Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Error when adding shared printer to GPP

July 2, 2013, 10:39 am
$
0
0

I'm creating a new GPP for shared printers. This is on Server 2012 I've done this several times before and have never run into this problem. I added 2 printers with no problem but when I try to add the third I get the error "The object selected does not match the type of destination source. Select again. I tried deleting the printer and re-adding it but I get the same error.

Anyone have any idea what is going on and how to fix it? Like I said, I've created GPP for printers several times before and have not run into this problem. I tried searching for the error but haven't found anything helpful.

Jonathan

Search

Best way to filter a GPO

December 11, 2014, 12:36 pm
$
0
0

Hi

I wonder if someone could advise on the best way to filter a GPO, mainly from a performance point of view.

The majority of our estate is Windows 7 currently, although we are going to start rolling out some Windows 8.1 devices and then probably following that Windows 10 for testing. We have a few pieces of software which we don't want to deploy to an OS above Windows 7.

I realise there are 2 ways I can achieve this, either Security Filtering or WMI filtering - which would be the recommended way with the least performance impact, a WMI filter or adding all Windows 8 machines to a Security Group and filtering on that until the balance tipped the other way?

Wmi filter which I was going to use is simply:

SELECT Version FROM Win32_OperatingSystem WHERE Version < "6.2"

Thanks in advance


mic not working on my pc

December 11, 2014, 2:33 pm
$
0
0

so i have this headphone with mic and suddenly it has stopped working at all. (it kinda didnt work well before, i had to plug it in certain way lik eplugging mic on the headphone first and than plug to pc and yes my mic comes out).   I tried with my other computer and works perfectly fine.

i use realtek.  the computer recognize the mic but no sound would go through.  like in the sound option i can c mic and same as the realtek config thingy too.

i tried many ways but wouldnt just find a way it to work.

using windows 8.1.

oh and found if i plug it as usb the mic works but cant hear sounds... (my head phone has both usb and 3.5mm? jacks)  but if i use usb it makes constant high pitch noise.

my headphone is connected to front side and I also have speaker connected to rear side of my pc.

dont know what other information i need to put in and thnx in advance

PS i did not mean to post this on windows server> group policy... it did automatically... how do i move my post?

Migration of users and computers to new child Domain in same Forest

December 10, 2014, 8:06 pm
$
0
0
Question Hi,

We are migrating one business unit from one child domain to new created child domain in same forest. My query here is since that business unit has already being applied GPOs in existing domain. GPO,  for an example of wallpaper is applying. how can i retains those GPOs which have made entry in user profile or computer in existing domain to new domain.

Thanks..

Upgrade IE 8 to IE 9

December 11, 2014, 8:30 pm
$
0
0

Hi,

I am planing to upgrade my IE 8 to IE 9 through my domain 2012 server all client pc are mixed with win 7 32 bit& 64 bit,kindly suggest me your options.

Remove Icon Explorer Windows 8.1

December 12, 2014, 12:55 am
$
0
0

Hi , i want  remove everything exceptFavourites link in explorer menu.

Image :

Whatregistry keysI have tochange?
thanks

how can i disable network discovery

December 9, 2014, 1:21 am
$
0
0

i have domain with windows server 2008 and some pc's with windows 7

how can i disable network discovery from this pc's using group policy from domain

assign mapping drive through GPO

December 8, 2014, 8:51 am
$
0
0
<p></p><p>We have a simple domain with forest level is 2003 and domain function level is 2008, all domain controller is 2008 R2. workstations are windows7 professional. </p><p>We are tring to assign mapping drives through GPO,&nbsp;user configuration, prederence, windows settings, mapping drive.&nbsp;&nbsp; How ever, half of the users does not get the drives,is there any reason why this GPO does not work? </p><p><img alt="" src="https://social.technet.microsoft.com/Forums/getfile/576324" />s not work? </p>
Search

Scheduled Task GPO - ms14-025

December 12, 2014, 3:06 am
$
0
0

So we've finally figured out why a whole bunch of our Group policies aren't working.

MS14-025. 

We set a fair few scheduled tasks via GPO. Now we can't. Are there any alternatives short of uninstalling this update?

The main problem we have at the moment is a Scheduled shutdown task that runs at 6,7,8,9,10pm that runs regardless of who's logged on as a different user.

Logged on users have an override they can use to stop it happening.

Now we can find other ways to make it shutdown, just not that are user interruptible.

