Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Failed to apply policy and redirect folder "Documents"

June 5, 2015, 7:38 am
$
0
0

I know why the error is happening, just can't seem to find where to fix it. The old server (SBSHINGESVR) no longer exists after the migration. New server is 2012 r2. I've looked in GPO and thought I found the right spot (GP Management Editor\User Configuration\policies\windows settings\folder redirection\documents but don't see anything there pointing to the old server. Any help would be greatly appreciated.

ERROR:

Failed to apply policy and redirect folder "Documents" to "\\HINGESERVER\Users\tfitzge\My Documents".
 Redirection options=0x9021.
 The following error occurred: "Failed to build the list of regular subfolders under "\\SBSHINGESVR\Users\tfitzge\My Documents"".
 Error details: "The network path was not found.

Search

Removal of File Explorer, IE & Settings

June 5, 2015, 7:49 am
$
0
0

Hi Guys

I am new to this and a will really appreciate some help with setting groups policies. I am trying to use Local Group policies so that the Windows user has no access to File Explorer, IE or anything else other than being able to LogOff. I have set some of the Group Polices and shown in the first picture but despite that, it is still possible to access various Windows Settings & File Explorer and shown in the other picture. If anyone can help, I will be very grateful.

Client Side Caching Not Functioning?

June 5, 2015, 8:54 am
$
0
0

I've turned on Folder Redirection recently and noticed for those folders, the paths of the files IN those folders show the network location, not a local path. I'm under the assumption that means if the connection to the file server is lost, those files would become unavailable. I'm assuming this based on another network my company handles who is using Folder Redirection and their paths on redirection folders point to a machine local path. Below is the GPO settings I have regarding Folder Direction, please let me know if there's something I'm missing or if it's as it should be:

Computer Configuration\Policies\ADMX\Network\Offline Files
Allow or Disallow use of the Offline Files feature:  Enabled
Configure Background Sync:  Enabled

  • Sync Interval:  5 Minutes
  • Sync Variance:  15 Minutes
  • Max Allowed Time Without a Sync:  30 Minutes
  • Blockout Start Time:  0
  • Blockout Duration:  0
  • Enable Background Sync for Shares in user selected "Work Offline" Mode:  Enabled


Configure Slow-link Mode:  Enabled

  • Value:  1ms
  • Path:  *



Computer Configuration\Policies\ADMX\Windows Components\File Explorer
Verify old and new Folder Redirection targets point to the same share before redirecting:  Enabled


User Configuration\Policies\Windows Settings\Folder Redirection
(These are common settings for Desktop, Documents, Contacts, Favorites, and Links.  All other possible redirected folders are not being redirected.)

  • Path:  \\DomainName\RootName\Redirect\%Username%\Redirected Folder (IE Desktop, Documents, etc...)
  • Grant user exclusive rights to the desknbsp; Disabled
  • Move Contents to the new location:  Enabled
  • Also apply redirection policy to Wink2, Win2k Server, WinXP, Win2k3:  Disabled
  • Policy Removal Behavior:  Restore Contents


User Configuration\Policies\ADMX\Network\Offline Files
Remove "Work Offline" command:  Enabled
Specify administratively assigned Offline Files:  Enabled

  • Network files that are always available offline:  \\DomainName\RootName\Redirect\%Username%

I guess I should also mention that the network is a mix of Server 2008R2 and Server 2012/2012R2 with Windows 7/8/8.1 clients.  DFS is also being used to replicate files across WAN links through a VPN tunnel.

The WMI Filter Contest - are you the knight in shining armor?

February 13, 2008, 7:48 am

Windows 7 Screensaver GPO

June 5, 2015, 12:55 pm
$
0
0

I know there are several questions like this, I checked those first but am still having a problem.

Using a windows 2008 domain, I want to force windows 7 pcs to lock with the screensaver.

