Our company policy is to make the screensaver (with password) active after 5 minutes. This works fine.
But some employes found out to bypass the policy by playing a video in a loop.
How can we deal with these retards?
↧
How to prevent playing video to ignore screensaver policy
↧
Do GPOs require a healthy PATH?
Due to some nasty malware our PATH statement was changed from a REG_EXPAND_SZ to a REG_SZ registry type. This has broken our path. Now, when you open up a CMD window and you type in a command like calc or msiexec it says "I can't find that .exe" you have to change directory to c:\windows\system32 and then your commands work.
I want to use GPO to push out a PowerShell script that will change the key back to a REG_EXPAND_SZ. I would make this a Computer Policy. But do scripts run via GPO look for the PATH statement to find PowerShell.exe?
mqh7
↧
↧
Automatic PushDown of ScreenSaver / WallPaper
Hi Windows Server Expert,
We are using Windows Server 2008 R2 in our company. We would like to have a group policy to push down the wallpaper or screensaver per user that login to our domains computers. That's mean when the users login to any of the computer, the wallpaper or screensaver will be pushed down automatically to their profile. Please advise.
Thanks.
↧
GPO Scheduled Task "Next Run Time" changes every time the GPO processes on the computer
I have a scheduled task (At least Windows 7) created via the Computer Configuration/Preferences/Control Panel Settings/Scheduled Task section in a GPO.
The trigger is set on a schedule. It is set to Daily and to Recur every: 1 day with a Delay task for up to (random delay): 8 hours.
Each time the GPO process on a computer the "Next Run Time" changes. Every ~90 minutes This seems to push out the Next Run Time to the point at which it doesn't run for days at a time until a random time is selected that before the next time the GPO processes.
I have tried setting the GPO action to Update and Create with the same results for both.
The questions being:
While the GPO Action is set to Create, If a scheduled task is already created why would it modify the "Next Run Time"?
While the GPO Action is set to Update and no modification were made to the task or GPO, why would it modify the "Next Run Time"?
Is there a way to stop this from happening?
Thanks
↧
Setting Default Printer via GPP
We have several PC Labs for our Students, and normally we have 2 printers per lab. We would like to have half of the lab printing to one printer and the other half of the lab printing to the other printer. I have been successful in deploying the correct printer to the PC's, but cannot seem to get the Default Printer set.
I created 2 Computer Groups for the Labs, then used Item level Targeting to determine which group gets which printer. Regardless of where I set the Default Printer - either as part of the Computer Group Policy (Under User Configuration) or as part of the Students' Default Login policy - the printers still do not set as Default.
I'm fairly new to GPO and GPP creation, so I could use all the help I can get.
Thanks
↧
↧
Group Policy Allowing certain USB stick but Deny ALL other USB devices?
Is this possible?
I have "Allow installation of devices that match any of these device IDs" enabled. How do I disable all other USB devices?
Thank you!
↧
Applocker and expired code signing certificates
Is it possible to allow applocker to use expired code signing certificates for old applications ?
Thanks, Magnus
Magnus
↧
Deleting %temp% files and Internet Explorer Temp files using GPO
Hello,
I am looking to automate cleanup of these folders on our domain.
First the
%temp%
I would like to completely empty this folder on each login. We are not using roaming profiles or terminal services. each user has their own machine and the profile is stored locally on the windows 7 box
Second, I would like to cleanup internet explorer temp files
WHILE RETAINING SAVED PASSWORDS
Any suggestions would be helpful
↧
Group Policy application frequency even if policy hasnt changed - Server 2012 R2
Hi,
I'm aware of the group policy refresh intervals which apply only if the policy has changed. If I remember correctly, Server 2003 applied policies every 16 hours even if they hadnt changed. A sort of "to be sure, to be sure" setting. Does this exist on Server 2012 R2 and is there a link with some doco that states this please?
Thanks
David Z
↧
↧
How to approach securing an Operating System with GPOs
Greetings,
I have arrived at a place that has a project to "harden" their Windows 7 workstations with all the "best practice" security settings. Six months ago they brought on contractors who have to date defined 900 security settings they want to test. All the first tests have been disastrous, IE doesnt work at all, no network access to servers etc.
This kind of approach seems destined for disaster.
The only way I see to be able to successfully implement a project like this that does not have a detrimental impact to the end user seems to be by testing and applying small amounts of settings at a time.
Has anyone been through a project like this and how did you approach it?
Thanks
David Z
↧
RDP not working for all licenses installed on the server
Dear Team,
We having server 2012 R2 installed in our organization. we are using rdp service to access the server remotely and have purchased 10 CAL licenses. But whenever we access the server through RDP, only three user can accessing it at same time. We are unable to use above than three at a time. it is asking to disconnect the other client to connect the server. please give your valuable comment on it. What should i have to check first?
