Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

How to send instant message from AD server to all Cleints

$
0
0

Can someone help me with the script for sending instant message from my Domain controller/
Active Directory Server to all the client machines running windows 7 and 8.

For example I need to send a message" Tomorrow will be a holiday" to all my users.

Peter.K




Content.Mso - Automatic Clear down

$
0
0

On our RDS servers - 2008 R2, several users are generating large Content.mso folders.

I was hoping to set a policy to clear down the folder when the user logs off or an application closes (any automatic means really)

The location of the file is C:\Users\%userProfile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.mso.

From what I have read, the content.mso folder relates to Cached Office data, not temp internet files as I 1st thought.

Any Ideas?

Undo every GPO-setting, including "persistent" changes?

$
0
0

Hello,

i'm currently working with a customer that has been using Active Directory for the past 15 years, starting with SBS, migrating to Server 2003 and finally  to 2008 R2.

The customer is running clients on any version of windows, some are 10 Year old machines, others are pretty new. 

Over the past 15 years, administration of GPOs has been performed in a trial-and-error-fashion. GPOs have been created, applied to a few or all clients, if not working just deleted and so on.

Ofc. just deleting a GPO does not "undo" the changes for certain Policies applied. The actual result is now that a huge amount of Computers is having old settings applied, of which the GPO has been deleted like 5 years ago. (Including, but not limited to: Scheduled tasks, running some Stuff every minute, Registry changes, and a lot of other "persistent" settings)

The overall state is "inconsistent", at best, 20% of Clients behave the "same" way.

Since I have never encountered such a way of "dealing" with gpos - I wonder if there is a way to completly "clean" a computer from ALL Settings EVER applied through GPOs without having to reinstall the Operating System?

I think, that just leaving the domain and rejoining will not undo "persistent" changes like Registry-Value transformation and the like, would it? 

(Unfortunatelly it is also impossible to deploy the proper "Reverting-GPOs", since nobody knows which settings have been modified on which clients...)

GPO "software install" capability missing

$
0
0

Hi everyone!

Once I was able to set a software deployment from GPO on a Win 2008 Server Standard SP1, and it worked... and still works... whenever a new machine is attached to the domain, the application is installed correctly.

But now I can't do it anymore (setting a new one), because the option "Software installation" is missing. Within the policies 'folder' I can see software config, win config and admin templates. Within the software config i should see 'Software installation' but it's empty. Both for machine and user.

Also under user config->preferences->win config when right-clicking applications, new->application-> there's no more submenus so I can't set it from there neither

Any ideas?

Windows server 2012 R2 Group policy compatibility check before domain upgrade from 2008R2

$
0
0

We are planning to upgrade our active directory environment from Windows Server 2008 R2 to Windows server 2012 R2 domain. I need to understand if there are any known issues with this kind of upgrade or a checklist to consider before moving for upgrade (apart from Group policies as well).

Also please let me know specifically if there are any issues with Group Policy infrastructure as well when we upgrade?


Waseem Khan MCP, MCITP, VCP, VCA, ITIL


Local security policy of AppLocker is not overridden by Domain Group Policy

$
0
0

Hi,

We was using local AppLocker policy in our client machine. But now we want to allow some other applications to b installed in the Client Machine by creating the AppLocker policy and importing them in the Windows Server Group Policy so that it will be override local AppLocker Policy. When we type Gpresult command in the client computer I can see the name of policy but this is not allowing our new applications. It behaves as same old Applocker Policy.

But when I Import same policy locally then it starts working. But i want this policy will implemented only through GPO so that we can update our Applocker policy Time to time.

Thanks


Abhishek

Cannot get the password expiration from a trusted forest

$
0
0

Hi,

We have a 2 way forest trust and everything was working well until now.

Some users are from the A forest and connect to computers from the B forest.

We have a GPO on both forest to prompt users to change password before expiration.

But for those user from forest A who are using a computer from forest B it is not working.

Looking for any ideas to troubleshoot this issue.