I have Four settings set:
Force specific screen saver - Enabled, scrnsave.scr
Password Protect the screen saver - Enabled
Prevent changing screen saver - Enabled
Screen saver timeout - 900 seconds

I have proven to myself, that the policy is getting to the pcs in question. the behavior I am getting however is as follows.

If I right click on the desktop and go to personalize, the screen saver on the bottom right is greyed out, and says none. Screen saver will never go on.
If I turn the third policy, Prevent changing screen saver to disabled, I can see the settings the screen saver is using. The settings it has are correct, but the screensaver never starts. It still always says screen  saver - none, where it should say screensaver - blank.

If I take away the policy above completely, then manually change the screen saver to blank instead of none that windows 7 has as default. then if I reapply the policy the pc will lock as expected with the correct timeout and password requirements(except in the rare wireless mouse problem pc) And when you go to personalize from the desktop the screen saver says blank.

Is there any way anyone can think of to fix this problem so I don't have to go visit all these machines?

Windows 8 and IE10 not accepting Proxy Settings via Group Policy

December 20, 2012, 10:45 am
$
0
0

We have recently introduced a couple of Windows 8 computers in our network, and we are having issues applying the Internet Explorer Proxy Server settings.

We use a Microsoft TMG 2010 server as our proxy server for accessing the internet. We have been using a GPO with the following settings to automatically configure our Windows 7 computers running IE9 with the appropriate Proxy settings:

User Configuration\Policies\Windows Settings\Internet Explorer Maintenance\Connection/Proxy Settings

  • “Enable Proxy Settings” : Checked
  • “Address of proxy” : server.domain.local
  • “Port” : 8080
  • “Use the same proxy server for all addresses” : Checked
  • “Exceptions” : Here we have a list of several internal or partner sites that should not be proxied.

This GPO has worked beautifully for our Windows XP and Windows 7 users with IE 7, 8 and 9. Now with Windows 8 and IE10, this no longer works. I’ve therefore added a Windows Server 2012 Domain Controller to the network, and using GPMC on that new DC, I created a new GPO with the following settings:

User Configuration\Preferences\Control Panel Settings\Internet Settings\Internet Explorer 10

Now, seeing as these are preferences, it’s a little different.  But, I’ve “checked off” the option “Use a proxy server for your LAN” as well as “Bypass proxy server for local addresses”. Then I click on “Advanced” and setup all my proxy settings the way I would like them, including the proxy server name, port and exceptions list.

When this new group policy gets applied to my Windows 8 PC, the only setting that gets applied is the “Use a proxy server for your LAN”. It does not configure the name or port of the proxy server nor does it configure the exceptions list. If I go back to the GPMC, and edit the new GPO, the settings are all there. However, if I just view the settings from the main GPMC screen (without opening the GPO itself), I don’t see all of those settings (again, only the one “Use a proxy server…”)

What am I missing???

Screen lockout in 3 minutes but as per gpo it suppose to lockout after 30minutes

June 6, 2015, 11:00 am
$
0
0

Dear All,

   I have deployed a GPO (windows 2008 r2) to lockout windows 7 screens if idle for 30minutes. But screen was getting locked in 3 minutes instead of 30 minutes. Following are the GPO settings

    Enable Screen Saver --  enabled
    Force Specific Screen Saver -- enabled but left blank
    Password Protect the Screen Saver  -- enabled
    Screen Saver timeout -- 30 minutes

Even I have tried to schedule task (lockout the screen idle after 30 minutes) through GPO

     rundll32.exe user32.dll, LockWorkStation    

Similarly, it was getting locked in 3 minutes not in 30 minutes.

I have even disabled power settings.

Can anybody help me to fix this problem.

Thank.

 

GPO vs standard Install

June 6, 2015, 11:37 am
$
0
0

I have applied a MSI Installation to my GPO but some of the servers have this error

"Software Installation did not complete policy processing because a system restart is required for the settings to be applied. Group Policy will attempt to apply the settings the next time the computer is restarted."

But if I ran a msi install on the machine then the machine wouldn't a reboot. 

