Hi there,

I have a older Server 2008 R2 Standard (SP-1) 64 and 25 desktops that are Windows 7 64,

At the server I have Group Policy Management, Default Domain Policy, Computer Config, Windows Setting, Security Settings, Local Policies, Audit Policy, all set to Success/Fail (account, directory, logon, object, prov, etc, etc, etc) this audits fine at the server.  GPMC looks good, RSOP is good with Default Domain Policy across the board.

The 25 desktops are getting the sevrer GPO settings for Policy Password History/Password Age, Etc, and all other settings.

The 25 desktops are not getting local Audit Policy Success/Fail like the server, all "No Auditing" and not able to enable to either set mauaually or get updates from server GPO, did the gpupdate /force,

Where does desktops get their information for Auditing from Server 2008 GPO, I thought this came from the DC default GPO for auditing

Thanks

B.

hi Expert,

We want to restrict the drive (C: / D:) access remotely of the machines to all domain users. Only IT department should have the access.

Example :-

1. Domain users should NOT be able to access the machines C or D drive like (\\machineA\c$ ) Only IT Group should have the remote acccess (\\machineA\c$)

2. But domain users can access the C or D drive when they are logged in to machine interactively.

I want to restrict only UNC access to drives (\\machine\c$) to domain user but IT group should be able to access UNC access drive (\\machine\c$)

Can we achive this from GPO ?

PLease suggest.

Hi,

I would need to add two settings in the advanced settings 802.1x of a wireless network called Citysecure. I would need to add

-Perform immediately before user logon
- Allow additional dialogs to be displayed during single sign on.

the problem is when I go to windows settings-security settings, I can find the 802.11 settings but not the 802.1x. I saw too in that section, that there is no settings at all. I think they have to be imported but I do not know how.

Could anybody help me in this?

Thank you!

Dag

I am having a strange issue with a screensaver GPO. The GPO is configured to apply the screensaver after 60 minutes and is a loop back policy to override the default 15 minute screen saver lock out. The problem is the screen saver doesn't come on when the timeout is over 60 minutes. If I change it to anything less it works as expected, the current setting is for 55 minutes and is working. I have unplugged both keyboard and mouse to make sure nothing can reset the countdown. The PC is Windows 7 Pro an is part of a 2012 R2 domain. I have checked the registry keys, tried it on different computers all the same result. 

We're using GP to push out printers. On random machines and for random users sometimes the printers do not map. The error in the App log on the PC is this Group Policy Object did not apply because it failed with error code '0x80070057 The parameter is incorrect.' This error was suppressed.

I have been unable to tell what parameter it means. One user could get this, another logs into the same machine and the printers work fine. I can't find the commonality. 

Jason

I am trying to get specific sub-types of keyboard layouts to deploy with GPO.  

We have the GPO .adm and it is deploying and calling the correct keyboards, but doesn't seem to be able differentiate between the sub-types for the individual keyboards:

We can call Chinese (Simplified) PRC, but cant seem to have it specify anything within that keyboard layout - like the Chinese ZhongMa or Pinyin options.

Perhaps I'm thinking about this incorrectly

CLASS USER

   CATEGORY "Keyboard Layout"

     POLICY "Keyboard Layout switching"

     KEYNAME "Software\Microsoft\Windows\CurrentVersion\Run"

       VALUENAME "internat.exe"

       VALUEON "internat.exe"

       VALUEOFF DELETE

       END POLICY

     POLICY "Keyboard layout"

     KEYNAME "Keyboard Layout\Preload"

         PART "Enable English" CHECKBOX

           DEFCHECKED

          VALUENAME "1"

           VALUEON "00000409"

           VALUEOFF DELETE

         END PART

           PART "Enable Chinese (Simplified, PRC)" CHECKBOX

           DEFCHECKED

          VALUENAME "2"

           VALUEON "00000804"

           VALUEOFF DELETE

         END PART

END CATEGORY

Hi,

I have an RDS Server in my network. The users connect RDS using mstsc.exe from their local PCs. I created a GPO for the Application shortcuts to be placed on RDS Users desktop. On applying this GPO the shortcuts also appear on the local PC desktops. How can i limit the shortcuts to only appear on RDS Desktop?

