I have a few users running win7 that are not getting the GPP for printers.
they get - Group Policy object did not apply because it failed with error code '0x80070bcb The specified printer driver was not found on the system and needs to be downloaded.' This error was suppressed.
the group policy modeling shows the policy being applied.
I ran gpupdate /force reboot the pc nothing
thank you
This has plagued me for the last few years. Domain computers (Win 7/8) and Servers (2008/2012) seem really slow to open PS, CMD, and IE. I've had people tell me it has something to do with GPO.... but I am not doing anything super fancy. After they open once, they open immediately until maybe a day, week, or month later. We're talking maybe a minute to open.
I can log in to the machine locally and it works immediately 100% of the time, this is what pointed me toward a domain issue.
Ideas? Please and thank you.
Hi,
We are facing a strange issue with GPO's. We have a parent OU named OU1 and a SUB OU named OU2. We have applied a GPO on OU1 with IE proxy setting defined as GPO1 and another GPO applied on OU2 with different proxy settings applied as GPO2. The GPO2 is enforced so that the users in OU2 should get the proxy settings specified in GPO2.
We are facing the issue with users in OU2 that they are getting the proxy settings from GPO1 which is applied on OU1. When I run RSOP I can see the proxy settings which is applied on OU2 which is correct. But the IE shows the address from GPO1 which is not correct. When I check Precedence tab of RSOP I can see that GPO1 is above GPO2 in precedence. Don't know how
I have checked from the GPMC console that the GPO2 is having high precedence (which is obvious as it is enforced) but still the settings are not getting applied.
I have tried gpupdate /force, rebooted the PC's. Deleted the GPO history from registry but no use. If I do block inheritance on OU2 then it works fine.
Please suggest if anyone has faced such issue.
Hi all,
I have one question for a case in my environment.
Can i make user run script once a day, just when user first logon at that day using GPO?
Is it make sense?
Thanks :)
Best Regard,
Henry Stefanus
2012R2
So, following the order Local, Site, Domain, OU I created a new GPO at the root domain level, so why does it have a Precedence of 7 on my targeted OU? My Default Domain Policy is 1.
Summary - I'm trying to deny logon at the domain level and then allow logon at the OU level. However the new domain level GPO precedence has the Domain policy applying last (7), what gives?
I'd just through it in my default domain GPO but I have that set to enforce for other reasons.
OMG, so for grins I non enforced my default domain and added the deny logon accounts and now its precedence 7!
I guess deny always supercedes like in NTFS permissions.
So, bottom line, I want to restrict an account to only be able to logon to a specific OU, any ideas.
Easy enough to restrict who can logon to this groups of computers but at the same time I don't want this account to be able to log onto any other computers outside this OU.
Hi, I have this script below. It works without any error on every my machine. But when I try to start it via GPO, there is no result, no errors. It just doesn't work.
I set this script on Computers obkect in Active Directory.
On Error Resume NextHi, I'm trying to configure roaming user profiles per-computer.
So, I'm enabling "Set roaming profile path for all users logging onto this computer" under computer configuration.
In case there is no option under computer settings like "Exclude directories in roaming profile", then I'm setting up this option under User
configuration.
The policy is applied to few PCs for testing.
When I'm trying to login-logout, then I get no error, but profile is not copied to the specified network share.
If I disable user configuration in GPO then redirection runs well. But (as expected) all profile folders moves without exclusions.
From Event Viewer:
The only thing I need is to configure exclusions for directories in user profile. If it is possible to do another way, let me know how, please.
Hello,
Cana domain userthat does not belongto the Administrators group,be able to changeyour password ?
I triedto create adomainuser accountwithoutadministrative access.This user account havepermissionto accessWindowsServer2012 viaRemoteDesktop.
I triedtoaccessthe same accountto theActiveDirectory Usersand Computers,iwas amazed, because the user account it can changedthe passwordformultiple accounts,includedone administrator account.
Best regards,
Ricardo
Hi there,
I have used the right-click "Deploy with Group Policy" in Print Management on Windows Server 2012 to deploy a printer connection to a GPO.
When you look at the GPO Settings, the Printer Connection is visible under User Configuration -> Policies -> Windows Settings -> Printer Connections -> Path: \ \ printserver\PrinterName.
However, I cannot edit or delete that Printer Connection Path, which would be necessary if I had to rename or delete the printer referenced. If you Edit the GPO, "Printer Connections" is not available under Windows Settings, only Scripts, Security Settings, Folder Redirection, and Policy-based QoS.
