Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Error in deploying software through GPO

October 6, 2014, 5:28 am
$
0
0

Hi,<o:p></o:p>

I have a requirement of installing browser plugin to all computers in my domain. Thought of using GPO for this process & followed the procedure.<o:p></o:p>

i am facing following error in client request support.<o:p></o:p>

Event 101 :- The assignment of application OrgPublisher PluginX 11.5 from policy Org Chart plugin - msi deployment failed. The error was : %%1603<o:p></o:p>

Event 103 :- The removal of the assignment of application OrgPublisher PluginX 11.5 from policy Org Chart plugin - msi deployment failed. The error was : %%1603<o:p></o:p>

Event 108 :- Failed to apply changes to software installation settings. Software changes could not be applied. A previous log entry with details should exist. The error was : %%1603<o:p></o:p>

Event 1085 :- Windows failed to apply the Software Installation settings. Software Installation settings might have its own log file. Please click on the "More information" link.<o:p></o:p>

Event 7009 :- A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.<o:p></o:p>

 

Can anyone help me ???<o:p></o:p>

 

Regards,<o:p></o:p>

Karthik V<o:p></o:p>

Search

Group policy using to create Chome shortcuts

October 7, 2014, 2:05 am
$
0
0

Hi all,

I require assistance please with a webpage to open in Chrome and to be on all users desktop to stop kids deleting.
Currently I have the following in group policy but it fails to work the url is http://thirdspacelearning.com/user/login

Name: Thirdspacelearning shortcut
Target type: File System
Object Location: All Users Desktop
Target path: "C:\Program Files\Google\Chrome\Application\chrome.exe" http://thirdspacelearning.com/user/login
Start in: "C:\Program Files\Google\Chrome\Application"
Shortcut key: None
Run: Normal Window

Group Policy for IE security option

October 7, 2014, 9:02 am
$
0
0

Hello

I have a problem with group policy.

I wanted to add intranet site to IE properties in security tab and I did research and found one link which saying

go to group policy management -> user configuration -> windows settings -> internet explorer maintenance ->

security -> right click on security zones and and click on properties and make changes. 

(I was able to find this option running GPMC in DC. If I add GPMC in MMC in my computer, i was not able to see this option)

so I clicked on"import the current security zones and privacy settings in security zones and privacy and added the site.

on my PC, I did gpupdate /force and it seemed working since the site was added and in my computer IE settings, it said "some settings are managed by your system administrator" and I updated the GP on other PC which did not work and

I realized that the link was for windows 2003 server and I have windows 2008. so I reverted what I did and on my PC, I updated the GP but the settings in IE was not changed back to what it was.

my questions are

- how to change the settings on my computer?

- why the GP was working on my computer but now the other computers?

- how to add intranet site thru GP for all the users?

Thanks

Group Police Folder Redirection Policy issue

October 8, 2014, 5:03 am
$
0
0

Hi Guys

I found a lot of issues about a folder redirection policy and everything and implemented some of the solutions that were suggested but nothing has helped.

What has to happen in my case is that users have to be moved from a local account to a domain user account...now a folder redirection policy has been put in place for the user's data in "My Documents" and "Desktop" to copy to a NAS drive that is connected to the server when they log in with their domain user account credentials. The Domain Controller is running Server 2008 R2.

The way I understand it is that once they log in for the first time, the policy is supposed to apply and the user's data should show on the desktop automatically but it doesn't at all and when you look in documents there is nothing there either.

I did run gpresult and saw the policy in place for both folders and i tried gpupdate /force with no success. I also double checked the permissions and changed some permissions according to other suggestions but no success.

Some user's have moved over without any issues what-so-ever but some users i'm having issues.

The users use Windows 7 and Windows 8 laptops and desktops. I have had issues with both Windows 7 and 8 whether the user uses a laptop or desktop.

If anyone can help that would be greatly appreciated.

