Dear all,
I want to use Pismo Mount Audit package to install a Microsoft Office 2003 ISO image to a new computer. But I don't want to install Pismo Mount Audit on the new computer but use it from the server (a Windows 2008 R2 server). I'm guessing this has something to do with GPO but I still don't understand how to apply?
Or can I install it on the server and through the file explorer start the software on the server?
Thanks for any help!
Nitman
Hi All,
This was an accidental discovery, but here's my dilemma. I have a site with 2 domain controllers(Windows 2008 R2), and if I shut down my second domain controller, when I try to open the Group Policy Management Console on the 1st domain controller, it fails to open and I get the following error, "The specified domain either does not exist or could not be contacted" with 3 options to "retry", "choose another domain controller", or remove. If I go to chose another domain controller and select the 1st domain controller it still fails. Unless the 2nd DC is turned on, I have no issues opening the GP management console. Not sure, why this is happening, I've done it in the pass without issue.
Any help would be appreciated.
Thanks
Hi all,
I would to recreate a user profile that is utilizing Folder Redirection. What I would like to do is have the user log back into their computer and have their profile to be recreated. I don't want any of the existing data to be copied over, I just want to them to log in and have the system recreate the folder redirection, as if they were a new user logging in for the first time. We redirect the AppData, My documents, and desktop only. It's a windows 7 system as well. What's the best way I can accomplish this?
Thanks
I have 700 windows xp machines in a retail environment that I am prepping to swap out with Windows 7 machines. These xp machines are joined to our domain, and fairly locked down via group policy. I am in the process of putting together our new Windows 7 image and building the group policies. Our goal is to maintain as much of the same look and feel that we have with our Win XP machines for this application.
That being said - I have enabled Windows Classic theme (by leaving UserConfiguration > Administrative Templates > Control Panel > Personalization > Force a specific visual style or force Windows Classic blank). This seems to work just fine. I have the expected results for background, start menu, window appearance. What is confusing me is - my mouse somehow got set to single click. I do not want this. It seems to have happened with turning on windows classic?? I haven't been able to find a GPO or GPP (or registry hack, for that matter) to turn it off.
I look in Explorer > Folder and search options > Click items as follows - Double-click to open an item is the radio button that is marked active. I was able to set my staging user (non admin level) to a local admin, re-login, click Single click
to open an item --> click apply --> click double click to open an item --> click apply and ok. Now things are as I want them. It seems that by manually making this change it does the trick. I won't have this luxury in the field.
Any input as to a workaround or what is actually going on would be greatly appreciated.
Thanks
sb
Hi there,
I've setup a 2012 R2 RDS farm and am trying to roll out remoteapp and desktop connection files via powershell.
I've followed the guides here :
Script from: https://gallery.technet.microsoft.com/ScriptCenter/313a95b3-a698-4bb0-9ed6-d89a47eacc72/
I've edited the .wcx file and followed the deployment instructions here: http://blogs.msdn.com/b/dsadsi/archive/2011/11/30/automating-the-silent-deployment-of-remoteapp-and-desktop-connection.aspx
The GPO is applied to the company users OU.
However, even when I force gpupdate on a win7 machine, nothing happens. There are no errors. GPRESULT /R shows the policy was applied succesfully. There are no errors in the logs.
When I go to the client pc, and i execute the script manually from the share on the DC, it works fine. Can someone please advise?
To run it manually on the win7 pc, I had to set the remote execution policy to unrestricted.
Thanks,
HA
Hi,
I have few machines out of network in which I want update some of the GPO settings. How can I do it offline.
Can I export from AD or any other machine and import to the offline machines.
Also, I have to update Domain policies, NOT the local policies.
Any help would be appreciated.
Thanks Chandan
Hi folks,
I've got a problem that's really driving me up the wall. I have a single 2008R2 DC. I have the default domain policy and the default domain controllers policy GPOs. That's it. The domain controllers policy has no password settings.
Here's how my group policy is set up (default domain controller)
However, my domain appears to be stuck on 8 characters with complexity enabled. After reboot, after gpupdate. DCdiag has NO errors. The event log picks up the change and says it was successfully applied. Get this - I can increase password length to 9 characters and that works! I can reset it back to 8 characters, and that works. But if I set it to less than 8 or disable complexity, these changes do not work. The only thing I've done recently is to install MessageOps (Kaseya) password sync to sync passwords to Office365. I can't imagine 3rd party software would interfere with GPOs though?
Help!!
Cheers,
Jude
Hi expert
I have scheduled a powershell script through GPO in computer preference mode. The script is pushed on machines but it does not run and gives a error as below.
ERROR MSG : -
Task Scheduler failed to start "\Sercvices check" task for user "BUILTIN\BUILTIN". Additional Data: Error Value: 2147943645.
One more message it gives on machines task scheduler is
The task could not be run because there was no user logged on.
Below are the details about schedule task on GPO
1. The Task is schedule in computer mode. So it should not ask for any user login or user details
2. Action to Take - Run a Programme - Path - \\servername\Script.ps1
We have a Windows Server 2008 R2 box that is blue screening and crashing every time it refreshes group policy.
With all of the above, I'm confident that this only occurs when Windows attempts to apply group policy. I verified that no GPOs have been changed in over a month. No other machine (server or PC) is having this issue. Restoring the registry to a version from a few weeks back didn't help. So far, Microsoft phone support hasn't figured it out. Obviously, leaving the computer account in the test OU with inheritance blocked can't be our long-term solution. I'm at a loss over what to do next short of wiping the machine and restoring. This is an Exchange server so I'm not looking forward to restoring that.