I want the MSI to install on the fly , when the computers were on ?

Search

Folder Redirection - Event ID 502

June 6, 2015, 8:48 pm
$
0
0

Windows Server Standard 2008 R2

Windows 7 Pro SP1 and Windows 8.1

Last week, it seems that Folder Redirection is no longer fully working.  I can see the GPO being applied to the users, but only the Desktop piece.  The "Favorites" section is not. 

When I go to "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders", I see that the "Favorites" REG_EXPAND_SZ isn't there at all.  When I manually add it, and run GPUPDATE /FORCE, it gets deleted.  Weird, right? 

The Event Viewer shows the following:

"Failed to apply policy and redirect folder 'Favorites' to '\\<fileserver>\users\<username>\favorites'  Redirection options=0x1211.  The following error occurred: 'Can't create folder '\\<fileserver>\users\<username>\favorites'.  Error details: 'This security ID may not be assigned as the owner of this object."  

Also, the sharing/folder (NTFS) permissions haven't changed (as far as I know).  The user is able to browse to the UNC path just fine, and create/modify files and folders. 

So, I'm kind of scratching my head over here...




Firewall not registering logs when configuring in GPO Server 2008 R2

June 7, 2015, 11:07 am
$
0
0

I kind of new to the windows firewall configuration and I'm trying to configure a Domain Controller Firewall logs to do some troubleshooting. The thing is that it configured in the default path for the logs in system32\logsfiles]firewall but the firewall does not register any logs at all. The file it is empty. I have search all over the placer and I found that the log file must have Windows Firewall service permission to be able to write to the file. I Windows Server 2008 R2 there is no such thing as the NT SERVICE\mpssvc so I have no clue at what else to do. 

run only when user is logged on

June 3, 2015, 1:26 pm
$
0
0

we have been trying to run an .EXE via scheduled task as the logged on user  %LogonDomain%\%LogonUser%   the .EXE is not running.  in the SC I have "start a program"  and then a clear \\PathToEXE\Folder\MyProg.EXE     This path is alive and I can run it manually from a CMD window.     I recall reading something on this but I can't remember what it was.   Does this work or does Windows 7 not allow this anymore due to passwords?

mqh7

GPO to force users to use IE and not Chrome?

June 3, 2015, 6:41 am
$
0
0

Hello,

We use Citrix XenApp 7.6 and from the start of the project we had users default to Google Chrome, which we now don't like in this environment as it takes up too much CPU/Mem when compared to IE11, it seems to open so many extra tabs "behind the scene" so we want user to start using IE.

We have set the user to be notified if their browser isn't IE, but can we make it there default.  It seems some user profiles what to keep Chrome as their default.

Thanks

Managing membership of Domain Groups by using Restricted Groups.

June 8, 2015, 1:50 am
$
0
0

I checked the articles below which states that Microsoft does not support managing membership of Domain Groups by using Restricted Groups.

Description of Group Policy Restricted Groups
https://support.microsoft.com/en-us/kb/279301

Active Directory Group Policy Restricted Groups
http://social.technet.microsoft.com/wiki/contents/articles/20402.active-directory-group-policy-restricted-groups.aspx

However, the articles apply upto Windows Server 2008.

We are using Windows 2012 R2. Please confirm if it is supported in Windows 2012 R2 to manage membership of Domain Groups by using Restricted Groups. If NOT --- what is the supported/recommended/optimized solution to manage membership of Domain Groups by using Restricted Groups. Also, please provide the link to any KB/Whitepaper etc.

Computer takes 5 Mins to log on when not connected to domain

June 8, 2015, 1:42 am
$
0
0

Hi,

I have got this issue with computers booting up is taking 5 mins before it lets the user log in, i have troubleshooted by turning on the verbose mode and it just Sits "applying computer settings" i am not sure if its the group policy or the computer is trying to talk to the domain controller, before timing out, i have looked at several forums but unable to find a solution. 

Any Help pointing me in the right direction would be much appreciated please!!

