Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Manual GPO refresh 1 minute intervals, 4004, 4005, 1502

October 23, 2014, 6:30 pm
$
0
0

I wanted to throw our scenario out there to see if anybody has experienced the same thing.

We have several computers that are logging event IDs 1502, 4004, and 4005 in the Event Logs.  It is about once a minute.  I'm willing to bet you money that it is a MANUAL REFRESH.  But, from where?

Here are the facts:

  1. We do not specify a GP refresh interval at the Domain Level.  We are in favor of the Microsoft Defaults. (90 minutes, with a 30 minute offset).
  2. We do not have any registry keys on local machines that specify a GP Refresh rate.
  3. I cannot find any scheduled tasks that would invoke a refresh (Server 2012 feature)
  4. We've observed that if the SMS Agent Host (SCCM) is disabled, the constant refresh stops.

How can I tell where the manual refreshes are coming from?  It's like a GPO Denial of Service attack.  I understnad that GPUPDATE can be called through WMI or API calls.

How do I use network monitors to discover the origin!?


Search

Error in deploying FlashPlayer through GPO to device

October 23, 2014, 5:32 am
$
0
0

Trying to install FlashPlayer with GPO to device. The network share where I have the .MSI has read access for domain computers , but I always get error about the access to the share. Client is Windows7 and share on 2008 R2 and the AD (GPO) on Windows 2012 R2. I have even give full rights to the clinet to network share and still same result.

GPO is applied to the PC, that I can see from GPresult but the installation does not work. If I access to the share manually from that client it opens the folder and I can run the installation manually (when I have installation rights).

I have search few other similar cases and have tried this setting up to 90s "Always wait for the network at computer startup and logon" without succes.

Also the system event shows error about faild installation but that isn't really helpfull either, I won't copy those here as they   in finnish,  but the error code is %%1612.

Attached is verbose log where the error shows, but from there I can not figure out why it can not access to the share to install the software. I would need to install few other software as soon I can get this one working.

Deployed printers need driver update on client PC's

October 24, 2014, 1:07 am
$
0
0

I have been trying to solve this for ages and have got nowhere.

We have some HP laserjet printers deployed via GPO, but on the client PC's it shows it needs a driver update, the users cant do the update as they are not domain or local admins.

If I log in as the domain admin account on one of the PC's the printers don't show (due to driver?), they do show that they are being deployed if I run gpresult.

Not sure what more info is needed, but any help would be appreciated.

Tom

Group policy preferences copy files

February 23, 2011, 10:39 am
$
0
0

Thru a GPP i want to copy some files to the desktop if the client machine is a laptop. Because i cannot find a hardware profile anymore in WIndows7 Pro i decided to use a target item: battery or computername is laptop. Because our names starts with laptops i have tried: laptop*.* in the targeting item.

What i have done in the Gpp files:
Source: \\server\share\*.*
Target: \\%userprofile%\desktop

In the share sourcce there are 2 .reg files that must be copied to the users or all users desktop. As targeting item i have chosen battery.
So i thought if the client machine has a battery those two files are beiing copied, but it doesn't work..
There are no files on the users deskto.
The user is a limited user, but the user has rights to the desktop so that can not be the couse.

Can it be that *.* in the source is nog working?
Where can i troubleshoot why the files aren't copied?
Is it possible to item targetting a name which starts with, lets say "laptop" and use laptop*.*?

 

freddie

Group Policy Windows Defender

October 24, 2014, 5:54 am
$
0
0

Hy,

I used group policy to use Windows Defender on all machines. On windows 8.1 they can not get updates. My 2012 R2 WSUS server is working fine and giving updates, but Defender can not reach it for updates. Is there some setting I am missing?

How to Restrict listed Software installation on user computer using GPO

October 24, 2014, 6:48 am
$
0
0

Hi Experts,

In our environment, Domain users are installing number of software from internet without our IT department approvals. There are some company Licenses software which may cost us later.

1. We have a list of Software which domain user should not be allowed to install on their computer but domain users can install other software's.

2. To install these Listed software only IT department should have the rights. So that the IT team can install these listed software's on user machine with there ID.

Queries -

1. Which one is better to configure in GPO -- Software restriction policy setting or Applocker Setting

2. Also suggest the steps to configure

Thanks for the Help

Assigning default user to log in in Active Directory

October 24, 2014, 4:55 am
$
0
0

Hi all,

I don't know how to ask it in a few words, so i detail it:

For maintenance and configuring reasons, i had to log in to the computers i manage in my AD domain. After restarting and hitting ctr+alt+del, it is my AD user which appears to log in. Since i don't know my users' password (and don't want to change it), i can't log on with their own account to make it appear after reboot.

So in short, i want to assign a default user to log in to each computer. Is it possible somehow?

To be more specific: i have PC1, PC2,... computers and User1, User2... domain users (+admin) in my Active Directory, and i want to set on PC1 that User1 should log in by default (and the same for PC2-User2; PC3-User3).

Thank you,

Daniel 

Server 2012 Group Policy Templates installed on Server 2008 R2

October 24, 2014, 6:00 am
$
0
0

Setup: 2 x Domain Controllers running Server 2K8 R2 SP1

We are currently running our environment with IE9 and want to upgrade to IE11. However 2K8 R2 group policy doesnt support IE11 unless you upgrade your DC's to this version of IE. We are not going to deploy IE11 all at once but instead as we reimage or replace PC's. 

My question is can install http://www.microsoft.com/en-us/download/details.aspx?id=36991 Server 2012 templates on 2008 R2 and have the ability to apply GP objects to both versions of the browser? Will it's possibly make some of the current GP's ineffective by erasing some settings?

Maybe there is a better was for me to do this? Any help on this would be appreciated! Thanks in advance. 

