I am having real issues with our SRP
It works great for all except webex and gotomeeting
It seems almost every time a user tries to join a meeting the launcher is trying to run from a different location
Is there a way that I can tell SRP to allow an application no matter where it runs from?
Thanks
WP
Hi,
I am looking for a way to prevent users from running powershell on a terminalserver.
I have found some threads where people reccomend using AppLocker to prevent this.
The problem is, that we have several login scripts which still need powershell and they won't work if we use AppLocker to deny powershell.exe
Has anyone a solution to this?
Kind regards
Hello,
I currently have both Server 2003r2 and 2008r2 Domain Controllers running my production environment with a mix of Windows XP and Windows 7 clients. I want to make a GPO that allows me to set a default homepage for Internet Explorer versions 8 through 10.
Side note: Does it make a difference if some of my Windows 7 machines are Virtual Desktops and others are Physical Desktops? They both have their own OU's in Active Directory.
Any help would be greatly appreciated. Thank you.
I manage two domains (separate forests). One, our DMZ, is fine. The other, our primary domain, is missing the following group policy object:
Computer Configuration | Windows Settings | Security Settings | Public Key Policies
There are a lot of other contents in the "Security Settings" location, but the one I need is missing. Both domains are running on (4) 2008 R2 domain controllers and at a 2008 R2 Functional Level. I've tried running GPE from multiple machines (DCs and workstations) and it still is not shown. I have Domain Admin rights as well so unless it needs Enterprise admin rights, that shouldn't be an issue.
Chris
I am trying to prevent the addition of printers on domain computers in Devices and Printers. I do not want the Add Printers Option to appear. I have Windows 8.1 computers. In group policy I have set User Configuration\Administrative Templates\Control Panel\Printers\ Disable the addition of printers to enabled and set User Configuration\Administrative Templates\Control Panel\Printers \Browse the network to find printers to Disabled.
I have also set Computer Configuration \ Administrative Templates \Printers\Add Printer Wizard - Network scan page (Managed networks) to disabled
and Computer Configuration \ Administrative Templates \Printers \Printer browsing to disabled.
However, on the computers even after I do a gpupdate \force, the Add a printer option is there and when I click on it I can browse all the printers in AD. I only want printers to be installed via Group Policy. I do not want users to be able to add network printers. I've rebooted, made sure all updates are applied but I'm still at a loss.
Hi I am trying to redirect the start menu in group policy but so far it does not work, I am redirecting it to a share where domain users have permission to read. I have laid out the folder like the default start menu but still does not work, I would be very appreciate if someone new how to fix this 'bug'
Thank You
Up until my current company, I have always used login scripts in Active Directory to get the mapped drives to users. My current company uses a group policy to map the drive. Is one way better than the other?
All users get mapped the same drive, so there is no variations or a different script per user that I would need to build/run. I am moving our DC to a virtual soon and that would be my chance to change the method if needed.
Thanks for your input!
Hi Experts,
i have strange issue, users are unable get the policy applied after investigating found out that the default domain policy is missing on dcs in one site, i have checked further for any events relation to journal wrapping to no avail, client pcs recwiving this error below:
The processing of Group Policy failed. Windows attempted to read the file \\mydomain\SysVol\mystrange thing is that the replication is working, but only the sysvol replication not working, can someone please advice
OS: Windows 2012 R2
Hello,
About 6 months ago we migrated from DC's running Windows 2003 R2 to Windows 2012 R2. At that time we raised our domain functional level to "Windows Server 2008 R2"
I am trying to audit my Group Policy and have found a problem I am unable to explain. I have installed RSAT tools on my local workstation, and I have been using it to view group policy to perform my audit. Everything was going fine until I came across:
"Default Domain Policy"
Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities
However when I attempted to edit the policy to look at the settings, nothing is there, the certificate is just missing.
Furthermore, when I look in the Group Policy Management on the DC, It does not even show "Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\TrustedRoot Certification Authorities"
Can anyone explain to me the following:
1. Why does my local workstations RSAT tools show settings that are not reflected on the DC?
2. Why is my RSAT tools showing settings on a certificate the does not exist? Is it because there used to be a cert there when we were using 2k3 domain controllers, and the cert wasn't migrated?
3. How can I fix this so that my RSAT Group Policy Manager on my Workstations is synched with my Domain Controllers?
Thank You in advance for any assistance.
P.S. I had several pictures setup that made the explanation of all this much easier, but I was not allowed to add them because "Body text cannot contain images or links until we are able to verify your account."
Hi,
As soon as I (administrator on my PC) logon to Windows 7, I get a message saying that the Group Policy Client service failed to start. I'm not sure why I'm getting this error even though the dependencies are very much up and running..
Below is the error message I get in the notification area as soon as I logon
Failed to connect to a windows service
Windows could not connect to the Group Policy Client service. This problem prevents stndard users from logging on to the system.