Thanks 

GPSVC(1ec.3c0) 15:54:45:824 Target = Machine, ChangeNumber 0
GPSVC(3a8.a40) 15:54:46:094 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x8ec
GPSVC(3a8.a40) 15:54:46:094 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(1ec.3c0) 15:54:46:094 Target = Machine
GPSVC(3a8.a40) 15:54:46:094 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(3a8.a40) 15:54:46:094 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(1ec.3c0) 15:54:46:094 Target = Machine, ChangeNumber 0
GPSVC(1ec.3c0) 15:54:46:144 Target = Machine
GPSVC(1ec.3c0) 15:54:46:144 Target = Machine, ChangeNumber 0
GPSVC(1ec.3c0) 15:54:46:144 Target = Machine
GPSVC(1ec.3c0) 15:54:46:144 Sid = (null), dwTimeout = 600000, dwFlags = 268435456
GPSVC(1ec.3c0) 15:54:46:144 LockPolicySection called for user <Machine>
GPSVC(1ec.3c0) 15:54:46:144 Async Lock called
GPSVC(1ec.3c0) 15:54:46:144 Reader Lock got immediately. m_cReadersInLock : 1
GPSVC(1ec.3d8) 15:54:46:144 Target = Machine, ChangeNumber 0
GPSVC(1ec.3d8) 15:54:46:154 Sid = (null)
GPSVC(1ec.3d8) 15:54:46:154 UnLockPolicySection called for user <Machine>
GPSVC(1ec.3d8) 15:54:46:154 Found the caller in the ReaderHavingLock List. Removing it...
GPSVC(1ec.3d8) 15:54:46:154 Setting lock state as notLocked
GPSVC(1ec.3d8) 15:54:46:154 UnLocked successfully
GPSVC(3f4.b28) 15:54:46:304 CGPNotify::RegisterForNotification: Entering with target Machine and event 0xbb4
GPSVC(3f4.b28) 15:54:46:304 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(1ec.3d8) 15:54:46:304 Target = Machine
GPSVC(3f4.b28) 15:54:46:304 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(1ec.3d8) 15:54:46:304 Target = Machine, ChangeNumber 0
GPSVC(3f4.b28) 15:54:46:304 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(75c.750) 15:54:46:364 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x458
GPSVC(75c.750) 15:54:46:364 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(1ec.3d8) 15:54:46:364 Target = Machine
GPSVC(75c.750) 15:54:46:364 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(75c.750) 15:54:46:364 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(75c.750) 15:54:46:364 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x4c0
GPSVC(75c.750) 15:54:46:364 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(1ec.3d8) 15:54:46:364 Target = Machine
GPSVC(75c.750) 15:54:46:374 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(75c.750) 15:54:46:374 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(1ec.3d8) 15:54:46:374 Target = Machine, ChangeNumber 0
GPSVC(3a8.a24) 15:56:46:158 CGPNotify::UnregisterNotification: Entering with event 0x8ec
GPSVC(3a8.a24) 15:56:46:158 CGPNotify::AbortAsyncRegistration: No asyn registration is pending
GPSVC(3a8.a24) 15:56:46:158 CGPNotify::UnregisterNotification: Canceling pending calls
GPSVC(3a8.a24) 15:56:46:158 Client_CompleteNotificationCall: failed with 0x71a
GPSVC(3a8.a24) 15:56:46:158 CGPNotify::UnregisterNotification: Cancelled pending calls
GPSVC(3a8.a24) 15:56:46:158 CGPNotify::UnregisterNotification: Exiting with dwStatus = 0x0
GPSVC(d88.d98) 15:56:46:969 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x138
GPSVC(d88.d98) 15:56:46:969 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(1ec.3d8) 15:56:46:969 Target = Machine
