Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

How to remove the power button from Ctrl+Alt+Del screen to prevent users from shutdown, restarting or logoff the terminal? Win10

January 29, 2016, 3:07 pm
$
0
0

Hi there,

I have configured the corresponding settings in group policy which is suppose to give the effect exactly what we want.

Enabled in group policy:

User Configuration -> Administrative Templates -> Start Menu & Taskbar | "Remove and prevent Access to shutdown, restart, sleep & hibernates Commands"

However, it removes only the commands list in the middle part of the screen. At bottom right, the power button is still there where users can perform "sleep, shutdown and restart" functions whatever they like.

Please help,

Thanks,


Search

I want to apply a GPO to specifc versions of Windows. Only Client Versions but not Server Versions

February 9, 2016, 3:48 am
$
0
0

I need to apply a software package (msi) to the Client versions of Windows , like Windows 7, XP but not Windows Server version from 2003 to 2012

How is this best achieved ?

the group policy client service failed the logon

January 29, 2013, 12:06 am
$
0
0

Hi,

I am facing issue in one domain local account. when i am trying to login its giving error message"the group policy client service failed the logon.Access Denied"

Kindly Advice

Device installation prevention popup only showing once

February 9, 2016, 5:43 am
$
0
0

Hello,

I am implementing GPO's that will prevent the installation of hardware that is not explicitly defined in the Allow installation if device that match any of these device ID's setting. The settings are working as expected but the popup that shows the user that the device is not working as a result of policies is only showed once. Is this by design or is there a way to make this popup show every time the user plugs in a device, even if it is the same device five times in a row?

Domain controllers: Windows 2008 R2
Clients: Windows 7 SP1

Kind regards,
Michiel

Allow administrators to override device installation policy - Not working

February 9, 2016, 6:12 am
$
0
0

I am trying to lock down unauthorised hardware installation on our domain and was doing some testing. I couldn't get the group policy option,Allow administrators to override device installation policy exception working on the domain. So I started testing on a Windows 7 machine in a workgroup. Following the instructions, "Step-By-Step Guide to Controlling Device Installation Using Group Policy" for thePrevent installation of all devices. I can prevent the installation of new hardware withPrevent installation of devices not described by other policy settings but the policy settingAllow administrators to override device installation policy still does not work.

If I log in as the administrator user I get the message that system policy prevents me from installing the hardware. If I log in as a standard user, I get the same message as expected. Though if I then use an elevated prompt from the device manager to install the drivers by clicking Change Settings it seems to work well but nothing happens and the device status says;

The drivers for this device are not installed. (Code 28)

The installation of this device is forbidden by system policy. Contact your system administrator.

To find a driver for this device, click Update Driver.

The event log gives these messages:

Event Id 20003
Driver Management has concluded the process to add Service disk for Device Instance ID USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_\4B494E4753544F4E2A63880FA3&0 with the following status: 0.

Event Id 20001
Driver Management concluded the process to install driver FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.inf for Device Instance ID USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_\4B494E4753544F4E2A63880FA3&0 with the following status: 0x0.

Event Id 20005
Driver Management has restricted the installation of Device Instance ID STORAGE\VOLUME\_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_#4B494E4753544F4E2A63880FA3&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} because of a Device Installation Restriction policy setting.

Event Id 20001
Driver Management concluded the process to install driver NULL Driver for Device Instance ID STORAGE\VOLUME\_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_#4B494E4753544F4E2A63880FA3&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} with the following status: 0xe0000248.

I can only conclude that the Allow administrators to override device installation policydoes not work. I get the same behaviour in Windows 10 and if I swap Prevent installation of devices not described by other policy settings toPrevent installation of removable devices. I see that other users in the TechNet forums here have had a similar problem but if they found a resolution they never said so in their posts. Is their a solution to this?

Error 1128 - An attempt was made to load a program with an incorrect format - group policy error

February 5, 2016, 7:48 am
$
0
0

Hello,

I hope all is well.

We have 150 provisioned servers that run the same image.  Each day anywhere from 2-5 of them come up with a lot of 1128 Errors in the event log.  Running Group policy results shows the error message, "An attempt was made to load a program with an incorrect format"

The actual policy can vary and include one or more of the following:  Citrix group policy, Group policy drive mappings, Group policy Internet Settings, group policy registry, Internet explorer zonemapping.

Once the event happens it is reproducible running gpudate.  I have compared a good server next to a bad server running gpudate at the same time, hitting the same domain controller and the one that works works and the one that doesn't doesn't. 

Comparing "HKLM\software\microsoft\windows NT\current version\winlogon\GPextensions"  doesn't show any differences between the one that works and the one that doesn't.

Bouncing the server will fix the problem at least for the short term.

Any idea on how to fix this once and for all?

Thanks

Question about Local Administrator Password Solution (LAPS)

February 9, 2016, 6:48 am
$
0
0

We have implemented LAPS into our network (over 400 machines) and it works well. The LAPS UI works just as it should  but the draw back is that we can only use the UI and help people remotely from our desk.

Is there anyway to get the admin password of a computer when out in the field and not at your desk with the LAPS UI?

