Orange County District Attorney
We have migrated our AD from 2008 R2 to 2012 R2. When we try to apply some policy, we force the below issue:
Default Domain Policy AD/SYSVOL Version Mismatch
Please help
BR
Dear fox,
I have created powershell script to rename more than 1000 computers host name same as active directory user account. If i run the policy manually in my computer then it successfully changed but if i deploy from GPO in computer startup script it doesn't work.
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
if ($myWindowsPrincipal.IsInRole($adminRole))
{
$Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
$Host.UI.RawUI.BackgroundColor = "DarkBlue"
clear-host
}
else
{
$newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
$newProcess.Arguments = $myInvocation.MyCommand.Definition;
$newProcess.Verb = "runas";
[System.Diagnostics.Process]::Start($newProcess);
exit
}
[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null
$name = $env:username
$computerName = Get-WmiObject Win32_ComputerSystem
$computername.Rename($name)
write-Host "$([char]1) Computer Name is changed to `"$name`", I am Going to Reboot Laptop after 10 seconds." -ForegroundColor Green
write-host "$([char]7) IT Department has changed your computername same as your email address." -ForegroundColor Green
sleep 1
write-host "$([char]7) Computer will restart in 9 Seconds" -ForegroundColor Green
sleep 1
write-host "$([char]7) Computer will restart in 8 Seconds" -ForegroundColor Green
sleep 1
write-host "$([char]7) Computer will restart in 7 Seconds" -ForegroundColor Green
sleep 1
write-host "$([char]7) Computer will restart in 6 Seconds" -ForegroundColor Green
sleep 1
write-host "$([char]7) Computer will restart in 5 Seconds" -ForegroundColor Green
sleep 1
write-host "$([char]7) Computer will restart in 4 Seconds" -ForegroundColor Green
sleep 1
write-host "$([char]7) Computer will restart in 3 Seconds" -ForegroundColor Green
sleep 1
write-host "$([char]7) Computer will restart in 2 Seconds" -ForegroundColor Green
sleep 1
write-host "$([char]7) Computer will restart in 1 Seconds" -ForegroundColor Green
sleep 1
Restart-Computer -Force
### End of Script ## A strange issue. We have several clients (win7/8) which has a GPO applied that isunlinked.
Running gpresult /r i get this:
Applied Group Policy Objects:
--------------------
GPO1
GPO2
GPO1
...now..GPO2 exist but is not linked anywhere (scope is empty), yet it is applied. (GPO1 is applied, but appears twice in the list...why?)
Dear Microsoft's Support Team,
I'm encountering a case related to GPO that notify to users before users's password expiration. Although i set (Prompt user to change password before expiration: 3 days) and client are applied policy correctly. Unfortunately when user logon into webmail OWA, it always appear the message box that notify for user remain x days to expire date (x > 3).
I had double-check client that their PC has applied the GPO (also check on registry shows Password ExpiryWarning = 3), I tried on both domain joined workstation and non-domain joined laptop, the result also the same. Dont know have another parameters need to set or did i do wrongly or missing something. I'm very appreciated if you could help me to solve the problem.
My system environment as the following:
DC: Windows 2008 R2 Standard sp1
Domain functional level: 2003
GPO Settings:
- Max Password Age: 30
- Min Password Age: 0
- Interactive Logon: Prompt user to change password before expiration: 3 days
Mail: Microsoft Exchange 2013 Enterprise
Thanks and Regards,
Thanh
Hi,
I had an issue in Group Policy via the infrastructure check saying that replication was in progress and that "The sysvol permissions for one or more GPOs on this domain controller are not in sync with the permissions for the GPOs on the baseline domain controller". This is on the active directory side rather than Sysvol.
I had never run the Infrastructure check before and put a Server 2012 DC on the domain in 2013. The only recent change has been that I moved away from FRS in favour of DFSR. However as it was AD permissions rather than sysvol I guess this might not be the cause... It may of been going on for sometime. I haven't and hadn't noticed any GP errors though.
I guess that if its just permissions that were not syncing and changes were then it could easily go un-noticed.
To get rid of the errors I have made copies of all the GP's in question using default permissions, replaced all the links and got rid of the old GPO's. It seems to be working fine, but is there anything else I should check?
Kind Regards,
John
Hi,
We are facing an issue on one of our domains where machines are not all running group policy refreshes at its default interval. I am not seeing the 1501 events logged in the system log, I occasionally see a 1503 on these machines.
We have a scheduled task that triggers when 1501 is written to the event log and on a large number this works fine. I have a bunch (350+ currently) that are not working as expected. They are in a bunch of our different offices across different countries, yet they all have the same problem.
If I run a manual gpupdate on these machines, it refreshes group policy and it also logs the 1501 event into the system event log which in turn triggers our scheduled task to fire.
There are no errors in the Group Policy event log, GP fires when you boot up & when a user logs in. It doesn't matter what user is currently logged in, GP doesnt refresh. We are using the default interval (60min +- 30min).We haven't changed it in
any policy and i've also checked that the registry keys dont exist on affected machines.
