Hello,
Is there a GPO to set users IE 10 & IE 11 search engines to use Google and not Bing?
I tried a few methods but they are not working that I searched on Google.
Users are on Windows 7 and 8.x
Thanks
↧
GPO to set users IE 10 & IE 11 search engines to use Google and not Bing?
↧
Some New GPO Settings Won't Take
Hi all,
I have a few GPO-related questions/issues today.
1. I updated some NTP-related GPOs.
Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Global Configuration:
All settings are default except the following:
MaxNegPhaseCorrection (1800)
MaxPosPhaseCorrection (1800)
Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Time Providers
All settings are default except the following:
SpecialPollInterval (900)
So the GPOs appear in GPRESULT as expected as well as RSOP, but the updated settings do not appear in the registry as I would expect. Oddly, if I runw32tm /query /configuration the times display properly.
Does anyone have any thoughts as to why it isn't updating in the registry? Is the registry omitted if the settings are specified via GOPO?
These settings are for server hardening in relation to regulatory compliance, so it needs to be verified that it is set as necessary.
2. I attempted to rename the domain Guest account by using the following GPO:
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts:
Rename
guest account
This fails for whatever reason. Running RSOP shows a red error message on this item, and if I view it I am told to look up the winlogon.log, but unfortunately I do not find anything which pertains to the Guest account, be it by name or SID.
Does anyone have any insight they can share with me on these two issues? Any insight that can be provided would be welcomed.
Thanks in advance!
↧
↧
Computer and user gpo conflict
I'm trying to deploy group policies for users and computers. In the computer OUs I have created computer
policies for shortcut deployment and I have added the computers to the corresponding OUs. I have also created the policies for users. The problem is that the shortcuts are not loaded. The policies for computer shortcuts are filtered. I configured the loop
back for merge on the computer policy, but did not work. The user policies are applying fine, it is just the computer policies. I hope anyone can help me.
↧
GPO to force users to use IE and not Chrome?
Hello,
We use Citrix XenApp 7.6 and from the start of the project we had users default to Google Chrome, which we now don't like in this environment as it takes up too much CPU/Mem when compared to IE11, it seems to open so many extra tabs "behind the scene" so we want user to start using IE.
We have set the user to be notified if their browser isn't IE, but can we make it there default. It seems some user profiles what to keep Chrome as their default.
Thanks
↧
Windows Update GPO not getting applied to workstations
I have a new WSUS server and I changed the existing GPO that was pointing to the old server to the new server; however, when I run rsop.msc on workstations, it still shows the old server. I'm not sure why GPO is not pushing out this update for 'Set the intranet update service for detecting updates' and the 'Set the intranet statistics server'
When I run the Group Policy Results using Group Policy Management MMC, it shows the old server, but the the Group Policy Modeling tool is showing the correct server.
Any ideas how to diagnose this issue?
Thanks!
↧
↧
run only when user is logged on
we have been trying to run an .EXE via scheduled task as the logged on user %LogonDomain%\%LogonUser% the .EXE is not running. in the SC I have "start a program" and then a clear \\PathToEXE\Folder\MyProg.EXE This path is alive and I can run it manually from a CMD window. I recall reading something on this but I can't remember what it was. Does this work or does Windows 7 not allow this anymore due to passwords?
mqh7
↧
Registry setting requires "value must match a 'bitwise and' comparison to '2048'"
I have a requirement that the value for the following registry entry, "HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State", must match a 'bitwise and' comparison to '2048'. To be honest I have
no idea what value this needs to be set to. Help!
↧
Consolidated GPO for Adobe
Noob here. We currently have a GPO dedicated for "Adobe Reader" settings, specifically to disable automatic updates. Although I am confident in the area, I still have plenty to learn and always try and get other feedback. We have plenty of other Adobe products in our fleet and I was planning to consolidate other Adobe settings, specifically for disabling updates via registry, setting Adobe ARM and other update services to stop and disabled, and using config files (mms.cfg for flash) to disable some several generic auto update settings that covers Adobe Reader, Adobe Flash, and various other Adobe products (Adobe Creative Cloud packages). For all of these I'd like to simply use the existing "Adobe Reader" settings and renaming it to "Adobe". Do any GPO experts see any flaw with this?