I will monitor this thread very closely and reply to any questions as soon as I can. Thanks!

BCU

Search

Screensaver not applying with 60+ minute timeout

October 24, 2014, 2:01 pm
$
0
0

I am having a strange issue with a screensaver GPO. The GPO is configured to apply the screensaver after 60 minutes and is a loop back policy to override the default 15 minute screen saver lock out. The problem is the screen saver doesn't come on when the timeout is over 60 minutes. If I change it to anything less it works as expected, the current setting is for 55 minutes and is working. I have unplugged both keyboard and mouse to make sure nothing can reset the countdown. The PC is Windows 7 Pro an is part of a 2012 R2 domain. I have checked the registry keys, tried it on different computers all the same result. 


gpp - hide printer server name

October 24, 2014, 4:03 pm
$
0
0

hello

is it possible to add a virtual print queue like "follow_B&W" instead of having the printserver name "\\PSNY01\follow_B&W"

would like to hide the location of the printservers to the users so when the travel between offices.

trying to deploy queues created by Follow you printing

gpp user or computer

October 24, 2014, 7:19 pm
$
0
0

hello

im trying to set printers using gpp,  the gpo is linked at a USER OU but the gpp within is set to the computer configuration.

should I change the linked gpo to the computer's OU?

thank you

ADMX Office 2013 and AD 2008 R2

October 24, 2014, 7:38 pm
$
0
0

hello how are you?

I have the following scenario:

Active Directory 2008 R2
controller has several political Templates Admin level user / computer.

I also have Outlook 2003 clients, Outlook 2007, Outlook 2010 and Outlook 2013.

I want to enable "disable remember password de las cuentas de Outlook",

I configured Outook 2003, 2007 and 2010 through the Office ADM.

trying to climb the Office 2013 ADMX politics is not possible.

Upload ADMX office 2013 to the Sysvol but then the default admin templates were automatically removed ..

download and install default templates but my console Policies  many mistakes, restore AD with backup virtual machine.

My goal is to have customers remember password in outlook 2013,can someone help me.

I do not I want to upload the administrative templates are removed sysvol since automaticante default.
any way to make the default backup and restore admx along with admx of office 2013

Domain Group Policy Not Overidding Local Windows 8.1 Security Policy

October 24, 2014, 3:52 pm
$
0
0

We have 200 Samsung Windows 8.1 Wireless Tablets for our Students.  We manage, or rather we try to manage, via GPO.  We noticed that the Domain GPO Security Policy that we push out is not updating the Local Security Policy on the Tablets.

Does any one have any ideas or solutions to why?

Thank you.

VISUAL STUDIO

October 25, 2014, 7:26 am
$
0
0
IS VISUAL STUDIO WITHOUT RUN AS ADMINISTRATOR IN DOMAIN USER OF DOMAIN CONTROLLER 

gpp tcpip error-printing

October 25, 2014, 2:19 pm
$
0
0

I was hoping to deploy printers using the GPP tcpip - just because how it display the queue to the users.

tcpip just has queue name. the shared printer option shows to much information "server01\queuename"

but with TCPIP I get print-errors in the queue. I tried by ip and dns, tcpip and LPR. nothing.

its under the GPP of computers. using windows 8 with 2012 server.

thank you

Search

GPO to AD security group & induidaul computers or users

October 25, 2014, 5:52 am
$
0
0
please let me know it is possiable deploy GPO to  AD security group & induidaul computers or users instaed of OU, site, Domain

GPO isn't applied

October 25, 2014, 6:52 pm
$
0
0

Hi,

This week it's the second client (Windows 7 Pro 64-bit) which doesn't want to apply the GPO. gpupdate /force and gpresult find the GPO but the client ignore everything when I reboot it.

All the loading messages are disappeared, the logon screen is directly displayed. I've got a GPO which force to wait for the network interface is ready.

The current GPO are the same as before, just software updates should be deployed.

I tried :

- Leave and join the domain.

- Remove and add the computer from the group targeted by the GPO

The only way I found is to reinstall the client.





servername-server admins

October 25, 2014, 4:16 am
$
0
0
how to get local admin access of servers scanrio is company having lot of servers so ideal it is not possible to add users or gurop on local servers. it is possible to create some AD security group like servername-server admins then add users into the gurop so it should be centralized managed via AD i am not sure it may requires any GPO?

Windows 8.1 Mapping Network Drive - Drive Already Mapped Error

October 26, 2014, 9:18 am
$
0
0

Hello experts-

I was successful at mapping a network drive to access a specific folder(s) from my WD My Cloud NAS (to use iTunes and easily browse pictures and such).  However, I had to reset the My Cloud because it was acting up.  When I did so, the previously mapped drives were unable to connect (they had red Xs over the icons).  So I figured it would be as easy as disconnecting them and then recreating them.  Here's where I am running into trouble.  When I try to reconnect / recreate the network mapping to a specific folder on my drive, I receive the error:

"The network folder specified is currently mapped using a different user name and password.  To connect using a different name and password, first disconnect any existing mappings to this network share." 

Except that it isn't...  I've tried other user name / password combinations and it gives me an "incorrect username/password" error so I  know that isn't the issue.  I've ran the Net Use command to see if there are any hidden mappings and there is only the main My Cloud connection, so nothing there.  I've also tried checking the "Connect using different credentials" option and I get the same error. 

Any advice would be greatly appreciated, this is pretty annoying.  As an FYI I am a fairly novice user so easy / clear fixes are extra welcome.  Thanks!

-Nate

check for publisher’s certificate revocation” in IE

October 26, 2014, 9:02 pm
$
0
0

If any scripts or GPO to UN tick - the check for publisher’s certificate revocation” in IE. so standard user does not have permission to check again not sure it can be done by GPO or registry method

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>