Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Proxy Settings GPO Doesnt seem to apply until F5 pressed

October 16, 2014, 6:32 am
$
0
0

Hi,

We've recently found our GPO that configures our browsers has stopped working intermittently. We have found that when users try accessing the internet they get "Page cannot be displayed" until they hit F5, which seems top apply the policy.


Its strange as when the user tries a website, the bottom of the browser shows the ip address of the site i.e 212.58.244.66 but then immediately times out. Then F5 seems to kick the group policy kicks in.

Doing a gpresult /h name.html shows that all of the policies you expect to be applied are applied.

Has anyone came accross anything like this before?

Cheers

Search

how to add "create automatic configuration script" url via gpo for IE 10

June 23, 2013, 11:03 pm
$
0
0

Hello,

I have win 8 clients and DC with win 2008 sp2.

I do want to push out proxy configration script to IE 10 and looks like there is another way via preferences to achieve this.

How exactly should I be doing this, So far I had done this via old way and its no longer working:

User configuration > Windows Settings > Internet Explorer Maintenance > Connection > Automatic Browser Configuration. : Select Enable Automatic Configuration.

Thanks

Issues With Active Directory Log on Hours and SMB Connections

October 16, 2014, 12:41 pm
$
0
0

Hello and Good Day Microsoft Community...

I am having a strange issue and I hope you can help. My organization deploys a custom application that we deliver thru Remote Desktop Host servers. Users log into our RDH server farms and use this application in a Remote Desktop Session. The application depends on several drive mappings to remote servers in order to work. Now these user accounts that log into our Remote Desktop Servers do have log on restrictions in place. A common period that we don't allow new connections to the environment is 12am-2am local time. Eventhough we don't allow NEW connections to be established at this time, we do want sessions that were established before 12am not to be interupted. That is, I don't want already established connections to lose those drive mapping settings in their session. Thats what happens today....

So, I went in and adjusted our group policy to configure the two settings that I though control this behavior. Specifically....

Default Domain Policy - Windows Settings - Security Settings - Local Policies - Security Options. I set:

Microsoft Network Server: Disconnect clients when logon hours expire set to Disabled.

Network security: Force logoff when lgon hours expires set to Disabled.

After setting these two, I let all computers in my AD forest to refresh policy overnight. I then take a test user. Modify the logon hours of that account to expire in the next hour. I log on, and then make sure my drive mappings in my session are active, and they are. I wait an hour till I know that first block of time is coming where my logon hours will expire, and I am surprised to see that my drive mappings are severed? What am I missing here? Looking at the description of these two group policy settings, I would not expect this to happen.

I did do a resultant set of policy in logging mode to make sure my test user was logging into a server that had refreshed it policy since I made the change last night, and it was refreshed. Am I expecting the wrong result from making this change? If so, then what are these two policy settings for?

The environment is all Windows 2008 R2, including the domain controllers. Active directory is Windows 2008 R2 domain level and forest level. All clients and remote servers holding the shares are also Windows 2008 R2.....

mapped drives wont map to the pc with group policy.

October 16, 2014, 12:54 pm
$
0
0

I have followed every ones examples to try and get this to work but they only way I can make them work is if I link the gpo off of the domain.

any help?

Can't find "Windows Remote Management (WinRM)" in Group Policy Management console

October 16, 2014, 3:19 pm
$
0
0

So looking at different scenarios for enabling WinRM / PSRemote. Find all kinds of information on how to do it... stoked right!? Not so much, I can't find Windows Remote Management (WinRM) where it should be, or anywhere else. WTF? Any ideas here kids?And OBTW, Domain Functional Level is 2008 R2 with Windows 2012 R2 DC's.

Password complexity requirements enabled? But not in any GPO

October 16, 2014, 4:13 pm
$
0
0

I inherited a domain with password policies setup in the default domain profile.  In the password policy section of the GPO, the password complexity requirements are currently setup as "undefined".  However, the complexity requirements seem to be enabled and working when I try to change my password. When I check my local machine policy, it says disabled.

Is there an easy answer to why this is working? Even though the policy is set to undefined?  I was actually going into it to enable it BUT it looks to be working somehow.

Thanks in advance.

