Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Do GPOs require a healthy PATH?

April 30, 2015, 7:03 am
$
0
0

Due to some nasty malware our PATH statement was changed from a REG_EXPAND_SZ to a REG_SZ registry type.   This has broken our path.   Now, when you open up a CMD window and you type in a command like calc or msiexec it says "I can't find that .exe"  you have to change directory to c:\windows\system32 and then your commands work.

I want to use GPO to push out a PowerShell script that will change the key back to a REG_EXPAND_SZ.   I would make this a Computer Policy.  But do scripts run via GPO look for the PATH statement to find PowerShell.exe?

mqh7

Search

Event ID 4098 Group Policy Printers

April 23, 2015, 6:28 am
$
0
0

Hi guys,

I know that this problem was discussed already a lot of time but what I found was only when the printers are deployed and in my case I want to delete some old printers. So what is the problem: We have a GP to deploy printers, recently we receive a new printers and we use the same policy to deploy them meanwhile we set in the policy for the old Printers "Delete". Unfortunately the old printers remain still in the Device and printers and EventID 4098 was generated with the following error

"Group Policy object did not apply because it failed with error code '0x8000ffff Catastrophic failure' This error was suppressed."

I've check some articles but all of them a for deploy printers and not to remove them. The only solution which I found is manually to delete the printers from HKEY_CURRENT_USER\Printers\Connections and restart Print Spooler service. After this the printer is no longer visible but I can't do it on 200 computers one by one.

Is there any way to solve it? Thanks in advance

Deploy Files In GPO with UAC enabled

April 21, 2015, 6:40 am
$
0
0

Hello,

I want to deploy multiple folders and some files in GPO with UAC enabled in Program Files (x86).

my files must be updated when i change this.

My files ares saved in this folder :

\\SHAREDFOLDER\APPSNAME\PRODUCT1\FILE1.dat

\\SHAREDFOLDER\APPSNAME\PRODUCT1\FILE2.dat

\\SHAREDFOLDER\APPSNAME\PRODUCT2\FILE1.dat

\\SHAREDFOLDER\APPSNAME\PRODUCT3\FILE1.dat

\\SHAREDFOLDER\APPSNAME\PRODUCTxx\FILExx.dat

Destination folder are :

%HOMEDRIVE%\ProgramFiles (x86)\APPSNAME\PRODUCT1

%HOMEDRIVE%\ProgramFiles (x86)\APPSNAME\PRODUCT2

%HOMEDRIVE%\ProgramFiles (x86)\APPSNAME\PRODUCT3

%HOMEDRIVE%\ProgramFiles (x86)\APPSNAME\PRODUCTxx

i have make a script with robocopy and it works, but computer with UAC enable it doesn't works.

robocopy command : robocopy \\SHAREDFOLDER\APPSNAME %HOMEDRIVE%\ProgramFiles (x86)\APPSNAME /S /R:1 /W:1

I have check GPPreferences but i can't copy folder with files, i must create each line in GPP for each file and each folder.

thanks for your help

GPO For Disable Network Discovery

March 20, 2015, 6:52 pm
$
0
0

Hi s

I have DC Windows Server 2008 R2 and clients with Windows 7, 8 and 8.1

I want disable users Access to computers from Network Discovery.

I apply GPO to remove Icon Network from Navigation Pane and it works perfect, but when users access to computer on network from RUN they see Network on Address bar. For example user access to Server from RUN\\Server\ if user do Click on Network on address bar see all computers on network.

My Question is, How to prevent users see computers on network, how disable network discovery completely?

Thanks.

Network Access Protection Related Issue

May 4, 2015, 8:24 am
$
0
0

Hello Guys,

I am working on NAP exercise . I used DHCP enforcement & also I changed system health validator setting in firewall.

When I OFF the client firewall DHCP isolate the IP & subnet mask 255.255.255.255 but when I turn ON the firewall DHCP still keep the same subnet mask 255.255.255.255 , hence I am not able to resolve this issue. kindly help ..

Thanks in advance !! 

Loop Back Processing

May 4, 2015, 7:19 am
$
0
0

Hello All,

We have 2 business domain in which all windows 7 users are residing, We have one more domain specially for manufacturing.

The manufacturing server contains many application servers mostly with windows 2008 r2 operating system.

Now we are planning to implement instead of creating users in manufacturing domain, they will use their business domain AD id for logging to application server in manufacturing domain. but after their loging user level policy from business domain shouldn't be applied on the application server.

I would like to know, if this can be possible?

