Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Software Deploy Group policies are not working at remote site

November 6, 2014, 2:05 pm
$
0
0
I currently have 3 domain controllers in my environment. 2 (DC1 & DC2) are at my main site (Site A) and 1 (DC3) is at my remote site (Site B).  When the network link between Site A and Site B is taken down users that log into remote Site B (locally) are not receiving the group policies that deploy software.

"gpresult /R" shows the deploy software policy is applied, but the software is not installed.
No errors in the event log.

The source for these software installs is my DFS which IS accessible at Site B when the link is down, as is the NETLOGON and SYSVOL directories.

All FSMO roles are at DC1. All domain controllers are Windows 2008 R2.

What am I missing here?

Joshua
Search

Software Deploy Group policies are not working at remote site

November 6, 2014, 2:06 pm
$
0
0
I currently have 3 domain controllers in my environment. 2 (DC1 & DC2) are at my main site (Site A) and 1 (DC3) is at my remote site (Site B).  When the network link between Site A and Site B is taken down users that log into remote Site B (locally) are not receiving the group policies that deploy software.

"gpresult /R" shows the deploy software policy is applied, but the software is not installed.
No errors in the event log.

The source for these software installs is my DFS which IS accessible at Site B when the link is down, as is the NETLOGON and SYSVOL directories.

All FSMO roles are at DC1. All domain controllers are Windows 2008 R2.

What am I missing here?

Joshua

IE 10 templates doesn't load in 2008 Error"An Invalid or out of place input element was detected and will be ignored"

November 5, 2014, 11:38 pm
$
0
0

Hi Team,

In our organisation we have DC running on Windows 2008 R2 server along with more than 1000 clients.

We recently procured around 600 new desktop, which are shipped with Windows 8.1 OS.

Now the issue is

Hence we can't create GPP for IE 10, we have created a GPP for IE 10 from a Windows 8.1 client, but that policy wasn't get pushed to the all other client machine.

We have tried replacing the ADMX & ADML template in our server to push the GPP, still it doesn't worked.

When we expand the GPP we get the following error message.

"An invalid or out of place input element was detected and will be ignored."

Due to this we are unable to push the GPP for around 600 machines, need your assistance.

installing .exe

November 6, 2014, 11:45 am
$
0
0

i am lookin for a way to install a .exe silently to a specific group of pc's.

Whats the best way of getting that done?

thanks in advance

creating shortcut to specific users and always open with IE

November 6, 2014, 11:42 am
$
0
0
i am looking for a policy, that places a shortcut to a website on the desktop of a specific usergroup and that makes that shortcut always open with internet explorer. is that possible>

Can't find administrative templates

November 6, 2014, 9:40 am

Access Restriction in desktop and specific drives

November 5, 2014, 6:52 am
$
0
0

team,

i want to restrict users from storing files in desktop and need to save only in specific folder in an specified drive, please help to create an group policy.

Thanks in Advance,

Vinoth kumar.S

Password Policy Tattoo

November 4, 2014, 8:41 am
$
0
0

I have some domain joined computers which are getting the password policy for local accounts as well. For example, if I create and new local user on ComputerA (which is joined to the domain) it will require the password to be 8 characters long which is in our default domain policy. Question is, if I disjoin ComputerA from the domain will the password settings revert back to default? I know that this is the case for most of the settings which fall under administrative templates as they are fully manageable thus if the computer falls out of the scope of management they'll revert back to default or whatever was set before. Will that work for password policies?

Search

How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

November 6, 2014, 9:20 pm
$
0
0

Dear All,

We are having an infrastructure setup of around 500 client computers managed through group policy.

Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.

Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.

It would be great if you can assist me with the following query.

  • How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
  • Can we disable Network Tab on the left hand pane ?
  • explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

Account Lockout Source Findout

November 7, 2014, 1:11 am
$
0
0

Hi,

I have been facing an issue for past few weeks. I have a domain wide account lockout policy. There is a single user who gets locked out, very often. Is there any tool that can find out the source domain member computer.

I thought to implement this OU policy on that problematic user. I created a OU and moved that user account to that OU. On that OU, I have opted for GPO updates such as "Deny log on as a service", "Deny log on locally", "Deny log on as a Batch Job", "Idle/Inactive RDP sessions to log off after 2 hours."

Is there any other option in GPO that can exclude the user from locking out very often.

Also to note that this user logs into hundreds of servers everyday to work on various tasks.

Thank You in Advance.

Vikram Barkataky

same wallpaper on all user's desktop with windows server 2008

August 29, 2008, 2:35 am
$
0
0
   

Hello every one.

I am facing a problem of setting the same wallpaper on all user's desktop with windows server 2008. Could any one help me out that how i can set same wall papaer to all users of the OU. I have configure the domain properly apply some policies too but dont find out the option of wallpaper.

thanks
with best regards 


 

log on screen change!

November 7, 2014, 3:28 am
$
0
0

Hello i want to change tho login screen to all users on the local network.

as every computer, this screen is in : C:\windows\web\screnn\img100.jpg

but what i want to do..... is to apply this option (change) to all users who have, with windows server 2008 - GPO editable. thank you!!!

