Hi,
Ww have a GPO on domain server that add a folder for some users so it getsr mapped to their desktop when when they log in with a session to different servers.
I want that the Comments column in this folder is displayed for all users automatic, is this possible? I can add the column for myself and it seems to ibe saved, but I want that all users see this column without doing anything. Is this possible?
We use Windows server 2008 R2.
I have a 2008 R2 Standard terminal server farm. They are all VMs in ESX. I just deployed 3 new servers from a template and I am getting Event ID 1202 Source SceCli Security policies were propagated with warning. 0x4b8: An extended error has occurred.
I get this each time I log in. I haven't opened this up to my clients yet since I am getting this message. None of the other servers in my farm give me this message. I have deployed other servers from the same template.
I have been reading through the Center for Internet Security's guide for securing Windows Server 2012 R2. Most of the Group Policy settings in that guide are included with the Windows Server 2012 R2 ADMX files (https://www.microsoft.com/en-us/download/details.aspx?id=43413). There are a few admx and associated adml files that the guide says are included with Microsoft Security Compliance Manager. On my Windows 7 workstation I installed SCM 3.0, however, I could not discover how to export data such that I would get these admx and adml files. I looked in the program's installation directory but couldn't find them. I tried Google searches for mss-legacy.admx and got only a handful of hits, none of which were able to connect the dots. Today I discovered how to find mss-legacy.admx, admpwd.admx, and pth.admx.
I hope this helps someone else who has been searching for these files.
Matthew
Hi,
I was wondering if someone could shed some light on howcome every week or two the windows server DHCP blocks out then the active directory then everything else Besides the DNS. So recently users tell me that they cant print or they dont get DHCP because of this error. Whats odd i have installed other servers with the same ISO and never encountered this problem. The solution is a restart and everything works but its around every week or so this happens. Also when I connect to the RDP I get that the server certificate expired which is odd even after the restart. Im attaching some photos sorry that its in Spanish :( I also want to note that I installed it around less then a month and its giving these issues
Thank you
Hello,
I am trying to create a GP to enforce a screen lock timeout for my Windows 7 Pro 64 bit clients (but not necessarily a screensaver) that belong to a Windows 2003 Server 32 bit domain.
I have attempted the following from both a Windows 2003 Server and also from a Windows 2007 Pro 64 bit client using Remote Server Administration Tools but cannot get the GP to take effect on a test OU & test Windows 7 Pro 64 bit client.
After adding a linked GPO, I have enabled the following under UserConfig\AdministrativeTemplates\Control Panel\Personalization
Once done, I ran gpupdate /force on the client & it successfully applied the default domain policy.
I must be missing a step or two so any helpful suggestions would be appreciated.
Thank you…
Hi,
In our Domain environment, all servers run windows 2008 r2, yet the domain functional level is set to windows 2003.
I want to create a GPO that allows only specific apps to be run by user. A GPO to set the homepage default. A GPO to lock down usb mass storage devices. Now our client machines are of various versions, we have windows 7, windows 8 and windows 10.
Can I implement these GPOs successfully on these machines under domain functionality of windows 2003?
Thanks!
I have read most of the Already asked questions and still didn't get an answer.
My user GPO's works 100% but none of my Computer GPO configurations seem to pull through toward the end users.
Hi All
We have users that logon to a win2012 AD domain "A" but need access to AD domain "B" resouces which does not have any trust relationship with the other. We want to keep it this way for security reasons. I plan to utilize the windows credential valut to place the credentials of the "other" AD domain to allow users access to resouces.
i place the cmdkey.exe command in the logon script that is being pushed via user based group policy in windows 2012 R2 AD environment. I have confirmed that the below command runs when the user logs on. Upon user log on, from the user's desktop when I issue the command "cndkey /list", it lists nothing. What's going on? User signed on with their crednetials so this command should place their logged on credential into the vault or does it not?
c:\windows\system32\cmdkey /add:MyServerName /user:MyDomainName\%username%
As a workaround I am pushing this script via user based group policy to be copied to the startup folder which will run during user log on. This appears to work. When I issue the "cmdkey.exe /list" command it lists the credentials in the vault.