I have downloaded and imported the templates to enable me to set a GPO for disabling Outlook  addins, but I am confused about how I disable things like the SharePoint addins (we do not use SharePoint so this is not needed). I have found several posts saying to do this via a registry change, which I can easily do via GPO, but it does not say how to add keys for the different addins.

Does anyone have details of what I need to add into the registry or have a link to somewhere that gives a list of common ones I can use?

Hi,

We are facing a strange issue with GPO's. We have a parent OU named OU1 and a SUB OU named OU2. We have applied a GPO on OU1 with IE proxy setting defined as GPO1 and another GPO applied on OU2 with different proxy settings applied as GPO2. The GPO2 is enforced so that the users in OU2 should get the proxy settings specified in GPO2.

We are facing the issue with users in OU2 that they are getting the proxy settings from GPO1 which is applied on OU1. When I run RSOP I can see the proxy settings which is applied on OU2 which is correct. But the IE shows the address from GPO1 which is not correct. When I check Precedence tab of RSOP I can see that GPO1 is above GPO2 in precedence. Don't know how

I have checked from the GPMC console that the GPO2 is having high precedence (which is obvious as it is enforced) but still the settings are not getting applied.

I have tried gpupdate /force, rebooted the PC's. Deleted the GPO history from registry but no use. If I do block inheritance on OU2 then it works fine.

Please suggest if anyone has faced such issue.

I have some domain joined computers which are getting the password policy for local accounts as well. For example, if I create and new local user on ComputerA (which is joined to the domain) it will require the password to be 8 characters long which is in our default domain policy. Question is, if I disjoin ComputerA from the domain will the password settings revert back to default? I know that this is the case for most of the settings which fall under administrative templates as they are fully manageable thus if the computer falls out of the scope of management they'll revert back to default or whatever was set before. Will that work for password policies?

I'm trying to configure a GPO to create a shortcut to Outlook on my user's desktop.  

I have it set up as follows:

Running RSOP.msc from the the test machine tells me this:

Group Policy Shortcuts completed successfully.

Additional Information:

The user 'Outlook' preference item in the 'OutlookShortcut {113EA7CF-9AC6-4C1E-8DA6-5EAB50571081}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.'%%100790273

I'm not sure where to go from here, I've looked up this error but can't find anything that has helped me get it to run.  

The GPO that I'm doing my testing with has 2 shortcuts set up, 1 URL that does work and the Outlook shortcut that does not.

Hello I am trying to set security on a registry key, however when running rsop I am getting the following:

I have looked in the logs but cant see what could be causing it, unless im being real dumb! Below is log file, if anyone can help would be much appreciated!

*************************

Make a local copy of \\JBS.SCE\sysvol\JBS.SCE\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

Process GP template gpt00000.dom.
-------------------------------------------
10 September 2014 11:55:20
    Copy undo values to the merged policy.
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure Security Policy...
0
        Undo value for group policy setting <MinimumPasswordLength> was saved.
0
        Undo value for group policy setting <PasswordHistorySize> was saved.
42
        Undo value for group policy setting <MaximumPasswordAge> was saved.
0
        Undo value for group policy setting <MinimumPasswordAge> was saved.
0
        Undo value for group policy setting <PasswordComplexity> was saved.
0
        Undo value for group policy setting <RequireLogonToChangePassword> was saved.
0
        Undo value for group policy setting <ClearTextPassword> was saved.
    Configure password information.
0
        Undo value for group policy setting <LockoutBadCount> was saved.
0
        Undo value for group policy setting <ForceLogoffWhenHourExpire> was saved.
    Configure account force logoff information.

    System Access configuration was completed successfully.
    LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
0
        Undo value for group policy setting <LSAAnonymousNameLookup> was saved.
    Configure LSA anonymous lookup setting.
    Configure machine\system\currentcontrolset\control\lsa\nolmhash.
Mismatch       - machine\system\currentcontrolset\control\lsa\nolmhash.
        Undo value for group policy setting <machine\system\currentcontrolset\control\lsa\nolmhash> was saved.

    Configuration of Registry Values was completed successfully.