Thank you for reading, and appreciate it if I could get some feedback. Thank you.
↧
The processing of Group Policy failed. Windows attempted to read the file...
Hello all-
I am currently trying to configure group policy (specifically folder redirects) from a new Windows Server 2008 in my home... the server acts as both an AD DS and file server for 4 client computers, all running Windows Vista Ultimate.
Here are the steps I am currently taking:
I am currently trying to configure group policy (specifically folder redirects) from a new Windows Server 2008 in my home... the server acts as both an AD DS and file server for 4 client computers, all running Windows Vista Ultimate.
Here are the steps I am currently taking:
- I create a new Group Policy called All Users and Computers and apply it to the All Users and Computers OU, which contains exactly what it says (all users and computers in the domain).
- I verify that a new folder was created in \\<FQDN>\sysvol\<FQDN>\Policies. The new folder created is named {6479C8E0-3134-4B4F-B047-7ADD51684684}
- I change the GPO Enforced setting to Enforced.
- I attempt to use the gpupdate command to see if the group policy can be updated successfully. In a command prompt, I type gpupdate <enter>. I receive the message 'Updating Policy...' then after about 15 seconds the message 'User Policy update has completed successfully.'
- I keep the cmd window open. After about 10 seconds another message apperas which says "Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \\<FQDN>\sysvol\<FQDN>\Policies\{6AC1786C-016F-11D2-945F-00C04Fb984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results." - I confirm that the error code is #3 using the Event Log, "The system cannot find the file specificed"
Of course the system cannot find the file specified because the folder does not exist in the sysvol folder. I am wondering why Windows is trying to read from this location when it does not exist, and is not the new group policy I created! I have no other group policies linked or enforced to any other OU/Domain/etc. Any help resolving this issue would be greatly appreciated.
↧
↧
GPO WMI Filter Syntax and Query
I have a GPO I am building, in the GPO will be 3 Group Policy Preferences;
The first is a registry preference of the OEMBackground value to 1, which permits the Windows 7 clients to use a custom login background.
The second will add the folder C:\Windows\System32\Oobe\Info\Backgrounds.
The third will add the background image file from a share on a server \-\DC1\Shared\Background1024x768\BackgroundDefault.jpg to the directory listed above.
The last part I am struggling with as I am unfamiliar with the syntax and use of WMI Filters but I would like to use one to make this only apply to machines with an appropriately matching resolution, what I have so far is:
Namespace: root\CIMV2
Query: SELECT * FROM Win32_VideoSettings WHERE HorizontalResolution = 1024 AND VerticalResolution = 768
I know the GPO in general works without any kind of filter on it but just need some help for the WMI filter. I am trying to avoid using a script. and If this the filter could instead be done through Item level targeting with a WMI query instead would be nice
The Functional level I am working with is Windows Server 2008
↧
Excluding 1 desktop from network wide enforced time settings
Hello there,
QUESTION
I need to set the time for my PC to a different time to the other 20 PCs in my network (active directory using Windows Server 2008 - called SDSERVER). A few years ago I somehow enforced all computers on my network to useSDSERVER as their "source of truth" to set their local times. Does anybody know where I could have possibly done this so I can try to exclude my own PC?
STEPS I'VE TAKEN SO FAR:
1) On my PC I set the time to what I wanted, restarted my computer to see if it would "stick" --> upon restart my time was back to the network wide setting
2) On my PC I did Command Prompt: "Net Time" gives: Current time at\\SDSERVER is 04/06/2015 10:24:12
3) I logged into SDSERVER thinking that for sure it must be some Computer GPO. I checked all of the GPOs, including the default domain controller. How I checked was: edit > Computer Configuration > Policies > Administrative Templates > System> Windows Time Service > ...everything is "Not configured" this includes global config settings and all time providers
... I feel like a real idiot since I did this in the first place. Thanks for your patience. I'm not a computer expert for my job, but I do have to figure this stuff out nonetheless.