GPSVC(d88.d98) 15:56:46:969 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(d88.d98) 15:56:46:969 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(d88.dac) 15:56:47:375 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x334
GPSVC(d88.dac) 15:56:47:437 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(1ec.3d8) 15:56:47:437 Target = Machine
GPSVC(d88.dac) 15:56:47:437 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(1ec.3d8) 15:56:47:500 Target = Machine, ChangeNumber 0
GPSVC(d88.dac) 15:56:47:500 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(d88.dac) 15:56:47:500 CGPNotify::RegisterForNotification: Entering with target S-1-5-18 and event 0x36c
GPSVC(d88.dac) 15:56:47:562 Client_InitialRegisterForNotification: User = S-1-5-18, changenumber = 0
GPSVC(1ec.3d8) 15:56:47:562 Target = S-1-5-18
GPSVC(1ec.3d8) 15:56:47:562 Could not find user by sid, finding user by session id
GPSVC(1ec.3d8) 15:56:47:562 Caller requesting for user notification/lock is from session 0
GPSVC(d88.dac) 15:56:47:562 Client_RegisterForNotification: User = S-1-5-18, changenumber = 0
GPSVC(d88.dac) 15:56:47:562 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(1ec.3d8) 15:56:55:362 Target = Machine
GPSVC(1ec.e18) 15:56:55:362 Target = Machine, ChangeNumber 0
GPSVC(1ec.e18) 15:56:55:487 Target = Machine
GPSVC(1ec.e18) 15:56:55:487 Target = Machine, ChangeNumber 0
GPSVC(1ec.e18) 15:56:55:705 Target = Machine
GPSVC(1ec.3d8) 15:56:55:705 Target = Machine, ChangeNumber 0
GPSVC(3f4.e58) 15:56:55:892 CGPNotify::RegisterForNotification: Entering with target Machine and event 0xee4
GPSVC(3f4.e58) 15:56:55:892 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(1ec.3d8) 15:56:55:892 Target = Machine
GPSVC(3f4.e58) 15:56:55:892 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(3f4.e58) 15:56:55:892 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(260.468) 15:57:41:398 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x940
GPSVC(260.468) 15:57:41:398 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(1ec.3d8) 15:57:41:398 Target = Machine
GPSVC(260.468) 15:57:41:398 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(260.468) 15:57:41:398 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(1ec.3d8) 15:57:41:398 Target = Machine, ChangeNumber 0
GPSVC(1ec.588) 15:58:42:019 Wait for network connectivity timed out... proceeding to apply policy.
GPSVC(1ec.588) 15:58:43:579 ProcessGPOs: MyGetUserName failed with 1355.
GPSVC(1ec.588) 15:58:43:579 Opened query for NLA successfully
GPSVC(1ec.588) 15:58:43:579 NlaGetIntranetCapability returned Not Ready error. Consider it as NOT intranet capable.
GPSVC(1ec.588) 15:58:43:579 ProcessGPOs: No WMI logging done in this policy cycle.
GPSVC(1ec.588) 15:58:43:579 ProcessGPOs: Processing failed with error 1222.
GPSVC(1ec.588) 15:58:43:579 ProcessGPOs: Boot/Logon Policy processing - checking if UBPM trigger events need to be fired
GPSVC(1ec.588) 15:58:43:579 CheckAndFireGPTriggerEvent: Fired Policy present UBPM trigger event for Machine.
GPSVC(1ec.588) 15:58:43:595 Application complete with bConnectivityFailure = 1.
GPSVC(1ec.588) 15:58:43:595 Registering for Connectivity notification.
GPSVC(1ec.588) 15:58:43:595 Registered for NLA notification successfully
