Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

AppLocker blocks App-V applications

December 12, 2014, 3:17 am
$
0
0

Hello all

I have the following problem. I implemented AppLocker. When I try to open an App-V package on the client, I get the error that the program is blocked by poliy. The location of the app-V package is C:\users\<username>\AppData\Local\Microsoft\AppV\Client\.

I tried to add the following rule to AppLocker: allow pathrule %username%\AppData\Local\Microsoft\AppV\Client\*. But AppLocker won't accept the systemvariable %username%.

Is their a other solution to allow app-v packages?

Thanks for the help.

Search

Additional Languages via Group policies?

December 17, 2014, 8:51 am
$
0
0

I've searched around with no luck.

Is there a group policy option that sets multiple usable languages via the language bar in the bottom right (i.e Russian and English).

Googling it returns a number of threads from 2012 shouting PERFORM THESE REGISTRY EDITS. Though if possible, I'd prefer a built in option over directly editing the registry/running scripts.

GPO To Enable Memory Dump

December 17, 2014, 8:13 am
$
0
0

I am looking for the location of the GPO to enable full memory dump.

We can manually enable it, but it is being overwritten.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl

"CrashDumpEnabled"=dword:00000001

Please Help

Microsoft Security Updates

December 15, 2014, 10:33 am
$
0
0

I would like to block a particular MS security update, KB3008923. How do I do that using GPO? Or is there a betting way?

Please help!!

Thank you,

Jason

Roaming profile & folder redirection

December 18, 2014, 4:52 am
$
0
0

Hi 

I am facing challenges in applying Roaming profiles & folder redirection on Windows 2012 Remote desktop servers. I am planning to use it for VDI.

--------------------------------------------------------------------------------
Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.  DETAIL - The handle is invalid.
---------------------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------------------

Failed to apply policy and redirect folder "RoamingAppData" to "\\Share\user2\AppData".
 Redirection options=0x1210.
 The following error occurred: "Can't create folder "\\Share\user2\AppData"".
 Error details: "Invalid Signature.
".


---------------------------------------------------------------------------------------------------

Thanks.

Adding newly added users to a security group

December 18, 2014, 1:11 pm
$
0
0
Is there a way to add new users automatically to a specific security group using group policy?

Central Store ADMX/ADML Files MUI language

December 16, 2014, 5:50 am

Group Policy Backup failed

November 27, 2014, 2:29 am
$
0
0

GPO Complete backup is failed, tried single GPO backup too.

The Error message is shown below,

GPO: Admin IT...Failed

The specified server cannot perform the requested operation.

Search

Central Store ADMX files update recommendation for Windows 8.1

December 16, 2014, 5:42 am
$
0
0

I would like to update the "Central Store" with the latest ADMX file to support test computer with Windows 8.1 Update.
The network contains Windows 7 on production and some Windows 8.1 Update are on a test phase.

In the following KB article : http://support.microsoft.com/kb/2917033
Microsoft recommend that you keep the central store with the Windows 7 or Windows Server 2008 R2 ADMX templates
and use a Windows 8.1 like a GPMC console to manage GPO for Windows 8.1.

Why ?
Does anyone know the reason?
Is there any incompatible issue between ADMX file for Windows 7 and ADMX Files for Windows 8.1?

Regards,

-Misch-

WMI Filter permission root\RSOP\Computer

December 19, 2014, 4:08 am
$
0
0

Hi

I have a user folder redirection policy and only want it to run on computers in certain OU's.  I've got this WMI query in namespace root\rsop\computer

Select * From RSOP_Session Where SOM = 'OU=Desktops,OU=Unit 15,OU=PH UK,DC=DOMAIN,DC=local' OR SOM='OU=Desktops,OU=Unit 16,OU=DOMAIN,DC=ph-hq,DC=local'

It returns false for machines that should be true.  I think I have found the problem, and its that the standard user doesn't have the rights to read from root\rsop\computer

They can read from root\CIMv2 and if I put the user in local administrators group root\rsop\computer query works

How do I grant read permission to root\rsop\computer for standard users and would like to do this globally.

2012 R2: Confusing "Last process time" entries in GPMC

December 19, 2014, 6:13 am
$
0
0

Have a server that did not update the WSUS GPO settings that have been configured three weeks earlier. "gpupdate /force" applied the new settings immediately. There is not any GPO error logged in the eventlogs of the server.

Trying to find the cause for this error without success.

But when checking a completely different environment, the GPMC console display confusing results as well:

Any advice, why the GPMC Console says that "security" in the example above is processed a week ago, but when clicking on "View log", the log tells that the next processing should occur 107 minutes later?

Thank you in advance for any hint.

Franz

Deny user based policy for a specific computer

December 16, 2014, 12:51 pm
$
0
0

I have a user based policy that deploys software for specific users when they log in to their Windows 7 workstations.  
Some of these same users also have login access to a test server.  I am trying to prevent the software deployment policies from being processed when users login to this test server.  I have denied the 'read' and the 'Apply group Policy' security settings to the test computer, but since it is a user based policy I believe these computer level denies are being ignored.  

I have looked into loopback processing but I cannot grasp how it would fit in to my environment.     Do I enable the loopback processing in the same policy that deploys the software?  

Any suggestions?

Windows 8 / IE11 forget proxy settings applied by GPO on reboot

December 12, 2014, 8:01 am
$
0
0

I've just about run out of ideas here on what may be causing this. I've toyed with policies quite often, but never ran into this problem before.

Windows 8 with IE11. While there are GPO's active on the system, the settings are kept free to alter by the user if need be. We use a proxy, so I'm required to provide the proxy and the exceptions in a policy to the PC's to make sure they work under normal conditions. I added a couple of settings in the GPP (Group Policy Preferences) with the correct settings, enabled these settings (green lines) and tested these on a test system. They work fine, I get my proxy settings pushed through.