Warm wishes,
Michelle
↧
Windows Server 2012R2 Computer Startup Script GPO not applying
Hello Experts,
I'm having an issue where my computer startup script(bat or VBS) is not applying.
I cannot use logon script
I investigated throughout and see no answer except that Local system account does not permission to my sysvol share for the computer startup GPO.
while i do have other alternative for example (scheduled task to run the script), but am just anticipating for any future use of startup script.
Any help would be much appreciated.
Thnx
↧
Registry value must match a "bitwise and" comparison to 1024
Making a computer secure, it requires that "Windows must be configured to block application execution if certificate server status is unavailable." The solution goes through a walkthrough of changing the registry to have the State value "match a 'bitwise and' comparison to '1024'". Tried multiple combinations to get it to work, to no avail. Any help on configuring this would be great!
Thanks!
↧
↧
Replacement of "CSCRIPT LOCALGPO.WSF" (Export & Import) for Windows 8.1
Hi,
I am trying to export the Group Policy from one Windows 8.1 PC, and import it to another Windows 8.1 PC. The command I used to use it was "cscript LocalGPO.wsf" for export and import. On Windows 8 and 8.1, this command no longer works. What is the replacement for it?
This is a standalone PC, no Domain environment.
Thanks in advance for your help.
JC
↧
Group Policy and SQL Server DSN with SQL Auth
So i am trying do a proof of concept on an RD gateway with RDS Session hosts. (Server 2012 R2) The users would log in, Group Policy would assign a User DSN, and they would open a custom app. Problem is, the DSN requires SQL authentication, and i cannot for the life of me figure out how to get it working via group policy. I can create the DSN manually and it works from the user session. I can create it on the machine im running the group policy editor from, and it works, try to select that DSN to populate the fields, but no go. Im assuming it has something to do with not passing a password. Ive tried editing the XML file with a few things ive found through searching, most of it relating to server 2008, but all to no avail. Any help is greatly appreciated.
Thanks
maury
↧
Group Policy - How to setup gp for users to change desktop at first and then next time they login the desktop is different
Hi Microsoft,
I need to setup a group policy - in which when users first time login, they see a default wallpaper / background and then they change to their desired one and then next time they login again, they see that same default wallpaper / background again even they change it but that default wallpaper has appeared up again.
Please reply asap I am waiting
Cheers
Haris
↧
KB973529 from Microsoft
To whom it may concern.
I am trying to connect my router to my machines on my network. The DL and configure a computer and network good
I'm interested about titles network and KB973529 from Microsoft. Please give me a need to download the software for a B9735 29 from Microsoft.
↧
↧
Disable Upgrade from Windows 7 to Windows 10 via GPO
Hi,
we have a Windows Server 2008 R2 Domain with Windows 7 professional Clients.
Is it possible to disallow users from upgrading windows 7 to windows 10 via GPO?
Kind Regards
Tobi
↧
Remove Everyone group from ACLs of all Folders and files
Is it possible to Remove Everyone group from ACLs of all Folders and files
↧
Attaching Home Folder to User Profiles on AD increases local Logon Time
So I've done a good amount of research and still am having a hard time pin pointing the issue of why it's taking a test user roughly 70-90 seconds to login to the domain. We have our GPO to point their profiles to their respective home folder directory, but users outside of this GPO can login in under 30 seconds. I captured a log of a user within the GPO and could only make out error 1722 which refers to the RPC server being unavailable. Can anyone help me interpret what's going on? Any insight is much appreciated.
Link to the log file:
http://pastebin.com/L9dSiSF6
↧