Hi all
im studying Windows server 2012, and one of the topic which is GPO Loopback , I watched some videos and read about it but basically I don't know how to figure it out. when I watch the videos on youtube I feel I understood it but when I want to practice it I get lost!
some explain it please
your help much appreciated.
We have a Terminal server running in win server 2008 R2 Standard. We successfully use Folder Redirection for Roaming folder, Contacts, Desktop, Documents, Favorites, Links, Music, Pictures, Saved Games, Searches, and Videos. For redirection we use the following path: \\domain.local\users\%USERNAME%\Redirected_Folder. Everything works as expected. When we redirect the Downloads folder we get the following error in Event viewer:
Error details: "The specified path is invalid.
Of course the redirection does not work. The disk space in our RDS server is getting low as users save files locally on the RDS. What could be the problem? Any ideas are welcome.
Hi,
We are in the process of testing ahead of a rollout from IE8 to IE10 now the majority of applications used at our organisation will support IE10.
Currently we have Compatibility View enabled for all Intranet sites but going forward we would like to disable Compatibility View by default and just have a whitelist for the few sites that will still require Compatibility View.
In testing I have managed to disable Compatibility view by default and uncheck the use Compatibility View for Intranet Sites as we desire as we don't want that by default. However my whitelisted sites do not show when I view Compatibility View settings on our test workstations. Also if I F12 into Developer options they are not running in Compatibility View.
Can anyone advise of the settings we would need to accomplish this? Is this possible just using GPO? Or would registry keys require changing also?
Currently we have:
Turn off Compatibility View (Disabled) - So users can still add websites manually if needed
Turn on Internet Explorer Standards Mode for Local Intranet (Enabled) - Stops Compatibility View being used for local intranet by default
Use Policy List of Internet Explorer 7 Sites (Enabled) - With the sites we would like to be viewed in IE7 Compatibility View still
All other settings are currently Not Configured. I have tried applying these settings as a Computer Policy and a User Policy with Loopback Processing but neither seems to allow the whitelisted URL's to display in Compatibility View.
If you require any more information please let me know. Any advice on this problem is greatly received.
Hello all,
I am setting up a GPO and wanted to remove powershell and server manager from quicklaunch for all remote desktop users. I used the following link as a guide on how to achieve this. https://www.serverknowledge.net/group-policy/remove-server-manager-taskbar-group-policy-gpo/
however, I've found that any admin account that I use cannot access server manager now. in fact, everytime I login using an admin account, I get the following message:
"windows cannot access the specified device, path or file. You may not have the appropriate permission to access the item"
Any direction would be appreciate to "reverse" the effects on setting the file system item
Let me begin by saying that I am not qualified to be in this forum. I would say that I am a highly experienced Windows user (thru version 7), but when it comes to networking I am out of my depth. But I teach basic computer courses at a small school
on the border of the Dominican Republic and Haiti and am the best they have to try to maintain their server (originally installed by IT pros).
The basic network is the following:
- Server: Windows Server 2012 Standard (Version 6.2.9200)
- Desktops: Windows 8 Pro 64 (Version 6.2.9200)
The probable cause of the problem: Electricity here is *mostly* stable but we only have electricity about 14 hours a day and the changeover time is not consistent. The voltage is not always steady either - sometimes it comes in quite low and sometimes it comes in dangerously (to electronic equipment) high. The result is that we often lose power in the middle of class (at times several times because *mostly* stable means that at times it is not stable). I have lost 2 power supplies (out of 25) due to this issue.
The server, even with a UPS, has regular hard power offs due to power outages when no one is able to get to the lab quick enough to power it down or to get the generator powered on. I am reasonably sure that one of the more recent dirty shutdowns has cause the problem.
The problem: all of the shared networks drives are "broken".
I realize that not all of this will be helpful, but better too much than too little information. Here is what I can tell you with my limited knowledge:
- The shares are being done thru Group Policy.
- There is no login script being utilized for users.
