Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

GPO move from local to central store

August 4, 2015, 12:46 am
$
0
0

Hi,

I'm going over my new companies environment and discovered that they are not using the central store for Group Policy (opened Group Policy Management and Administrative templates has 'retrieved from the local computer' next to it). I know to crate the PolicyDefinitions foplder under FQDN\sysvol\FQDN\policies but was wondering what the benefits/drawbacks are of doing this (trying to figure out why they wouldn't have done this already). Also, if there are any gotchas to watch out for when moving over to a central store.

Any pointers to articles which help to troubleshoot GPO settings not replicating/applying correctly would be great as well.

 - DC Servers are 2012 R2

 - Domain and Forest levels: 2008 R2

Search

Limit authentication options displayed via GPO?

August 4, 2015, 11:24 am
$
0
0

Hello,

Is there a GPO setting to limit authentication option/prompt to smartcard/PIN only? We already have smartcard required option enabled but would like to limit what is seen. Thanks in advance for any help.

GPO Central Store

August 10, 2015, 3:00 am
$
0
0

Hi,

I want to use central store for my admx templates. I have creates a PolicyDefinitions folder in sysvol\sysvol\domain\policies and copied my admx files to there.

However when i go back to GP Management Editor the status for Administrative Templates is "Administrative Templates: Policy definitions (ADMX) retrieved from local computer" and not "...central store" which is what i was expecting.

This is a Win Server 2012 R2 DC.

Anyone else run into this issue?

K

Optimizing Windows user profiles for VDI environments

July 30, 2015, 9:27 am
$
0
0

Hi guys,

my scenario is this:

my clients use Windows 7 machines on a pooled VDI environment.

We didn't use the vhdx attachments but folder redirection to keep the profiles info after logon and between desktops.

the profiles are located on a NetApp storage.

we have many performance issues on the NetApp and therefore, problems of performance in the desktops and then... we have unsatisfied users.

we noticed that most of the I\Os arrive from the redirected %APPDATA% and even though the storage should handle this amount - it kill everything. the NetApp hangs, and when machines can't find the %APPDATA% users just freeze.

we saw that the problems are coming mainly from Microsoft. meaning most of the mess caused by MS products and Windows products.

We have an explosion of the Recent folder, the Cookies folder, Office Templates and building blocks... they are the killers

now I know I can't live without them but we ask our selves how can we overcome this issue besides "Buy a more reliable storage"

are there any special settings for these specific locations in terms of VDI?

I mean, if it's a local machine then everything's local anyway and I don't care

but in this case - it doesn't make any sense that users have more than 1,000 recent files or Cookies and they will just stay there forever. are there any optimizations i can make in GPO for these scenarios?

thanks

Tamir Levy

using network software

August 10, 2015, 5:18 am
$
0
0

Hello,

I install new server at my work and install same software like the old server (Windows server 2003 R2)

I connect all users again and nothing happen except some issue with some software

I have network software and have database and it's work with administrator user and normal user not

it give massage said can't connect to database

other software like Ginger doesn't allow to even login to can use

I didn't link any group police but it's still users can see the police.

can I create policy to can all network software to be work?

or can I disable all policy and I will create my own policy?

Please support .

Thanks

When will Windows Server 2012 R2 be 100% compatible with Windows 10?

August 6, 2015, 7:19 am
$
0
0

I have so far upgraded only one PC in our company to the new windows 10 OS and ran the connector that was distributed that same day of the release of windows 10 for Windows Server 2012 R2. Everything looked normal and installation went well, so I thought. There is no folder redirection as Group Policy is showing not applicable. The main feature of our server is group policy that allows us to log into any computer on the shop floor and still have access to our files from any computer. The connector that was released that day still shows windows 7, 8, and 8.1 as being the only operating systems allowed through the connector. Each computer linked to our server displays the client pc name, ip address, mac address, os version, service pack, and boot time. The PC with windows 10 on it, the server is recognizing as windows 8.1 still, but no group policy.