GPSVC(1ec.588) 15:58:43:595 NlaGetIntranetCapability returned Not Ready error. Consider it as NOT intranet capable.
GPSVC(1ec.3d8) 15:58:43:595 NlaGetIntranetCapability returned Not Ready error. Consider it as NOT intranet capable.
GPSVC(1ec.588) 15:58:43:595 Application complete with bConnectivityFailure = 1.
GPSVC(1ec.3d8) 15:58:43:595 There is no connectivity
GPSVC(1ec.588) 15:58:43:595 Registering for Connectivity notification.
GPSVC(3a8.c74) 15:58:43:720 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x96c
GPSVC(3a8.c74) 15:58:43:720 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(1ec.1c8) 15:58:43:720 Target = Machine
GPSVC(3a8.c74) 15:58:43:720 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(3a8.c74) 15:58:43:720 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(1ec.1c8) 15:58:43:720 Target = Machine, ChangeNumber 0
GPSVC(1ec.1c8) 15:58:45:779 SID = S-1-5-21-2306612358-1353405591-2002195684-31233
GPSVC(1ec.1c8) 15:58:45:779 bMachine = 0 
GPSVC(1ec.1c8) 15:58:45:779 Setting GPsession state = 1
GPSVC(1ec.1c8) 15:58:45:779 Message Status = <Applying user settings...>
GPSVC(1ec.2c8) 15:58:45:779 StartTime For network wait: 6286ms
GPSVC(1ec.2c8) 15:58:45:779 Current Time: 250054ms
GPSVC(1ec.2c8) 15:58:45:779 MaxTimeToWaitForNetwork: 240000ms
GPSVC(1ec.2c8) 15:58:45:779 TimeRemainingToWaitForNetwork: 0ms
GPSVC(1ec.2c8) 15:58:45:779 UserPolicy: Waiting for machine policy wait for network event with timeout 0 ms
GPSVC(1ec.1c8) 15:58:45:779 Setting GPsession state = 1
GPSVC(1ec.2c8) 15:58:47:323 ProcessGPOs: MyGetUserName failed with 1355.
GPSVC(1ec.2c8) 15:58:47:323 Opened query for NLA successfully
GPSVC(1ec.2c8) 15:58:47:323 NlaGetIntranetCapability returned Not Ready error. Consider it as NOT intranet capable.
GPSVC(1ec.2c8) 15:58:47:323 ProcessGPOs: No WMI logging done in this policy cycle.
GPSVC(1ec.2c8) 15:58:47:323 ProcessGPOs: Processing failed with error 1222.
GPSVC(1ec.2c8) 15:58:47:323 ProcessGPOs: Boot/Logon Policy processing - checking if UBPM trigger events need to be fired
GPSVC(1ec.2c8) 15:58:47:323 CheckAndFireGPTriggerEvent: Fired Policy present UBPM trigger event for User.
GPSVC(1ec.2c8) 15:58:47:323 Application complete with bConnectivityFailure = 1.
GPSVC(1ec.2c8) 15:58:47:323 Registering for Connectivity notification.
GPSVC(1ec.2c8) 15:58:47:323 Application complete with bConnectivityFailure = 1.
GPSVC(1ec.2c8) 15:58:47:323 Registering for Connectivity notification.
GPSVC(3a8.3bc) 15:58:47:339 CGPNotify::RegisterForNotification: Entering with target S-1-5-18 and event 0x374
GPSVC(3a8.a9c) 15:58:47:355 EnterCriticalPolicySectionEx: User sid S-1-5-21-2306612358-1353405591-2002195684-31233.
GPSVC(3a8.a9c) 15:58:47:355 Client_LockPolicySection: Entering with usersid = S-1-5-21-2306612358-1353405591-2002195684-31233, timeout 600000 and flags 0x10000000
GPSVC(3a8.3bc) 15:58:47:355 Client_InitialRegisterForNotification: User = S-1-5-18, changenumber = 0
GPSVC(3a8.a9c) 15:58:47:355 Client_LockPolicySection: Making Aync RPC LockPolicySection call
GPSVC(1ec.1c8) 15:58:47:355 Target = S-1-5-18
GPSVC(1ec.1c8) 15:58:47:355 Could not find user by sid, finding user by session id
GPSVC(1ec.1c8) 15:58:47:355 Caller requesting for user notification/lock is from session 0
GPSVC(3a8.3bc) 15:58:47:355 Client_RegisterForNotification: User = S-1-5-18, changenumber = 0