AppLocker blocks App-V applications

December 12, 2014, 3:17 am
$
0
0

Hello all

I have the following problem. I implemented AppLocker. When I try to open an App-V package on the client, I get the error that the program is blocked by poliy. The location of the app-V package is C:\users\<username>\AppData\Local\Microsoft\AppV\Client\.

I tried to add the following rule to AppLocker: allow pathrule %username%\AppData\Local\Microsoft\AppV\Client\*. But AppLocker won't accept the systemvariable %username%.

Is their a other solution to allow app-v packages?

Thanks for the help.

security prompt

December 12, 2014, 4:56 am
$
0
0

so we're trying to run a .bat file across the network and we get the annoying prompt, "we can not verify the file. Do you still want to run this file"

we do this from the dfsn path \\domain.local\share\share

using policy I add file://*.domain.local to my intranet zone

did not change anything

however if I right click and run as administrator it does not prompt. However most our users are not admins.

Note: UNC is also set to never.

Now I know that it is not best practice to disable this prompt but real world is that 100% of the time users say "open" anyway and it is only done from the Intranet zone.

Is there a group policy to turn off this security warning prompt? I gets lots of complains.

Thanks

Applying Domain controller policy to only one DC on a domain

December 12, 2014, 4:25 am
$
0
0

We want to apply the Microsoft supplied group policy "MSFT Windows Server 2012 R2 Domain controller Baseline" to only 1 out of our 6 Server 2012 R2 Domain controllers. This server is also set-up as an RODC and is in a DMZ hence hardening.

Some of the settings within this policy would seem to be applicable to a domain rather than an individual server (DC), even though they are listed under "Local Policies".

The following are only some examples, there may be others.......

Computer Configuration, Policies, Windows Settings, Security Settings, Local Policies/Security Options, Other

  • Domain member: Digitally encrypt or sign secure channel data (always)
  • Microsoft network server: Digitally sign communications (always)

Computer Configuration, Policies, Windows Settings, Security Settings, Local Polices/Security Options, Domain Controller

  • Domain Controller: LDAP server signing requirements - Require signing

Computer Configurati......, Local Policies/Security Options, Network Security

  • Network Security: Minimum session security for NTLM SSP based (including secure RPC) clients (and Servers) - Require NTLMv2 session security and Require 128-bit encryption


My question is - If we apply this group policy to one DC only, will it affect any other Domain wide communication e.g. PCs to other DCs, Member servers to other DCs, DCs to DCs etc? I understand that after policy application, the DC may not function properly and we will need to test it and potentially relax some of the settings but we cannot afford to risk the rest of the domain from being affected. We are particularly concerned with the forcing of Digitally signing or encypting communications.

Can anyone help?





Exchange 2013 - Deploy default Outlook profile from GPO to Outlook 2013 and 2010

December 12, 2014, 6:02 am
$
0
0

Hello everyone,

First of all, thanks for taking a look at my post. I've done a bit of research and deploying a default profile for Outlook 2010 running Exchange 2010 seems pretty straightforward. Customize the profile with the OCT and then deploy using a script. My problem at the moment is that we're using Outlook 2010 on many of our computers but we have upgraded to Exchange 2013. I've customized my profile but am unable to connect to the server do to it using a specific GUID per user.

Is there any work around for this? Essentially my objective is to have users connect to terminal servers and their outlook is automatically configured for them. Maybe I'm looking in the wrong place so really any suggestions would be appreciated.

Thanks,

Server 2008 R2 does not show Internet Explorer 10/11 Group Policy options

December 11, 2014, 9:23 pm
$
0
0

Hello,

I have a Windows Server 2008 R2 server that has IE11 installed. I am attempting to create a GPO to control Proxy settings for IE10/11 clients, however, when I go to User Config>Preferences> Control Panel Settings> Internet Settings and Right click, I do not see an option for IE10, only IE5 and 6, IE7, and IE8. 

I have downloaded and installed the Administrative Templates for Internet Explorer fromhere, and followed the installation instructions, but still, the option does not show up. I have ensured that all the latest Windows Updates are installed on the server, and rebooted the server a couple times. 

What am I missing here? 

Thanks in advance.


Windows 8 / IE11 forget proxy settings applied by GPO on reboot

December 12, 2014, 8:01 am
$
0
0

I've just about run out of ideas here on what may be causing this. I've toyed with policies quite often, but never ran into this problem before.

Windows 8 with IE11. While there are GPO's active on the system, the settings are kept free to alter by the user if need be. We use a proxy, so I'm required to provide the proxy and the exceptions in a policy to the PC's to make sure they work under normal conditions. I added a couple of settings in the GPP (Group Policy Preferences) with the correct settings, enabled these settings (green lines) and tested these on a test system. They work fine, I get my proxy settings pushed through.

