I need to allow taskmgr.exe to authenticathed users of a domain, without the local administrator account. I need to aplicate this using a GPO.
Thanks.
↧
Allow taskmgr.exe to authenticathed users of a domain
↧
Unable to restore domain GPO using DCGPOFIX
Hello,
We had a ransomware issue that resulted in some of the GPOs being encrypted with the main one being the Default Domain Policy. I have attempted to create a new Default Domain by using the following command :
c:\Windows\system32>dcgpofix /target:Domain (run as administrator)
I answer Y to both questions and then receive the following message:
Unable to read EFS certificates from Registry.pol file of Default Domain Policy.
The error was
Unspecified error
The restore failed.
It was unable to be read because Registry.pol file is encrypted.
Is there anyway around this to be able to run the command? Stupidly I have no backup of the GPO.
Thanks!
↧
↧
Pushd: cannot find path '//sharepoint/path/name/folder destination' because it does not exist
We automated a process using a sharepoint site and a powershell script. It was working fine until we noticed that the script had stopped for some reason. I have been searching for a reason as to why this is broken but have not been able to find a clear answer.
The syntax to the command is correct and we are able to run the script locally (cuurently script resides on a Server 2012 R2 box). We are able to browse to the folder using Windows Explorer from the server but if we open up powershell we get the same error.
Locally we are able to change to this directory.
Overview of script:
Script checks "Inbox" which is a folder location on SharePoint. If file exists then it creates two copies, one to back up and another to run macros. There is a folder for backup and a folder for macros.
Error:
When we check logs this is what the error says:
[i] Begin Automated Process for macros
[i] Changing directory to //sharepoint/path/name/folder destination
pushd : Cannot find path '//sharepoint/path/name/folder destination'
because it does not exist.
At D:\Scripts\automation\macroautomationprocess.ps1:188 char:9
+ pushd $Inbox
+ ~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (//sharepoint/pa...der destination
ts:String) [Push-Location], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.PushL
ocationCommand
[i] No file name waiting...
[i] Stopping script
PS>$global:?
True
Here is the piece of the code from the powershell script so that you can see what is going on:
##### VARIABLE ASSIGNMENT #####
$Inbox = "//sharepoint/path/name/folder destination"
$Backup = "//sharepoint/path/name/folder destination/BackedUp"
$Scored = "//sharepoint/path/name/folder destination/automatedmacros"
##### END VARIABLE ASSIGNMENT #####
##### FUNCTIONS #####Function UnlockScore {
"[i] Begin Automated Process for macros"
<#Param(
[string]$Macro
)#>
"[i] Changing directory to $Inbox"
pushd $Inbox
$files = Get-ChildItem -Name "*.xl*"
$filecount = ($files | Measure-Object).Count
if ($filecount -lt 1) {
"[i] No file name waiting..."
"[i] Stopping script"
Popd
exit
↧
Computer Policy updates successfully but User Policy Fails
Hello, I'm hoping someone can help me here, I just did a clean Windows 10 32-bit install on a computer I have here and am having a problem getting Group Policy to update successfully for Users.
The following errors are occurring...
gpresult /r
INFO: The user does not have RSoP data.
and
C:\Users\roark_holz>gpupdateUpdating policy...
Computer Policy update has completed successfully.
User Policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows attempted to read the file \\ad.oppco.org\SysVol\ad.oppco.org\Policies\{E0E72292-4539-478D-8E8E-95CEBE4F3831}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
I took a loook through the group policy event logs and found that the event ID that triggered this error appears too be Event ID 7017.
The problem only seems to affect this one computer, if I log in as the same user on another Windows 10 computer I have set up here everything works as expected which would lead me to believe the problem is with this one workstation, not the domain controller itself (though I could be wrong about that I suppose).
Does anyone know how to fix this problem.
↧
GPUPDATE fails to apply computer settings "Access Denied"
A single Windows 7 Pro workstation on HP Compaq Pro 6305 SFF in a small business with 1 DC (Small Business Server 2008) errors on gpupdate /force with the following: The processing of Group policy failed. Windows could not resolve the computer name. This could be caused by one or more of the following:
a) Name Resolution failure on the current domain controller.b) Active Directory Replication Latency (an account created on another domain co
ntroller has not replicated to the current domain controller).