Is there a way to edit the GPO's Printer Connections that are created with "Deploy with Group Policy"?
Thanks for your help.
We have an ADFS server in use by internal users, this provides them access to an external system without the need to log on.
I now have a new ADFS requirement for external users (students) so I have created an ADFS proxy. My problem is, although the proxy and the ADFS server are communicating and trust each oter, I do not understand how I provide the users, or the external vendor, a logon page to allow them access via our ADFS to the application.
If I browse to the site via IIS I get a page advising HTTP Error 403.1 - Forbidden. The web server is configured to not list the contents of this directory.
I have changed the default document to go to FormsSignIn.aspx, just to see if it loads anything, but I get the same result. The default config is to load Default.aspx as the default document, I cannot find this file on the server.
I am struggling to understand this and have the vendor, project manager and the senior management yelling for this to be done.
Help anyone?
I have downloaded and imported the templates to enable me to set a GPO for disabling Outlook addins, but I am confused about how I disable things like the SharePoint addins (we do not use SharePoint so this is not needed). I have found several posts saying to do this via a registry change, which I can easily do via GPO, but it does not say how to add keys for the different addins.
Does anyone have details of what I need to add into the registry or have a link to somewhere that gives a list of common ones I can use?
I've been running into strange problems testing the Folder Redirection feature using Windows 7 and Windows Server 2008 R2.
I've given all users a Home Folder mapped to drive letter H: set using Active Directory Users and Computers, so that the home folders have the right permissions. When the users log on they can see the H drive, and are able to user that drive to store files.
I then create a Group Policy to redirect the Documents Folder to the Home Folder:
I select Basic - Redirect everyone's folder to the same location
Redirect to the users's home directory
On the bottom of the screen I see the following statement: "This setting ignores the value of the 'Grant the exclusive rights to Documents' option on the settings page.
However if I do not uncheck the 'Grant the exclusive rights to Documents' checkbox on the settings page the Document folder does not get redirected !
Now comes the problem. I noticed that existing documents did not get copied over to the new location and there was no sync partnership set up, even though offline folders and files are enabled. Unless I manually select documents from the folder and select Sync the partnership is not set up, and existing documents, as well as documents created while in offline mode, are never copied to the server.
I need to force the address bar of Windows Explorer (not IE) of Windows 7+ to be hidden and to stay that way. I see how to do it in IE, but not Windows itself. I assume that I need to modify a registry key to achieve my goal. I can't find the correct setting(s). Anyone know?
Thanks.
I need to disable the Show Desktop button in Windows Server 2008R2 via group policy. The problem is that we have applications that >must< stay visible and we've disabled the ability to minimize them. This button however goes around that and this cannot happen.
We are setting up the Google Chrome GPO after downloading the ADM templates mostly for the purpose of forcing an extension that does not come from the Google store to be enabled (McAfee Site Advisor Enterprise.)
Google has been disabling all extensions that are distributed through the Chrome store and McAfee is not making this extension available through the store, so this is the only way to make this work.
https://kc.mcafee.com/corporate/index?page=content&id=KB77685
After we have this working, we would like to take advantage of other features available in the GPO to manage Chrome.
One would be blacklisting extensions that are or could easily become a security or privacy risk on the LAN.
I can only think of remote desktop extensions that allow users to connect to the workstation remotely and transfer files without using VPN and approved remote devices.
Does anyone have some suggestions of known problematic extensions that should be added to a blacklist?
Hi,
I've noticed that all new GPOs i've created (fresh permissions and from existing GPOs) aren't being picked up by users within the security filters even though the policies have been applied to a OU.
Any ideas?
Thanks
I have the event ID1058:
The processing of Group Policy failed. Windows attempted to read the file \\nu.edu.sa\SysVol\nu.edu.sa\Policies\{21847125-FD3A-4404-9324-2FBEE17B4E09}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
----------------------------------------------------------
This error came about a specific GPO, and after disabling the links to this GPO, the Group Policy processing successfully completed.
The strange thing that The error code is 0 "The operation completed successfully". What does Error Code 0 means here ?!
<o:p></o:p>
Hossam Wael Elmosallamy (IT Support Engineer-ECC Solutions) MCSE - CCNA hossam.wael@eccsolutions.net Mobile:(011)-49464671 www.eccsolutions.net "Experience Reliability"
We have 200 Samsung Windows 8.1 Wireless Tablets for our Students. We manage, or rather we try to manage, via GPO. We noticed that the Domain GPO Security Policy that we push out is not updating the Local Security Policy on the Tablets.
Does any one have any ideas or solutions to why?
Thank you.