ok this is an interesting one and only coming from win 7 computers. on the domain and remote off domain after they vpn. I am thinking if i have win 7 machine i am off the domain then i vpn in after the p/w expired that will explain that. but what about
desktop on the domain win 7 computer i should be getting prompt (current group policy is set for 45 days ) is there an additional setting that is needed or some kind of script I am thinking is probably an easy fix for this. or this just might be something
folks are going on about that is not accurate. End users tend to get in a tizzy :-) see fire when they are surrounded by water :-)
↧
some end users reporting not getting prompt for password expiring on windows 7 computers on or off the domain
↧
Event ID 1085 windows failed to apply the Folder Redirection settings
We have a group policy configured for folder redirection, where users are configured with Roaming profile and the profile are stored on SAN, the folder redirection policy has been configured for desktop, documents, downloads and music. Recently we found may users were storing their MP3 and video files on the music folder which in turn filled up the SAN space. So we have modified the policy for music to store it on local profile as follows in GP:
Setting: Basic (Redirect everyone's folder to the same location)
Path: Redirect to local user profile path
Our environment is window server 2008 R2 and our clients are windows 7 enterprise. We also have citrix environment XenApp 6.0 and we have user's complaining about the slow logon issue and especially it takes more time during "Applying Folder Redirection policy". We I have checked the XenApp servers i found the following warnings on the system log.
+ | System |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- | EventData |
SupportInfo1 | 1 |
SupportInfo2 | 3961 |
ProcessingMode | 1 |
ProcessingTimeInMilliseconds | 12277 |
ErrorCode | 1003 |
ErrorDescription | Cannot complete this function. |
DCName |
ExtensionName | Folder Redirection |
| ExtensionId | {25537BA6-77A8-11D2-9B6C-0000F8080861} |
Kindly let me know what went wrong, since everything was working fine before the change.
Sanjivram
↧
↧
Group policy is not working on windows 2008 r2
Dear All,
I have updated my domain from windows 2003 to windows 2008 r2. After migrating I noticed that group policy is not working on users and computers. I ran gpresult /v and rsop.msc and found that software package gererating error and showing that source server is not responding. The pointing source server had been removed long time and not part of our AD. Below is the error showing on client side for your reference.
User Policy update has completed successfully.
The following warnings were encountered during user policy processing:
Windows failed to apply the Software Installation settings. Software Installatio
n settings might have its own log file. Please click on the "More information" l
ink.
Computer Policy update has completed successfully.
For more detailed information, review the event log or run GPRESULT /H GPReport.
html from the command line to access information about Group Policy results.
I hope this will help and if need any clarification kindly let me know.
Thanks in advance.
↧
Error when trying to "Detect Now" in Server 2012 Group Policy Management
I have three Windows Server 2012 domain controllers running Active Directory at a functional level of Windows Server 2008 R2. The domain controllers were recently replaced with the 2012 DCs.
When I open the new Group Policy Management console on a domain controller, click on my domain, click the new Status tab, clickDetect Now (button on the bottom right) I receive this error:
Group Policy Management
A processing error occurred collecting data using this base domain controller. Please change the base domain controller and try again.
This server is the Primary Domain Controller (PDC).
Any thoughts?
↧
Group Policy Preference mapped drives not applying if user logs in "too quickly"
Hi all,
I'm experiencing a bit of a strange issue. The behaviour I'm seeing is if a user logs in quickly (as in immedaitely upon the logon prompt being presented), their drives do not map correctly. However, if the user waits a few seconds (10 is usually enough) or logs out and logs back in, the drives appear.
One of the drives, their home drive (H:), is set via AD in the user object. The other drives are controlled via a Group Policy using Group Policy preferences. The Group Policy is linked to the OU containing computers, with the actual settings under User Configuration. There is another group policy that enables Loopback Processing. There are a large number of drive items in the group policy (in the case of one drive letter, there's about 60 mapping settings for it), with Item-level Targeting in use. The targeting method is security group, so if the user is a member of the right security group, they get the drive. Some of the drives are mapping to server-based UNC paths (ie. \\servername\folder) while others are mapping to a DFS-based location (ie. \\domain.com\folder\). The drive mappings are set with the following options:
- Reconnect is set to Disable
- Use First Available is set to Enable
- Run in logged-on user security context is set Yes
- Remove this item when it no longer applies and Apply ones and do not reapply are set to No
From some research I've done, there's things that could cause this sort of problem but they aren't valid in this case. For example, the Group Policy setting "Always wait for the network at computer startup and logon" is set to Enable. When the issue happens, there doesn't seem to be any obvious error messages in the event log.