Regards
Gopal
Gopal Rawat
↧
NTLMv2 in Windows 2008 active or not?
I have a Windows 2008 R2 member server which has no settings configured for NTLM.
When I open the local group policy I see that the setting "Network security: LAN Manager authentication level" is "Not Defined"
If I take a look at the registry location: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
I see that there is no LMCompatibilitysetting present.
What I want to know is how can I see if there are any NTLM settings active? Microsoft says that in Windows 2008 (r2) by default "NTLMv2 Response only" is active (LMcompatibilitysetting 3)
If we look in Windows 2012 r2 we see also that this settings is configured as "Not Defined"
↧
Errer message while adding a computer account to a local group in Group Policy Preferences...
Hi all;
Suppose I want to add a computer account to Event Log Reader on local computers by using Group Policy Preferences. Look at the following figure:
But after selecting the desired computer account and clicking OK, the following error message appears:
Any ideas?
Thanks
Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
↧
↧
How to prevent changes to a GPO's Security Filtering?
Hi all
We can prevent GPOs being edited but how can we prevent changes to a GPO'sSecurity Filtering? Is there a way to lockdown the Add and Remove options to prevent accidental changes please?
Thanks
Scott
↧
Removing User Admin Rights
I am currently assisting in managing a domain of 3-4000 users. All of our users have administrative privileges on their machines. We are looking into several different ways of removing these administrative rights for obvious security reasons.
I have read about privilege management software like Avecto, but it would be great if you could utilize something like Restricted Groups in Active Directory or SCCM 2012R2 to achieve this somehow.
I read about Restricted Groups here:
http://www.windowsecurity.com/articles-tutorials/windows_os_security/Using-Restricted-Groups.html
I am wondering if we can achieve this by deploying these Restricted Group GPO's. I understand that these GPO's are linked to computer accounts though, but from what I am under the impression I can restrict adding accounts to the admin group and explicitly allow other accounts.
Our AD functional level is 2008R2 and 99% of our workstations are running Win7 32-bit. Has anyone had any experience removing user administrative rights without purchasing third-party software?
↧
Import Group Policy from 2008 R2 to 2012
Hi,
We are moving to a different cloud provider and upgrading from Server 2008 R2 to Server 2012. I backed up the GPO's on 2008 R2 server via PowerShell using -All and copied them over to our new 2012 server. I tried to restore the group policy setting via GPMC but when I selected the file I had copied over, there were no GPO's to import.
Is it possible to do this? Or does 2012 not recognise older GPO settings?
Thanks in advance
↧
How to deploy Cisco ISE agents through Group Policy
Hi,
We are deploying Cisco ISE in our setup. we need to deploy following 3 .msi & 1 .xml files to 3000 Windows 7 PCs through Group Policy( Windows Server 2012 R2 ADDS ).
The configuration.xml file must be deployed in specified (%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\NetworkAccessManager\newConfigFiles) location.
anyconnect-nam-win-4.0.02052-k9.msi
anyconnect-win-4.0.02052-pre-deploy-k9.msi
nacagentsetup-win-4.9.0.42.msi
configuration.xml
The above 3 .msi files should be installed silently and configuration.xml file to be copied to said location.
I want to create one package to deploy 3.msi files at once and another package for .xml file.
or
Is there anyway to create in one package to install the .msi files first and copy the .xml file as well.
Any idea please.
Regards,Ali
↧
↧
New User Folder Redirection Not Working
I have Windows Server 2008 R2 with Windows 7 PRO clients. I created a new user in the Active Directory (actually copied from an existing user). The new user is unable to access the network folder where folder re-direction is pointed. The Group Policy shows applied (gpresult /V), but the user's folder on the server is not created (\\server\HomeDirs\%UserName%). I have checked the permissions on the HomeDirs folder and by running the "Effective Permissions" for the user. It shows that they have all the permissions that they need. In fact, they have full control. However, when trying to navigate to the folder through Windows File Explorer, a warning says that the user does not have permissions to the folder.
I think the reason the folder re-direction is not working may be the permissions on the HomeDirs folder. Anyone have any ideas?
JKS
↧
GPO install software policy dont work at all
Hello community! I got really difficult situation, so I'm very hopes on you. The problem: I'm using Virtual Box in testing purposes for GPO install MSI package via software policy and trying to install using computer configuration. The server is Windows
2008 R2, and a client is MS Vista x32. The policy dont work at all. I'm checked all deployment options, I gave to users 'write permissions', but its not work. net view is seeing network shares, where distribution point is. Also, distribution point is available
via network. 'Always wait for network...' and 'Startup policy processing...' don't me help too. What to do? UNC path is OK.
↧
How to prevent playing video to ignore screensaver policy
Our company policy is to make the screensaver (with password) active after 5 minutes. This works fine.
But some employes found out to bypass the policy by playing a video in a loop.
How can we deal with these retards?
↧