Hello,
I am struggling with a problem where I have to edit some previously set settings in the following location but there are no such settings when I try to edit the GPO.
GPO Path: Computer Configuration>Policies>Windows Settings>Public Key Policies > Trusted Root Certification Authorities
The strange thing is that I see them in the GPO report (see the screenshot).
I have checked on two different Domain Controllers - one Windows Server 2008 R2 and one Windows Server 2008.
I would be very grateful if someone can help.
Windows Server 2008 R2 sp1
i have password expiry configured for 30 days initially but was changed to 90 days in the account policies. it was working fine for the 30 days but seems that the 90 days expiry is not being observed. i did the changes in
Computer Configuration/Policies/Windows Settings/Security Settings/Account Policies hive
based on my previous experience with the location of the IE proxy settings (which was relocated without notice), is the above location for the Account Policies/Password Policy still correct?
regards,
Reno
Created a policy on a small domain to restrict writing to external media. Used a GPO (with security filtering set to a specific User Group) to enable the settings found in User Config/Policies/Admin Templates/System/Removable Storage Access - specifically:
CD and DVD: Deny write access: Enabled
Floppy Drives: Deny write access: Enabled
Removable Disks: Deny write access: Enabled
Tape Drives: Deny write access: Enabled
WPD Devices: Deny Write access: Enabled
and also:
Windows Components/Windows Explorer
Remove CD Burning features: Enabled
Now I need to remove these restrictions for ONE user. Not having much luck. To troubleshoot, I've tried removing for ALL users, STILL won't work. More specifically, I've tried:
1. Creating a new policy that has the opposite settings and applying to a new group (I removed the user from the old group and added them to this one. Rebooted. This did not work.
2. Reset the policy settings to DISABLE those restrictions. Rebooted. That has not worked.
3. Removed both policies and deleted the contents of HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\RemovableStorageDevices (after backing up, of course). Rebooted. That did not work.
4. Tried creating a local user account with the policies disabled but that reports access denied as well when attempting to copy files to a USB flash drive.
These should be USER settings. Why are they NOT removing themselves and more importantly, how do I get them removed?
Hello.
I am trying to use the DisallowRun method for restricting web browsers on certain computers. I can create the disallow run *value* in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, and I can create a subkey (New Key #1) in the same key to create the values for the various browsers to restrict, but I am unable to name that subkey *DisallowRun* as the documentation that I've seen says it needs to be named. When I try to do it in the registry editor, I get an error saying the key cannot be renamed (although I can rename it to other names), and when I try to do it in Notepad, I get an error saying "Cannot import \\sharepath\file.reg: Error accessing the registry".
If I change the key name, however, the import is successful (for example [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun2]
"1"="iexplore.exe").
Any ideas why I am prevented from creating the specific key name that Microsoft says the key needs to be? Is there some other policy setting that allows/disables the ability to make this key in the first place?
Good evening,
I am running a Citrix XenApp environment and I need to disable explorer.exe from running for non domain admin users. My team and I have discovered that exporer.exe can be accessed by any app that is being used by the end user and therefore can grant that user access to the XenApp server interface--this is a BIG NO NO!
The users do not have admin rights when in explorer.exe but they can shutdown the server. I can disable a few areas such as the taskmgr, regedit, windows+x, and I can prevent the user from shutting down the system by only allowing them to log off, and prevent them from making changes to desktop icons, but it would be much preferred to stick it to user and not allow them to access the XenApp server interface at all,
I have tested changing the shell for explorer.exe from explorer.exe to iexplorer.exe and this worked fine (it only displayed the desktop wallpaper for the logged on user), but the change was not reversible. Luckily, I took a snapshot of my virtual test system before hand.
Is there a way to prevent Windows Explorer from running for all non domain admins and also so that the local administrator account is not affected by the change as well?
Thanks in advance,
I have set password policy for my domain that
Maximum age: 60days
Minimum age is: 45days
but I get messages every week that passwords would expire in 4 days
I checked using rsop.msc and policy seems to be correctly applied.
what could be the problem?
Is there anyway to have policies applied to the computer while connected to domain and once the user disconnects (ie go home) all the policies go back the way they were.
for example CD ROM and usb are disabled in domain but once the user is out of company it is enabled again
I need any solution for that even if it is a third party application
Thanks
I have a requirement where i need to manage (crud) GPO on a server. I was able to create gpo and add some security filters but i could not find any way to add Local group in Restricted groups.
I am using GPMC class library for C#. Any help will be appreciated.
Thanks!
We have a Small Business Server 2011 Standard Edition install that is Hosting a Domain that was migrated to it from Windows Server 2003 Standard Edition. All seems to be working. We have a few problems that we are trying to work on one at a time when this issue was brought to light.
We were trying to push the installation of a client software via group policy and in the process to have it pushed by the server, we had to configure several wmi filters in the group policy management in the SBS 2011. We opened the console and found that the WMI Filters Folder is nowhere to be found.
We would like to find out what can be the cause and resolution of this problem. I would like to find out how to get the WMI Filters folder back in the Management Console and be able to create the filters that will help us deploy the client software we need to provide to our users using the group policies.
Has anyone experienced this problem. Can we just go into the group policy management console and create the object and then import the default filters into that object we created. The filters were exported from another sbs 2011 standard edition install that has the wmi filters folder in the GPMC.
Need help on this situation. Have very little experience in troubleshooting GPO's and GPMC's issues.
Thank you
JFM