I would like to avoid pushing this script to the startup folder instead I would like to run it in the logon script via group policy.
any ideas?
Thanks in advance.
There is a option in Folder redirection policy to - Move contents to new location.
What is the detailed use to this option. Does it only work when the server mentioned in folder redirection policy is changed?
We recently built a new profile server. I unchecked the option to move contents to new location, since I did not want the data in the old profile server and also I was getting some errors. However should I enable this option now, since now the users have logged into without errors?
If I do not enable this option, will folder redirection not work? I mean to say that will contents not be copied from the users machine to the new profile server?
I'm trying to download the Administrative Templates for Internet Explorer and I believe the link may be broken.
The page is
https://www.microsoft.com/en-us/download/details.aspx?id=40905
If you select the download button, the URL to the download is
https://www.microsoft.com/en-us/download/confirmation.aspx?id=40905
After selecting the download link I receive message the page cannot be found.
Hi,
i want to prevent a group of users in AD - their ability to share files / folders that are local to their desktops.
coming across a few forums i get the GPO - Local Computer Policy, User Configuration, Administrative Templates, Windows Components, and Network Sharing. and to enable the setting.
This however doesnt seem to be working and as i tested - i still have the ability to go to folder properties and Share the folder from Advanced Sharing. A possible reason could be that i also have admin rights to the desktop.
Is there a GPO -policy setting that will disable Folder sharing for both standard users and admins alike ?
Issue:
I'm encountering issues with group policy processing where startup scripts seem to instantly fail with Event 1030 and an ErrorDescription of "The system cannot find the file specified." The client event log just gets a string of 10 or so red errors on this event type. As far as I've been able to tell, this is only happening on our Windows 10 wireless Surfaces.Windows 7 and Window 10 desktops do not seem to be affected.
Preceding the slew of Event 1030 events are typically 1 to 2 events of ID 1058: Network access is denied. The event message typically looks like:
The processing of Group Policy failed. Windows attempted to read the file \\domain\SysVol\domain\Policies\{42ECCD9C-764E-4A3D-8596-A974851F7183}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until
this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Notes and Troubleshooting:
Other Observations:
If I disable the policies generating the 1058 errors, different policies take their place. These policies appear to be the first in the order of inheritance. That is to say that it seems like the first policies that should be processed are the ones that fail. If I unlink those policies then the failures arise from the next policy(s) down the line.
It seems to me that group policy is being processed before its completely ready to do so. Like the networking on the device is not yet ready to go out and communicate with a DC.
I already have "Always wait for the network at computer startup and logon" enabled. I also have tried putting a value of 100 seconds for"Specify startup policy processing wait time". The issue persists.
Any ideas? I'm not sure what else to try.
Hi!
I have 2 question.
How to disable the Office Store in Office 2016 on clients from Server 2012 r2 with GPO?
I want to disable the Adobe collaboration for all computers in network with GPO. How?
Waiting for your reply!
Zsolt
Hi All, I first posted my question here but was asked to repost in this forum.
I would appreciate some advice as have been going in circles for last hour.
We require access to a web site that uses 3rd party cookies.
Ok ...easy enough... IE Options... Privacy tab....Advanced.... Check: Override Automatic cookie handling.
Set Third-party Cookies to 'Block'... however then allowed an exception for the particular URL back on the Privacy tab....Sites.
Add the parent site in and now the web page displays fine.
So.... now I have 100 of these W7 workstations and want to use Group Policy or Group Policy Preference to set these values.
I am unable to locate anything under computer or user config that allows this to be set.
Several blogs external to MS, criticize that this ability has been removed in IE/Group Policy.
I suspect I need to download something I am missing...
... under User Config\Preferences\Control Panel Settings\Internet Settings....I can create a 'New Internet Explorer 10' preference (which also reportedly is compatible with IE 11).
But the options of 'Sites' and 'Advanced' are greyed out.
What am I missing?
I'm struggling getting Group Policy Preferences Drive Mapping to work over wireless (WPA2-Enterprise using Certificates) from our (fully patched) Windows 10 Surface Pro 4s. The Active Directory user account's Home Folder drive map also does not appear. All of these paths use DFS (Server 2008 R2).
