Ing. Marco Antonio Medina Rodríguez. Ing. en Sistemas Computacionales.
Hai,
I created a GPO to set wallpaper,Some client machine wallpaper is coming but in some other machine the wall can see only at logoff time only .please help me to rectify that problem..(I am using server 2008 r2 and windows 7)
Hi all,
I reviewed some forum topics before posting but none of them actually refer to my question.
I have WSUS environment with multiple OU's for computers. Let's say:
- Computers
- Site 1
- Site 2
- Site 3
At the moment I have the default group policy assigned at Computers level to provide WSUS settings for all OUs inside, apart for the client side targeting. Then I have one additional policy per OU (Site 1, Site 2, Site 3) which then targets computers with this OU to the specific WSUS group and it's all working perfectly fine.
Since I have about 20 OUs to manage, I ended up with 20 different targeting group policy objects, obviously one per OU.
Is there any possibility to create the top level group policy which will move clients from different OUs to specific groups based on their OU or something else? In my opinion, this would not be possible because the group policy setting is not complex enough to know which PC's should go to which OU, therefore we need to apply per OU basis however I thought I'll ask anyway.
I have created a share named \\srv1\user profiles\ initially to contain the user profiles of my users in my domain, then i updated the share to be a hidden share named \\srv1\user profiles$\ so that it is not searchable in the domain.
I have Folder redirection for Desktop and Documents for users pointed at "\\srv1\user profiles\%username%", i thought updating the folder redirection in group policy is as easy as updating the GPO for my folder redirection to "\\srv1\user profiles$\%username%". But as per experience, it was not. The computers that users were logged in was still pointing at the old path. But when they transferred computer, they can get the updated path.
Both shares "\\srv1\user profiles\%username%" and "\\srv1\user profiles$\%username%" are pointed at the same location of the server, the temporary solution i had made for my domain is to create those shares on the same physical path on the server.
Now i dont want to make this a solution, is there any step that I was not able to execute prior to the GPO Update for my folder redirection?
Any ideas?
For God, and Country.
I need to create a new GPO in Active Directory to deploy the firewall policies for client systems.
By default under Computer Config -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security
I do not see any rules. So if I start defining the new rules, is it going to merge the rules with the existing client firewall rules?
Means, whatever new rules I define under GPO + the existing firewall rules on the client will take effect together?
We manage relatively small locations (sites with 150 or less computers). We are looking at ways to make managing printer deployment simpler and are already using GPOs but on a smaller scale (specific users/departments only).
What is the recommended approach to deploy printers VIA GPOs. is it better to create a GPO for each printer and thne assign users/groups to that GPO or should we apply GPOs to department level OUs. Our largest site has 130 printers across 4 Physical (and AD) sites.
id like to create a GPO at the domain/level but that would mean a lot of GPOs 130+, and if I apply it at the department level the GPOs would be considerably less but will require more management. We do have a lot of users who move between sites and departments.
I am regularly receiving the following error on one of my domain controllers:
The processing of Group Policy failed. Windows attempted to read the file \\local.test\sysvol\local.test\Policies\{1D3342A1-EFC9-4A64-8F84-8D72F2858051}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until
this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
I can access the gpt.ini file from the server.
I found articles that said to try changing the permission on the GPO, but that didn't help.
This is actually the second GPO to give this error. The first one I realized did not need to apply to the OU of Domain Controllers, and removed it, but then I began to get the error on a different GPO.
I am not getting this error on any of the other four DCs in the domain. If it makes a difference, this DC is Server 2012 R2 (all the DCs are), it is a Hyper-V VM, and sits in a remote site (with a physical DC).
This is particularly disturbing to me because our SCOM server is picking up on the alert, and showing our Active Directory to be unhealthy.
Any advice on how to proceed?
Thanks!
Hi,
Can anyone help me to query the AD for users who logon and logoff during a span of 1 week or 1 month?
Thanks
Anthony JD Luistro
We need to PREPEND (not append) entries to system path. The entries must be added to the beginning of the path, not added to the end for the functionality required.
We also need to added some variables to the path, such as %JAVA_HOME% and %ORACLE_HOME% as opposed to hard coded paths such as C:\Oracle or C:\Programs (x86)\Java etc..
I tried setting this with GPP, but it is not working.
I was able to add %JAVA_HOME% and %ORACLE_HOME% as system variables, but I was not then able to use those variables in the path. When I added then in the GPP, they were ignored.
Using these variables will allow changing the path of the variable without having to manually change the system path each time.