Then we get to the rollout on the systems that are affected (not that many, just 10 accounts total, all in nearby rooms). I can run a gpupdate /force to reload the settings, and can confirm the proxy settings are applied properly. So the policy itself seems sound also on the workplaces it needs to be active on. Users still have the option to change the proxy settings on their own discretion, but that's exactly what we want to happen.

Now we run into the problem that when part of these PC's are rebooted, the PC somehow seems to decide the proxy isn't worth its time anymore, and kills all settings for the proxy back to default. Either that, or it just switches the proxy off. Running a gpupdate /force reapplies the policy and everything starts working again, but WHY is Windows 8 / IE11 adament about forgetting these settings?

The really maddening thing is that on a couple of PC's with Windows 8 and IE11 (and the same policies applied) it isn't a problem and the proxy remains filled in, as I would expect from GPO's. These include my test system, which makes me unable to replicate the problem and test locally.

I've tried enhancing the policy with using a forced wait for the network to become available) aswell as a forced logonscript run on boot instead the standard 'after 5 minutes'. Find these under 'Computer Configuration - Policy - Administrative Templates - System - Logon' and 'Computer Configuration - Policy - Administrative Templates - System - Group Policy'. Neither setting seems to work tho. I've also tried going with a Computer Configuration Startup script in which I just request to run 'gpupdate' with the '/force' as the switches. But this also seems not to do anything.

In short: Does anyone know why Windows 8 / IE11 falls back to something outside the scope of policies, while it accepts the forced policy update with the correct settings when 'gpupdate /force' is issued manually afterwards? And has anyone any idea what I can do to make sure the policy is applied regardless of what Windows 8 / IE11 thinks it should be?

Windows Firewall indound icmp packets drop

December 19, 2014, 9:08 am
$
0
0

Hi, we have enabled icmpv4 traffic with a local firewall inbound rule in a gpo and we still having ping drops.  Is there another value somewhere that we could disable in our setup.  It seems like a protection coming from the windows server 2008 and for no specific reason it blocks the traffic.

The ping comes from a load balancer linux base machine.  We have created another test rule that is opening all ports and all protocol coming from that ip address and we get the same behaviour. 

We know if we restart the server it will let the ping go through again with no problem but for a relatively short period of time.

Carl R.

Thanks


Server 2012 Changing the Local Administrator Password with GPO

November 8, 2012, 2:58 pm
$
0
0

Using preferences – Control Panel Settings – Local Users and Groups does not appear to work for the Server 2012 built-in Administrator account. When I force the GPO I get the following error message in the application log.

The computer 'Administrator (built-in)' preference item in the '2012ServerLocalAct {1A18ACB2-A2FC-4BB3-81A9-7C4564132ED9}' Group Policy Object did not apply because it failed with error code '0x8007055b Cannot perform this operation on built-in accounts.' This error was suppressed.

I am able to make changes to the Guest account.

Any suggestions for Server 2012?

Search

Install MSI using Group Policy Management

December 17, 2014, 5:17 am
$
0
0

Hi Friends

I'm trying to install my Outlook Plugin MSI using Group policy management. But Its not working for me. I get help from this URL.

https://www.youtube.com/watch?v=jXAz6vrWMP0

Is there anything additional I need to do to work this? In my client machine or server....?

Thanks

Bobbin

Creating a DNS Record for a Host with Two or More IP???

December 16, 2014, 10:49 pm
$
0
0

Can we create DNS A Record for a Host with Two or More IP ... ( we like to use my website  "mysite.com" pointing to two Ips )

Please help...

server 2012 habilitar modificar directivas de grupo local

December 18, 2014, 7:41 am
$
0
0

Buenos días,

Tengo un equipo con Windows server 2012 que no es controlador de dominio, cuando ingreso a las directivas de grupo local quiero cambiar la directiva de bloqueo de cuenta pero esta deshabilitado.

Que tengo que hacer para que se habilite la modificación de estas directivas.

Muchas gracias la ayuda.

Change Local Administrator Password thru GPO

August 9, 2008, 11:10 am
$
0
0
Is there a way that thru GPO, all Local Administrator password will be changed?

Unable to delete gpo link to an OU using C#

October 22, 2014, 2:42 am
$
0
0

Hi,

I have c# .net windows application (vs2010). I am working on Active Directory GPO link and Unlink to an OU.

To link a GPO with an OU I used GPMGMT.lib and it is working below is the code

GPMGMTLib.GPM gpm =null;
          
                 gpm = new GPMGMTLib.GPM();

                GPMGMTLib.GPMConstants gpc = (GPMConstants)gpm.GetConstants();

                GPMGMTLib.GPMDomain gpd = (GPMDomain)gpm.GetDomain(strdomain, "", gpc.UseAnyDC);

                GPMGMTLib.GPMSearchCriteria searchOBJ = gpm.CreateSearchCriteria();

                searchOBJ.Add(gpc.SearchPropertyGPODisplayName, gpc.SearchOpEquals, strGPO);

                GPMGMTLib.GPMGPOCollection objGPOlist = gpd.SearchGPOs(searchOBJ);

                GPMGMTLib.GPMSOM gpSom = gpd.GetSOM(strOU);

                gpSom.CreateGPOLink(-1, objGPOlist[1]);

     But I am unable to delete link between GPO from an OU.

     After searched in google got information saying add gpedit.dll which contains DeleteGPOLink method.

       When I am trying to add reference it is giving me an error message saying

     "A reference to C:\windows\system32\gpedit.dll could not be added. Please make sure that the file is accessible, and that it is a valid assembly or COM component".

   Could anyone suggest me how to unlink a GPO from an OU with an example.

    Many Thanks in Advance.

Govind

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>