Thanks HA

Printers Keep Asking for Drivers

May 4, 2015, 8:44 am
$
0
0

Hello,

I am running Windows Server 2008 R2 as my DC's and I have GP's that deploy printers.  Every few weeks, certain printers in different locations are no longer visible to non-Admin clients.  When I sign on as an Administrator, I get prompted to update the drivers and I am asked "Do you trust this printer".  Once I install the drivers, then it is visible again to the clients.  I enabled the Point and Print Restrictions and set it to not prompt for new and existing connections to see if that would fix this.  I tried disabling this GP first, but that worked for a short time.  Neither enabled or disabled seem to fix this permanently.  The clients are all Windows 7 64-Bit.  The printers are all HP printers.  How can I get the clients to see the printer permamently for all the users?

White Listing devices using Group Policy

May 4, 2015, 12:12 pm
$
0
0

Hello Everyone,

Recently my company purchased some small Brother 720D scanners for the staff to use.  Currently we have a policy that does not allow removable storage devices to be plugged in to the computers.  I have read numerous articles and how to's on white listing certain devices, however I cannot seem to get this to work.  One special note is that these Brother scanners use a Micro USB connection and when it is plugged into the computer Windows reads it as a disk drive.  I was under the impression that once I entered the Hardware ID into my read/write restriction policy that the staff would be able to use the scanner, but not a flash drive. Here is what I've tried so far:

Computer Config>Policies>System>Device Installation>Device Installation Restrictions

The two settings I have enabled for this policy are "Allow Installation of devices that match any of these device IDs" & "Prevent Installation of devices not described by other policy settings"

Within the "Allow Installation of devices that match any of these device IDs" I have added the Hardware ID from the Scanner.  When I open the scanner's properties from the Devices and Printers Menu, I have the option of selecting the scanner itself, something called E:\, and a generic USB Mass Storage Device.  With the E:\ I was only able to use a compatible ID, but with the scanner and the generic USB Mass Storage Device I used a hardware ID.  I have noticed that the compatible ID for E:\ (wpdbusenum\fs), appears to be the same as the USB flash drives I have tested. The problem is I cannot seem to get the scanner to work without this ID built in. Can anyone point me in the direction of some how-to-videos, or offer up their advice?

Thank you!

Search

Group Policy Error on WS 2012 Standard R2

March 3, 2015, 7:53 pm
$
0
0

Hi,

Is there anybody experiencing below given error messages ? Its coming to some of the terminal users and is not consistent. At that point of time they cant open mapped drives from the RDWEB session.

There are no known DNS issues, UAC is disabled.

The user 'P:' preference item in the 'Drive Maps Policy {94C23C7F-2EF8-4CA1-B3DF-C0CAF937EDE2}' Group Policy Object did not apply because it failed with error code '0x800704b8 An extended error has occurred.' This error was suppressed.

Log Name: Application

Source: Group Policy Drive maps

Event ID: 4098

Level: Warning

--------ANOTHER ERROR MESSAGE ------------

The user 'X:' preference item in the 'Drive Maps Policy {94C23C7F-2EF8-4CA1-B3DF-C0CAF937EDE2}' Group Policy Object did not apply because it failed with error code '0x80070008 Not enough storage is available to process this command.' This error was suppressed.

Log Name: Application

Source: Group Policy Drive maps

Event ID: 4098

Level: Warning

I can't find any error message related to DNS in event viewer, all records look good to me.

HELP!! Chaged the net bios name of Domain Controller and it's down.

May 4, 2015, 1:49 pm
$
0
0

Hello Everyone,

I've made a grave error.  I have accidentally changed the NetBIOS name of my domain controller.  This has rendered it useless for my active directory won't load.  I can't change it back now because it give me an error that it cannot contact the Domain Controller to authenticate the administrator.  Has anyone ever done this and is there an easy fix since that's the only thing that was changed.  Before any one asks its not backed up and it not a virtual server.

Thanks for ANY help anyone can give!!!! 

Folder Redirection

May 4, 2015, 2:24 pm
$
0
0

This may sound stupid :/

On my school network my folder redirection is //SERVER/%USERNAME% but cannot get Group Policy to allow this on my own server as it has to be //SERVER/SHARE... how would I set it up so my folder redirection goes to root of Network share ie. //Server/ksayer instead of //server/users/ksayer would I need a Network attached storage?

Sorry sounds really confusing but im not a full IT pro yet (y)

Group Policy Allowing certain USB stick but Deny ALL other USB devices?

April 30, 2015, 4:48 pm
$
0
0

Is this possible?

I have "Allow installation of devices that match any of these device IDs" enabled.  How do I disable all other USB devices?