The environment where this is happening is at Windows 2003 forest and domain functional level. The clients are running Windows 7 SP1 with the affected machines all being desktop computers connected via a LAN cable. 802.1x authentication is in place on the wired network.
Is there anything else I could look at to fix this problem? Thanks.
↧
↧
Deny access to remote desktop users / TS users to access/browse networks as well as copy/paste data on remote desktop session host server
We have a windows Server 2003 domain controller in network. Recently we added Windows server 2012 server and installed Remote desktop services with license on it. We have created a user group which has a remote desktop access to this Windows Server 2012
server.
But when the Remote desktop users access this Windows server 2012 server via Terminal Services, they are able to browse all networks and UNC path and can copy/paste data anywhere within these network shares.
Now we want to restrict these users from accessing entire network as well as UNC path and copy/paste data using group policy.
Appreciate if anyone help me for doing this.
Thanks and Best Regards,
↧
Win 7 and XP folder redirection
Hi Everyone,
We're currently running Windows XP, on Windows Server 2008. We are introducing Windows 7 machines, and users will often switch between the two.
On XP My Documents folder redirection works fine, however I am running into issues setting this up for Win 7.
From what I gathered so far, I can not redirect "Documents" to the root of the users folders, ie \\servername\usersshares\username\
Can anyone point me in the right direction of what the best way to do folder redirection for my environment? I would hate to have to manually move contents of users folders to a sub-folder.
Thanks
↧
GPP drive mappings to unavailable servers
Running Windows 2008 R2 servers, XP and W7 clients. Using Group Policy Preferences for drive mappings. All works well until one of the destination servers is offline. Client login takes minutes. Is there a way to make it skip the
mapping if the server is offline rather than waiting for the timeout?
↧
Filter out computer from receiving domain linked level GPO
I have a GPO linked at the domain level that I DO NOT want applied to a specific workstation inside of an OU in the domain. This will only be applying to this one machine and no others. I have attempted to deny "read" and "apply
group policy to this computer account but this is not working. Thoughts/suggestions?
↧
↧
Computer group policy settings not being applied
We have a doman hbk.com and this computer windows 7 professional has a weird issue. When I try to run a gpupdate i get the error below
When I run a gpresult ouputed to an html I get that.
Things ive tried so far. Going to that file \\hbk.com\SysVol\hbk.com\Policies\{57C2F3F6-D91F-4557-A1E2-6235572CA19D}\gpt.ini and giving the computer and user full control. removing the the computer from the domain and re-adding it, ipconfig /flushdns. ipconfig /release and renew. Any Ideas? Thank you. No other computer but this one is having this issue
↧
Deploy Library via GPO - for individual user shares
I found a good technet article for deploying Libraries of network shares via GPO:http://social.technet.microsoft.com/wiki/contents/articles/create-custom-libraries-in-windows-7-and-deploy-them-through-group-policy.aspx
Could anyone help my figure out how I could also deploy this mapping individual users shares that were created in AD %username%?
Not sure if this is possible.
So a library deployed would have locations:
\\server\data
\\server\users\%username
Thanks in advance.
SJ
↧
Adding ie9 and ie10 option to GPO/GPP
Hi
I admin a 2008r2. I am trying to add GPP for ie10 some windows 8. I am assuming that they are not working because I do not have ie9 or ie10 option available only ie 5,7,7,8. How do I add ie9 and ie10 options.
Richard Britt Jr
↧
Group Policy Preferences "Drive Maps" and slow logons if server isunavailable
Hi to all in the forum ;-)
For all of you using GPP Drive maps:
Hope it speeds up your logons ((-:
regards, Martin
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
↧
↧
Redirection of XP's My Documents on SBS2011 Server
I was pointed to posting in here but then the 2011 SBS forum..
I'm setting up a small business server with SBS2011 but a minor problem is coming up with the 'My Documents' Redirection. In SBS2011's GP It has redirection for 'Documents' (the New name for the folder) and when I set this as being the redirection, the XP client doesn't think My Documents IS Documents. Thus it won't redirect. And there does not apply to be a 'My Documents' variable in the GPE nor can I figure out a way to add one.