    Audit/Log configuration was completed successfully.


----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


----Un-initialize configuration engine...

this is the last GPO.
**************************

Make a local copy of \\JBS.SCE\sysvol\JBS.SCE\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

Process GP template gpt00000.dom.
-------------------------------------------
11 September 2014 08:26:15
    Copy undo values to the merged policy.
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure Security Policy...
    Configure password information.
    Configure account force logoff information.

    System Access configuration was completed successfully.
    LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
    Configure LSA anonymous lookup setting.
    Configure machine\system\currentcontrolset\control\lsa\nolmhash.

    Configuration of Registry Values was completed successfully.

    Audit/Log configuration was completed successfully.


----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


----Un-initialize configuration engine...

this is the last GPO.
**************************

Make a local copy of \\JBS.SCE\sysvol\JBS.SCE\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

Make a local copy of \\JBS.SCE\SysVol\JBS.SCE\Policies\{7AF70C16-F837-4852-94A3-A0CC10A5C0B8}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

Make a local copy of \\JBS.SCE\SysVol\JBS.SCE\Policies\{DD040523-2909-4883-B6AF-155EF3A74E5D}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

Process GP template gpt00000.dom.

This is not the last GPO.
-------------------------------------------
11 September 2014 08:29:21
    Copy undo values to the merged policy.


----Un-initialize configuration engine...

Process GP template gpt00001.inf.

This is not the last GPO.
-------------------------------------------
11 September 2014 08:29:21


----Un-initialize configuration engine...

Process GP template gpt00002.inf.
-------------------------------------------
11 September 2014 08:29:21
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure Security Policy...
    Configure password information.
    Configure account force logoff information.

    System Access configuration was completed successfully.
    LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
    Configure LSA anonymous lookup setting.
    Configure machine\software\microsoft\windows\currentversion\policies\system\consentpromptbehavioradmin.
Mismatch       - machine\software\microsoft\windows\currentversion\policies\system\consentpromptbehavioradmin.
        Undo value for group policy setting <machine\software\microsoft\windows\currentversion\policies\system\consentpromptbehavioradmin> was saved.
    Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Mismatch       - machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
        Undo value for group policy setting <machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername> was saved.
    Configure machine\software\microsoft\windows\currentversion\policies\system\enableinstallerdetection.
Mismatch       - machine\software\microsoft\windows\currentversion\policies\system\enableinstallerdetection.
        Undo value for group policy setting <machine\software\microsoft\windows\currentversion\policies\system\enableinstallerdetection> was saved.
    Configure machine\software\microsoft\windows\currentversion\policies\system\enablelua.
Mismatch       - machine\software\microsoft\windows\currentversion\policies\system\enablelua.
        Undo value for group policy setting <machine\software\microsoft\windows\currentversion\policies\system\enablelua> was saved.
    Configure machine\software\microsoft\windows\currentversion\policies\system\enablesecureuiapaths.
Mismatch       - machine\software\microsoft\windows\currentversion\policies\system\enablesecureuiapaths.
        Undo value for group policy setting <machine\software\microsoft\windows\currentversion\policies\system\enablesecureuiapaths> was saved.
    Configure machine\system\currentcontrolset\control\lsa\nolmhash.

    Configuration of Registry Values was completed successfully.

    Audit/Log configuration was completed successfully.


----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


----Un-initialize configuration engine...

this is the last GPO.
**************************

Make a local copy of \\JBS.SCE\sysvol\JBS.SCE\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain

Make a local copy of \\JBS.SCE\SysVol\JBS.SCE\Policies\{D653267C-B802-44FD-A559-E349A4DD8483}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit

No template is defined in GPO \\JBS.SCE\SysVol\JBS.SCE\Policies\{F45CC3CF-91F5-4F59-BFBD-B366F4F441EF}\Machine.

Make a local copy of \\JBS.SCE\SysVol\JBS.SCE\Policies\{7AF70C16-F837-4852-94A3-A0CC10A5C0B8}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit

Make a local copy of \\JBS.SCE\SysVol\JBS.SCE\Policies\{DD040523-2909-4883-B6AF-155EF3A74E5D}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit

Process GP template gpt00000.dom.

