Hi,
could anybody help me, where can i find a .msi installer for Internet Explorer 11?
I want to install the new version of IE with Group Policy and the .exe installer is not supported.
Many thanks in advance!
↧
Internet Explorer 11 Deployment with Group Policy
↧
How do I stop printer policies from applying to servers?
We use group policies to deploy printers- All works well, except that RDP logins to servers generate a bunch of extra noise in the event logs. What I'd like to do is to find a way to prevent just these policies from running. We use security filtering to only load the drivers for specific group members, so we end up with one group per printer, and simply add a user to a group to install the printer. We do have terminal servers in our deployment, so I would guess the question is how to create a group of users who have a policy, who log in to a group of servers that prevent the policy from loading? We would exclude the RDS's from the group because we want printers to load on them... I'll appreciate any ideas on how to do this.
Thanks!
Thanks!
↧
↧
Edge ADMX templates?
Do you know where I can get GPO settings for the new browser Edge?
↧
Disable software restriction policy
Hello everybody,
I faced with situation that confusing me hard. I created Software Restriction Policy in my domain and set default level "Disallowed". Then I decided not to use it and deleted it. However, applications launch with error "this operation has been canceled due to restrictions in effect on this computer" and there is no any records in Event Viewer about applying policy. This apps are Google Chrome and Mozila Firefox.
After that I created new SRP with default level "allowed" but it also didn't help me to launch applications on my computer. Could you please hint me how it is possible to solve it? Thank you in advance.
↧
How to merge different GPO settings into a single GPO
Hello,
As part of Windows 7 migration, we are planning to merge existing computer GPO settings which are scattered across different GPO into a single GPO. Is there a way to do this? Using GPMC tool, I tried to export one GPO settings and imported into another GPO but import operation is overwriting existing GPO settings.
-Chandu
As part of Windows 7 migration, we are planning to merge existing computer GPO settings which are scattered across different GPO into a single GPO. Is there a way to do this? Using GPMC tool, I tried to export one GPO settings and imported into another GPO but import operation is overwriting existing GPO settings.
-Chandu
↧
↧
GPO settings not being enforced correctly over domain controller (Interactive logon: Smart card removal behavior)
We're trying to set our domain (running on Windows 2008 R2) up with smart cards to avoid username/password reset woes, but we need to be able to have the users remove their card after authentication.
We've set the GPO setting "Interactive logon: Smart card removal behavior" to "No action". RSoP and our test machines joined to the domain show the policy in effect after applying the updates, but will still be logged off when we remove the smart card.
We tested to make sure that the GPO settings pushed via the domain controller were actually taking effect by enforcing the "Forced Logoff" setting, which did in fact work fine.
Anyone have any ideas of a potential hangup we're not seeing?
↧
Import GPOs from domain 1 to domain 2
Hello all,
After many searches I don't find how to import all my 50s GPOs into my test domain.
I have a physical Dc in my production environment where I backuped without trouble all my GPOs into a folder, but in my test environment, i can't import them. I tried the Migration table way but I'm not able to make it work. I take all solutions and if you can provide me one where each GPO will be translated into another one GPO (I mean, not 1 GPO with all my parameters), then thank you in advance, that will help me a lot....
Martin
↧
Windows Firewall per-user
Hi,
Excuse what could be a bit elementary, I'm no Microsoft guru
We have a terminal server (win2k8 r2) on the domain that a bunch of users login to.
We ideally want these users to only be able to access certain resources (controlled by IP/port) based on their user group. So the idea is to create GPO's with Windows Firewall outbound rules to permit the allowed access per user group.
However I've been trying this for a couple of hours and I just cannot get the GPO to enforce Windows Firewall rules.
So I'm wondering if this maybe because the GPO is linked to a user group, not computers, and the Firewall is a computer setting.
Would this be the case? is it possible to create GPO's that enforce different Windows Firewall rules per-user rather than by per-computer?
thanks
↧
Implementing LAPS with Windows 7 Enterprise MUI
We have currently been using the older version of LAPS (POP SLAM) in our Windows 7 environment and seems to be working fine. We just moved to Windows 7 Enterprise and are using language packs as we're a global company. In our previous images, we have always manually added the account in the local admins group in our reference image. We're now using MDT and not adding the account and letting popslam add the account instead.
ISSUE: Application seems to not put in the local admin account since the name of the local administrator group is different based on the language of the computer.
Is there a way for the application to check the language and add the account to the right local group? I'm passing a transform against the MSI to add our custom local account admin name and removing some shortcuts. Noticed the product language property table and as wondering if that would do it. Anyone run into this issue?
↧
↧
Digital Tech Office Sign GPO Suggestions
I have an 8" windows 8.1 tablet. I am going to use it for a digital sign. On the screen saver, I want to display a jpg for digital signage when idle. I then want anyone to tap the screen and lock them into two potential websites. One will be internal and another one external. The inside website goes to a ticketing system. The outside is for Azure password reset, which will require some validations. I am thinking the best way to do this is through Group Policy. Seems a bit of work to do this and I am looking into what is the easiest way to lock everything down except for those 3 resources (jpg on lock screen, ticketing website, Azure password recovery website). Any thoughts?
↧
Set time limit for active but idle Remote Desktop Services sessions for paticular user and server
I want to make a GPO where specific users are logged off after a certain time on one particular server. I made a GPO by configuring Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits.
