Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Administrative Templates Issue.

October 31, 2015, 3:30 am
$
0
0

While trying to edit group policy i m getting error like

Administrative Templates:

Encountered an error while Parsing.

Expected one of the following possible  element(s),<text>,<decimaltextbox>,<textbox>,<checkbox>,<combobox>,<dropdownlist>,<listbox> but found <multitextbox> instead.

File c:\windows\policydefinitions\en-us\inetres.adml,line4276,column 59

Administrative Templates:

Encountered an error while Parsing.

Encountered an unknown  error while parsing(error =0*87400001):2025848831(0*87400001)

File c:\windows\policydefinitions\inetres.admx,line10,column 41

Thanks in advance....
Search

Windows 7 Enterprise Edition

November 1, 2015, 11:44 am
$
0
0

I assigned all user windows 7 professional Power User rights it would not allows the user to make any changes to systems or undated software on the PC, it would always prompt the user to enter and Administrative user name and password. I am not working in an environment that i am trying to deploy that same solution, the only different is that i am using Windows 7 Enterprise edition it does not prompt me enter a user or password, it does nothing.

I would like windows 7 enterprise to perform the same function and windows professional allow the adminstrator and end-user to be prompted when trying to install new or update software.

Please help.

thanks

 

AD RMS Local Intranet Security Zone Distribution

November 2, 2015, 2:43 am
$
0
0

I got a question about the Active Directory Rights Management Services. After I did all the configuration of the RMS Cluster. I had to verify the AD RMS to all the users. But how can I distribute the verification into all the client user?

Link Below are shows the verification the local intranet by each of the user (step 4), I want to know how can I distribute this verification by just verify one time to all the client users such as if I got 100 users.

https://technet.microsoft.com/en-us/library/jj134037.aspx

Redeploy same printer driver version using GPO

November 2, 2015, 8:31 am
$
0
0

Hi all,

Printers are hosted on a dedicated print server running Windows Server 2008 SP2.  Printers are deployed with GP.

Situation is that periodically my print drivers are getting corrupted for some reason (usually after a Windows update on the client).  The Win clients then cannot print at all.  Previously, I had to remove the GP deployed printer, and re-added it using a different name, with the same version driver (it's a Canon with B2 imagepass controller).  That worked just fine.  But I don't want to have to keep removing and redeploying the printers.  I would love to know a way to force push the driver for reinstallation... any ideas how to do that?  Is there some way to change the driver version to fool the server into redeploying the driver?

Thanks,

Paul

Permission issues with Sysvol when editing a GPO from a DC?

November 2, 2015, 11:44 am
$
0
0

This is a weird one on a 2008R2 domain.  I login to the domain with a normal user account. I can elevate to launch gpmc.msc as a domain admin, but I get permission issues when trying to add a something to sysvol.  For these reasons, it is usually just easier to remote into a DC and run gpmc.msc as a domain admin.

I have noticed that if I remote into a DC and launch gpmc.msc(while pointing gpmc to the local DC that I am also logged into) that I get permission denied when trying to copy scripts into the startup folder, etc.  The weird thing is if I point gpmc.msc to any other DC(does not have to be the PDC emulator) and do the exact same thing, it will allow me to copy the file in.  I have seen this on multiple DCs and have disabled AV, etc.  Anyone have any ideas on why gpmc.msc must be pointed to a different DC to give me the permissions to copy some files into the sysvol location of a GPO?  At first I thought I had some sysvol permission issues, but now it seems to be something else.

Thanks,

Dave





How can the Workstations when joined with domain get different policy in same domain

November 2, 2015, 11:02 am
$
0
0

Our organization have two different remote locations where workstations are need to be joined with the AD (Domain Server). One remote location (say Location-A) has greater bandwidth. Whereas the second location (say Location-B) has very less bandwidth. Both locations (Location A & B) have workstations which needs to be joined with central domain server (AD). We have created different set of policy for both locations (policies which suits/match their network constraints respectively).

Now the requirement is, when joining a workstation with domain can we get a different policy set by using any special domain joining script.

Your hint can correct my direction. Thanks in advance.

Status of the 'Reschedule Automatic Update scheduled installations' setting

November 2, 2015, 7:19 pm
$
0
0

The below is req how i can meet this?

The 'Reschedule Automatic Updates scheduled installations' setting determines how much time should elapse after system boot before beginning a scheduled system update procedure.   As configuring the system as to put updates on hold while start-up procedures are completed can help avoid undesirable system boot conflicts, this should be configured according to the needs of the business.

Status of the 'Notify antivirus programs when opening attachments' Group Policy setting

November 2, 2015, 7:20 pm
$
0
0
How to  'Notify antivirus programs when opening attachments' Group Policy setting configures the sequence Windows determines file attachment risk. As this setting can conflict with corporate anti-virus policies, this setting should be configured according to the needs of the business
Search

PowerShell GPO Settings not available, download ADMX file?

November 2, 2015, 4:52 pm
$
0
0

Hi,

I'd like to configure the "Set the default source path for Update-Help" through GPO.
Unfortunately the PowerShell related settings are not available in the GPO. Where can I download the ADMX file? Thanks in advance :)

GPO Migration Server 2003 > 2008 R2 (Folder Redirection AppData)

November 3, 2015, 2:47 am
$
0
0

Hi all,

I am currently reviewing our current GPO's which were created years ago while the server 2003 was still around.

Now, we run server 2008 r2 as a domain controller.

Group policies currently include a lot of unnecessary settings and I am just creating new GPO with the only information that we need.

We use folder redirection for pretty much everything including App Data (Roaming).