I have turned on the GPSvcDebugLogging and reviewed its log, I cant find anything in there. Data is written to that ~within the normal GP refresh interval and there are no errors or warnings that I can find. However we still dont get the event 1501 entry into the system event log, according to Microsoft, the informational entry is: The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy.
All of our clients are Windows 7 Enterprise, with the latest updates released running 1 month behind. Users all have a variety of software installed, unlikely that 2 machines are identical but I doubt that its an external piece of software causing the issue,
I would expect its likely to be something internal to windows. We are running a 2008 R2 DFL & FFL, domain controllers in each office, ~50 GPO's but varies as some are dependent on group membership however there are no errors when reviewing a result report.
DCDiag doesn't report any domain errors, sites and services etc is all configured correctly. DNS is working fine. I cant see any errors on the DC's either.
Has anyone seen this issue before? I need to find other things to investigate to fix this issue, has anyone come across this before, has a fix or can suggest some things I can look into, so I can look at solving this.
Thanks
In the screenshot, these network folders are mapped without drive letters and they are located in Network Location. This is done by a bat file and deployed as logon script.
I like to stay away form logon script and turn this into GPO! In GPO to map a network drive, it requires to have a drive letter. Is there another GPO setting I can achieve network resource mapping without a drive letter that I can use? thanks.
Thang Mo
It seems on a clean install of Windows 10 that System restore is turned off by default. It is enabled, but turned off. Enabled meaning that I can configure it however I want but Turned Off as in it is not actually creating any restore points.
I have found many group policy forum postings that document how to enable System restore, but I cannot find anything that actually tells you how to turn it on with that the system so that it actually starts creating system restore point on system changes.
Any suggestions?
Hi,
I use WMI Filter GPO with Windows Server 2012, when I filter by the version of Windows it works, by cons when I filter by OSArchitecture it does not work.
my goal is to deploy the parameters based on the system architecture 32- or 64-bit.
the filter I use is:
Windows 7 64bit:
SELECT * from Win32_OperatingSystem WHERE Version LIKE "6.1%" and ProductType = "1" AND OSArchitecture = "64-bit"
and Windows 7 32bit
SELECT * from Win32_OperatingSystem WHERE Version LIKE "6.1%" and ProductType = "1" AND NOT OSArchitecture = "64-bit"
please, do you have an idea about the problem?
Hi,
Wondered if anyone can help.
We have an OU structure split between "Desktops" & "Laptops".
We have a number of "USER" GPO's that don't apply when we put a machine inside the laptop OU - However when we put the PC in the desktop OU the user GPO's work perfectly. (Majority of GPO's are inherited at the general computers level)
I've run GPRESULTS when the machines are in the LAPTOP OU and only about 5 standard policies are applied. There's nothing in event logs or Group Policy Operational log and nothing..
Just wondered if someone could point me in right direction of what to look for.
Thanks In Advance.
I have created file share in azure and mapped it to Virtual Machine entitled VM_01.
I have used CmdKey command to persist the credentials.
C:\>cmdkey /add:<yourstorageaccountname>.file.core.windows.net
/user:<yourstorageaccountname>
/pass:<YourStorageAccountKeyWhichEndsIn==>I am able to see shared drives when I logging to the virtual machine, but when other administrators logging to the same machine they do not see and access the shared drives!!
After spending time on internet, I found that The credentials persisted by CmdKey are available to the user who ran “CmdKey”.https://blogs.msdn.microsoft.com/windowsazurestorage/2014/05/26/persisting-connections-to-microsoft-azure-files/
So solution suggested was to use runas command and then use CmdKey command as follow
runas /user:<username> cmd.exe // This will open the command windowBut, I have 100 of users!!! Do I have to run the bove command 100 times with different user names :( Do we have any alternative solutions?
Many Thanks Deepak
Hello. We have an issue with multiple users and their redirected desktops. What is happening is some users are not getting their redirected desktops. This happens randomly throughout the company. All the users are in the same OU and the GPO is applied to
the OU that the user accounts are located in. I did a GPUPDATE /R command and it shows that the policy has been applied. If the user logs into a different PC with their same username/password then they get their redirected desktop with no issues. The temporary
fix that we have been doing is deleting their local profile and have them re log back on their pc then everything is working fine again. My questions are 1)What might be causing this? 2)Any other suggestions for us to try to find the cause and correct it so
that we do not have to keep deleting the local profiles? There are two DC's. Both are 2012 Server. Domain/Forrest running in 2012 mode. Thanks in advance.
I followed the link: https://blogs.technet.microsoft.com/dougga/2011/09/12/managing-client-machine-local-admin-rights/ to create a gpo policy but somehow the first part which is the list of members that should always have local admin rights is not working. Only built\administrators is the only group that can be added in. But if I have the second group enabled, then besides computername is added, all the other groups I specified will be added as well.
Any advice on the first group?
Thank you very much!
Hi,
I'm trying to create a GPO that will allow me to add a folder & reg key inside that only restricted for Win 10 using GPO. I used the command on command prompt and it works as expected but I want it to be achieved using GPO how can I do it?
here is command that I used.
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade /f /v AllowKMSUpgrade /t REG_DWORD /d 1
Below is the image of what i'm trying but it's now working. I've also applied WMI for Win 10 filtering.