Does anyone have any ideas? Have I missed something very stupid?
↧
What causes there to be a difference between settings viewed in gpedit and RSOP
So, I'm looking at settings defined by local gpo and also looking at the same settings via RSOP... What would cause the two to be out of sync? For instance, in the group policy editor, the Audit account logon events setting is set to "Success,
Failure"; but in RSOP, the setting says "Not Defined"... Where is the conflict coming from?
↧
Group Policy to control access to a service?
Is there a way to set a GPO to check if a service is running and if it is not, start it?
For instance if malware or user stops a service such as the Windows Update service, it should be automatically restarted at the next policy refresh.
The other setting I would like to change the permissions so on only members of specific security groups (such as helpdesk to domain admins) can make changes to the service.
There are users who Google: "How to turn off Windows updates" and decide to stop/disable the update service so they don't have to install updates.
↧
Can you add an entire Top Level Domain to a Security Zone using Group Policy?
We use an Administrative Templates Policy located here:
Computer/User Configuration\Administrative Tools\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to zone assignment list
To control which websites are in the Trusted Sites and Intranet Zone. We have many specific subdomains of top level domains like .gov and .mil in our trusted sites, such as
and
http://*.army.mil/
These work fine. We are wondering if we can add entire top level domains to trusted sites, so is it possible to add
http://*.gov/
and
http://*.mil/
so that any subdomain of .gov or .mil was a trusted site?
We are using this policy to control the security zones on IE7 and IE9.
↧
↧
Using Fine-Grained Password "Policy" displays incorrect values on Change Password notice...
DFL/FFL - Windows 2008
Clients are Windows XP SP3
Windows 2008/R2 DC's
I have successfully implemented a Password Settings Object in a test domain. This is acting and behaving as intended except for one curious issue. During testing, I noticed when changing password either because of expiration or ctrl+alt+del, if you put in a password that does not meet the minimum complexity requirements you receive the standard "The password supplied does not meet the minimum complexity requirements. Please select another password that meets the following criteria: ..." It then displays values for character length, no. of password saved in history, etc. However, these values are from the password restrictions in the Default Domain Policy (DDP), not the settings from the Password Settings Object (PSO).
For instance, the DDP has the value of '2 remembered' for the "Enforce password history" and the PSO has a value of 6 remembered. The Change Password notice shows the DDP value of 2.
So my question is, why? Why doesn't the notice popup display values from the PSO and not values from the DDP. I have tried to unlink the DDP, same problem. I have also disabled "Account Policies/Password Policy" settings in the DDP, same problem.
I have found articles on customizing this notice popup via msgina.dll but, I am unwilling to go that far until it is the only option (seems overkill and an unreasonable solution). I don't want a custom message I want a message display correct values.
Also, I put this in a group policy thread because it's called a policy even though it isn't one. If this is incorrect, MOD please move to appropriate thread.
Any help is greatly appreciated!
Thanks..
↧
group policy software installation
We are trying to push out the latest java 1.7 update 11 to all workstations using software installation in group policy. For whatever reason, the computer appears to start the installation, but never finishes and all that is displayed on Win7 machines is "Please wait". There has to be something we are missing. Here are the steps that have been done. I also tried a different software msi just to be sure there was nothing wrong with the Java msi.
win2008 r2 with all updates
win7 workstations with all updates
1. Extract the Java msi and place on a share on the network available to everyone
2. Create test OU and put the test computer in it
3. Create a new policy and under computer section make sure Windows installer as elevated permissions
4. Under the same computer policy add the software installation and point it to the msi on the network5.
5. Link policy to OU
6. I used Orca to change the properties of the msi related to java stuff per a bunch of articles on the internet. I also tried using a transform file to no avail.
The compute is starting up and "please wait" is sitting there forever. The installation only takes a minute or two. After letting it sit for 15 minutes, I power off the machine, disable the policy, then the computer can startup just fine.
I know the installation starts, because when I try to run it manually, it says a previous installation was running.
any ideas why this is not working? The policy permissions are right and I can manually install the msi just fine including a silent installation.
Network Touch
↧
Server 2008 R2 GP error 1101
I just installed a server 2008 R2 on my network and put WSUS 3.2 on it, nothing else. All my other client computers and domain controllers can access it. When I check the system log I get an 1101 error. Windows can't locate the directory
object.
David J Berquist
↧