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
GPresults produced:
(I edited out private info and replaced with generic placeholders in italics)
I am concerned that the Domain name and Domain type in Computer Settings are different from the ones in User Settings.
C:\Users\username>gpresult /rMicrosoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 4/8/2016 at 7:21:27 AM
RSOP data for Mydomain\Username on FPB2015-HP : Logging Mode
----------------------------------------------------------------
OS Configuration: Member Workstation
OS Version: 6.1.7601
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\Username
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=FPB2015-HP,OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=Mydomain,DC=
local
Last time Group Policy was applied: 4/8/2016 at 7:15:23 AM
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: TLG10HO333E2J
Domain Type: WindowsNT 4
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
System Mandatory Level
USER SETTINGS
--------------
CN=Username,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Mydomain,
DC=local
Last time Group Policy was applied: 4/8/2016 at 7:15:23 AM
Group Policy was applied from: Myserver.mydomain.local
Group Policy slow link threshold: 500 kbps
Domain Name: Mydomain
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
Windows SBS CSE Policy
Small Business Server Folder Redirection Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Default Domain Policy
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
Windows SBS User Policy
Filtering: Denied (Security)
File/Print Deployment All Users
Filtering: Denied (Security)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Windows SBS Folder Redirection Accounts
Medium Mandatory Level
C:\Users\username>
Event Viewer logs the following after GPupdate:
System Log:
EventID 1055
Group policy Operational log:
EventID 7017
EventID 7320
EventID 7004
The following has already been tried:
From afflicted machine, browsed to each and every Policy folder within sysvol, couldn't find any security issues or access denied.
Reset Password on the Computer account in AD on the DC.
Disjoined the workstation from the domain, deleted the computer account on DC and rejoined.
This machine resides in same OU as all other workstations which are functional.
This particular machine has many applications which are critical to the business, so re-install of OS is a very last resort.
Any help is much appreciated.
Brian
↧
↧
Removing User/Computer Rights to share a folder
Hi,
i want to prevent a group of users in AD - their ability to share files / folders that are local to their desktops.
coming across a few forums i get the GPO - Local Computer Policy, User Configuration, Administrative Templates, Windows Components, and Network Sharing. and to enable the setting.
This however doesnt seem to be working and as i tested - i still have the ability to go to folder properties and Share the folder from Advanced Sharing. A possible reason could be that i also have admin rights to the desktop.
Is there a GPO -policy setting that will disable Folder sharing for both standard users and admins alike ?
↧
Cannot get the password expiration from a trusted forest
Hi,
We have a 2 way forest trust and everything was working well until now.
Some users are from the A forest and connect to computers from the B forest.
We have a GPO on both forest to prompt users to change password before expiration.
But for those user from forest A who are using a computer from forest B it is not working.
Looking for any ideas to troubleshoot this issue.
Thanks
↧
Unable to edit Default Domain Policy
Hi, I need to modify a default domain policy in my network but I got this error (Windows Server 2012 R2)
I am using a domain admin account and have delegated permission to edit this object. I'm able to edit other policy just fine.
Please advise
↧
Compare GPOs between Two Separate Domains
Hi everyone,
I was wondering what would be the best way to compare domain GPOs between two separate domains. One domain is on windows server 2008 r2 and the other is on Windows 2003 r2 SP2. The domain on Windows 2003 does not have Powershell installed.
Thanks
↧
↧
Change to password policy not taking effect.
About three months ago, I made a change to the password policy increasing the maximum password age. I've waited this long just to make sure I was past the original limit of days and that I had gone through at least one password change cycle for everyone. I find that the new age is not being applied and passwords are still expiring at the original limit.
I've checked that computers are not in an OU that is blocking inheritance.
Running GPRESULT /SCOPE COMPUTER /Z shows that the policy is being applied with the correct age.
Any suggestions for further troubleshooting?
↧
"Turn off the upgrade to the latest version of Windows through Windows Update" gone after updating the WindowsUpdate.admx
At the moment we still use 2008 R2 Domain controllers.
I've updated the admx files to support Windows 10.
In the past,I enabled the "Turn off the upgrade to the latest version of Windows through Windows Update" GPO setting so my domain joined Windows 7 machines will certainly not start upgrading to Windows 10.
