Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Change Local Admin Password Through Group Policy

November 5, 2012, 4:24 am
$
0
0

I need to change the password of local administrator of all the domain joined computers in my organization. I have tried the following:

Computer Configuration ->  Preferences -> Control Panel Settings ->  Local Users and Groups - > Action -Update ..Change new password.

But nothing seems to be working . I have Windows 7 and Windows xp SP3 deployed in my organisation as client computers.

I have also tried startup scripts but nothing seems to be working.

Can someone provide me the detailed steps for the same.

Also can anyone let me know whether for using Group Policy Preferences , what is the  prerequisite for xp and 7 machines?

Any help will be greatly appreciated!

Regards,

Samvit Mishra

Samvit

Search

How to update profile parameters for many users at once?

December 18, 2012, 5:57 pm
$
0
0

Hi Everyone,

I am running Windows Server 2008 R2 as standalone but with Domain Controller setup. As you can see in the picture below all my 75 users do not have anything setup for "Start the following program at logon:". I would like to add something there and tick the check mark. How can I automate this job rather than going through each and every user login?

Thanks,

Creating scheduled task via gpo

December 29, 2012, 12:16 am
$
0
0

Hi

i have created a scheduled task via gpo in computer configuration on windows 2008 r2 and i need to deploy it to windows xp and windows 7 clients.

on the windows xp clients i have already deployed the client side.

when i enforce the policy on the clients, the normal domain users do not receive the task.

However when i log in with admin rights wether domain or local admin, the task is created.

How can that be solved? ANY IDEAS?

Changing default mail client

December 29, 2012, 2:57 am
$
0
0

hi

our company uses lotus notes and most of our clients use windows 7 pro  with lotus notes and also microsoft office 2010.

Our issue is that  we are trying to set the default mail program to be lotus notes so as users can easily send document to mail.

But even upon changing it in the default programs section, it will still says that no mail clients were configured and to configure and account in outlook.

This is very annoying as even changing a simple thing like this does not work on windows 7.

Any one can help please

Disable screensaver at the computer level

June 28, 2010, 2:55 pm
$
0
0

How does one go about disabling the screensaver via the Group Policy for the computers (at the computer level) ?

My understanding is that it a user specific setting so a user would have to be logged in to get the policy.

My query is in regards to disabling the screensaver all together so that my VMs don't chew up the resources as there is no monitor I am trying to save.

Windows Firewall per-user

December 29, 2012, 8:56 am
$
0
0

Hi,

Excuse what could be a bit elementary, I'm no Microsoft guru

We have a terminal server (win2k8 r2) on the domain that a bunch of users login to.

We ideally want these users to only be able to access certain resources (controlled by IP/port) based on their user group.   So the idea is to create GPO's with Windows Firewall outbound rules to permit the allowed access per user group.

However I've been trying this for a couple of hours and I just cannot get the GPO to enforce Windows Firewall rules.

So I'm wondering if this maybe because the GPO is linked to a user group, not computers, and the Firewall is a computer setting.

Would this be  the case?  is it possible to create GPO's that enforce different Windows Firewall rules per-user rather than by per-computer?

thanks

Redirecting My Documents now creates an unwanted "My Documents" subfolder

August 6, 2009, 11:46 am
$
0
0

I'm recreating a GPO trying to match the settings for the existing one.  Only problem is that now when i setup the My Documents redirection to go to \\servername\share$, it now shows its going to make a \\servername\share$\username\My Documents, where my old policy, which is setup the same way, would use \\servername\share$\username as the My Documents folder, which is what I want.  Is there a way to force it to not create that extra My Documents subfolder?  I'm guessing something changed with Microsoft since that policy was originally created and now.

I'm using "Basic - redirect everyone's folder to the same location", "Create a folder for each user under the root path", with a Root Path of \\servername\share$.  Everyone already has a folder created, so maybe this can be changed to get it to what i want, i was just trying to set it up identical to our current policy i'm replacing.

I just want it to redirect to RootPath\%username%, not RootPath\%username%\My Documents. 