Thank you!

Printers disappearing on Win 7 64 bit clients and getting GP warning on print server event viewer

April 28, 2015, 10:55 pm
$
0
0

Hi all,

I'm getting a very strange issue. about a week ago one users printers disappeared, I checked the print spooler on the server and it was running, i rebooted the users PC and they came back and didn't think much of it. now a week on more and more people are getting the issue and is getting worse and worse, I have checked event viewer on the print server and am getting this warning message for all three printers which is just one printer MFU, we have 2 colour settings and 1 B/W setting hence the 3 printers (printers are applied via GPO)

The user 'Printer Name' preference item in the 'Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}' Group Policy Object did not apply because it failed with error code '0x8007007b The filename, directory name, or volume label syntax is incorrect.' This error was suppressed.

There is one printer that doesn't appear in event viewer, I have checked the GP settings, the only difference is item level targeting as a secuirty group, so I changed the other printers to target domain users but it hasn't fixed the issue, in fact seems like it has made it worse.

weird thing is not all users get the issue, its all over the place, I have check ad settings, GP settings everything seems to be fine.

I've done heaps of googleing and cant find any solution to this specific issue. 

Any help would be great,

Configuring Printer Driver Isolation Mode Using Group Policy not working

May 5, 2015, 12:49 am
$
0
0

i have gpo for change  Printer Driver Isolation

Computer Configuration\Policies\Administrative Templates\Printers\Execute Print Drivers In Isolated Processes-Enable

Computer Configuration\Policies\Administrative Templates\Printers\Override Print Driver Compatibility Execution Setting Reported By Print Driver-enable

but when i open the Print Management i see printer is share mode

the gpo not working  

please your help

אם תגובתי פתרה את בעייתך - לחץ/י, על "סמן כתשובה" ליד סימן ה V הירוק.

GPO login script using powershell without network access?

May 4, 2015, 1:36 pm
$
0
0

In our domain we do not wait for the network to allow users to login, as we have had situations where users were waiting for 3-5 minutes for DirectAccess to get a connection before they could login to their PCs when off premises. We also find that our computers have not established network connectivity yet when logins occur - that may come 30-90 seconds later.  I have a powershell script for creating a signature file for Outlook that we want to run as a login script linked via GPO.  The script, at the moment anyway, is located in the \\domain\netlogon\logon_scripts\ directory so we can run the script unsigned. However, since the machines often have not completed network connections when the logon occurs, powershell logon scripts frequently fail to execute.

I need a method to run a centrally-managed script, preferably written in powershell (though I will consider other options), at login without requiring that the script be signed and that will adjust if network connectivity is not yet in place.  The ideal solution would run a powershell script to detect if there is network connectivity, and if not it would go to sleep for a couple of minutes and then check again.

I've found discussions of some of the issues with this in my searching, but no actual solutions.  Anybody have any ideas?

Thanks in advance for your help!

Search

Why can't we set the Privacy tab or Trusted Sites through GPP?

May 5, 2015, 8:34 am
$
0
0

The privacy tab and Trusted Sites button are greyed out in Group Policy Preferences > Internet Settings.  Why is this?

Barring IE Maintenance, which we do not want to use, the only way to set Trusted Sites are through Administrative Templates and there doesn't seem to be a way to set Privacy at all.

Stopping certain removable devices and allowing others

May 5, 2015, 8:58 am
$
0
0

Hello everyone,

I am attempting to disable some USB devices, such as flash drives and cell phones, while still allowing other USB devices such as scanners.  How do I accomplish this using Group Policy?  Are there any how to videos someone can point me to?

Thank you!

Disable screen rotation

October 16, 2013, 4:20 am
$
0
0

Hi ,

All the computers in the company are using Intel VGA and sometime some users call us because some one changed the screen rotation.

So, is there any way I can disable the screen rotation option for all the workstation, all the machines is joined to the domain.

Prevent Screensaver when fullscreen

February 5, 2012, 11:24 pm
$
0
0

Hello

My question is the following: Is there a GPO that disables or prevents a screensaverwhen the computer is in full screen mode? (for example Powerpoint, Windows Media Player, etc.)


A GPO Setting isn't applied on Windows 8 and 7 clients

May 5, 2015, 7:23 am
$
0
0

Hello,

I have windows server 2003 SP2 domain controllers and just configured a GPO setting on one of them. The setting is to disable the TCP/IP properties on users. Windows 8, 8.1 and 7 clients are not affected by the policy and users still can open the properties.

Don't these clients support GPOs pushed from server 2003?

Thanks

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>