But now, this setting is not longer included in the new WindowsUpdate.admx file! So the setting is lost. I can see it in the GPO settings under "Extra Registry Settings", but I can't change it anymore. If I roll back to the older WindowsUpdate.admx, other new Windows 10 settings will be lost, so this is not a solution. How can I fix this?
↧
Local security policy of AppLocker is not overridden by Domain Group Policy
Hi,
We was using local AppLocker policy in our client machine. But now we want to allow some other applications to b installed in the Client Machine by creating the AppLocker policy and importing them in the Windows Server Group Policy so that it will be override local AppLocker Policy. When we type Gpresult command in the client computer I can see the name of policy but this is not allowing our new applications. It behaves as same old Applocker Policy.
But when I Import same policy locally then it starts working. But i want this policy will implemented only through GPO so that we can update our Applocker policy Time to time.
Thanks
Abhishek
↧
Folder redirection question
There is a option in Folder redirection policy to - Move contents to new location.
What is the detailed use to this option. Does it only work when the server mentioned in folder redirection policy is changed?
We recently built a new profile server. I unchecked the option to move contents to new location, since I did not want the data in the old profile server and also I was getting some errors. However should I enable this option now, since now the users have logged into without errors?
If I do not enable this option, will folder redirection not work? I mean to say that will contents not be copied from the users machine to the new profile server?
↧
↧
Windows Client + "Software restrictions" + "Run As Administrator"
Hi all,
Have created successfully via GPO here an SRP rule.
The enforcement is set to "All users except local administrators".
Now have the problem that the standard user correctly blocked the start of the program, but is also the Administrator via UAC.
How can i install as a Administrator via UAC an active SRP rule a program?
Thanks for any help here
Stefan
↧
The PC in Active Domain need to restart many times
dear
last year, we found some windows 7 PC need to restart many times can be login every morning.
sometimes, the windows OS system halted at Welcome window and you need to restart the Windows.
sometimes, the windows OS system halted at search network window and you need to restart the windows.
last year ,our AD Domain server is Windows Server 2003.
now, our domain server OS is windows server 2012 R2.
but the problem remains.
the event of Windows 7 client as below:
路可以歪着走,但是方向一定要是对的~!
↧
Can i stop internet explorer 11 set up via GPO
Dear All,
its very irritating that users keep on getting the below pop up when they open IE ,i was thinking is there a way through GPO where i can set use recommended settings for all users and stop the pop up ,my DC is on windows server 2012
TechGUy,System Administrator.
↧
Group Policy error ?
We're using GP to push out printers. On random machines and for random users sometimes the printers do not map. The error in the App log on the PC is this Group Policy Object did not apply because it failed with error code '0x80070057 The parameter is incorrect.' This error was suppressed.
I have been unable to tell what parameter it means. One user could get this, another logs into the same machine and the printers work fine. I can't find the commonality.
Jason
↧
↧
Reboot time
What type of tool (Powershell or GUI) on figuring out from my server how long a client computers has been up and has been rebooted?
↧
Group Policy not getting update on One Machine
Hi Folks,
I have a server 2012 R2 Machine on which group policy is not getting updated. I have ran gpupdate and got below error. I have also tried to access the sysvol path from this machine but not accessible. I have tried to UNC other machines from affected machine but not able to access from this machine. But this machine is getting accessible from other machines and domain controller.
The processing of Group Policy failed. Windows attempted to read the file \\CORP.ABC.COM\sysvol\CORP.ABC.COM\Policies\{82D94E3E-AD28-49E3-BF85-2A9CB6A2B4D5}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
User Policy could not be updated successfully. The following errors were encountered:
Please help.
Thanks Satyam Gupta
↧
Folder redirection: Two document folders
Hello,
I'm experiencing some weird effects using the enabled folder redirection in my company.
Context:
The local documents folder gets mapped onto the server.
But I noticed that I have two different document folders now:
Windows Library (Pictures, Documents, Music, etc.) - Online and mapped documents folder, storage location is on the server.
C:\Users\myprofile\Documents - Offline and locally stored.
Can someone explain this behavior?
Thanks in advance and best regards.
↧
