hi
in the domain network, i have 5 pc client and 5 user with a A.D.
The mainissuethatI want: the user A login to pc-1 policy a set for her and when he login to pc-2 policy b set for her.
what i do?↧
help
↧
Block Users from Saving to My Documetns and Desktop - Not Working!
Hi, I have been tasked with Block Users from Saving to My Documetns and Desktop. Now, I found some info and have been testing but still unable to complete. I have set up using this GPO info:
Go to your DC, Open ADUC, create a security group "A" for users who will not be able to save files to root drive.
- Open GPMC, create a GPO which links to your target machines.
- Expend the policy to [Computer Configuration | Windows Settings | Security Settings | File System ]
- Right click it, choose "Add File..." and select the "C:" drive, enter.
- In the security page, click "Advanced" button.
- Add the security group "A", choose "Apply to" to "This folder only".
- Tick
the Deny permission:
- i. Create files /Write data
- ii. Create folders / Append data
- Click OK and Apply.
- In the warning windows, click Yes.
- Add Object windows, click OK.
The setting i have configured are below. Still does not block work. (There is one rule for desktop and one for my documents) Security filtering has been set to Domain Users. I have run gp modeling and the user/machine picks up the gpo settings. Any ideas
with this? im pulling my hair out! Thanks
Windows 7/2008 r2
↧
↧
GPO for Redirection of Cached User Profiles when Slow Link is Detected
Running Windows Server 2012 R2
I work in a school environment and slowly migrating to 2012 R2 from 2008 R2. Right now we have the kiddos logging in to the new 2012 platform using roaming profiles. Everything works fine except we are getting a slow link detection on the 2008 file server (where GP on the DC says to store the user profiles) thus causing cached user profiles to be stored on the 2012 R2 machine. I would like to redirect this caching when slow link is detected to a different 2012 R2 machine with more storage space.
Can this be done with GP? Local or at the DC?
Thanks in advance!
↧
Redirect Internet Explorer favorites on Windows 10
Hello,
I made a GPO for Windows 7 systems, which redirects the Documents folder to the network. Simultaniously, I enabled the feature to redirect the Favorites from Internet Explorer 9 as well, which works fine on Win 7.
Now I have a test client for Win 10 here, the GPO works fine as well with redirecting the folders and all, but the only thing which doesn't work is the IE Favorites redirection. This time, the IE version is 11.
I can't find an explanation for that, could you help me out?
Best,
Alquantor
↧
Screen Saver GPO doesn't work on random machines
Short version:
If the .SCR file is there and it looks like the GPO is applied, why do some computers not run the specified screen saver?
Long version:
I've got a not-your-normal screen saver situation. I normally set the screen saver on my client computers via a GPO applied to my domain. Maybe it works on all of them. I don't know, but no one complains.
During the holiday, we rollout a holiday screen saver, but only to computers in our HQ - because these are the only people that will likely be attending the company holiday party. For this, I deploy the .SCR file via SCCM and then apply another GPO to the two computer OUs for the HQ office. It works on most computers, but I've got other that don't get the holiday screen saver. NOW the users care about their screen saver (or lack there of).
I've checked a number of these computers. They have the .SCR file in System32 (SysWOW64 on 64-bit computers). RSOP shows that the settings are being applied via GPO. Still no holiday screen saver.
I went so far as to check scrfile in the Registry to verify that Windows knows what to do with a .SCR file - AutoCAD changes the .SCR association.
My problem is further compounded by shrugs I get when I ask the affected users if the normal corporate screen saver worked before.
↧
↧
Windows Update - Scheduled reboot not working.
Hi,
I have 2 group policy that are applied to the servers. One is site dependant and specifies the WSUS source. It only sets:
- Set the intranet update service for detecting updates
- Set the intranet statistics server
The second policy sets the rest:
- Allow Automatic Updates immediate installation: Enabled
- Always automatically restart at the scheduled time: Enabled
- Configure Automatic Updates: Enabled
- Configure automatic updating: 4 - Auto download and schedule the install
- The following settings are only required and applicable if 4 is selected.
- Install during automatic maintenance Enabled
- Scheduled install day: 1 - Every Sunday
- Scheduled install time: 01:00
- No auto-restart with logged on users for scheduled automatic updates installations: Disabled
- Turn off the upgrade to the latest version of Windows through Windows Update: Enabled
- Turn on recommended updates via Automatic Updates: Enabled
However, at the moment, some of the servers that have both GPO applying are not rebooting. The last time the GPO were applied is less than a day. And I can see the GPO in the gpresult for the computer:
Applied Group Policy Objects
-----------------------------
Update - Windows Update - Servers
...