Old GPO settings being assigned

July 8, 2015, 11:26 pm
$
0
0

Hi all,

We changed a GPO three weeks ago and these changes seem to have been replicated across the four DCs ok. The new GPO settings are correct on all present machines in our environment. Our problem is when we build new machines via SCCM. Some of the machines pick up the old GPO settings even though when i run 'gpresult /r' it tells me it has synced to the correct DC recently and is picking up all the linked GPOs but RSOP shows that it is picking up the old settings on that one GPO which changed three weeks back.

If  I run a gpupdate /sync it seems to resolve the error but I would like to know where and why the machine would first be getting the old settings and how I can stop having to run a gpupdate /sync every time I build a new machine?

Thanks

Network drives appearing as disconnected

July 30, 2015, 12:32 am
$
0
0

I have a bunch of users that log onto a 2012 R2 RDS server,

They get the drives mapped by GPO

A user logs onto the server for the first time (this happens for everyone but first time user is a good example of the issue and proves a few points )

All of their network drives are listed, but show as disconnected

If I click on the network drive I can browse it and it behaves as normal, the state still shows as disconnected

In the event log I am seeing error 4098 in the event log

The user 'G:' preference item in the 'Drive Map - Groups and Personal {D232C94D-D5C9-403D-ADDD-22D88E582B0F}' Group Policy Object did not apply because it failed with error code '0x80070055 The local device name is already in use.' This error was suppressed.

If I right click on the drive and say disconnect, I get the error “This network connection does not exist” yet if I click on it I can browse.

If I issue the ‘net use’ command is shows me nothing is connected / lists nothing

The bit that really gets be, is this is the first time this user has ever logged onto this server, so 

A -  there is no way the drive could have already existed

B - The drive IS mapping because it appears and I can browse it

Things I have checked:

-       -Tried with UAC both on and off – I;’ve read this can cause this – no change

-       -Made sure there is nothing else trying to map the drives – there isn’t

-        -Tried mapping the drives with a Kixstart login script instead of the GPO – end result is the same – drives appear but disconnected

-       -Tried users logging into another server – works fine

What is going on with this server that could be causing this?

Thanks in advance

Search

Setting Default Printer for Roaming Users in Group Policy Preferences

August 10, 2015, 6:43 pm
$
0
0

Hi ,

Apologies if this question has been asked before. We are testing GPP to map printers based on sub-net IP ranges (and delete all other printers ). One requirement is to set the users default printer when the person return to his original location. Is there a proven way to achieve this using GPP?  I thought of checking against a security group and set a particular printer as default but this could be tedious. Any ideas?

Thanks


Where does Windows 7 store IPSec configuration files?

August 7, 2015, 2:14 am
$
0
0

Dear all,

IPSec secure our internet access protect us from malware and virus. IPSec provided as service launched by svchost.exe with the dynamic link library polstore.dll. But where is the configuration file everytime it loads and saves? How can I find and have a look at it?

Thanks in advance!

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

August 10, 2015, 3:31 pm
$
0
0

I am seeing a very odd error on one of our domain controllers. I have dealt with Event ID 1058 errors whereby a policy (or policies) were not replicating, but we are receiving this error along with error code 1326 on this server, and it is apparently only happening with the default domain policy:

Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Date:          8/10/2015 3:09:54 PM
Event ID:      1058
Task Category: None
Level:         Error
Keywords:     
User:          S-1-5-21-1484152634-2550175353-3916092219-3287
Computer:      <DC Name>.<domainname>
Description:
The processing of Group Policy failed. Windows attempted to read the file http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
    <EventID>1058</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>1</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2015-08-10T19:09:54.008905300Z" />
    <EventRecordID>56008</EventRecordID>
    <Correlation ActivityID="{E6440388-AAF9-4E59-B945-73179E2ADF3F}" />
    <Execution ProcessID="880" ThreadID="3256" />
    <Channel>System</Channel>
    <Computer><dcname>.<domainname></Computer>
    <Security UserID="S-1-5-21-1484152634-2550175353-3916092219-3287" />
  </System>
  <EventData>
    <Data Name="SupportInfo1">4</Data>
    <Data Name="SupportInfo2">820</Data>
    <Data Name="ProcessingMode">0</Data>
    <Data Name="ProcessingTimeInMilliseconds">3432</Data>
    <Data Name="ErrorCode">1326</Data>
    <Data Name="ErrorDescription">The user name or password is incorrect. </Data>
    <Data Name="DCName"><dcname>.<domainname></Data>
    <Data Name="GPOCNName">CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=<domainname>,DC=com</Data>
    <Data Name="FilePath">\\<domainname>\sysvol\<domainname>\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini</Data>
  </EventData>
</Event>

