Hi!
Is it possible to let all the domain users update certificate revocation list from a central point like DC through Group Policy. If not then what kind of internet access it needs to let all the domain pcs update CRL from internet?
Thanks.
↧
CRL Problem
↧
Group Policy Preferences for Internet Explorer 10 show up in gpresult as applying to "Internet Explorer 5 and 6"
We have all Windows 2012 R2 domain controllers. Our domain functional level is Windows Server 2008 R2. All of our workstations are running Internet Explorer 11. When I create a Group Policy Preference for Internet Explorer 10 and apply it to the desired
OU, the users in that OU cannot access the Internet. When I run gpresult /h on the workstations in question and look at the resulting html file, I see "User Configuration > Control Panel Settings > Internet Settings > Internet Explorer 5
and 6 > Connections > Policy > Proxy Server" and my proxy server settings are there. However, when I launch Internet Explorer and click on "Tools > Internet Options > Connections > LAN Settings", the proxy server settings
are gone. My first question is, "Why does the gpresult show that the settings are for "Internet Explorer 5 and 6"? The second question is obviously, why are the proxy server settings not working?
↧
↧
Systems are not detecting in Unassigned groups,
Hi Greetings
I have a problem on WSUS role in Windows servers,
I successfully installed WSUS and successfully configured the group policies,My problem and my question is
why my local PCs which i want to update via WSUS server is not showing in the unassigned computers or the computer group which i created locally.? please help me , i am struggling with this problem
↧
Duplicate rinters while viewing Printer Queu or properties
Dear Technet,
Our customer has a huge problem right now. They use Windows 2012 R2 servers as their Terminal Servers, which works great. However, the printer deployment doesn't.
At this moment one particular user receives duplicated printer connections ( see attachment/image ), which causes printing issues. Because of the duplicated printer sessions, the user cannot print documents through this printer.
So the question is, why does the user see duplicated printer connections?
The configuration:
We made a GPO called "Printers", it has multiple Preference policies in it. One policy deletes all the current printer connections, and the other one's creates shared printers.
Could someone help me out? :/
Attachmen: prntscr.c0m/8vw4ak
↧
Updating Folder Redirection
I have created a share named \\srv1\user profiles\ initially to contain the user profiles of my users in my domain, then i updated the share to be a hidden share named \\srv1\user profiles$\ so that it is not searchable in the domain.
I have Folder redirection for Desktop and Documents for users pointed at "\\srv1\user profiles\%username%", i thought updating the folder redirection in group policy is as easy as updating the GPO for my folder redirection to "\\srv1\user profiles$\%username%". But as per experience, it was not. The computers that users were logged in was still pointing at the old path. But when they transferred computer, they can get the updated path.
Both shares "\\srv1\user profiles\%username%" and "\\srv1\user profiles$\%username%" are pointed at the same location of the server, the temporary solution i had made for my domain is to create those shares on the same physical path on the server.
Now i dont want to make this a solution, is there any step that I was not able to execute prior to the GPO Update for my folder redirection?
Any ideas?
For God, and Country.
↧
↧
Windows update in server 2008 enviroment
Hi,
I wanted to ask whether the WSUS technology is the only option to implement windows updates in the client desktop computers.
What are the other options and how do you go about it?
Thanx,
Big Nir
↧
How to clean some old gpo settings
Dears,
Our domain was upgraded from 2008 R2 to 2012 R2, No 2008 R2 Domain controllers are available now.
I cannot deploy any Windows 2008 R2 servers right now, and the old 2008 R2 servers are with IE 11.
In one of my GPOs there is settings related to: "Internet Explorer maintenance"... This settings need to be cleared from GPO without recreating it.
How can I do it?
Thanks
↧
Multiple 1202 event id
Hi,
I'm trying to troubleshoot an issue in VMWare View preventing me from copy/pasting from the host to the VM and the other way around.
During my investigations, I stumbled upon multiple errors in Application Event Logs, with event id = 1202
I tried to follow the steps described in the following KB : https://support.microsoft.com/en-us/kb/974639
I launched find /i "cannot find" %SYSTEMROOT%\security\logs\winlogon.log but it returned nothing.
I tried to edit GptTmpl.inf but I did not fin anything suspicious
And I tried to download the fix and install it to my VM and it told me that it did not apply to my system.
Then I tried to launch RSOP and saw that one of my rules that added domain admins to the local administrators had a red cross:
This Restricted Group assignment is part of the "Default Domain Policy" GPO, so it's applied to everything in the domain.