Win7 desktops secpol and Local Sec Policy not showing auditing enabled

November 7, 2014, 6:38 am
$
0
0

ok, I thought I have this licked with a solution before,

I have a Server 2008 R2 and Win7 Desktops where I have a Server 2008 GPO to Audit Events on the server and desktops, however at the desktops locally auditing is greyed out and displaying ‘no auditing’ but logs show auditing entries.

At the Server 2008 R2 SP1 64

Server

Administrative Tools

Group Policy Management
  Forest
  Domains
  My_Network_Name.com
  Default Domain Policy
  Edit
  Computer Configuration
  Policies
  Windows Settings
  Security Settings
  Local Policies
  Audit Policy
  Logon, Account, Etc all able to change Success, Fail

However at the Windows 7 desktops the Local Security Policy, Local Policies, Audit Policies, all the policies have ‘no auditing’ however the local Win7 Event Logs are auditing.

What would cause this to display ‘no auditing’ at the desktops and yet enter events locally and at the server

Thank you

B.

ScreenSaver Lock Computer

November 7, 2014, 7:52 am
$
0
0

is it Possible set a ScreenSaver after 5 minutes without Password Lock and after 15 minutes of inactivity apply password Lock?

Set both options, ScreenSaver after 5 minutes and password Lock after 15 minutes.

Thanks

Maykoll

Surface Pro - WMI filter

March 27, 2013, 10:38 am
$
0
0

Hello,

Is there any way to identify Surface tablets via. WMI filters? If not WMI, is there another way? I have some specific GP settings I'd like to apply to only our Surface tablets.

Thanks,

Greg

Search

GPO overriding local policy SQL service credentials

October 30, 2014, 11:22 am
$
0
0
I have several networked domain pc's (Win 7) running a proprietary application that requires the use of SQL Express instances to communicate with the central database.  I have the local SQL services (SQL Server (SQLEXPRESS)) logging on as account: NT SERVICE\MSSQL$SQLEXPRESS with secure credentials for the particular database.  When I freshly enter the credentials into the service, start the service and then start the application, everything works fine.  I can reboot, shut down (for a short period, say 30 minutes), log off etc.no problem  But when I leave the pc alone overnight (without the use of the application) or the application freezes forcing the pc to be shut down (for com port resets), the user gets an error due to the service not starting.  When I check the event viewer, it says service failed to start due to logon failure.  When I open the services to start the service, I get an error that the service could not start due to incorrect credentials.  I then have to re-enter the credentials at which time the service has a popup that says "The account NT SERVICE\MSSQL$SQLEXPRESS has been granted the Log ON As A Service right." and everything is fine (for a while).  I've come to the conclusion that there is a GPO setting changing the credentials (for reasons yet unknown) that is overriding the local policy settings and either obliterating the password (because that is all I have to change) or corrupting it.  HELP!!!  I have no idea where to look for such a policy change or what to do with it when I see it.

GRB

How to remove IE Mainenance GPO settings after upgrading to IE10+

November 5, 2014, 10:37 am
$
0
0

We have several GPO settings that were configured using Internet Explorer Maintenance.  We have recently upgraded to IE10 and now those settings are inaccessible for edit/delete since installing IE10 on the server removes the IE Maintenance option in GP Management.  However, if you look at the GPO settings tab, you can still see the settings defined.  How do I remove these settings now?  Do I have to build a machine that is < IE10 just to remove these settings?

Thanks,

Eric

Applying a GPO to a site rather than an OU

November 7, 2014, 8:49 am
$
0
0
What are the benefits and disadvantages of applying a GPO at the site level vs applying it to an OU? I can't seem to find much info about this. From what I understand, GPOs at the OU level have precedence over those at the site level. That sounds like the GPO at the OU level would take into effect and override a conflicting GPO at the site. Is that correct? Any input or clarification on this would be greatly appreciated. 

Create a GPO using command line

November 7, 2014, 3:24 pm

Unable to use Migration Table in Local Users and Groups

November 7, 2014, 4:33 pm
$
0
0

Hello,

I have 2 different domains: Domain1.local and Domain2.local

I created a GPO in Domain1.local that changes a domain users's (John) name and password using GPP "Local Users and Groups".

And I want to backup this GPO and import to my second domain. 

For this purpose I tried to use Migration table. Firstly I exported GPOs from Domain1.local (http://www.dell.com/support/article/au/en/audhs1/SLN283245/en) and then I imported this GPO to Domain2.local (http://www.dell.com/support/Article/au/en/audhs1/625554/EN).

But this is not worked. I tried "Free TEXT or SID" option and "User" option while exporting from Domain1.local.

I also used "Populate from GPO" option, but any record was populated.

So I used "%DomainName%\John" while adding username. And it worked.  But I want to use Migration table. What am i doing wrong while creating Migration Table?

Regards



Viewing all 19997 articles
Browse latest View live
Search