(Some information redacted)

Now, I haven't failed to notice that the username is listed as a SID.  Based on various queries I have done, this SID currently does not exist in our domain.

This only replicates with one other domain controller, which is our PDC and resides in our corporate datacenter.  It almost seems like DFSR is trying to connect to some outdated DC to replicate, but I cannot find any indication of why it might be doing this.  I have already looked at the DFS Management console on this server and everything looks exactly like it does on every other DC.  The DFSR event logs are also not reporting anything wrong.

While this doesn't appear to be hurting anything--the default domain policy IS updating in SYSVOL on this server and replication diagnostics all check out OK--I'd like to correct whatever is causing this.  Anyone run into anything similar or have any ideas?

Users lose drive mappings intermittently throughout the day. Server 2012 domain environment.

August 4, 2015, 9:52 am
$
0
0

We have a GPO that maps drives from our Server 2012 Domain Controller, the drives are mapped by security groups and map successfully to the users.

Drives are currently mapped by \\ServerName\FolderName

However, throughout the day multiple users will lose the drive mappings and have them reappear shortly after. This happens at random times to random users.  Most all users with the issue are Windows 8, although the domain itself is primarily using Windows 8 OS's.

I was able to find these events in the one of the individual users computers.  Where they lose connection but are reconnected shortly after.  This happens multiple times throughout the day.


GPO for wireless configuration not working well enough

August 6, 2015, 11:37 am
$
0
0

We have a GPO that configures 802.1x wireless setting for laptops and uses computer authentication for bootup and then user configuration for logging into the computer.

The policy is applied and technically does work, but it works poorly.

The first problem we have is that wireless is slow to connect.  The computer boots up and then when the user tries to log in, there is a message that says no logon servers are available.  Looks like the wireless is not connecting during the boot process as it is supposed to.  We are having to connect an Ethernet cable for first time users to log into the laptop and create their Windows profile.

The second issue is that the switch to user authentication for wireless is slow.  When the user first logs in with cached credentials, the wireless is not connected immediately and therefore drive mappings fail.  After waiting around 15 to 30 seconds, the wireless finally connects and the user can either reconnect disconnected drives or has to log off and back on to get their drive mappings.

What are the optimal GPO settings to ensure computer and user wifi authentication works reliably?


Password Policy in sever 2008

August 5, 2015, 4:04 am
$
0
0

hello,,,

I have windows server 2008,,,,

I make this option, and not working by clients, what is problem,the client can not chang password, the massage is

(unable to update the password. the value provided for the new password deos not meet the length, complexity, or history requirements of the domain.)

File auditing Logs

August 6, 2015, 1:25 am
$
0
0
I have enabled file auditing as per standard steps but I am not receiving the logs that who edit, copy, past, files in the event viewer, Security Log Not Logging Events, it says that The event logging service has shut down. So I kindly request you please share your experience with me in this regard. thanks friends
Search

reverting to windows 8.1 from windows 10

August 6, 2015, 8:55 pm
$
0
0

I upgraded to windows 10 and have issues so I want to revert to windows 8.1. But to do so I need to delete a user that I added since the upgrade. The user is called administrator. I cannot delete this. the user name is 'robyn robins administrator'.

how can I revert? I downloaded windows 10 7 days ago.