The following setting: User Configuration\Policies\Windows Settings\Folder Redirection\AppData(Roaming)

Old GPO (2003 - current one) just states the following path: \\servername\users$\%USERNAME%\Application Data

New GPO modeling wizard only allows the following path: \\servername\users$\%USERNAME%\AppData\Roaming

If we disable the current policy which has got the general path, and enable the new GPO which points to \AppData\Roaming, what is going to happen? Is the data going to be copied over for all users to the new location? I just want to avoid users calling up saying that some things just don't work.

I am sure someone must have done that before. What is going to happen when new GPO kicks in with the new path, and the old one is not linked anymore?

All the best!


removing IEM properly

November 3, 2015, 3:15 am
$
0
0

Hello

we have an rds setup with 2 farms (4 RDS each). we recently introduced the 2nd farm but are using ONLY IE 9 admin templates to set rules for IE. on RDS farm 1, we are still using IEM policies. the IEM policies are still applying to farm 2 but the IE 9 admin template GPO takes precedence and applies to farm 2 first.

for farm 1, we plan to unlink the IEM policies THEN use apply a normal IE 9 admin template GPO. Is this a safe way of removing the older IEM policies from use or is there another way to ensure no registry complications down the line?

regards,

InfoAdmin

GPO : Item Level Targeting for Windows 10

November 2, 2015, 6:38 pm
$
0
0

Hi, GPMC on Server 2012 there are no windows 10 items for OS item level targeting.

Is this expected ?

Ramu V Ramanan


Drive Mapping

October 21, 2015, 4:50 pm
$
0
0

I have added drive mapping item to a group policy.  Some of the machines are already using the drive letter.  Outside of logon script, is there a way to configure group policy to replace mapping?  I tried using action update and replace.  Neither seem to work. 

Thanks in advance

Delete Registry Values Using a Wildcard

October 21, 2015, 12:58 pm
$
0
0

Hello, I'm trying to find a way to delete a registry key with multiple similar values using a wildcard. The cause of the issue is GoToMeeting leaving multiple startup items when only one version of it's installed on the computer, resulting in the registry values below. I know how to delete registry key values in group policy if you specify the exact value name, but is there a way to delete them using wildcards? I tried tried using "GoToMeeting****" but [unsurprisingly] it didn't work.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting2553"
"GoToMeeting2759"
"GoToMeeting2856"
"GoToMeeting3019"


Roaming Profile and Temp profile

October 20, 2015, 1:06 am
$
0
0

Hi,

I have Windows 7 users who have a Roaming profile configured on their user account in AD. A few of these users then use this account to logon to a citrix server to access certain applications and their profile is then redirected using folder redirection and is configured using a loopback polcy which works fine and their profile folders are all redirected properly. The citrix farm is windows 2008 r2. Once they logon to citrix xenapp, they are presented with some applications, and one of those is to rdp onto a Windows 2012 server. When they logon to the Windows 2012 server, they are presented with a temporary profile.

How can I make sure that when they logon to the w2k12 server that they have an actual profile created? In the registry for their accounts (HKLM\software\Microsoft\Windows NT\CurrentVersion\ProfileList), it points to a Central profile path and that is the same path as when they logon to the domain normally, but they can't access that path from the citrix farm (and I don't want them to since the folders are now redirected). If I remove their AD roaming profile, then they get a normal profile when they logon to citrix and then the w2k12 server), and the registry does not contain the Central profile path. The users need to have their roaming profile for normal operations (i.e. when they are not using citrix)

Is there any GPO that I can configure to remove the Central Profile reg entry when they logon to the W2k12 server?

Thxs

Jaz



Search

Apply local firewall rules (Domain)' policy setting

November 2, 2015, 7:17 pm
$
0
0

it's a req for admin:

Apply local firewall rules (Domain)' policy setting enables local administrators to create local firewall rules that apply along with firewall rules set by Group policy. As this setting can affect overall security configurations locally, this should be set according to the needs of the business.

User Profiles on Server 2012 R2 RDSH setup

October 26, 2015, 7:24 am
$
0
0

With User Profiles, I have noticed that there are 3 components:-


With a users profile I can see the following

AppData\LocalLow

AppData\Local

AppData\Roaming

Using Group Policy I can see the option to Roam the AppData\Roaming folder and subfolders.

Do I need to worry about the other 2 folders?

For example, I notice the Google Chrome places its user config info under the AppData\Local folder but I did find a GPO for Chrome which allows me to redirected.


Central store ADMX update query...

November 3, 2015, 3:34 am
$
0
0

Hi all,

Trying to edit GPO's in a Server 2008 domain controller and 'm getting the missing element error on the administrative templates....but found <multiTextBox> instead....on the theinetres.admx template.

From research I now understand the templates on my DC require updating to cater for new features, options software options and operating systems etc.

Question...

Can I import the latest 8.1 \ 2012 templates along with the updated internet explorer 11 ADMX files into a server 2008 domain controller to ensure I can continue to administer GPOs on this server as there is no plan as yet to migrate this server to 2012.

No RSAT currently  allowed on this box for remote GPO manipulation from an updated OS, maybe this is a better option?

Thanks in advance,

durrie.

Pop-up list for IE 11

November 3, 2015, 2:34 am
$
0
0

Hello,

I have IE 9 ADMX working on IE 11. everything works ok so far except the pop-up allow list is populated in the GPO but blank when I check IE 11. any ideas?

regards,

InfoAdmin

Disable function or botton "Print Screen"

November 3, 2015, 12:06 pm
$
0
0
Hello, somobody that helps me. I´ve to disable function or botton "Print Screen" in a domain. Can you help me?, if it possible via GPO for Windows Server 2012.

Ing. Marco Antonio Medina Rodríguez. Ing. en Sistemas Computacionales.

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>