Users are able to do this using the Systems properties GUI, but I don't see any way to enter the same text into the system path via GPO or even a batch file. When I try a batch file to set the path, it converts JAVA_HOME and ORACLE_HOME text to a hard coded path and we don't want that.
Is there another way to deploy these required system settings?
The DC I am trying to create this on is running Server 2012 R2 Standard x64
Thank you in advance for any help that you can provide.
Hello,
I have some Group Policies need to apply to all the computers in the domain (Domain Controller WS 2008R2/ Client Windows 7/8.1)
I have created a group policy (Computer Configurations/Security Settings/Software Restriction) linked to the OU the computers resides. (The majority of the client machines are Windows 7 and some of Windows 8.1, 2x Windows XP (Legacy Application/VM), I created WMI for different OS and according to GPResult and RSOP), WMI is working OK.
But GPResult shows (after gpupdate /force and restarted)
The following GPOs were not applied because they filtered out
Filtering: Not Applied (Empty)
although in RSOP shows
I can see the policies I created in GPO. (looks like applied)
I am not sure why GPResult and RSOP shows different results and if the policies are applied. I run "Group Policy Results" under GPMC, and I could see the policies are applied.
My questions are:
1. The policies are really applied to the computer
2. Why 'GPResult' and 'RSOP' shows different results?
kind regards,
Akira Sekine
Hi everyone :)
There are 2 privacy options in Windows 10 I need to turn off only via registry of cmd/bat:
Settings > Privacy > Location (The above button, not below radio button)
Settings > Privacy > Speech, inking & typing > Stop getting to know me
The above 2 items I'm looking for, if anyone can kindly help me :)
Cheers.
Hi all,
I am currently reviewing our current GPO's which were created years ago while the server 2003 was still around.
Now, we run server 2008 r2 as a domain controller.
Group policies currently include a lot of unnecessary settings and I am just creating new GPO with the only information that we need.
We use folder redirection for pretty much everything including App Data (Roaming).
The following setting: User Configuration\Policies\Windows Settings\Folder Redirection\AppData(Roaming)
Old GPO (2003 - current one) just states the following path: \\servername\users$\%USERNAME%\Application Data
New GPO modeling wizard only allows the following path: \\servername\users$\%USERNAME%\AppData\Roaming
If we disable the current policy which has got the general path, and enable the new GPO which points to \AppData\Roaming, what is going to happen? Is the data going to be copied over for all users to the new location? I just want to avoid users calling up saying that some things just don't work.
I am sure someone must have done that before. What is going to happen when new GPO kicks in with the new path, and the old one is not linked anymore?
All the best!
Hello Team,
We have a group policy that is implemented in many locations but we have started getting issues only from the location that have low bandwidth available. This GPO is created that replace the provided script all the time and then create a schedule task job and run it....
We are getting the below error on the same...
Not sure how to fix this issue. Please assist us on the same.
Regards,
Suman Rout
Hi,
How to block games in windows 7 by using GPO ,i am using server 2008 R2 as my server.
Dear all,
I have purchased a UCC certificate but the public CA provider no longer allows internal domain names to be used as one of the SANs. This means that if anyone trys to access the exchange 2010 server with its internal host name (ex01.local) the certificate the browser presents an error to say there hostname does not match the certificate, we know is safe to continue but this is also a nuisance for anyone using OWA.
I know each user can install the certificate to their PCs local certificate store to stop this message popping up each time, however I was wondering if anyone has deployed the certificate via group policy to resolve this?
Hey,
I am setting AppLocker policies for Sysinternals.
Because of clearity it would be great, if I would not have to define a special rule for every sysinternals tool itself.
I know I can specific the settings like Publisher, Product name, File name & File version to be like anything.
But is it possible to say the Product name starts with "SYSINTERNALS" ?
I already tried something like this - unfortunately without success:
Thanks for help :)
Our Internet Explorer settings are controlled by a GPO. We have added our Intranet/SharePoint as a trusted site. Some people get a login prompt when opening/saving a document on SharePoint. We also have a GPO with a registry setting to prevent the SharePoint login prompts. It seems to work almost everyone else.
Here is what I know:
On machine A (my machine): I can login and access SharePoint file with no prompts
Mary logs in and receives a prompt to login when she attempts to open or save the same file
Machine B: I get the prompt to login to open or save files
Mary also gets the prompt to login or open or save files
-If it was a computer configuration setting, why does my system not prompt me, but prompts Mary?
-If it were a user configuration setting, why does it not prompt me on my system, but it does on another system? And prompts Mary on both?
-I have compared her GPOs to mine and the only difference is mine shows my local group policy is denied with reason empty. Hers is applied.
-On Google chrome there are no prompts.
Thanks!