I'm wondering if the error come from the fact that it tries to apply to the domain controllers itself, and as they don't have a local "Administrators" group, they return an error.
Am I right ? If so, should I just put my user rights assignment at a lower level ?
Thanks.
R.
↧
Control IE 11 startup page, not homepage?
Hi guys,
There use to be a setting called startup page, but searching the azuresite below and not seeing it anymore. Basically, is it possible to set someone's homepage for the first time they login to windows through a policy, but let them then make changes
to that setting(non-administrators)? Maybe set the IE settings for home page to the computer account, but not target the user account so that it can be modified? Since I would have to target all computers/users with the policy, not sure how easy
this would be to apply without impacting existing users that have already set their homepage on their computer.
Thanks,
Dave
<cite class="_Rm">gpsearch.azurewebsites.net </cite>
↧
↧
block people from installing programs
hi,
i'm currently running server 2008 R2 as a domain and file server with a win7 forest and maybe one xp pc
today i'm looking for a way to block people from installing new programs it can be either they are 100% blocked from doing this or they can only update the programs
i was hoping to do this with the GPO and only do it through users, so that when domain admins login they can easerly do updates and install things
is this possible ?
↧
domain user surveillance
hi,
i'm currently running server 2008 r2 as a domain and file server, with a win7 forest and maybe one xp pc
today, i'm looking for a way to either get alerts or to just be able to watch what they are doing, what i lean is
- weather they are downloading that they shouldn't be
- weather they are just spending there time laying on game (for now i don't want to block them)
- weather they are going on to websites that they shouldn't be or just watch the site that they are visiting in general
- e.t.c
may i also add that i'm looking to this per user and not per computer (if possible) maybe with the GPO
↧
Folder redirection problem
In our company we have group policy for users which redirect folder "My documents" to file server.
It works fine, but recently several users have an issue (presumably, after small network problems): some files (folders) from "My documents" dissapeared. These files were found only in "WINDOWS/CSC" directory on local computers (after giving the owner permissions for user to this folder).
What can cause this problem?
Thank you in advance.
↧
Group Policy Replication Server 2008 R2
Hi All,
I am reviewing and recreating the group policies which we currently use. I have just noticed that they are not being replicated in between the domain controllers. I did some troubleshooting and thought that it might be useful to ask you guys.
We have two domain controllers on site, which run Server 2008 R2 Standard. Let's name them DC1 and DC2.
All group policy changes have been carried out on DC1 and I am now at the testing phase. I have multiple machines for testing and they will switch in between two DC's on every single restart which seems to be normal. What I found was that when user authenticates against DC1, policies are applied successfully. When user authenticates against DC2, policies will fail to apply, at least most of them. It will also fail when I issue gpupdate /force.
I have logged on to DC2 and I can see that my policy objects have replicated, however when I click on any of the new policies which I have just created I get an error pop up message saying 'The system cannot find the file specified' and then computer configuration and user configuration says 'No settings defined' although there is a lot on DC1.
When I force manual replication in Active Directory Sites and Services, noting happens. No changes.
When I look into Active Directory Sites and Services default-first-site-name NTDS Site Settings configuration (2 DC's are in this one) it says that Server is DC2 under Inter-Site Topology Generator. Should it not be DC1?
I checked replication configuration for each server and it seems to be correct, one per hour, dc1 from dc2, dc from dc1.
Does anybody know on how to fix this issue?
All the best!
↧
↧
Group Policy Preference ( Folder Option )
Hi,
I have set Folder Option in Group Policy Preference, as per the company policy i only want to ' uncheck - Hide extensions for known file types' and i don't want to configure other options ( means except this configuration i want to leave all other option as 'not configured' or upto the user choice ).
But what happens that as soon as i configured and apply this policy all other option in folder option get applied to all users. Even if the user changed folder option in his computer, it get re-apply.
I want to fine grained to only one option in folder option.
Do you have any idea how to configure only one option in this GPS - Control Panel settings - Folder option.
( Please see the print-screen for more detail )
Thanks & Regards,
Param
www.paramgupta.blogspot.com
↧
Workstations Losing & Reapplying Policies after Non-Authoritative Sysvol Restoration
One domain, Domain Level: Server 2012. 1 PDC, 15 DCs. FRS Replication.