GPSVC(1ec.3d8) 15:58:47:355 Sid = S-1-5-21-2306612358-1353405591-2002195684-31233, dwTimeout = 600000, dwFlags = 268435456
GPSVC(3a8.3bc) 15:58:47:355 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(1ec.3d8) 15:58:47:355 LockPolicySection called for user <S-1-5-21-2306612358-1353405591-2002195684-31233>
GPSVC(1ec.1c8) 15:58:47:355 Target = S-1-5-18, ChangeNumber 0
GPSVC(1ec.3d8) 15:58:47:355 Async Lock called
GPSVC(1ec.1c8) 15:58:47:370 Could not find user by sid, finding user by session id
GPSVC(1ec.3d8) 15:58:47:370 Reader Lock got immediately. m_cReadersInLock : 1
GPSVC(1ec.1c8) 15:58:47:370 Caller requesting for user notification/lock is from session 0
GPSVC(3a8.a9c) 15:58:47:370 Client_LockPolicySection: User critical section has been claimed.  Handle = 0x1d5bfc0
GPSVC(3a8.a9c) 15:58:47:370 Client_LockPolicySection: Leaving successfully.
GPSVC(3a8.a9c) 15:58:47:370 Client_UnLockPolicySection: Starting UnLock Call
GPSVC(1ec.1c8) 15:58:47:370 Sid = S-1-5-21-2306612358-1353405591-2002195684-31233
GPSVC(1ec.1c8) 15:58:47:370 UnLockPolicySection called for user <S-1-5-21-2306612358-1353405591-2002195684-31233>
GPSVC(1ec.1c8) 15:58:47:370 Found the caller in the ReaderHavingLock List. Removing it...
GPSVC(1ec.1c8) 15:58:47:370 Setting lock state as notLocked
GPSVC(1ec.1c8) 15:58:47:370 UnLocked successfully
GPSVC(3a8.a9c) 15:58:47:370 Client_UnLockPolicySection: Unlocked successfully
GPSVC(3a8.a9c) 15:58:47:370 LeaveCriticalPolicySectionInternal: Critical section 0x1d5bfc0 has been released.
GPSVC(1ec.1c8) 15:58:47:448 Opened query for NLA successfully
GPSVC(1ec.1c8) 15:58:47:448 NlaGetIntranetCapability returned Not Ready error. Consider it as NOT intranet capable.
GPSVC(1ec.1c8) 15:58:47:448 There is no connectivity before running scripts
GPSVC(1ec.1c8) 15:58:47:667 Event Arg Array is already filled to its capacity=6
GPSVC(1ec.1c8) 15:58:47:667 CGPEventBase::GetEventInfo(): Object not initialized
GPSVC(1ec.1c8) 15:58:47:667 Event Arg Array is already filled to its capacity=6
GPSVC(1ec.1c8) 15:58:47:667 CGPEventBase::GetEventInfo(): Object not initialized
GPSVC(628.d4c) 15:59:03:417 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x1bc
GPSVC(628.d4c) 15:59:03:417 Client_InitialRegisterForNotification: User = machine, changenumber = 0
GPSVC(1ec.1c8) 15:59:03:417 Target = Machine
GPSVC(628.d4c) 15:59:03:417 Client_RegisterForNotification: User = machine, changenumber = 0
GPSVC(628.d4c) 15:59:03:417 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(1ec.1c8) 15:59:03:417 Target = Machine, ChangeNumber 0
GPSVC(628.d4c) 15:59:03:417 CGPNotify::RegisterForNotification: Entering with target S-1-5-21-2306612358-1353405591-2002195684-31233 and event 0x23c
GPSVC(628.d4c) 15:59:03:417 Client_InitialRegisterForNotification: User = S-1-5-21-2306612358-1353405591-2002195684-31233, changenumber = 0
GPSVC(1ec.1c8) 15:59:03:417 Target = S-1-5-21-2306612358-1353405591-2002195684-31233
GPSVC(628.d4c) 15:59:03:417 Client_RegisterForNotification: User = S-1-5-21-2306612358-1353405591-2002195684-31233, changenumber = 0
GPSVC(628.d4c) 15:59:03:417 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(1ec.1c8) 15:59:03:417 Target = S-1-5-21-2306612358-1353405591-2002195684-31233, ChangeNumber 0