Shortly after login, a manual Gpupdate will cause the mapped drives to appear. Waiting 30 seconds before login also works for both the mapped drives and the home folder.
We've had the "Always wait for the network at computer startup and logon" enabled since XP days. I tried setting the "Specify startup policy processing wait time" to 60 but this made no difference (nor did it lengthen boot). The wireless NIC does not appear to have a "Wait For Link" type setting to enable.
Event logs show Event ID 4098 with source "Group Policy Drive Maps" saying the preference item "failed with error code '0x80070035 The network path was not found.'"
I had wondered if the underlying problem might be the new UNC Hardening feature but even adding an exception for "\\DomainNetBIOSname" did not help.
The only significant clue to what's going on is that when I changed my user account home folder to a direct UNC path to the server rather than via DFS, my home drive was able to appear correctly. The DFS Client service (as seen in regedit) already has a Start type signifying "System".
I'm not sure where to go from here. Does anyone have any ideas? Thanks!
(Cross-posted as suggested from the Windows 10 Networking forum.)
Good morning.
In my root domain I have a policy with several settings, everything works fine. In this policy I see a Folder Redirect policy however it has ZERO settings. NO big deal but somebody was troubleshooting slow logons and enabled verbose logon and it hung on, you guessed it... Folder Redirect Policy.
Stay with me...
So after verifying that indeed that empty policy was in fact NOT the problem it "looked" like the problem.
So... How can I remove this?
Thank you.
server 2012 R2 AD, windows 7 and 8.1 clients.
we have some static IE favorites that we push to all users from a central location. to do this, I have a GPO with a Folder GPP (user configuration) that deletes:
%favoritesdir%\folder1\
the options selected on the delete preference are:
Action:Delete
-delete this folder (if emptied)
-Recursively delete all subfolders (if emptied)
-Delete all files in the folder(s)
-allow deletion of read-only files/folders
what I would expect this to do is delete everything in "%favoritesdir%\folder1\" and then delete "%favoritesdir%\folder1\" itself.
the same gpo also has a Files GPP to copy some internet shortcut files from \\server\share\folder1\*.* back into %favoritesdir%\folder1\.
if this were working how I want, the Folder GPP would delete the folders, and the File GPP would recreate the folders and put some files in them. c:\users\me\favorites\folder1 would always have a datestamp of the last gpupdate. but that's not happening.
if I manually delete c:\users\me\favorites\folder1, then do gpupdate, the new folder1 and all shortcuts all get created correctly by the files GPP. but folder1 is not getting deleted and recreated with just a regular gpupdate or logoff/logon. I turned on trace logging for files and folders, but no errors appear. If I enable informational trace logging, I just see:
2016-03-29 13:54:54.193 [pid=0x2ac,tid=0x125c] Starting class <Folder> - Folder1.
2016-03-29 13:54:54.193 [pid=0x2ac,tid=0x125c] Policy is not flagged for removal.
2016-03-29 13:54:54.193 [pid=0x2ac,tid=0x125c] Completed class <Folder> - Folder1.
Hello,
I am having issues getting Remote Desktop connections through the firewall on both my Windows 2008R2 servers as well as my Windows 7 clients. I have enabled Remote Desktop connections via a GPO. I have also gone into the Windows Firewall with Advanced Security GPO setting and created an Inbound Rule for Remote Desktop.
I am not allowed to remotely login to either the clients or the servers after creating the GPO. If I login on the machine, I can go into the firewall settings and see that the GPO has been applied and there is a check mark next to Remote Desktop on the Inbound filters list.
However if I perform the same steps on the local firewall and allow the Remote Desktop Inbound exception, then it works fine.
So my question is, why would the firewall exception being applied via a GPO not be good enough to enable Remote Desktop? Why do I still need to enable it on the local machine as well?
Thanks,
-John
Not sure how this happened but I'm missing the WSE Group Policy Folder Redirection from my Essentials server. Other defauly GPO's are there. As a result implementing the redirection policy via the console fails.
Is there any way of recreating or importing the default policy?? Not looking forward to reinstall...
thnx
Dennis