GPO

October 21, 2014, 2:49 am
$
0
0

Hi everyone, 

i want to create a GPO 

Internet Options Trusted site-sites(add a website)

2. Custom Level(Trusted Sites)-User Authentication-Automatic logon with current username and password

please do guide me

Issues With Active Directory Log on Hours and SMB Connections

October 16, 2014, 12:41 pm
$
0
0

Hello and Good Day Microsoft Community...

I am having a strange issue and I hope you can help. My organization deploys a custom application that we deliver thru Remote Desktop Host servers. Users log into our RDH server farms and use this application in a Remote Desktop Session. The application depends on several drive mappings to remote servers in order to work. Now these user accounts that log into our Remote Desktop Servers do have log on restrictions in place. A common period that we don't allow new connections to the environment is 12am-2am local time. Eventhough we don't allow NEW connections to be established at this time, we do want sessions that were established before 12am not to be interupted. That is, I don't want already established connections to lose those drive mapping settings in their session. Thats what happens today....

So, I went in and adjusted our group policy to configure the two settings that I though control this behavior. Specifically....

Default Domain Policy - Windows Settings - Security Settings - Local Policies - Security Options. I set:

Microsoft Network Server: Disconnect clients when logon hours expire set to Disabled.

Network security: Force logoff when lgon hours expires set to Disabled.

After setting these two, I let all computers in my AD forest to refresh policy overnight. I then take a test user. Modify the logon hours of that account to expire in the next hour. I log on, and then make sure my drive mappings in my session are active, and they are. I wait an hour till I know that first block of time is coming where my logon hours will expire, and I am surprised to see that my drive mappings are severed? What am I missing here? Looking at the description of these two group policy settings, I would not expect this to happen.

I did do a resultant set of policy in logging mode to make sure my test user was logging into a server that had refreshed it policy since I made the change last night, and it was refreshed. Am I expecting the wrong result from making this change? If so, then what are these two policy settings for?

The environment is all Windows 2008 R2, including the domain controllers. Active directory is Windows 2008 R2 domain level and forest level. All clients and remote servers holding the shares are also Windows 2008 R2.....

Group Policy Local File Delete Not Working...

October 21, 2014, 4:03 am
$
0
0

Hey guys,

So this is driving me nuts as it should be so simple. I've a number of files that require deleting from user systems. I'm attempting to create GPO; Computer Config > Preferences > Windows Settings > Files > DELETE entries. The local directory containing the files that require deleting is within the local C:\Users\%username% directory.

My GPO delete command is as follows:

Action: Delete

Delete File(s): C:\Users\%username%\Documents\Custom Office Templates\document.dotx

When I copy the above file location and run on a local machine it opens the file I want to delete. So no issue executing the path when initiated locally.

However, when I then run gpupdate /force upon the same machine thus applying the GPO it doesn't delete the file but creates an entry in the local event log:

Warning: Group Policy Files: 4098

The computer 'document.dotx' preference item in the 'GPO object {26AC4D55-35F3-4FD4-8574-208417981C1C}' Group Policy object did not apply because it failed with error code '0x80070003 The system cannot find the path specified.' This error was suppressed.

I'm using the same file location in the GPO that successfully opens the files on the local machine!?!?

I then tried changing the file location in the GPO to C:\Users\test.user(my test account)\Documents\Custom Office Templates\document.dotx and then ran gpupdate again on the local machine and this deleted the document! To me, that would indicate that there's an issue with usingC:\Users\%username%\Documents\Custom Office Templates\document.dotx within the GPO?

Has anyone else experienced this? How do I get around this?

Many thanks to anyone that takes the time to read this post and respond.

Cheers.

M Tipler



Item Level Targetting of Group Policy Preference - Use of SID vs use of group name

June 21, 2012, 7:45 am
$
0
0
 

To move GPOs between dev and pre-prod environments we backup the GPO in dev and then restore on pre-prod. Differences in SIDs of groups etc. in policy between the two environments are dealt with by the migration table. As far as I can tell though, the migration table does not cover groups used in group policy preferences. Is that correct?