For what it's worth, the folder I want it to go to is also where their H drive is mapped to as a Home Folder on their Active Directory account.

lock AD user

December 29, 2012, 3:37 am
$
0
0
can we lock AD User without GPO...
Search

Win Svr 2012 BPA show error for DC's that Default Domain Controller Policy is not applied to Domain Controllers OU, but it is :)

December 30, 2012, 11:58 am
$
0
0

Hi :)

I have 3 DC's (Win Svr 2012) and Server Manager / AD BPA claims error:

The Default Domain Controllers Policy in the domain sub_domain_name.tld_domain_name should be applied to the OU OU=Domain Controllers,DC=sub_domain_name,DC=tld_domain_name

DC's are in Domain Controllers OU, GPO is linked and not blocked (etc...) and when I run GP results wizard against those 3 DC's and my domain admin account I've get status that DDCP is applied.

What might be wrong ?

Best regards

Nenad


Printer CSE delay when applying Printer Policy

December 11, 2012, 6:36 pm
$
0
0

After settling down I can never get this below 20-30 seconds when a user logs in, just applying 3-4 printers on average, 30 second delay.

I can't figure why... The users have logged on before, this affects any TS we have, the drivers are all preinstalled, it just doesn't make sense.

I've setting logging and watched the user trace as it happens via notepad ++ and there'll just be unexplainable gaps in the log. It'll stall for 20 seconds before even beginning applying printers on the Printer CSE.

How do I find why there is this delay?

The user is a part of the following security groups - ERROR: An unexpected error occurred.

December 31, 2012, 1:48 am
$
0
0

Hi,

I'm trying to troubleshoot my GPO

when using when using GPRESULT /R on windows8 client machine COMPUTER SETTINGS are not displayed only the USER SETTINGS and getting an error:

   The user is a part of the following security groups
   ---------------------------------------------------
       ERROR: An unexpected error occurred.

What could be causing this?


How to backup Domain users Withg GPO

December 31, 2012, 5:50 am
$
0
0

Dear

i want to take auto backup from the Domain Users and put it on the the Storage Server can i do this with GPO?

thanks

Every User Can log on to any computer in the Domain and access any files.

December 31, 2012, 3:55 am
$
0
0

Dear,

In my domain, Mail Server is integrated to AD. System and  Mail Password is same of all users. Now one thing I need to do in my domain. A huge Security hole is opened in my domain. That is, every user can log on to any PC and access any files or drive except "C://Users". Suppose A is a domain user and B is another domain user. Now A can log on to B's computer and access all the files and drive. B can also the same. That means each user can copy or delete in the domain. So please give me a solution to protect it.

Regards,

Sk Sabbir Ali

Sk Sabbir Ali

Redirection folder: Application data not redirecting properly

December 31, 2012, 9:33 am
$
0
0

Hi, I've setup Folder redirections to work for Windows 7 and XP. I redirected everything that GP lets me. everything work fine, except for Application Data in XP. (Didn't try Windows 7 yet.) For some users it works fine and for some it doesn't. GP redirects like half of Application Data and then it stops.  Anyone know why it gets stuck?

I tried to copy everything manually, but it won't use the redirected Application folder, only the local copy of Application data folder. I tried to delete the redirected Application data folder, so it can try to redirect again, and it gets stuck by the same exact place where it got stuck before. The weird part is, that every user has a different place where it gets stuck.

GPO - to Hide Libraries and Network from Windows Explorer Windows 7

January 16, 2012, 4:59 am
$
0
0

Hi,

I am trying to find a way to remove the Libraries and network icons from the explorer window using a GPO. I cannot edit the registry because the PC's are frozen and return back to the default state when a user logs off and back on. I have tried using the Disable Known folders key but this doesn't remove it from explorer.

 

Is this at all possible?