Thanks

Folder redirection issue

$
0
0

Getting the below error with folder redirection

Log Name:      Application
Source:        Microsoft-Windows-Folder Redirection
Date:          04/03/2016 9:05:33 PM
Event ID:      502
Task Category: None
Level:         Error
Keywords:     
User:          contoso\test1
Computer:      server1.contoso.com
Description:
Failed to apply policy and redirect folder "Desktop" to "\\server3\Profiles$\test1\Desktop".
 Redirection options=0x1211.
 The following error occurred: "Failed to copy files from "\\server2\Profiles$\test1\Desktop" to "\\server3\Profiles$\test1\Desktop".
 Error details: "The system cannot find the file specified.


Reference registry settings for removable storage

$
0
0

Hi all,

Please help me find the reference registry values created by the below group policy. I need to create a compliance report by looking up these reference values......

Security Settings\Advanced Audit Policy Configuration\Audit Removable Storage


JG

Group policy for windows update

$
0
0

I am going to create a new OU for home workers. In this OU I am going to put all the computers that are connecting to my domain through VPN. As these computers are not able to connect to WSUS I would like to set up  a policy that force the windows to download updates directly from the microsoft website. Is there a guide how to setup this policy? As the only guides I'm finding are to connect to the WSUS.

Thanks,

Ryan

Deployment of OneDrive.exe

$
0
0

Hello,

It seems like I cannot deploy properly OneDrive.exe. as an IT administrator.

I am using 2 virtual machines: a Windows 10 computer and a Windows Server 2012 R2 (to use GPMC on Active Directory)

My goal is to set the Administrative settings for OneDrive for Business so that all the users that are under my tenant (...@companyx.onmicrosoft.com) are bound/tied to these settings that I applied. So here are my questions.

As the IT administrator:

1. Do I have to install and set up the adminsitrative settings of the new OneDrive for Business Next Generation Sync App on ALL computers? (as in the computers that my users are using)? Or do I just set the administrative settings on my computer (win10) and would they also apply to all users under my tenant?

   -I would appreciate a detailed guide on how to properly deploy and add the configuration setting registry keys on OneDrive.exe. I tried to follow the guide on the article "Deploying the OneDrive for Business Next Generation Sync Client in an enterprise environment" but was NOT able to do it. If someone could provide me a guide with screenshots on how to do this, it would be very helpful. (please remember I am new -and not so good- to IT)

 2. I understood that some settings such as "DefaultToBusiness" and "EnableAddAccounts" are able to be set before the installation of OneDrive.exe. Is it okay if I do not run the "EnableAddAccounts"? Since we do NOT want our users to be using any other OneDrive account on their computers (other than the company's OneDrive for Business), if I do not run this setting, it will not allow them to add another O365 or OneDrive (consumer) account to that computer right??

3.How do I set the other administrative registry keys (DisablePersonalSync,EnableEnterpriseTier,GPOEnabled,DefaultRootDir, and DisableCustomRoot)?? Again, I tried to follow the guide provided on the article "Administrative settings for the OneDrive for Business Next Generation Sync Client" but was NOT successful. So a detailed guide with screenshots might help me understand and run these settings in a better way (and hopefully be succesfful).

4. Since these administrative registry keys are applied through Group policies, do I have to set them through my GPMC?? Right now I can only see the folder "Skydrive" which contains 3 templates. How can I apply all these administrative settings for OneDrive for Business on my Server (windows server 2012 R2) so that they apply to all computers under my domain?? Please, a guide with screenshots would be easier to understand and follow.

I am sorry this got really long, but I hope someone can help me out

Regards

Using GPO and Office 2003/7/10/13/16 adm templates in win2003 AD domain to avoid Ransomware malware

$
0
0

I am seeking help for Windows 2003, a product not supported. But please see if you can help.

We have a Domain whose forest and domain functionality is still at Windows 2003 Native.
There are 2 servers acting as Domain Controllers, both Windows 2003.
The reason we have not upgraded is because of many legacy applications in the network, which work only on Windows 2003 servers and there is no way to upgrade them.

Most of our users use Windows 7, 8.1, and some Windows 10. All these machines have office 2007 or 2010 or 2013. 
There are few Windows XP and Windows 2003 Terminal Servers where we have Office 2003 deployed.

With the new CryptoLocker, Locky and Petya threats, We want to secure our domain by deploying office administrative templates. 
Our intention is to force applications like Word/Excel to never auto-run macros etc.