When item level targetting of a group policy preference is used to target the preference at a specific user group, if the group name is typed into the Group field by hand, the dialogue below does not resolve or display the SID, and the XML in the backup does not contain the SID. Importing the backup on pre-prod then works fine.

<shapetype coordsize="21600,21600" filled="f" id="_x0000_t75" o:preferrelative="t" o:spt="75" path="m@4@5l@4@11@9@11@9@5xe" stroked="f"><stroke joinstyle="miter"></stroke><formulas><f eqn="if lineDrawn pixelLineWidth 0"></f><f eqn="sum @0 1 0"></f><f eqn="sum 0 0 @1"></f><f eqn="prod @2 1 2"></f><f eqn="prod @3 21600 pixelWidth"></f><f eqn="prod @3 21600 pixelHeight"></f><f eqn="sum @0 0 1"></f><f eqn="prod @6 1 2"></f><f eqn="prod @7 21600 pixelWidth"></f><f eqn="sum @8 21600 0"></f><f eqn="prod @7 21600 pixelHeight"></f><f eqn="sum @10 21600 0"></f></formulas><path gradientshapeok="t" o:connecttype="rect" o:extrusionok="f"></path><lock aspectratio="t" v:ext="edit"></lock></shapetype><shape alt="Targetting Editor" id="_x0000_i1025" style="width:353.25pt;height:329.25pt;" type="#_x0000_t75"><imagedata o:href="http://social.technet.microsoft.com/Forums/getfile/124376" src="file:///D:\PROFILES\ROBERT~1\LOCALS~1\Temp\msohtml1\01\clip_image001.png"></imagedata></shape>

Targeting Editor

However, if the user group is browsed to and selected when targetting the group, the SID does appear in the dialogue and in the XML, and the GPO then fails to restore into pre-prod. Is this behaviour by design? To prevent my colleagues falling into the trap of browsing to the group instead of typing it in when targetting GPPs, would I be right in thinking we could edit the admin templates to remove the browse button from the item level targetting dialogues?

Any thoughts gratefully received.

Nigel

Search

GPO client run script once a day at first logon

October 21, 2014, 8:49 am
$
0
0

Hi all,

I have one question for a case in my environment.

Can i make user run script once a day, just when user first logon at that day using GPO?

Is it make sense?

Thanks :)

Best Regard,

Henry Stefanus

Error code 0x80070035 on drive maps in GPO, "Network path cannot be found".

April 1, 2014, 2:37 am
$
0
0

I am trying to apply a GPO that maps drives so that another GPO can then make them available offline for a couple of hundred users.

Every time I try to apply the policy it fails with an 0x80070035 error which translates as a "Network Path cannot be found". The security settings for that particular folder is fine and the user can see it ok, furthermore following logon I can manually map the drive through windows explorer and through CMD/powershell using the net use command.

The path i tried was \\servername\otherdir\securearea\ which didnt work (i did drop and add the final "\" just in case i was going mad)

i then tried \\servername\otherdir\unsecurearea\ which still failed

just to prove my lack of sanity i created a folder on the hard drive of the laptop itself, made it a shared folder and tried both \\localhost\sharedfolder and \\127.0.0.1\sharedfolder, they all fail with the same error code.

i have checked the hosts and the lmhosts files are there is nothing new in there, only the usual MS gumf that has come with every copy on windows since Win95

patience is wearing thin, hair is getting short ...

thoughts anyone?

Nothing is unfixable - with a suitable sized hammer!


Disable WIFI connection with GPO when network cable is plugged

April 24, 2013, 3:55 am
$
0
0

Hello all,

I want to disable the WIFI connections on users laptop whenever the user is connected to the LAN with the ethernet cable.

- WIFI should be enabled when the cable is not plugged.

- WIFI should be disabled when the cable is plugged.

Can this be done via GPO?

Any logon scripts that can be triggered to check the device manager for plugged network cable then enabling and disabling the WIFI.