- The home folder in Group Policy is \\ server-01\students\8\%username% and it is being assigned as drive "S" for each student. (space after the \\ to prevent this forum from preventing my post because it thinks I am posting a link)
- The physical path to the shared "students" in the line above is E:\shares\users\students.
- On booting any of the desktops with the server already booted, there is a long delay before Windows finally loads. It is clearly timing out on attempting to login to the server and pull the roaming profile. The end result is that users are being assigned temporary profiles.
- Remote desktop into the server does not function
- If I login *on* the server console itself, the shared network drive "S" DOES get assigned correctly.
- Profile are stored in E:\shares\profiles
- I have browsed Event Viewer and have seen only two errors. One is due to a backup driver being normally powered down while the backup service is always initialized on boot. The other was DFSR Event 2213 due to a dirty shutdown. This error has been resolved. There are a few warnings, but nothing that seems on point for this issue.
- In Event Viewer, I do see Event ID 1003 - Start processing GPOs. But since the "S" drive is assigned when booting from the system console, we knew that the GPOs are getting processed.
I am hoping that there is a very simple resolution to this issue and that one of you kind folks can give me instructions on how to do it, or guide me to helping you find additional information on the issue.
Many thanks.
Hello, I'm trying to find a way to delete a registry key with multiple similar values using a wildcard. The cause of the issue is GoToMeeting leaving multiple startup items when only one version of it's installed on the computer, resulting in the registry
values below. I know how to delete registry key values in group policy if you specify the exact value name, but is there a way to delete them using wildcards? I tried tried using "GoToMeeting****" but [unsurprisingly] it didn't work.
Hi
we create new 2 group policy in win 2008 r2 server
1 Prevents users from using Add or Remove Programs. i want my client pcs (win7 winxp) not able to install or uninstall softwares.
2 Ability to enable /Dsable lan connection want client side no any one able to do any changes network
i configure both policy and set disable and add 2 users in this policy bt both users still able to access this changes
what i do wrong please suggest
Dear All,
Currently we are facing an issues in Windows 8.1 Pro System. We have 2008 R2 Sp1 Domain Controller. We have already implemented the Removable Storage Access Policy for USB Drive to write access denied.
This policy is working fine in Windows 7 SP1 and windows XP. When we install Windows 8.1 Pro and Join the computer in domain and when any users login in domain account then this computer all the Logical drives are set as write access denied except only C Drive.
All the Other storage devices set as write denied.
So Please help us regarding this issues which we are facing. is there any work around. Please guide me as soon as possible.
Regards,
Kamal Patel
System Administrator
Regards, Kamal Patel Windows Administartor
Hi
I wish to change the default permissions on GPOs, specifically to revoke write permissions for Domain Admins.
The article https://support.microsoft.com/en-us/kb/321476 does not appear to apply to Windows 2012R2, is there a version that does?:
The SDDL suggested by the article for DA is (A;CI;RPLCLOLORC;;;DA)
This should work, but the OS appears to ignore it and you end up with what I think is this (A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA), which is the default.
Even setting it to this (A;CI;LCRPLORC;;;DA) has no apparent effect (as does leaving it out altogether).
Suggestions would be appreciated. Advice on how to educate my client's DAs or telling me it's pointless because DAs can't truly be limited would not.
TIA
JamesDS
Issue:
I'm encountering issues with group policy processing where startup scripts seem to instantly fail with Event 1030 and an ErrorDescription of "The system cannot find the file specified." The client event log just gets a string of 10 or so red errors on this event type. As far as I've been able to tell, this is only happening on our Windows 10 wireless Surfaces.Windows 7 and Window 10 desktops do not seem to be affected.
Preceding the slew of Event 1030 events are typically 1 to 2 events of ID 1058: Network access is denied. The event message typically looks like:
The processing of Group Policy failed. Windows attempted to read the file \\domain\SysVol\domain\Policies\{42ECCD9C-764E-4A3D-8596-A974851F7183}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until
this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Notes and Troubleshooting:
Other Observations:
If I disable the policies generating the 1058 errors, different policies take their place. These policies appear to be the first in the order of inheritance. That is to say that it seems like the first policies that should be processed are the ones that fail. If I unlink those policies then the failures arise from the next policy(s) down the line.
