanmanServer on clients

March 16, 2014, 11:12 pm
$
0
0

Dear Exprt

I am really looking for good reasonable benefit for enabling LanmanServer service on clients machine

Support@Mytechnet.me

Group Policy issues

March 5, 2014, 8:14 pm
$
0
0

Hi All,

Am facing plenty of issues in Group policies.. Like when i run this command "gpresult /v" i could see the same policy applied in as thrice in applied group policy.. and that policy is default domain policy.. also trying to add one of intranet site in Internet Group policy maintenance policy but its not reflected to users.. even i forced the policy..  Please advice me on this.

i have given the gpresult fyr.. some have a quick look and advice me accordingly.


Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 3/6/2014 at 9:20:31 AM



RSOP data for OURDOMAIN\venkat2r on INBRLT141 : Logging Mode
--------------------------------------------------------------

OS Configuration:            Member Workstation
OS Version:                  6.1.7601
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\venkat2r
Connected over a slow link?: No


USER SETTINGS
--------------
    
    Last time Group Policy was applied: 3/6/2014 at 9:07:33 AM
    Group Policy was applied from:      INCHDC01.OURDOMAIN.com
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        OURDOMAIN
    Domain Type:                        WindowsNT 4
    
    Applied Group Policy Objects
    -----------------------------
        ourdomain_Policy_Customized
        Global_Wallpaper
        ourdomain_Policy_Customized
        ourdomain_Policy_Customized

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        High Mandatory Level
        
    The user has the following security privileges
    ----------------------------------------------


    Resultant Set Of Policies for User
    -----------------------------------

        Software Installations
        ----------------------
            N/A

        Logon Scripts
        -------------
            N/A

        Logoff Scripts
        --------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Global_Wallpaper
                KeyName:     Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: ourdomain_Policy_Customized
                KeyName:     Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut
                Value:       54, 0, 48, 0, 48, 0, 0, 0
                State:       Enabled

            GPO: Global_Wallpaper
                KeyName:     Software\Microsoft\Windows\CurrentVersion\Policies\System\Wallpaper
                Value:       67, 0, 58, 0, 92, 0, 87, 0, 105, 0, 110, 0, 100, 0, 111, 0, 119, 0, 115, 0, 92, 0, 87, 0, 101, 0, 98, 0, 92, 0, 87, 0, 97, 0, 108, 0, 108, 0, 112, 0, 97, 0, 112, 0, 101, 0, 114, 0, 92, 0, 69, 0, 109, 0, 101, 0, 114, 0, 105, 0, 111, 0, 46, 0, 106, 0, 112, 0, 103, 0, 0, 0
                State:       Enabled

            GPO: ourdomain_Policy_Customized
                KeyName:     Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: ourdomain_Policy_Customized
                KeyName:     Software\Policies\Microsoft\Internet Explorer\Main\Start Page
                Value:       104, 0, 116, 0, 116, 0, 112, 0, 58, 0, 47, 0, 47, 0, 115, 0, 116, 0, 97, 0, 114, 0, 46, 0, 101, 0, 109, 0, 101, 0, 114, 0, 105, 0, 111, 0, 99, 0, 111, 0, 114, 0, 112, 0, 46, 0, 99, 0, 111, 0, 109, 0, 47, 0, 83, 0, 105, 0, 110, 0, 103, 0, 97, 0, 112, 0, 111, 0, 114, 0, 101, 0, 47, 0, 100, 0, 101, 0, 102, 0, 97, 0, 117, 0, 108, 0, 116, 0, 46, 0, 97, 0, 115, 0, 112, 0, 120, 0, 0, 0
                State:       Enabled

            GPO: ourdomain_Policy_Customized
                KeyName:     Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure
                Value:       49, 0, 0, 0
                State:       Enabled

            GPO: Global_Wallpaper
                KeyName:     Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Global_Wallpaper
                KeyName:     Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoThemesTab
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Global_Wallpaper
                KeyName:     Software\Microsoft\Windows\CurrentVersion\Policies\System\WallpaperStyle
                Value:       52, 0, 0, 0
                State:       Enabled

        Folder Redirection
        ------------------
            N/A

        Internet Explorer Browser User Interface
        ----------------------------------------
            GPO: ourdomain_Policy_Customized
                Large Animated Bitmap Name:      N/A
                Large Custom Logo Bitmap Name:   N/A
                Title BarText:                   ourdomain
                UserAgent Text:                  N/A
                Delete existing toolbar buttons: No

        Internet Explorer Connection
        ----------------------------
            HTTP Proxy Server:   N/A
            Secure Proxy Server: N/A
            FTP Proxy Server:    N/A
            Gopher Proxy Server: N/A
            Socks Proxy Server:  N/A
            Auto Config Enable:  No
            Enable Proxy:        No
            Use same Proxy:      No

        Internet Explorer URLs
        ----------------------
            GPO: ourdomain_Policy_Customized
                Home page URL:           http://star.OURDOMAIN.com/Singapore/default.aspx
                Search page URL:         N/A
                Online support page URL: N/A

        Internet Explorer Security
        --------------------------
            Always Viewable Sites:     N/A
            Password Override Enabled: False

            GPO: ourdomain_Policy_Customized
                Import the current Content Ratings Settings:      No
                Import the current Security Zones Settings:       Yes
                Import current Authenticode Security Information: No
                Enable trusted publisher lockdown:                No

        Internet Explorer Programs
        --------------------------
            GPO: ourdomain_Policy_Customized
                Import the current Program Settings: No

Thanks, Venkatesh. "Hardwork Never Fails"

How do I use "File" preferences to keep files in sync?

March 13, 2014, 11:00 am
$
0
0

Hello,

I"m trying to figure out what is the best way to copy files from UNC share to local file system without causing excessive constant update/replace traffic. Ultimately I want files on local filesystem to be exact copy of files on UNC share.

I configured "Create" Preferences and it works fine. Now question what do I do if I update files on UNC share? Filenames stay the same so they would not be copied over on refresh.

If configure "Replace" instead of "Create" then every 90 minutes all the files will be copied over regardless if they are the same or not.

How do I do it right?

Thanks,

G

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>