The whole idea is users should be prevented to use WIFI at the office but WIFI should be enabled when they move outside the office.

Advanced Audit Policy For Admin User

October 13, 2014, 8:52 pm
$
0
0

Hi,

I need a gpo/policy that can be audit admin user and who install/uninstall software and can be give auditing report.

Md. Ramin Hossain

What is the importance of the value 0x00003020 on AuthenticationCapabilities ?

September 15, 2014, 8:51 pm
$
0
0

We notice that we had a 'windows could not connect to the group policy client service' error on a batch of machines. 

We already had the registry for AuthenticationCapabilities and CoInitializeSecurityParam set using GPO.

But somehow the value for AuthenticationCapabilities had changed from 0x00003020 (decimal 12320) to 0x00012320 (decimal 74528) and it caused the error. 

Once this was corrected, everything worked fine (as we already knew - that's the reason we had pushed out the keys using the GPMC preference).

But what I want to know is, what does the key do and what values it can have? I guess its something to do with permissions on teh SVCHost starting up, but could not get much details from the internet on this.

Regards,


Ramu V Ramanan

Password reset on groups?

October 21, 2014, 7:02 am
$
0
0

Hello,

I was wondering if it was possible through GP (or other resources) to grant a specific "power user" the ability to reset user account passwords, but only if they reside in a specific security group? Example- we have an administrator"John" (who isn't a domain admin or Account Operator) and we wish to allow him to reset user passwords only if those users belonging to a certain group- Example "John's Users". We do not want to give him permissions to reset passwords for anyone else and moving the staff to another OU is not possible which is why we wish to set this at the Group level. I have been unable to find any articles on this. Any advice is greatly appreciated- thanks.

Group Policy Windows Sever,

October 21, 2014, 11:07 am
$
0
0
Hi, my fellow worker is new and has set the group policy so that the restricted polices have been set on the administrator accounts. And i can't do anything on the sever beacuse everything is restricted i been set like a baisc user (No Sever Manger, No Domain Controls, No Adminstrator tools) Is there any way to fix this?
Search

How to Enable Remote services using the GPO for the Client Machines

October 21, 2014, 3:15 am
$
0
0
How to enable remote Access services on Client machines using the Group Policy. After enable how to access with out switching the users  remote as administrator

How to Enable Loopback Processing in W2K8

January 20, 2011, 8:51 am
$
0
0

How to Enable Loopback Processing in Windows Server 2008. I am unable to find following:

  1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
  2. Locate Administrative Templates, click System, clickGroup Policy, and then enable the Loopback Policy option.

http://support.microsoft.com/kb/231287

Disable IE 10 & 11 Security Alert popup w/ Group Policy

December 3, 2013, 10:13 am
$
0
0

We get a Security Alert popup when accessing a https site

"You are abut to view pages over a secure connection....."

With previous version of IE, user can simply check box for "In the future, do not show this warning" and it will not pop up again, however, w/ the new IE 10 and IE 11, it keeps coming back.  What is the group policy rule to disable this pop up?

Thanks in advance.

Roget Luo

SECURELY changing local admin password for many machines

October 22, 2014, 8:50 am
$
0
0

I would like to know a way of SECURELY changing the local admin password for 15000 machines at my domain.

I know it is possible to use a GPO to set a password for local admin but that would be a security flaw as it is possible for any domain user to recover the password using simple tools/scripts.

What other possibilities do I have to acomplish that without the security flaw?

Group Policy Client service does not start

November 10, 2012, 1:48 am
$
0
0

Hi,

As soon as I (administrator on my PC) logon to Windows 7, I get a message saying that the Group Policy Client service failed to start. I'm not sure why I'm getting this error even though the dependencies are very much up and running..

Below is the error message I get in the notification area as soon as I logon

Failed to connect to a windows service
Windows could not connect to the Group Policy Client service. This problem prevents stndard users from logging on to the system.
As an administrative user, you can review the System Event Log for details about why the service didn't respond.

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>