Example: I am in building "D" that we maintain and it is 1/2 mile from my office. I am helping Joe Smith setup some new hardware (monitors, scanner, printer, docking station, lable printer.. whatever) in his office and once it is done, the computer requires admin credentials to install the software/drivers.  Since I am not at my computer I do not have access to the LAPS UI to get the random Administrator password and now I can not help him any further at this time. 

Often you go to a building for 1 job and people see you and grab you to help with their problem or questions, so I may need admin passwords for more than just the computer I came to work on.

So is there any App for a mobile device (iPad,Phone or other) that I can use to get that admin password when not at my desktop? or is the only real solution to tell the clients they need to wait until I walk back to the office and remote into their system to type the admin password?  

Thanks

Allen

 

 

Offline Files Sync Failing, access denied to incorrect folder location

December 19, 2012, 7:50 am
$
0
0

Hi,

We have our users setup with Folder Redirection and Offline Files Syncronisation on Windows 7 Enterprise clients (x64). Server Side is 2008 R2.

The problem we have is that users Offline files sync is failing, but it looks like the machine is trying to Sync another users directory. For example, assumign I am 'userY' in my Sync Centre, the current status is 'Failed - Access Denied' and the folder states is "\\server\share\userX" where X is a completely different user to my account. This happens across the board and there is no consistancy for the username that appears to be being synced.

A couple of other points;

1. This particular user has not logged on to this PC so there is no profile loaded for them

2. I have Read/Write access to the Share AND the users Folder that Sync Centre complains about

3. While other users DO NOT have this level of access to the users folder, they do have Read/List access to the top level of the share and Full Control of their own folders.

Let me know if you need any more information

Thanks in Advance.

Tom

Search

OK to add several computers to security filtering instead of using a security group?

January 11, 2016, 11:31 am
$
0
0
I have a scheduled task that I would like to push to various PCs. However, I want it to apply ASAP. If using a new AD security group, machines will need to reboot to see that it has been added to a group before applying the GPO settings. Is it okay to add several machines directly to the security filtering for the GPO? Any reason not to?

Is it possible to use GPO to remove users from Global and Domain Local groups?

February 9, 2016, 8:29 am
$
0
0
We have a problem with the occasional user being applied inappropriately to AD groups.
What I would like to see happen is have a GPO where if the user account (requesting to be added to a group)  is not in OU location A, B, or C then the admin is not allowed to add the user to the group or the user is removed from the group. Is it possible to do something like this with GPO?

GPMC stuck for minutes when working with large OU structure

February 9, 2016, 6:47 am
$
0
0

Hello. Is there any way to speed up load times of GPMC when there are many OUs? We have an OU under the root of the domain and this OU contains tens of thousands (and potentially hundred thousands) of sub-OUs.

Whenever I expand this OU or highlight a GPO object which I want to edit (or change properties or refresh), this will lock the GPMC for several minutes, making the work with GPMC very painful. All the GPOs are linked to the top OU, not the numerous sub-OUs. Working from the "Group Policy Objects" node (instead of the OU structure) makes this bit faster, but whenever I need to add/remove/link/unlink a GPO, I have to go into the OU tree...

Thanks in advance

Registry Failed - Unspecified error

February 4, 2016, 8:01 am
$
0
0

Hello,

All PCs in our domain, have one Computer policy error. by Run gpupdate /force the User Policy update has completed successfully but the Computer Policy could not be updated successfully. 

by run rsop.msc all the GPO applied successfully. However on the Error information Tap, in the Component Status the Registry failed with unspecified error.

From gpupdate /force I can see the  CN of the GPO that failed and I found its location on the server.

\\DomainName\SYSVOL\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE

I don't know what is about and how to fix it. I found this thread https://social.technet.microsoft.com/Forums/windowsserver/en-US/3474500f-4158-4def-9fca-e46e38113b97/registry-failed-error-1125-unspecified-error?forum=winserverGP 

the guy said that he fixed it by using a third party tool reg edit tool to remove the roague registry settings from the "Registry.pol" file in the GP. 

I am not sure if the issue is the same with the above threat.

Could you please advise/help ? 

Error when trying to "Detect Now" in Server 2012 Group Policy Management

November 16, 2012, 6:58 am
$
0
0

I have three Windows Server 2012 domain controllers running Active Directory at a functional level of Windows Server 2008 R2.  The domain controllers were recently replaced with the 2012 DCs.

When I open the new Group Policy Management console on a domain controller, click on my domain, click the new Status tab, clickDetect Now (button on the bottom right) I receive this error:

Group Policy Management
A processing error occurred collecting data using this base domain controller. Please change the base domain controller and try again.

Group Policy Management Status Error

This server is the Primary Domain Controller (PDC).

Any thoughts?

Document / Desktop Redirection - updating GPO

February 10, 2016, 8:52 am
$
0
0

I have about 300 workstations in my environment -mostly Windows 7 SP1 and some Windows 10.  For these workstations, I have document redirection configured for their Desktop and Documents folders.  This is working fine.

