i'm adding sites to "administrative templates/windows components/internet explorer/Compatibility view/Use Policy List of internet explorer 7 sites", but I am not seeing the sites in the "compatibility view settings" UI in internet explorer
11. or internet explorer 9, for that matter. and the sites are not running in compatibility mode. I've tried the computer setting and the user setting. RSOP, gpresult, and the Group Policy Results wizard in GPMC all show that the policy is getting applied
to my test machines and test users.
↧
internet explorer 11 compatibility mode
↧
Listing and Setting "Local Computer Policy" with powershell
I have a handful of Windows Server 2012 servers that I need to configure. I have found how to do it through the mmc and snap-in, but I would like to create a powershell script to be able to do it consistantly and accurately for all the servers and
to quickly be able to verify the settings of all servers. One example is:
Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit System Integrity
I want to be able to list the current settings to make sure that "Success and Failure" are entered and set them if they are not.
There are almost 300 items like this that I need to set or verify.
Thanks!
↧
↧
Error when setting GPO Display information about previous logon during user logon on Wins 7
We recently try to deploy a GPO on our network (All Server 2008 and Windows 7) to show previous logons during
user logon. The setting is located in Computer Configuration| Policies |
Administrative Templates | Windows Components | Windows Logon Options | Display
information about previous logons during user logon = Enabled. Our domain
level is set to Windows Server 2008. I verified that it is Windows Server 2008
on Domain and Trust.
Here is the article about this setting
Active Directory Domain Services: Last Interactive
Logon
But after we deploy the setting, we are no longer able to login
to any of our windows 7 machines. All of them got an error message said :
“Security policies on this computer are set to display information about the
last interactive logon. Windows could not retrieve this information. Please
contact your network administrator for assistance.”
The setting
worked on windows server 2008. I was able to login to DC and revise the setting,
so we can log back in the windows 7 machines.
Anyone has experience this
issue before? I looked up all of the web and only thing they said is to make
sure the domain functional level must be set to Windows Server 2008, which it
is.
user logon. The setting is located in Computer Configuration| Policies |
Administrative Templates | Windows Components | Windows Logon Options | Display
information about previous logons during user logon = Enabled. Our domain
level is set to Windows Server 2008. I verified that it is Windows Server 2008
on Domain and Trust.
Here is the article about this setting
Active Directory Domain Services: Last Interactive
Logon
But after we deploy the setting, we are no longer able to login
to any of our windows 7 machines. All of them got an error message said :
“Security policies on this computer are set to display information about the
last interactive logon. Windows could not retrieve this information. Please
contact your network administrator for assistance.”
The setting
worked on windows server 2008. I was able to login to DC and revise the setting,
so we can log back in the windows 7 machines.
Anyone has experience this
issue before? I looked up all of the web and only thing they said is to make
sure the domain functional level must be set to Windows Server 2008, which it
is.
↧
How can I disable IPv6 EUI randomization with group policy?
I need to turn off IPv6 EUI address randomization. It can be done in netsh (a few commands) or powershell (Set-NetIPv6Protocol -RandomizeIdentifiers Disabled). How can I do this in group policy without scripting?
↧
Group Policy Folder Redirection + Offline Folders + Multiple Computers + Same User Account = Can not create folder KB2610379
Step 1: User logs into their old Windows 7 SP1 computer joined to Windows Server 2012 Domain. Group Policy redirects Folders. User has set folders to Offline Mode. Everything works fine without issue. Turns off computer.
Step 2: Same user logs into their new Windows 7 SP1 computer joined to Windows Server 2012 Domain. Group Policy redirects Folders. User HAS NOT set folders to Offline Mode. Everything works fine without issue. Turns off computer.
Step 3: User logs back into their old Windows 7 SP1 computer joined to Windows Server 2012 Domain. Group Policy redirects Folders. As previously mentioned, User has previously set folders to Offline Mode. Everything works fine without issue. Turns off computer.
Step 4: User logs into their new Windows 7 SP1 computer joined to Windows Server 2012 Domain. Redirected folders are no longer accessible. Error code is logged to Event Viewer: Can not create folder, etc. All items relevant to KB2610379.
QUESTIONS:
First Question: Does Folder Redirection when combined with Offline Folders provide the functionality for a single user to login to multiple computers without issue? By design, it would appear that it does not or I would not be encountering this issue.
Second Question: Do I simply need to install the Hotfix in order for this issue to go away? In other words, does this Hotfix provide the functionality for a single user to log into multiple devices without this issue ever recurring? All Group Policy settings are set to defaults on the Server.
Third Question: By installing the Hotfix, does it provide the functionality for the user to have folders set to Offline Mode on their old computer while while the new computer has yet to have folders set to Offline Mode? Is this information stored
in the user account profile on the Server? Or is it stored locally on the computer via the Offline Files database? If it is being stored locally in the user account profile on the computer: WHY? It seems far more logical to have it stored
on the Server as a part of the user's profile in Active Directory.
Fourth Question: What issues does this present? What is the easiest way to resolve this issue? Is this a known issue? If this is by design, was the basic scenario described above foreseen? Is this an issue that will be addressed in a comprehensive manner?
↧
↧
Users have to logoff when they do not work in the coming
Hi, I want to
When my domain computers are idle for fifteen minutes to get automatic logoff
Which policies are relevant to the Group policy Managment?
Up my Domain Controller: Windows Server 2003 R2
tank you.
↧
Enable System Protection on all drives
Hi!