I then used security filtering and removed Authenticated Users and added the server and the users I want to log off.I then linked the GPO to an OU containing that server.However It doesn't seem to work.I did a gpresult /R ,and it tells me that GPO is being applied only to the server.
↧
How to grant privileges for users domain conect to VPN server?
Hi everyone,
My system used to AD Windows server 2008 to manage. Current, i want to grant privileges for users domain can connect VPN but i can't. It notify error:
NOTE: FlushIpNetTable failed on interface [12]{49D27953-...} (status=5): Access is denied
.....
ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=12]
..Althought, I added users into Configuration Network Group and create GPO allow access Network Connection.
Please, help me!
Thanks,
↧
Group Policy Logon script continuously firing.
My Logon Script works the first time as expected, however I can see that it is going off again later on. I notice this because the script creates shortcuts on our users desktop, I deleted these on one of the computers (knowing it would come back on next login), however I see them again in about 30 minutes. Does the login script get reused after unlocking the computer, or after a certain amount of time? If so can I turn this off?
I use Group policy to use the login script and its a powershell script.
↧
↧
Windows 2008 R2 block bluetooth service using GPo
Dear All,
please help me to block Bluetooth device by GPO. i have windows server 2008 R2.
Sunil
SUNIL PATEL SYSTEM ADMINISTRATOR
↧
adml templates
when I download the windows10 admin templates.
when I copy my files to my server should I be over writing existing files?
↧
Drive mapping via group policy
we create one policy drive mapping and add 2 users diffrent locations one user able to see that drive in my computer but second person profile not mapped that . pls check below centrail it person able to see this but second ashutosh he not able to see. what wrong here and how this resolved please suggest
↧
Logon routine based on office and group
Sorry in advance if this isn't the right place. I was told I needed to post this here.
I want to overhaul my logon.bat file process that is currently using KIXTART, group membership and IP addresses to map drives. Over time the script has become more complicated and with Windows 8.1 and 10 it has become less reliable and a lot of users
have to click the logon.bat shortcut we put on their desktops. I also have a cheesy printer install script, so I would like to use GPOs to map drives and load printers.
My AD is broken out by office (8). Users within each office are then part of different security groups which gives them access to different parts of the domain. The main office is broken down even further into divisions. The majority of my
data is currently being moved to the cloud, and we have cloud caching devices at each office (why we need location mapping).
User Example
When in Office1
P: \\OFFICE1\PROJECTS
M:\\OFFICE1\MARKETING
X:\\OFFICE1\PROGRAMS
U:\\OFFICE1\USER\%username%
Printers
\\OFFICE1\PRINTER1
\\OFFICE1\PRINTER2
\\OFFICE1\PRINTER3
When in Office2
P: \\OFFICE2\PROJECTS
M:\\OFFICE2\MARKETING
X:\\OFFICE2\PROGRAMS
U:\\OFFICE2\USER\%username%
Printers
\\OFFICE2\PRINTER1
\\OFFICE2\PRINTER2
\\OFFICE2\PRINTER3
In addition to the location mappings, I also have mappings regardless of location to data that won't be in the cloud - accounting, etc. So when a user is in Office1 and the local data is in Office2, they will need to map to Office2 based on their group membership (Accounting).
Because I have the location and group membership requirements, don't see any way to use the ADMX GPO drive mapping option. Please fill me in if I am missing something! I think I will still have to run some sort of script to get everything mapped
and loaded. So, if that's the case, what is the big advantage of using a GPO?
Thanks in advance!
↧
↧
Group Policy Preferences for Internet Explorer 10 show up in gpresult as applying to "Internet Explorer 5 and 6"
We have all Windows 2012 R2 domain controllers. Our domain functional level is Windows Server 2008 R2. All of our workstations are running Internet Explorer 11. When I create a Group Policy Preference for Internet Explorer 10 and apply it to the desired
OU, the users in that OU cannot access the Internet. When I run gpresult /h on the workstations in question and look at the resulting html file, I see "User Configuration > Control Panel Settings > Internet Settings > Internet Explorer 5
and 6 > Connections > Policy > Proxy Server" and my proxy server settings are there. However, when I launch Internet Explorer and click on "Tools > Internet Options > Connections > LAN Settings", the proxy server settings
are gone. My first question is, "Why does the gpresult show that the settings are for "Internet Explorer 5 and 6"? The second question is obviously, why are the proxy server settings not working?
↧
Windows cannot access domain\sysvol\domain\policies
Hi!
We have suddenly problems with GPO`s. The latest 3 gpo`s we have created are not working, when we browse to\\domain.local\SYSVOL\domain.local\Policies\{XXXXXX} we get the message
"Windows cannot access \\domain.local\SYSVOL\domain.local\Policies\{XXXXXX} you do not have permissions to access.
We have 3 domains controllers, when I try locally \\dc01\sysvol\domain.local\policies it failes, but if i try the same on other domain controllers 2 and 3, then im able to read the content.
Any suggestions ?
/Regards
Andreas
↧
GP software instalation
Hi
Coming to the point straight
In my organistation there are lots of GP which has only computer configuration enabled, however in security filtering we have only Authenticated user added and not computer . how will this work, as computer configuration is computers
i have created group policy to push the software in computer configuration, we have added the users and computer both in security filtering , but its not getting installed. we have selected Assigned optioned.
one more query - the software in placed in a folder in the server and we shared the folder, and provided everyone with RO access, do we have to change this.
Aamir
NA
↧