Because of the age of the server where the redirected documents lives, I would like to move the shares to a different server and update the GPO.

I attempted this last night - I robocopied all of the files from the users share to my new server, unshared them from the old server.  Updated my GPO to go from \\oldserver\users to \\newserver\users.  Replicated my DC to make sure that all DCs had the updated GPO.

I then rebooted some machines and the change didn't seem to happen.  I dug into the registry - under HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer -- both ShellFolders and UserShellFolders -- the paths were still pointing to \\oldserver\users.

I then did a gpupdate /force, rebooted again and still had the same problem.

What am I missing here?  Does the document redirection tatoo the registry?

Thanks in advance

sb

Group Policy to block Store not working after November 2015 Update

November 23, 2015, 10:03 am
$
0
0

We have been blocking access to the Windows store through Group Policy, however since we applied the latest November update to Windows 10, that policy is no longer working.  We ran into the problem described here https://support.microsoft.com/en-us/kb/3077013 but have corrected that.  I had hoped that after fixing that the policy would start working but so far no dice.  Gpresult shows the policy as though it's been implemented but it still shows as Not Configured in the local group policy editor and of course the users can still access the store.  Anyone else seen this or something similar?

Thanks

EDIT:  Okay, so I still can't get the GP to kick in but I went ahead and manually changed the settings in the local Group Policy editor and it's still not being enforced, am I missing something?  I'm inclined to think that this is a bug, but I'd love to hear suggestions if anyone has any.  Thanks

Search

Windows Script Command

February 10, 2016, 9:29 am
$
0
0
I have somehow inadvertently changed my CMD file settings from Windows Command Script to Notepad. How do I get back the original setting ? Thanks in advance.

How to Append DNS suffix using Group Policy preference method.

February 8, 2016, 4:53 am
$
0
0

Hello All,

I do want to push out DNS suffix to user machines so that they still be able to add more manually.

I tried normal GPO but these settings are grade out after that.

I also try script on one machine but no help:

reg add HKLM\system\currentcontrolset\services\tcpip\parameters /v “SearchList” /d “domain1.com,domain2.com” /f

Anyone any other thought.

How to disable compatibility view on IE11 through GPO

February 10, 2016, 10:57 pm
$
0
0

hi All,

Need help to disable compatibility View button from IE 11, for users through group policy, as i understand with few online articles that

Internet Explorer 11 no longer supports these Group Policy settings:

Turn on Internet Explorer 7 Standards Mode
Turn off Compatibility View button
Turn off Quick Tabs functionality
Turn off the quick pick menu
Use large icons for command buttons

any option/solution to disable compatibility View button from IE 11.

Thanks, Anuj.A

Apply GPO on a PC in another OU

January 27, 2016, 2:52 am
$
0
0

Hi!

We need to apply a GPO to a Computer which is in a different OU than the main OU where the GPO is applied. We created a Security Group in the main OU and added that pc in that OU but still the GPO is not applying as the PC is in a different OU. We don't want to move the pc to the main OU.

Any Suggestions?

Thanks.

GpUpdate Assecc denied

February 11, 2016, 12:32 am
$
0
0

Dear Microsoft Team

When I create Policy

and When I run gpupdate /force

some computers showed me access denied

is there any solution for this issue

Best regards

Rawa Zangana

Viewing all 19997 articles
Browse latest View live
Search

Latest Images

Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

July 19, 2025, 2:11 pm
NBC Sports’ Super Bowl commercial cost revealed after Fox made $800 million...

NBC Sports’ Super Bowl commercial cost revealed after Fox made $800 million...

July 19, 2025, 2:04 pm
WATCH: What you need to know about the Pacquiao-Barrios title fight

WATCH: What you need to know about the Pacquiao-Barrios title fight

July 19, 2025, 6:46 am
Review: Skil PWRCore 20 18-Gauge Brad Nailer

Review: Skil PWRCore 20 18-Gauge Brad Nailer

July 19, 2025, 5:00 am
Why Not Try Sanity?

Why Not Try Sanity?

July 19, 2025, 4:17 am
Inside sick ‘child fight clubs’ where gangs lure teens into savage street...

Inside sick ‘child fight clubs’ where gangs lure teens into savage street...

July 19, 2025, 3:59 am
Met Eireann’s 24-hour weather alert kicks in with ‘heavy rain’ and ‘isolated...

Met Eireann’s 24-hour weather alert kicks in with ‘heavy rain’ and ‘isolated...

July 19, 2025, 3:00 am
Manny Pacquiao vs Mario Barrios undercard thrown into chaos as fighter is...

Manny Pacquiao vs Mario Barrios undercard thrown into chaos as fighter is...

July 19, 2025, 2:52 am
Former Hampton Roads Baseball Star Honored by Mets as Number is Officially...

Former Hampton Roads Baseball Star Honored by Mets as Number is Officially...

July 19, 2025, 12:45 am
Israel and Syria agree to ceasefire, US envoy says after days of airstrikes...

Israel and Syria agree to ceasefire, US envoy says after days of airstrikes...

July 18, 2025, 3:42 pm
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>