With the mixed versions of office and the fact that our Domain is Windows 2003 based.
How can we install all the templates for all office versions for every OU? 

Some Articles told me that, If I have Windows 2003 DC, then I have to go to EACH individual Group Policy's ADM folder and copy the ADM files there... But where do I copy the ADMX files? When I copied ADMX files, the Group Policy Object Editor complains saying"

---------------------------
Administrative Templates
---------------------------
The following error occurred in \\domain.local\sysvol\domain.local\Policies\{31B6F340-016D-16D2-945F-00C04FB984F9}\Adm\access12.admx on line 1:
Error 51  Unexpected keyword
Found: <?xml
Expected: CLASS, CATEGORY, [strings]
The file can not be loaded.
---------------------------
OK   
---------------------------

Am I doing something wrong?

Should I be creating the PolicyDefinitions folder instead and putting ADMX files there? Or is that valid only for Domain 2008 or above?


konkani

SERVER 2012 R2 Limited access to specific clients.

$
0
0
Dear readers,

Current Situatuion: I have a thin client server running 20 clients. The thin client server is further connected to the internet.

Requirement:  8 of those thin clients need to be provided with the internet access(Browsing of websites), while 12 others should not be able to access any sites but should be able to access the NETWORKED STORAGE.

Problem:  I have experimented with outbound rules a lot but am not able to find a solution, and i am a completely non technical guy. Kindly guide me on the issue.

Regards
Mohit

Compare GPOs between Two Separate Domains

$
0
0

Hi everyone,

I was wondering what would be the best way to compare domain GPOs between two separate domains. One domain is on windows server 2008 r2 and the other is on Windows 2003 r2 SP2. The domain on Windows 2003 does not have Powershell installed.

Thanks

Testing undoing a redirected folder

$
0
0

I want to build a new GPO to undo the Documents folder redirection as a test for writing it back to the local user profile. 

I have the current settings set in the live policy

Grant user exclusive rights to DocumentsDisabled
Move the contents of Documents to the new locationEnabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systemsEnabled
Policy Removal Behavior

Leave content

So i wanted to make a new policy to undo this.  But do I have to first make the policy do the redirection just like the live policy, let the users get it from the test policy, then i can undo it in the test policy to see what happens?   or can i just set the test policy to undo it, then move users in?

I'm not sure if it has to do the redirection from this test policy first to be able to undo it, or if it will undo the settings from the live policy also so i can just easily switch which policy applies to my test users.


Specic web permissions to specific clients possible???

$
0
0
Current Situatuion: I have a thin client server running 20 clients. The thin client server is further connected to the internet.

Requirement:  8 of those thin clients need to be provided with the internet access(Browsing of websites), while 12 others should not be able to access any sites but should be able to access the NETWORKED STORAGE.
  Kindly guide me on the issue.

Regards
Mohit

The PC in Active Domain need to restart many times

$
0
0

dear

last year, we found some windows 7 PC need to restart many times can be login every morning.

sometimes, the windows OS system halted at Welcome window and you need to restart the Windows.

sometimes, the windows OS system halted at search network  window and you need to restart the windows.

last year ,our AD Domain server is Windows Server 2003.

now, our domain server OS is windows server 2012 R2.

but the problem remains.

 

the event of Windows 7 client as below:



路可以歪着走,但是方向一定要是对的~!

How to measure Login and GPO processing time metrics

$
0
0

Hello,

We need to reliably measure GPO processing time, User Login time and other relevant metrics on our Windows Clients.

What would be a good approach to track this?

"You are about to view pages over a secure connection" in IE 10

$
0
0

I'm trying to turn off the pop up message "You are about to view pages over a secure connection" via GPO but can't find the option.  I know there is a reg key ([HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security] "DisableSecuritySettingCheck"=dword:00000001) but trying to find it in Group Policy seems impossible. 

Can anyone advise where it is?

Thanks!

Need to edit host file on remote machines

$
0
0

Hi,

i am using following start script to change the host file on the machines:

@ECHO ON

copy \\x.x.x.x\script\ %windir%\system32\drivers\etc\hosts /y
EXIT

The problem with the script is that it replace the old host file with the new one. Is there anyway that i could update the host files rather than replacing them.


Viewing all 19997 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>