Is it possible to enable System Protection on all the available hdd partitions through windows 2008 group policy for windows 7 and 8? I could only find an option for disabling the configure button but there is no option for enabling or disabling the protection itself and selecting the drives.
Thanks.
↧
Software Restriction Policy
Hi,
We have applied Software restriction policies on a Test LAB to restrict the unwanted applications from running. We have made exception path, hash rules for genuine applications and software.
We have observed that if the exception list grows large then we cannot open or change GPO's and clients also cannot apply policy. Once we restore it back from Backup it works fine again.
I wanted to know is there any limitation to the exception list after which we should consider creating additional policy.
Thanks
↧
Machine Policies are not getting applied to the PCs
Hi,
On most of our computers, computers policies are not applied. user policies are applied properly and working.
The result states that Windows could not resolve the computer name. I copied the whole error message below.
-------------------------------------------------------------------------------------------------------------------
Updating Policy...
User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
---------------------------------------------------------------------------------------------------------------------
Our DNS is working fine. I tried the following options
1. disjoined and rejoined to the domain
2. 3 times I run the sysprep with generalize option and joined to the domain
No luck
Please help, Thanks in advance.
Sundar
↧
↧
how to setup shutdown workstation that are in same domain
Please suggest the group policy by which I can turn off all the domain system from DC. And before shutdown I need to display a message that " Your system is going to be down in next 2-3 mins". Kindly suggest.
Inder Johar
↧
logon script dosnt work
hi guys.
i have a gp that uses logon script that contain a batch file that copy files from a certain destination (a mapped directory on my filer) to the local computers. for some reason, it dosnt work.
if i run the batch file locally on any computer in the domain, it works - so its not a problem with the file itself. when i use gpresult on any computer in my domain i see that the gp is there.
i also checked permissions - the batch file and the files it is suppose to copy have full rights to all authenticated users.
what am i missing?
↧
how I can make a policy to prevent the users to use a flash memory or removable disks but allow IT stuff to use it ?
I want to make a policy to prevent the users to use a flash memory or removable disks but I want to allow IT stuff to use it when they are log on to computers
How I can make it ?
↧
WMI OS filtering of GPO with only user settings
Hi, I want to confirm whether the following is true or not: I have GPO linked to a domain with only settings in user configuration section (logon powershell script). If I apply WMI filter that selects only Windows 7 computers to this GPO does it mean that only users logged on Windows 7 machine will get that powershell script via GPO? According to:
it seems that it means but I want to be absolutely sure.
Thanks in advance!
↧
↧
GPP shortcut for mandatory 32-bit desktop shortcut
We have a web-based application that requires the 32-bit version of IE. All users have Windows 8.1 64-bit, with IE11. I'd like to use Group Policy Preferences to push a desktop shortcut with it's own icon that launches through C:\Program Files (x86)\Internet Explorer\iexplore.exe.
Can someone assist me with this?
Thank you!
↧
One Drive
We are a non profit and are currently using dropbox. There are approximately 150 different, one sheet, documents, that 10 different people tweak on a monthly basis. We have problems with changes being seen on everyone computers. We think the fix may be
to be able and LOCK a document while using it and UNLOCKING once complete for next person to use. Is this possible?
↧
Switching from Basic to Advanced Auditing in Windows Server
Most of my workstations are windows 7 and all my servers are server 2008 R2. Is there any danger of following the steps at this link http://www.petri.co.il/enable-advanced-audit-policy-configuration-windows-server.htm
I have some settings in basic auditing and im concerned if I enable Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings if all it will do is stop showing anything under security in event viewer until I turn some stuff on in advanced audit or could it possibly cause some negative effect?
Thanks,
Rob.
↧
Deploying Certificates via group policy
We have our own CA certificate server. I am implementing certificates for our remote users for VPN. I am in a pilot phase where I can apply a user certificate from the CA on the notebook PC. The issue is that I have 300 notebooks and do not want to have to contact each user to request a user certificate and then second, the certificate would expire in a few years stopping people from getting on the VPN until we get them to renew the certificate.
Can you create a user group policy where it deploys a unique certifiate for each user and when it is close to expire it would renew automatically?
↧
↧
How to prevent reboot independent of user login
Hello,
after installing Windows updates the system will only execute a reboot, when there aren't any users logged on it. You can prevent this by a GPO setting.
I'd also like to prevent a reboot when users aren't logged on this system. How can I prevent this?
↧
GPRESULT: Unexpected error
Hello,
when executing the command "gpresult", there was an unexpected error in the user settings:
The user is a part of the following security groups --------------------------------------------------- ERROR: An unexpected error occurred.
I tried to reset the computer account and to rejoin the computer to the domain, but the problem couldn't be solved. I don't believe that it's a problem in the user account, because this error doesn't occur on another computer with the same user. It's just on one computer.
Any ideas what the problem could be?
↧
Workgroup Printing
Work in a school district and we are attempting to streamline our workgroup printing. While we do a lot of printing to Xerox, there are still quite a few Color/Monochrome workgroup printers in labs and offices. I was wondering if there was a way either through GP, SCCM or whatever means aside from expensive software to filter printer access based on a machine's Active Directory name.
For Example:
Printer Name: LAB4 Color
Computer Names: HS-LAB4-123456
HS-LAB4-12345
I would like to limit access to LAB4 Color to only be seen and accessed by those who login to a computer with LAB4 in the AD name. Can this be done?
Thanks,
RT
↧