It seems to me that group policy is being processed before its completely ready to do so. Like the networking on the device is not yet ready to go out and communicate with a DC.
I already have "Always wait for the network at computer startup and logon" enabled. I also have tried putting a value of 100 seconds for"Specify startup policy processing wait time". The issue persists.
Any ideas? I'm not sure what else to try.
I have set up a Group Policy to set the Lock Screen image to a defined image located on the C:\users\public\pictures\
There is also a registry key to change the lock screen image location.
I have also made it so that they can't change the Lock Screen.
I have installed the relevant Admx for windows 10 on the server and updated the group policy.
Some computers, when a gpupdate /force is done the lock screen does not change.
does anyone have any idea on how to get the lock screen changed via group policy?
Thanks
Henry Edwards
Hi,
Need to restrict multiple logon with same username and password in different pc's which is in same domain
DC with win srv 2008
client's with xp, win 7, win 8
Thanks & Regards,
NTRao.
I am using the Software restriction policies at a user level to prevent exe's from running in select areas. Since we have found an application which must be installable, I am trying to use a Certificate Rule to allow this to run.
However, the rule does not work, because I cannot select the dot box {Enforce Certificate Rules} under Software Restriction Policies\Enforcement. It is greyed out and unselected. Under the Group Policy Results it is reported as {Ignore certificate rules}.
I have enabled {System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies} which I note is under Computer Policies not User Polices. (There does not seem to be an equivalent under user.)
Any help would be appreciated.
Geoff.
Hello all,
I'm having a little bit of a problem, we have a windows server 2012 r2 on which users logon.
What we have currently in place is a GPO not authorizing a certain user to use all of the drives (prevent access, and hide drives)
however if the user opens Windows explorer and types cmd.exe in the address bar cmd starts and he can use it.
Is there a way to disable the address bar for this specific user but leave it for others through GPO?
i've read on this link but it doesn't seem to work because the registry key is no longer nammed the same,
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]We seem to be having a problem whereby profiles are not being deleted from operating systems greater than Windows 7
We have the following in place but not working on 8 and 8.1
Any ideas?
Robbie
Hi,
I am unable to apply group policies for my windows 8.1 client machines.
For Other OS windows 7 and windows 8 machines it works fine
Hi All
we have a folder which contains many files and folder and I have a full Control permission.
when a user asked me to give him a modify access and clicked apply after doing some progress this window poped up
when I click cancel , it will give access only to the folders and files before this file ... and notice that the files and folders which located after this file didn't take effect.
how to solve this ?
regards
I have recently had a problem with spyware (BreakingNewsAlert). It kept installing more and more files. While researching and removing all the infected files, I noticed that a file appeared in my programdata file called ntuser.pol and also found out that it can contain viruses. Can I delete this file?
Hi, I hope someone can help as I'm really struggling to work out what is happening.
We have an existing group policy that sets the screensaver to come on after 5 minutes of inactivity, this works great. We have noticed that users don't lock their computers when they step away and therefore decided to set the Password protect screensaver option in group policy. This we set but it caused some backlash as users complained that it happened too soon, so we decided to extend the screensaver to 10 minutes. However screensaver still activates after 5 minutes. If i remove the Password Protect screensaver part of the policy it does wait the 10 minutes but as soon as that part is enabled it reverts to 5 minutes. As a test i disabled Prevent changing screensaver part so that i could actually see what settings it showed on the Screensaver options in Windows 7 and it shows correct. 10 minutes whether the password protect part is enabled or not.
Is this normal behaviour? Hope that makes sense and i hope someone can assist. I have done the usual of GPupdate /force and even full reboots but nothing seems to make the policy apply how i want it to.