This is not the last GPO.
-------------------------------------------
25 September 2014 11:34:03
    Copy undo values to the merged policy.


----Un-initialize configuration engine...

Process GP template gpt00001.inf.

This is not the last GPO.
-------------------------------------------
25 September 2014 11:34:03


----Un-initialize configuration engine...

Process GP template gpt00002.inf.

This is not the last GPO.
-------------------------------------------
25 September 2014 11:34:03


----Un-initialize configuration engine...

Process GP template gpt00003.inf.
-------------------------------------------
25 September 2014 11:34:03
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure Security Policy...
    Configure password information.
    Configure account force logoff information.

    System Access configuration was completed successfully.
    LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
    Configure LSA anonymous lookup setting.
    Configure machine\software\microsoft\windows\currentversion\policies\system\consentpromptbehavioradmin.
    Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
    Configure machine\software\microsoft\windows\currentversion\policies\system\enableinstallerdetection.
    Configure machine\software\microsoft\windows\currentversion\policies\system\enablelua.
    Configure machine\software\microsoft\windows\currentversion\policies\system\enablesecureuiapaths.
    Configure machine\system\currentcontrolset\control\lsa\nolmhash.

    Configuration of Registry Values was completed successfully.

    Audit/Log configuration was completed successfully.


----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


----Un-initialize configuration engine...

this is the last GPO.

Policy propagation is invoked in winlogon blocking thread. Create another thread for slow task.
-------------------------------------------
25 September 2014 11:34:03
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure 64-bit Registry Keys...

    Configuration of Registry Keys was completed successfully.


----Configure 32-bit Registry Keys...

    Configuration of Registry Keys was completed successfully.


----Un-initialize configuration engine...
**************************

Make a local copy of \\JBS.SCE\sysvol\JBS.SCE\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

Make a local copy of \\JBS.SCE\SysVol\JBS.SCE\Policies\{D653267C-B802-44FD-A559-E349A4DD8483}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

Make a local copy of \\JBS.SCE\SysVol\JBS.SCE\Policies\{7AF70C16-F837-4852-94A3-A0CC10A5C0B8}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

Make a local copy of \\JBS.SCE\SysVol\JBS.SCE\Policies\{DD040523-2909-4883-B6AF-155EF3A74E5D}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

Process GP template gpt00000.dom.

This is not the last GPO.
-------------------------------------------
25 September 2014 13:02:43
    Copy undo values to the merged policy.


----Un-initialize configuration engine...

Process GP template gpt00001.inf.

This is not the last GPO.
-------------------------------------------
25 September 2014 13:02:43


----Un-initialize configuration engine...

Process GP template gpt00002.inf.

This is not the last GPO.
-------------------------------------------
25 September 2014 13:02:43


----Un-initialize configuration engine...

Process GP template gpt00003.inf.
-------------------------------------------
25 September 2014 13:02:43
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure 64-bit Registry Keys...

    Configuration of Registry Keys was completed successfully.


----Configure 32-bit Registry Keys...

    Configuration of Registry Keys was completed successfully.


----Configure Security Policy...
    Configure password information.
    Configure account force logoff information.

    System Access configuration was completed successfully.
    LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
    Configure LSA anonymous lookup setting.
    Configure machine\software\microsoft\windows\currentversion\policies\system\consentpromptbehavioradmin.
    Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
    Configure machine\software\microsoft\windows\currentversion\policies\system\enableinstallerdetection.
    Configure machine\software\microsoft\windows\currentversion\policies\system\enablelua.
    Configure machine\software\microsoft\windows\currentversion\policies\system\enablesecureuiapaths.
    Configure machine\system\currentcontrolset\control\lsa\nolmhash.

    Configuration of Registry Values was completed successfully.

    Audit/Log configuration was completed successfully.


----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


----Un-initialize configuration engine...

this is the last GPO.
**************************

Make a local copy of \\JBS.SCE\SysVol\JBS.SCE\Policies\{D653267C-B802-44FD-A559-E349A4DD8483}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain

Make a local copy of \\JBS.SCE\sysvol\JBS.SCE\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain

Process GP template gpt00000.dom.