 

Thanks

Search

BGinfo using group policy

June 29, 2010, 1:11 pm
$
0
0

We have the bginfo.exe in the netlogon directory and have it called in the logon script using group policy under computer config and startup scripts

%logonserver%\netlogon\LogonScripts\BGInfo\bginfo.exe %logonserver%\netlogon\LogonScripts\BGInfo\bginfo.bgi /timer:0 /silent

it does not work.

then I  changed it and added it the user configuration in group policy to call this script under logon scripts

but it only works when I logon to a member machine as a domain admin if I login as domain user on the member server the .exe does not launch. it will not serve any purpose if I have to make everyone admin to just see the BGinformation.

any idea how can I make this work on all users for all member servers. all machines are windows 2008. ideally I would like to do this at the computer level that way regardless of who logs on they see this information.

thanks

Event ID: 6005 & 6006 -

December 17, 2012, 4:36 am
$
0
0

Getting the following application event log warnings but can't seem to trace where they are coming from.  Have tried unlinking all GPOs & GPPs but that doesn't seem to stop the warnings.  Any suggestion how we can trace the source of these.

Thanks,

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Event ID:      6005
Description:
The winlogon notification subscriber <GPClient> is taking long time to handle the notification event (CreateSession).
Additional details:
 Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}"
 EventSourceName="Wlclntfy"

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Event ID:      6006
Description:
The winlogon notification subscriber <GPClient> took 66 second(s) to handle the notification event (CreateSession).
Additional details:
 Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}"
 EventSourceName="Wlclntfy"

 

gpresult /r the user does not have RSOP data

January 1, 2013, 5:52 am
$
0
0

Hi

On my exchange server 2010 installed on server 2008 R2 I always get 'INFO the user does not have RSOP data' while running gpresult /R.  Its a member server and running the same command on other member servers produces correct result.  I need help to rectify this proble. I am logged onto this computer as domain admin and this particular user account has no trouble on other member servers or domain controller servers.

Rsop produces: Group policy error: Unable to generate RSOP data.  In loggin mode likely causes are group policy has never .............................  Need help to resolve this issue.

Thanks

Local Firewall Policies Overriding Domain Group Policies

February 23, 2012, 6:17 pm
$
0
0

Hello!  I just discovered that in Windows 7, a local firewall exception can be created that can override an exception set via the domain group policy.  For instance, we have a domain GP that defines the "File and Printer Sharing" firewall rules and limits access to specific subnets.  However, a local program installation/administrator is able to define a custom port exception to TCP 445 to allow any IP to connect, and it appears that the workstation respects this setting.  With this local change, file sharing is available to this computer from all computers on our network.

I discovered this problem after I installed the Remote Server Admin Tools (RSAT) on a workstation.  It appears that when the DFS Management tool is activated, it creates a firewall exception calledDFS Management (SMB-In) that allows access over TCP 445 to any IP address.  Unfortunately, I also found that this local exception overrides the domain GP that I had set where I had explicitly limited this access for file and print sharing. 

Note that I also tested this in XP and I was unable to add a custom port exception for 445 since the firewall interface gave me a warning indicating that there was a conflict with a managed exception (this is what I expected).

I would like to avoid disabling local firewall rules entirely since we would then need to define exceptions for all of the custom programs we have across our network.  However, I would like Windows to enforce that if a domain firewall GP is being applied, that a local firewall exception cannot override the domain policy.  How can I correct this behavior?

Thanks!

2008 R2 pdc Gpresult, access denied, rsop times out, gpupdate hangs "updating settings" for a while.

December 6, 2012, 10:56 pm
$
0
0

We have a pdc running server 2008 R2, when I run gpupdate on the server, it waits for about 5 minutes on "updating settings....." then finishes normally. I installed gplogview. Running gplogview /m shows gpupdate runs through everything, next policy processing in 5 minutes, but gpupdate is still waiting on updating settings a while before finishing.

I have tried rsop.msc returns "this operation returned because the timeout period expired".

gpresult returns "access denied".

I have seen the reregistering of userenv.dll, I get an error message when run with the /n /i switch. (that solution is almost always posted under 2003 server not 2k8).

I have also checked the group policy logs and have no errors, dcdiag has the rodc error which microsoft recommends ignoring in leu of a rodc server.

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>