Update - Windows Update - NamedSite
The servers (windows 2012 R2 DC) that have the issue show that the updates were installed on the date it was supposed to be installed. However, I also have a message specifying that: We'll finish installing some updates the next time your PC is restarted.
Any idea why the server is not restarting ?
Thanks,
Olivier
↧
MSN page opening on startup
Hi all,
I have a funny problem - I have win 2008 R2 as my DC
Group Policy set for all clients to open default homepage - https://myportal/default.aspx
this works fine but for user's with windows 8.1 enterprise and IE 11 when the PC boots up IE opens in startup with MSN as homepage.
On closing IE again the default homepage set through GP appears.
Can't understand why MSN pops up while we haven't set it anywhere in GP.
Is there anyway to block MSN totally from IE in startup / homepage.
tfernandes
↧
"Redirect folders on primary computers only" setting not evaluated
Our AD schema is 2012 and we've applied a Folder Redirection GPO which has "Redirect folders on primary computers only" enabled.
We've designated one Windows 8.1 computer as the "primary computer" of a specific user. Checking the AD attributes for the computer and the user, we can verify that the DNs have been saved in the msDS-PrimaryComputer (for the user) and msDS-IsPrimaryComputerFor (for the computer)
On the designated primary computer we can tell that the GPO is being applied successfully and folders are being redirected for this user.
However, when we go to a non-primary computer with this user's account, folders ARE ALSO redirected. (Yes, we even tried doing this on a computer which the user had never logged onto before)
Checking the event logs for both "Folder Redirection" and "User Profile Service" we DO NOT see any indication of whether the primary computer attribute is being evaluated. The following article has examples of what one should see if things are being evaluated correctly: http://blogs.technet.com/b/askds/archive/2012/10/23/digging-a-little-deeper-into-windows-8-primary-computer.aspx
What could cause Windows to not evaluate the primary computer status and to proceed with folder redirection anyway?
We've designated one Windows 8.1 computer as the "primary computer" of a specific user. Checking the AD attributes for the computer and the user, we can verify that the DNs have been saved in the msDS-PrimaryComputer (for the user) and msDS-IsPrimaryComputerFor (for the computer)
On the designated primary computer we can tell that the GPO is being applied successfully and folders are being redirected for this user.
However, when we go to a non-primary computer with this user's account, folders ARE ALSO redirected. (Yes, we even tried doing this on a computer which the user had never logged onto before)
Checking the event logs for both "Folder Redirection" and "User Profile Service" we DO NOT see any indication of whether the primary computer attribute is being evaluated. The following article has examples of what one should see if things are being evaluated correctly: http://blogs.technet.com/b/askds/archive/2012/10/23/digging-a-little-deeper-into-windows-8-primary-computer.aspx
What could cause Windows to not evaluate the primary computer status and to proceed with folder redirection anyway?
↧
Symantec pushing from server 2008 r2 to windows 10
Hi guys
I found a problem when i pushing symantec from server 2008 r2 to windows 10
thanks
↧
↧
Why there is only "New folder" option when I right click on "Windows\System32" folder ?
Hi,
someone can explain me why when I right click on some specific folders, I only have the right to create new folder but not to create new document or new text file ?
Is there a way to add more options when I right click on those folders ?
Thank you
↧
we enforced policy win 2008standard r2 wallpaper but some systems its updated and some system its not updated
we enforced policy win 2008 standard r2 wallpaper but some systems its updated and some system its not updated
how we able to check wallpaper policy working properly please suggest way to trouble shoot
↧
Registry GPO not creating all values
Hi all,
I am having trouble getting a GPO to create a new registry key that has 3 values on a Windows 7 x64 client. It's under Computer Configuration>Preferences>Windows Settings>Registry. I've tried using registry items and the registry wizard. Both end up creating only the first value and not the other two values.
What I want to do is under HKLM\SOFTWARE\Microsoft\Rpc, create a key named “Internet”, and then give the Internet key 3 values, for example: “One” REG_MULTI_SZ 100-200, “Two” REG_SZ Y, “Three” REG_SZ Y.
Whether I use Create or Update, or I’ve even tried using the registry wizard to import the existing key structure on a computer, when I try it on a test computer and do a gpupdate /force to get the new policy, it only creates the “Internet” key and the first value “One” REG_MULTI_SZ 100-200; but not the other two values of “Two” and “Three”.
How can I get a GPO to create a registry key with multiple values?
Thanks,
Tom.
Here's the GPO and below is the result of what the client gets. Notice it created only "One" but did not create "Two" or "Three".
↧
Software restriction polices
Good morning,
We have domain controller in Windows Server 2012 R2.
We do a test because we have some strange things.