Windows server 2008 R2

June 8, 2015, 6:14 am
$
0
0

Hey,

I was wondering if there is a way to update JAVA on client computers through windows server 2008R2 without having to do it on all client computers manually? 

Structure: Domain (city), in that domain we have a group: The roof, part of that group exists of a folder computers (46) and  a folder users (113).

Now I want JAVA to do an update on all 46 client computers. Is that possible from te server?

Search

Some New GPO Settings Won't Take

June 3, 2015, 7:41 am
$
0
0

Hi all,

I have a few GPO-related questions/issues today. 

1. I updated some NTP-related GPOs. 
Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Global Configuration:
All settings are default except the following:
MaxNegPhaseCorrection (1800)
MaxPosPhaseCorrection (1800)

Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Time Providers
All settings are default except the following:
SpecialPollInterval (900)

So the GPOs appear in GPRESULT as expected as well as RSOP, but the updated settings do not appear in the registry as I would expect.  Oddly, if I runw32tm /query /configuration the times display properly.

Does anyone have any thoughts as to why it isn't updating in the registry?  Is the registry omitted if the settings are specified via GOPO? 
These settings are for server hardening in relation to regulatory compliance, so it needs to be verified that it is set as necessary.

2. I attempted to rename the domain Guest account by using the following GPO:
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename
guest account

This fails for whatever reason.  Running RSOP shows a red error message on this item, and if I view it I am told to look up the winlogon.log, but unfortunately I do not find anything which pertains to the Guest account, be it by name or SID.

Does anyone have any insight they can share with me on these two issues?  Any insight that can be provided would be welcomed.

Thanks in advance!

GPMC stopped showing any links on all policies on Windows 8.1 admin workstation

June 2, 2015, 2:37 pm
$
0
0

Hey guys,

I have a windows 8.1 workstation on a Windows 2008R2 domain.  I was going through and cleaning up some old IPsec policies.  When looking through the policies I noticed some of these old policies were not linked to any sites, domains, or OUs, so I thought they were not in production and disabled them.  I then noticed that several were not linked, and then went through them all and noticed that none of my GPOs were showing any links.  Started to panic a little, but I restarted gpmc.msc and everything was fine.  The exceptions was the (3)IPsec policies that were disabled.  Has anyone ever seen gpmc.msc fail like that before were it stops showing any links for any GPO?  The security filters were updating as I was clicking through the GPOs, but they all showed no links until I restarted gpmc.msc.  My workstation is fully patched with WSUS updates each month.




item level targeting

June 8, 2015, 9:32 am
$
0
0
i am looking example for item level targeting scenario like registry match executes condition 1 so create item level targeting and how to deploy (i mean linking to OU's)

Wallpaper via Group Policy and Windows 7

August 27, 2009, 6:50 am
$
0
0
My organization has recently deployed Windows 7 Professional (RTM, VLK) to our two computer labs. Users who log onto these machines get a wallpaper that has my organizations name and logo, deployed via group policy. After the upgrade to Win7 Pro, the wallpaper does not apply correctly. I began troubleshooting whether this was a result of conflicting policies, but even after making a new user, and placing him in a test OU with only the wallpaper GPO applied, this still happens.

Registry value must match a "bitwise and" comparison to 1024

June 4, 2015, 8:02 am
$
0
0

Making a computer secure, it requires that "Windows must be configured to block application execution if certificate server status is unavailable." The solution goes through a walkthrough of changing the registry to have the State value "match a 'bitwise and' comparison to '1024'". Tried multiple combinations to get it to work, to no avail. Any help on configuring this would be great!

Thanks!

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>