Then we get to the rollout on the systems that are affected (not that many, just 10 accounts total, all in nearby rooms). I can run a gpupdate /force to reload the settings, and can confirm the proxy settings are applied properly. So the policy itself seems sound also on the workplaces it needs to be active on. Users still have the option to change the proxy settings on their own discretion, but that's exactly what we want to happen.

Now we run into the problem that when part of these PC's are rebooted, the PC somehow seems to decide the proxy isn't worth its time anymore, and kills all settings for the proxy back to default. Either that, or it just switches the proxy off. Running a gpupdate /force reapplies the policy and everything starts working again, but WHY is Windows 8 / IE11 adament about forgetting these settings?

The really maddening thing is that on a couple of PC's with Windows 8 and IE11 (and the same policies applied) it isn't a problem and the proxy remains filled in, as I would expect from GPO's. These include my test system, which makes me unable to replicate the problem and test locally.

I've tried enhancing the policy with using a forced wait for the network to become available) aswell as a forced logonscript run on boot instead the standard 'after 5 minutes'. Find these under 'Computer Configuration - Policy - Administrative Templates - System - Logon' and 'Computer Configuration - Policy - Administrative Templates - System - Group Policy'. Neither setting seems to work tho. I've also tried going with a Computer Configuration Startup script in which I just request to run 'gpupdate' with the '/force' as the switches. But this also seems not to do anything.

In short: Does anyone know why Windows 8 / IE11 falls back to something outside the scope of policies, while it accepts the forced policy update with the correct settings when 'gpupdate /force' is issued manually afterwards? And has anyone any idea what I can do to make sure the policy is applied regardless of what Windows 8 / IE11 thinks it should be?

Search

Drives and printers can be connected manually when needed logon script is aborted

December 12, 2014, 11:17 am
$
0
0

Hi All,

Could anyone help me with the issue "the computer is not in the location network (Domain) drives and printers can be connected manually when needed logon script is aborted"

Thanks

Atul Srivastava

Software Deploy Group policies are not working at remote site

November 6, 2014, 2:05 pm
$
0
0
I currently have 3 domain controllers in my environment. 2 (DC1 & DC2) are at my main site (Site A) and 1 (DC3) is at my remote site (Site B).  When the network link between Site A and Site B is taken down users that log into remote Site B (locally) are not receiving the group policies that deploy software.

"gpresult /R" shows the deploy software policy is applied, but the software is not installed.
No errors in the event log.

The source for these software installs is my DFS which IS accessible at Site B when the link is down, as is the NETLOGON and SYSVOL directories.

All FSMO roles are at DC1. All domain controllers are Windows 2008 R2.

What am I missing here?

Joshua

Exporting importing GPO's

December 13, 2014, 4:09 am
$
0
0

Hello Everyone,

The below question has been asked a lot but I haven't found an answer which satisfies me.
Could someone please help me on the following:

I have several customer who don't have any relationship which eachother.
I am just an IT guy working in a small to medium business creating almost the same policy over and over.
After creating the same polices day in and out I thought there must be an easier way.

Is there a way to export a gpo to a file and copy it over to a completely other forest/domain which don't have any relationship and import the GPO. ( this gpo only has simple settings like enable rdp and nothing specific like folder paths etc. )

If so, can someone please tell me of how to do this?

Many thanks in advance.

Andre

Exporting importing GPO's

December 13, 2014, 4:10 am
$
0
0

Hello Everyone,

The below question has been asked a lot but I haven't found an answer which satisfies me.
Could someone please help me on the following:

I have several customer who don't have any relationship which eachother.
I am just an IT guy working in a small to medium business creating almost the same policy over and over.
After creating the same polices day in and out I thought there must be an easier way.

Is there a way to export a gpo to a file and copy it over to a completely other forest/domain which don't have any relationship and import the GPO. ( this gpo only has simple settings like enable rdp and nothing specific like folder paths etc. )

If so, can someone please tell me of how to do this? The server I am using is server 2k12 R2

Many thanks in advance.

Andre

How to find all changed GPO's?

December 14, 2014, 3:19 am
$
0
0

We're running AD level 2008 R2. I have a default GP setup for each OU. I'd like to search each GP and find ANY changes made. I can open "All Settings" under User and Computer Configuration, but that doesn't show me the changes to Preferences.

How can I get "All Settings" that covers everything under my default group policies?

 
Viewing all 19997 articles
Browse latest View live
Search