This is not the last GPO.
-------------------------------------------
25 September 2014 13:09:24
    Copy undo values to the merged policy.


----Un-initialize configuration engine...

Process GP template gpt00001.dom.
-------------------------------------------
25 September 2014 13:09:24
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure Security Policy...
    Configure password information.
    Configure account force logoff information.

    System Access configuration was completed successfully.
    LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
    Configure LSA anonymous lookup setting.
    Configure machine\software\microsoft\windows\currentversion\policies\system\consentpromptbehavioradmin.
        Undo value for undefined group policy setting <machine\software\microsoft\windows\currentversion\policies\system\consentpromptbehavioradmin> was reset successfully and removed.
    Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
        Undo value for undefined group policy setting <machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername> was reset successfully and removed.
    Configure machine\software\microsoft\windows\currentversion\policies\system\enableinstallerdetection.
        Undo value for undefined group policy setting <machine\software\microsoft\windows\currentversion\policies\system\enableinstallerdetection> was reset successfully and removed.
    Configure machine\software\microsoft\windows\currentversion\policies\system\enablelua.
        Undo value for undefined group policy setting <machine\software\microsoft\windows\currentversion\policies\system\enablelua> was reset successfully and removed.
    Configure machine\software\microsoft\windows\currentversion\policies\system\enablesecureuiapaths.
        Undo value for undefined group policy setting <machine\software\microsoft\windows\currentversion\policies\system\enablesecureuiapaths> was reset successfully and removed.
    Configure machine\system\currentcontrolset\control\lsa\nolmhash.

    Configuration of Registry Values was completed successfully.

    Audit/Log configuration was completed successfully.


----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


----Un-initialize configuration engine...

this is the last GPO.

Policy propagation is invoked in winlogon blocking thread. Create another thread for slow task.
-------------------------------------------
25 September 2014 13:09:24
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure 64-bit Registry Keys...

    Configuration of Registry Keys was completed successfully.


----Configure 32-bit Registry Keys...

    Configuration of Registry Keys was completed successfully.


----Un-initialize configuration engine...

Hello,

I have a problem. I have a Windows Server 2003 R2 DC. AD domain and forest function level is 2003.

I installed and joined to AD domain a Windows Server 2012 R2.

I ran every pre-requirements. (schemaprep, adprep, etc...)

Promote the windows Server 2012 R2 to DC.

Everything succesfull. But when I open the default domain controller policy on the Windows Server 2012 R2, I see this:

What is the problem?

Thanks!

Balazs

I'm implementing a couple new group policies to streamline processes. I found that I amunable to apply group policies attached to a specific OU group (e.g. departments, office locations). However, they do work perfectly when linked to the root domain tree. I have specific policies linked to different sites thus my need to organize them per OU.

Any reason my Group Policy for Mapping Home Folders (User Settings) doesn't work in an OU (Users OU, not computer) but works at the root domain tree?

Thanks,

Good day.

We are currently using Aquila WakeOnLan software to remotely shutdown/restart a program.  It uses a magic packet that triggers the shutdown/restart process and works great when the application is ran as an administrator.

Is there an actual policy that can be enabled for a regular user (non-admin) to achieve the same thing (use WOL to reboot a machine) rather than have to have them in the Admin group?

If not is there anything that can be set at a computer/workstation or application level to allow this to be accomplished?

At the end of the day we only want to allow them to reboot/restart a computer but no other Admin level privileges are required.

Thanks in advance.

Hi

I need to change some  options in internet explorer for all users like in the Security Group . Net Framework . Loose XAML= Enable So can't found this option in the group policy .

How i do that change any option for all users becausechange these optionsfor each useris hard work.

My system windwos server 2008 r2.

Regards

Hi there, again... I love this forum

I built another Server 2008 R2 SP-1 Network with 35 Windows 7 64 desktops.

Customer asked about Administrator Accounts unlocking desktops where non-admin users have locked desktops.

Is that "Interactive logon: Require Domain Controller authentication to unlock workstation"?

Right now the default is "This computer is locked.  Only the logged on user can unlock the computer"

Thanks

B.

GRB