I need to work on my computer can someone please help me

Network drives keep disconnecting or prevent access

August 6, 2015, 3:23 am
$
0
0

Hello,

We have around 40 users connected to one main server, and when logging in a logon script is run to map several shared drives from the server. One of the drives is a personal drive to that user. Most users drives with map, but then randomly disconnect and not be able to reconnect for 10-15 minutes, or the drives won't map at all and users cannot connect. 

At around the same time this problem started happening we also started getting DNS errors and users couldn't access the internet from time to time. 

I don't have a great deal of experience with servers, so actions to try in layman's terms would be appreciated!

Thanks

Compatibility View

August 5, 2015, 8:25 am
$
0
0

I need to add few websites to IE 11Compatibility Viewwhite list.

Made a change to the following GPO,

User Configuration-> Policies-> Administrative Templates-> Windows
Components ->Internet Explorer -> Compatibility View

for some reason do not see any changes in:

Tools -> Compatibility View Settings

I am changing a wrong GPO?

Thanks for the help.


Thanks for the help.

What i am able to find: Deploy from Administrative Templates via GPO. However,it does not get reflected in IE user interface.

Looking for a way to desplay the setting. When i add it manually i do not see it in the registry to add it that way.

Issue with folder redirection: Primary computers

August 10, 2015, 12:38 pm
$
0
0

Hey All,

I work for a small company with a windows domain environment. I'm having an issue with setting up folder redirection for primary computers only. "Redirect folders on primary computers only" is defined and enabled in the User Configuration of the "Folder Redirection" Group Policy, but folder redirection insist "Primary Computer Evaluation: Not evaluated because primary computer policy is not enabled". The Group Policy is properly configured and passing the information to the client workstation, the users msDs-PrimaryComputer attribute is defined properly, but windows continues to redirect ALL user folders.. I receive a warning in event viewer upon logging into a workstation and is as follows:

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" /> 
  <EventID>1534</EventID> 
  <Version>0</Version> 
  <Level>3</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x8000000000000000</Keywords> 
  <TimeCreated SystemTime="2015-08-10T14:41:37.505607300Z" /> 
  <EventRecordID>3182</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="944" ThreadID="1876" /> 
  <Channel>Application</Channel> 
  <Computer>PROD-DAWA.resolutioneng.com</Computer> 
  <Security UserID="S-1-5-18" /> 
  </System>
- <EventData Name="EVENT_PROFILE_NOTIFICATION_FAIL">
  <Data Name="Event">Create</Data> 
  <Data Name="Component">{2c86c843-77ae-4284-9722-27d65366543c}</Data> 
  <Data Name="Error">Not implemented</Data> 
  </EventData>
  </Event>

It seems like the user attributes are not being accounted for..

ANY help is appreciated, this thing is driving me insane..

GPP Mapped network drives issue

August 11, 2015, 1:34 am
$
0
0

Hi,

I have a Windows 2008 R2 domain. We have implemented a GPO in which, with user preferences, a user is mapped to several network units depending on the groups he belongs to.

For example, if a user belongs to a group called Sales, he will have a mapped R: drive connected to \\srvfiles\sales

If he belongs to a group called Billing, he will have a mapped Q: drive to \\srvfiles\billing.

But once a letter is mapped to the user, it is saved in his profile, so if I remove the user from those groups, he will still have those mapped drives. 

So we have make a change: At the top of the drive mappings, we have put a Delete all, starting from Q: rule in the GPP. We have also tried with a logoff script which removes all mapped drives. In both cases, we have the same result: When I remove the user from the groups and he logs again, the mapped drives are still there. If he logs of and logs on again, then the mapped drives has dissapeared (as it should have the first time). If I add the user to the group or both groups, and he logs in, again, he doesn't see the mapped drives the first time; he has to log off and log on again to have the mapped drives.

Anybody knows why the user has to log in twice to have connected or disconnected the mapped drives? Is there any workaround to have those changes applied the first time the user logs in?

Thanks

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>