I'm having an issue where it appears some workstations are randomly losing group policy, and reapplying at a later time. It also appears the machines are constantly reapplying "New settings from X Group Policy objects." No GroupPolicy errors in System Event logs on workstations. When the policy is missing, RSOP is "empty", and GPRESULT is "empty", but gpresult shows the list of correct applied GPO's and revision numbers. Gpupdate appears to succeed. The machine usually reapplies the policy after a few reboots.
Updates done:
Friday evening I did a non-authoritative sysvol restoration on 6 of the 15 domain controllers. The reason I did this was because sysvol was not replicating toany domain controllers. The reason I only did 6 was because I noticed after the first four, the other domain controllers started updating their SYSVOL directories, except two of them.
I haven't done dcdiag on all DCs, but the ones I have done it on have not failed any tests. I'm not seeing any errors in FRS Replication logs.
Any suggestions on how to proceed with troubleshooting this? I'm feeling kind of lost, as I'm not seeing any errors on the workstation side of things. I'm thinking I might start with doing the remaining DC non-authoritative sysvol restorations, but I'm not sure that's a great idea at this point.
Thank you for any help offered.
↧
How to apply Date and Time Restriction
I create a Domain and I greate some groups now I have greate also a policy in Network Server Policy
but how to I add this Policy to a group in AD user and computers ?
↧
Loopback Processing - Computer Account Filtering
Hello,
In my lab I have a GPO called "Enforce Screensaver" linked to my "Contoso Users" OU that enforces the screensaver after 10 minutes of inactivity.
I have a "Contoso Workstations" OU that contains all of my user workstations. I want to target a handful of these workstations and prevent them from inheriting the "Enforce Screensaver" GPO regardless of who logs in.
At the moment I have created a security group called "No Screensaver". This group contains the workstations I want to block the screensaver on. I then have a GPO called "Disable Screensaver". That GPO is linked to the "Contoso Workstations" OU and has a security filter targeting the "No Screensaver" security group. The Authenticated Users group has been removed from the filter. The GPO contains 2 settings:
- Computer Configuration - Enable User Group Policy loopback processing mode :Merge
- User Configuration - Enable screen saver : Disabled
Currently this does not work. The gpresults shows the computer is in the group and shows the GPO has been applied on the computer configuration side.
Is this not a supported configuration?
↧
↧
How do I stop printer policies from applying to servers?
We use group policies to deploy printers- All works well, except that RDP logins to servers generate a bunch of extra noise in the event logs. What I'd like to do is to find a way to prevent just these policies from running. We use security filtering to only load the drivers for specific group members, so we end up with one group per printer, and simply add a user to a group to install the printer. We do have terminal servers in our deployment, so I would guess the question is how to create a group of users who have a policy, who log in to a group of servers that prevent the policy from loading? We would exclude the RDS's from the group because we want printers to load on them... I'll appreciate any ideas on how to do this.
Thanks!
Thanks!
↧
Domain controller does not synchronize with external NTP
Personally,I have avery strangeproblem on mydomain controller,WindowsServer 2012Portugueseversion ofBrazil.
The timeofsystemdelays 10 minutes, I have doneall settingsinW3Timeasmanytutorials on the Internet,the server simplydoes not synchronizeandif Ichange the timemanually,backto slowafter a while, is notCMOSproblem andnotfirewall ruleon UDP port123.
I installedthis programon the server, http://www.satsignal.eu/ntp/setup.htmlis running, but the serverkeepslatehours10minutes.
Any idea ?
The timeofsystemdelays 10 minutes, I have doneall settingsinW3Timeasmanytutorials on the Internet,the server simplydoes not synchronizeandif Ichange the timemanually,backto slowafter a while, is notCMOSproblem andnotfirewall ruleon UDP port123.
I installedthis programon the server, http://www.satsignal.eu/ntp/setup.htmlis running, but the serverkeepslatehours10minutes.
Any idea ?
Ivanildo Teixeira Galvão
↧
Internet Explorer settings not applying
Hi, this is my situation. Our DC is Win2008 SP2 x86 both Primary and Secondary. We have a requirement for all of our users.
First is to add some list of websites to be excluded from pop-up, second is to add some sites in compatibility list.
So I added this sites in the following:
Computer Config>Admin Templates>Windows Comp>Internet Explorer>Pop-up allow list
User Config>Preferences>Control Panel Settings>Internet Settings>Internet Explorer 7
Not sure if I lack something but both of these policies are not applying in my network.
Our IE version is 11.
Thanks
Jeff
↧