We create an OU "Tests" and we link two user GPO that run powershell script on user logon. The script create file in c:\temp.
The two file are well create.
Then we create a new user GPO with software restriction polices to block powershell.
On the OU we have the two user GPO that create a file and the user GPO that block powershell. The linked group Policy objects are :
1. GPO Create file 1
2. GPO Software restriction polices
3. GPO Create file 2
When we log in, no file is create. It's as the order is not applied. It should create "file 2" but its does nothing. On the event viewer of the client computer, we see a warning "SoftwareRestrictionPolicy" for access powershell.exe
We understood that the GPO create file 1 is not applied but we don't understood why GPO Create file 2 is not applied.
Carn you help us please ?
Thank you so much for your help and have a nice afternoon.
Best Regards
↧
↧
Need Help - GPP is not updating registry value
The server is 2008 R2 and workstation is Win 7 Pro SP1.
The GPP is applied at a Users OU level to update a HKCU registry value 2701.
The OU level GPO should have precedent over the domain level. However, the GP Result shows that another GPP applied at the domain level is the winning GPO. I also tried enforcing the GPP at the Users OU level but got the same results.
And the Start_NotifyNewApps (at the domain level) is used to set a different registry value.
Any help would be greatly appreciated.
Thanks,
-Sonny
↧
Folder Redirection GPO with different Home-Servers
Hi there
In our Environment we have different Servers for the Home-Profile-Shares.
For Example, if a User is named "Anton", his Homeserver-Path is:
\\home-a.domain.com\Anton
If a User is named "Peter", his Homeserver is:
\\home-p.domain.com\Peter
So it's always the first letter of his Username which appears after the "\\home-".
Now I tried to find out how I can arrange this with GPO Folder Redirection (FR) and found this command:
%username:~0,1%
If you use this, it will show you the first letter of the Username.
So I tried this in the GPO FR Settings:
\\home-%username:~0,1%.domain.com\%username%\Desktop
But it doesn't work :-(
Every help is very appreciated!
↧
Prevent logon locally but allow UAC by GPO
Hello everyone!
My need is to prevent logon locally for the group G_U_Logoff but still allowing UAC for the users contained in that group.
The group G_C_Logoff contains the computers on which the users is prevented to log on locally.
AD architechture:
Forest
>DOMAIN.EXEMPLE.COM
>SITE1
>GROUPS
G_U_Logoff
G_C_Logoff
>USERS
User1 (Member of G_U_Logoff)
User2
>COMPUTERS
Comp1 (Member of G_C_Logoff)
Comp2
>SITE2
>SITE3
To do that, I want to create and link a GPO on the COMPUTERS OU with the following configuration:
That configuration doesn't work. The GPO is not applied and the User1 can log on locally on Comp1.
Have you an idea ? Is there another solution to do that ?
↧
Windows 2008r2 with IE10 Automatically Detect Settings
I recently upgrade our 2008 server to IE10 and with that we lost access to Internet Explorer Maintenance, so we have to now use Internet Setting under Control Panel Settings. The problem is now i can not set the "Automatically detect settings" or "Use automatic configuration script" they are grayed out, and I already tried the F5 key to enable them, still nothing.
Any help would be greatly appreciated.
(I would post a pic if i could but not allowed until my account is verified, however that get accomplished is another question)
↧
↧
setting "Allow scheduled maintenance to wake up mycomputer at the sheduled time" to domain computers
we have about 300 windows 8.1 machines in our domain
I have read some articles online regarding windows 8 changes in windows update behavior based on my understating it is possible to install windows updates during "automatic maintenance" even when the computer sleeps it will bring it online and install the updates "and restarts it if required" then after specific time it will sleeps again .in order to make this work the "allow wake on timers" should be set to Enable just like I did to all my computers by a script:
also I have modified the "automatic maintenance activation boundary" to start daily at 10:00 PM
and enabled the "automatic maintenance wakeup policy"
here is the issue from one of the clients :
the tick box wont be check by the GPO!
any idea why ?
shad
↧
Disable function or botton "Print Screen"
Hello, somobody that helps me. I´ve to disable function or botton "Print Screen" in a domain. Can you help me?, if it possible via GPO for Windows Server 2012.
Ing. Marco Antonio Medina Rodríguez. Ing. en Sistemas Computacionales.
↧
Security event log, Want overwrite but reverts to archive
I set the Security Event log to "Overwrite events as needed" but it reverts to "Archive the log when full." When I run the RSOP command it shows that this setting is controlled by the Default Domain Group Policy, and it is set to "Overwrite."
I need to find out what is changing the setting back to "Archive" as it is filling up the C: drive on our servers. We have Windows Server 2012 domain controllers and Windows Server 2008 R2 servers.
↧