Applying Computer Settings takes several minutes for many domain users

February 10, 2010, 10:10 am
$
0
0

Our help desk is constantly getting complaints that it takes several minutes from the time the user logs in to the time they get to their desktop.  This also happens on my workstation. 

I have tried moving my computer into a OU with no policies applied and it still takes a long time.  I enabled logging and have done a packet capture.  I do not see any errors in the event log or in the userenv.log file.  Using sysprosoft's Policy Log Viewer to view my userenv.log file, I can see that policy processing starts out normal.  In the first fraction of a second, it performs the ping to the server, and determines that it is a fast link.  The next entry occurs 86 seconds later, and it identifies "network name is example.domain.com".  The domain controller it's contacting is in the same domain and site as my workstation. 

During this logging process, I was performing a packet capture, and do not see anything unusual going on, like DHCP still trying to acquire an address or any communication to one of our other sites. 

As another test, I assigned my workstation a static IP address with DNS pointing to our internal DNS servers.  I still get the long delay.

Roaming profiles are not involved, and our clients recieve IP addressing from DHCP with DNS pointing to internal DNS servers.  Our Domain Controllers point to internal DNS servers as well.

This issue seems to have started sometime after SP3 was deployed.  Management has sprung for a load of new computers, thinking it's going to solve the slowdown, but it does not.  Any ideas as to why computer policy takes so long to process? 

Thanks,
Joel

Group policy and trusted sites issue

December 28, 2012, 5:47 am
$
0
0

Last week I set a new IE home page through group policy (User Config\Windows Settings\Internet Explorere Maintenance\URLS/Important URLs) and added a couple sites the the IE Favorites.  Seem to be fine, so I pushed it out.  Shortly after people started saying that they couldn't log into secure sites.  I found that for some reason this wiped out everything in each users trusted sites and blocked their ability to add individually.  Removing the policy didn't fix.  So, I've made a mad scrample to add the most important sites manually through the GPO, but why would this happen?  I've seen on some posts that this is by design, but is there a way to do both.  I can add, but still allow users add also?

Another affect of this is that some users have lost the ability to open hyperlinks from Outlook.  Says that they are unable to open because of administrator restrictions.  Is there a GPO setting for this?

Any help is MUCH appreciated.

Search

Turn off add-on performance notifications. Disable add-on performance notifications Not Listed In GPMC.msc

October 10, 2014, 10:39 am
$
0
0

I see it in the Internet Explorer section in local group policy editor (gpedit.msc), but the same setting is not in GPMC.

I have tried it from both Windows 7 and Windows 8.1 RSAT Group Policy Management Console.  Server 2008 domain.

How do we enable this setting for Internet Explorer 10 through domain group policy instead of local group policy editor?


Create customized and managed msi package for software installation in gpo

October 17, 2014, 12:29 am
$
0
0

Hello everybody,

I have a many users in a domain and  need to install different software on systems ,but each software has it's own 

configuration, for example we need to install internet download manager(idm) and want to check mark and define some options in  menus .

what's the solution ? or which program is good to create msi package with custom details ?

thanks for reply


What is the importance of the value 0x00003020 on AuthenticationCapabilities ?

September 15, 2014, 8:51 pm
$
0
0

We notice that we had a 'windows could not connect to the group policy client service' error on a batch of machines. 

We already had the registry for AuthenticationCapabilities and CoInitializeSecurityParam set using GPO.

But somehow the value for AuthenticationCapabilities had changed from 0x00003020 (decimal 12320) to 0x00012320 (decimal 74528) and it caused the error. 

Once this was corrected, everything worked fine (as we already knew - that's the reason we had pushed out the keys using the GPMC preference).

But what I want to know is, what does the key do and what values it can have? I guess its something to do with permissions on teh SVCHost starting up, but could not get much details from the internet on this.

Regards,


Ramu V Ramanan

Add Windows 7 Policy

September 29, 2014, 8:00 am
$
0
0

Hi Windows Server Expert,

I would like to create a group policy to be pushed down to all Windows 7 Computer. My server is using Windows Server 2008 R2. However, I can only find the policy to be added for Windows XP. it seem that my server 2008 R2 don't have the updated options thus I will be able to push down policy for my windows 7 client. is it windows server 2008 group policy only support up to windows xp? kindly see the picture below, I can see only windows xp.