As an administrative user, you can review the System Event Log for details about why the service didn't respond.
hello all
i have a number of terminal 2012r2 terminal servers with XenApp 7.5 installed. policy setting are applied using loopback/replace as normal. machine settings apply consistently but sometimes ALL the user settings fail to apply ?.
wondered if there are any 2012 patches that might address this ?. also what is the best way to log gpo processing with 2012r2 ?
thanks
dave
dsbrown
Hi
I'm looking to reset in bulk AD user account passwords. I have this script:
#
# Script: ResetPwd.ps1
# Description: Reset the password for bulk number of users, and
# set the property to change passwrod required at next logon
#
# Written by: Anand Venkatachalapathy
#
Import-Module ActiveDirectory
# Set the default password
$password = ConvertTo-SecureString -AsPlainText “AwesomeP@ssw0rd” -Force
# Get the list of accounts from the file on file
# List the user names one per line
$users = Get-Content -Path c:\MyScripts\UserList.txt
ForEach ($user in $users)
{
# Set the default password for the current account
Get-ADUser $user | Set-ADAccountPassword -NewPassword $password -Reset
#If you need to set the property “Change password at next logon”,
#leave the next alone. If not, comment the next line
Get-ADUser $user | Set-AdUser -ChangePasswordAtLogon $true
Write-Host “Password has been reset for the user: $user”
}
# ————- End ———–Credit: http://anandthearchitect.com/2014/02/27/active-directory-bulk-user-password-reset-by-powershell/
This works, however it only lets me set each password to be the same. I'd like to have a second column in a source .csv which lists a unique password per user and have the script change the password as per the file. Can anyone assist with the necessary changes to the above? My experience with Powershell is very limited.
Any assistance is very much appreciated.
Paul
I learned how to deploy office via GPO from the following tutorial:
https://www.youtube.com/watch?v=dYPbFyLH66k
In a nutshell, it had me use the OCT to make a custom file and ran it using a batch file that was added to the startup scripts in a GPO. However, the batch file basically is written to first check if office is already installed and then proceed if it isn't.
This works great for situations where I am starting from scratch. But I was wondering if there is a way to customize this approach to ADD a missing office feature to an existing office installation.
For example, most computers have Word installed. Now I have the need to add Outlook to all computers in addition to Word. Is there any way to have a GPO or script ADD a missing office feature onto an existing office installation? And do it silently, out of sight of the users?
I tried forcing the original script to run by disabling the check to see if office was preinstalled, but this simply caused the Office Add/Remove wizard to popup where I then had to install it manually.
I imagine there must be someway to silently access/use/manipulate that Add/Remove features Wizard that office uses.
Thanks for any help!
Hi,
I have enabled read write restriction for a group of users, if a user from this group is to log onto a win 8.1 system or Windows 7 system and tries accessing a USB drive it says access
is denied, however if the same user logs onto a Windows server 2008 R2 system under the same domain he is allowed to access the USB drive even-though all the registries are updated and policies are applied , why may this be happening?
My domain controller is a Windows Server 2012 R2 machine.
Hello,
how can I check who had changed GPO Settings?
Hi folks!
Is there any way to automatically remove legacy or redundant settings from a GPO.
For example (specifically in fact) remove the IE settings, that up until IE8 were rolled out via Policies > Windows Settings > IE Maintenance. I have other settings as well, Admin Templates for Outlook 2002 that are showing and I want them gone too.
I'm just doing basic housekeeping, and the OCD in me doesn't want two places where the settings show in the GPO settings tab in the GPMC. I am also just trying to make it easier for the IT dept to be able to manage on their own, if I am out of the office for any reason.
Apologies if this is an easy one, but I can't find anywhere that actually allows me to remove settings from a GPO following a domain upgrade (2003 to 2012), only to remove entire GPOs.
Cheers!
Andy
xp clients seem to be fine and map all printers at logon. The 2k8 servers all hang at logon for 30min or more at the Applying Group Policy Printers Policy. The print server is a DC in the same domain and it does not experience the issues at logon and gets to the desktop immediately.
I have few User/computer group policies (with loopback) which are not getting applied after servers are rebooted, if I run gpupdate/ force it will apply those policies right away or it will apply on its own if I let it sit for 90 mins. I am not able
to find error in eventlogs. What is the next step I can try to figure out the root cause?
I do not have any filtering for this policies.
Other policies in that OU works fine.
I created a bat file to map network resources as network location. This bat file will run at user logon. I tested to run bat file and to test it with local gpo and it worked fine. the same setting, now I set it up on domain gpo and it does NOT work. PC is part of domain and test account has admin rights to local PC.
I even set 'Always wait for the network at computer startup and logon' but it does NOT help.
I ran GPResult and that gpo I created does not apply. Other GPOs applied fine.
What do I miss in this one? any help is appreciated, thanks.
This is my bat file and it is located on domain controller.
@echo off
xcopy /v /y \\servername\sharename\subfolder\*.* %userprofile%nethood
END
Thang Mo