Please advise.

thanks so much.

Regards,

Henry

how can i set user to be administrator

October 17, 2014, 4:11 am
$
0
0

heey , 

i have windows server 2008 , how can i set specific user to be an admin on his computer , because when he makes something , his computer says to him enter the user and password of administrator , i need to give him to make any thing on his computer without any server requires

GPO for changing Text of "My Computer"

January 30, 2012, 8:28 am
$
0
0

Hi,

Is there any way to change the text of "My computer" in Windows 7 and Windows Server 2008 using a GPO?

In the past I changed the text of "My computer" on our domain computers with a statup script. This script change HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ Value LocalizedString to "%username% on %computername%" and worked well with Windows XP and Windows Server 2003.

Now on Windows 2008 and Windows 7 this key is restricted.

Read for

  • System
  • Administrators
  • Users

Full access for

  • TrustedInstallaer

So my statup script does not work, because it acts as system account.

Bye
Georg

Drive mapping

October 17, 2014, 6:23 am
$
0
0

Hi All,

I am experiencing a strange issue. We current map our file server via GPO preferences. So I had to build a new file server. Backup and restore then change the group policy to reflect the new server.

Problem is, it doesn't want to change it on the client side.

I have all the settings correct, Item level targetting is to an AD group. I used the Update and even tried the Replace Action. Still no joy.

Am I doing something wrong? In my mind this should be pretty simple.

regards

VB Knowledge = 0%

Search

Drive Block using group policy

October 17, 2014, 5:45 am
$
0
0

Can Any one help me about this drive block 

i am unable to block the E & F drive for all users. so please advice with clear steps of commands, how do i write the drive blocks script using the group policy in server 2012.

However I tried through registry but still its not working. my only concern how to block few users accessing D drive and few users from F drive in the local system using group policy. 

Thanks in advance.

GPO/Script to add Custom Toolbar in Windows 7

February 9, 2012, 6:22 am
$
0
0

Hi,

I would like to deploy several Windows 7 computers with a custom toolbar on the taskbar.

How would I go around doing this? If there is a way to do it in GP, that would be best, but we can use i.e. registry to create this aswell.

Many thanks

Windows 8

October 17, 2014, 11:35 am
$
0
0
It happens to me but randomly in Windows 8.1 Pro computers

Group Policy - Issues deploying software packages through GPO

January 13, 2012, 1:51 pm
$
0
0

Hello everyone,

I am having issues successfully deploying MSI packages through group policy.  I have set my computer account up in its own test OU in my domain, but yet the software will not deploy.  Example, I'm trying to deploy AVG Anti-Virus and make sure it is installed on each and every PC in my domain.  As for the GPO, I set it up as an assigned package and pointed to the location of the package with the UNC file path (visible to both the DC and my computer that is part of the affected OU)

On the domain controller, I get these messages in application event logs:

Beginning a Windows Installer transaction: \\hs-dc2\software\avg\installavg.msi. Client Process Id: 9048.

Ending a Windows Installer transaction: \\hs-dc2\software\avg\installavg.msi. Client Process Id: 9048.

This shows up when I refresh GP on my computer.  I run gpresult /h GPReport.html and get the following message:

Software Installation failed due to the error listed below.
Fatal error during installation.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between

The software is in a share on the domain controller that is visible from my computer, and permissions are set where "Everyone" has read access.  I have tested the package on my computer and it installs correctly if I do it manually, so it's a good package. 

I'm at a loss.  I am admitedly very new to GP management, but I'm pretty sure I have covered all my bases here.  I humbly ask for any and all help that you all can provide.

Thank you all very much, have a great weekend!

GASP - GPO Management - Domain - Remove ???

October 17, 2014, 1:01 pm
$
0
0

(EDIT: This is a Server 2008 R2 domain.)

While trying to refresh the domain to show organizational unit changes, my laptop trackpad accidentally triggered itself over the "Remove" menu option, and BAM, the domain is gone!! No confirmation! WTF!


Fortunately I was able to click on the now-empty Domains object and add it back again.

I have no idea what just happened. Did I potentially damage the directory in some manner? Do I now need to perform an AD restore to undo erasure?





Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>