Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Certificate Autoenrollment seems not working for existing certificates

March 28, 2016, 10:30 pm
$
0
0

Hi All

This is my first time on this forum, so please let me know if the topic is incorrect.  And, apologize for my English as well.

I have a problem with Certificate Autoenrollment policy that I have implemented for the company.  The problem is that when users get new laptops then join them to the domain, the existing User certificate are not re-issued. For the old laptops, if the user and computer certificates are accidentally deleted, the existing ones are not re-issued either.

However, If I try to revoke the certificates via the CA console, the new one can be issued to the client.

A bit of background for ADCS environment.  AD Certifcate services is installed on a Windows 2008 R2 Enterprise domain controller.

The user certificate is duplicated from existing one, and I enable "Publish certificate in Active Directory" and check "Do not automatically reenroll if a duplicate certificate exists in Active Directory" option as well.

As for GPO, I create a GPO and link it to at the domain level in GPMC.  The "Automatic certificate management" under User Configuration is set to Enabled, and the following options are also Enabled.
- Enroll new certificates, renew expired certificates, process pending certificate requests and remove revoked certificates
- Update and manager certificates that use certificate templates from Active Directory

Hopefully, anyone has encountered this before and can help me with solutions.

Thank you,
Ake

Search

Windows 7 Pro Users with Offline Files enabled unable to open their offline files when not in office

April 27, 2016, 12:30 am
$
0
0

Hi all,

One of my colleague complained that he could not open his offline files on his notebook yesterday night when he reached home. Also, yesterday afternoon our server 2008 Domain Controller shutdown because of a blackout. When the power returned, the server was restarted and everything is back to normal. During the blackout, my colleague's notebook has enough battery power to sustain through the blackout and has remained connected to the network without doing a restart.

My question is, must all notebook users with offline file enabled need to restart and log back in again to the domain whenever the server is restarted?

Could anyone give me what is the best practice for such scenario?

Thanks in advance.

Add a use or group to Hyper-V Administrators goup on Windows 10 machine

April 28, 2016, 3:16 pm
$
0
0

I am running a 2008 R2 domain, and I have a couple of machines running Windows 10 joined to the domain.  I am running Hyper-V on the windows 10 machines, and basic users can open the Hyper-V manager, but will receive a message saying you do not have the required permission to complete this task, when connecting to the virtual machine management service.

I know I can go into computer management on the machine and just add the domain user to the Hyper-V Administrators group, under local users and groups, but would prefer to use a GPO instead.

I have already tried this with group policy preferences but did not have any luck.  Thanks for any suggestions.

Server 2012 Domain with Windows 7 x64 clients will not allow me to install unsigned printer driver on client machine

April 29, 2016, 9:07 am
$
0
0
I have a server 2012 Domain system and am trying to connect a card ID printer to one of the client machines and it will allow me to print at first but then seems to lose the driver. When I try and update the driver it tells me that it was either not signed or not signed correctly. 

"No auto-restart for scheduled Automatic Update installation" missing in GPO settings

April 29, 2016, 8:45 am
$
0
0

Many persons are talking about a Windows Update setting named "No auto-restart for scheduled Automatic Update installation".

However, we have only "No auto-restart with logged on users for scheduled automatic updates installations".

I guess this functionality has been removed in Windows 2008...

Other people have asked the same question than me on this Technet forum.
But their question has been redirected to an article which does NOT give the answer,
and the question has been locked...

Does anybody know why this setting is missing
and if it is possible to bring it back?

s group policy item "No auto-restart with logged on users for scheduled automatic update installations" supported in Windows 10?

April 29, 2016, 10:09 am
$
0
0

Is group policy item "No auto-restart with logged on users for scheduled automatic update installations" supported in Windows 10?

I know, it can be set in GPO, but according to my tests it is not checked before reboot.

How to control when/where screen saver settings are applied

April 29, 2016, 10:28 am
$
0
0
I have a group policy set to enable the screen saver and require the password to unlock it. This works fine except that it applies to the user everywhere they log on. I would like to have more control over where and when it is applied. For example, I would like it to not be applied to particular workstations. I would like it to not be applied on an RDP session to a server. In other words, how can I have machine-specific control over a user-specific setting?

Windows Update om Specified Intranet using powershell command.

April 29, 2016, 12:55 pm
$
0
0

We are using SCCM for updates and I am building the automation to build the server. the SCCM takes almost 15 minutes to connect to it even if it is configured so I need to use the Internal Update URL to do windows updates. Suppose I have the URL as http://xxx.5454. How can I use Powershell Windows update to get the updates from URL instead of going out the server or over Internet.

Search

NoDefaultAdminOwner local policy still works on Server 2008?

February 3, 2010, 11:46 am
$
0
0
We use this Local Policy ( which sets HKLM\SYSTEM\CurrentControlSet\Control\Lsa\nodefaultadminowner to '1' ) on Windows Server 2003 to avoid having admins of a machine wind up having object ( files ) they create marked as owned by Administrator ( we'd rather have their "real" username be the owner ).

Unless I'm doing something silly, it doesn't seem to work on Server 2008.

Is that true?

Is there a workaround?

link security filtering to created security group it will work?

May 1, 2016, 8:34 am
$
0
0
how to apply GPO to security group for e.g i have created security gurop and added computers so how to apply GPO to security group? scope location --link needs to mention any OU? empty also will work only map or link security filtering to created security group it will work?

Turn on System Restore (Not how to enable it) via group policy for Windows10

April 21, 2016, 10:34 am
$
0
0

It seems on a clean install of Windows 10 that System restore is turned off by default.  It is enabled, but turned off.  Enabled meaning that I can configure it however I want but Turned Off as in it is not actually creating any restore points.

I have found many group policy forum postings that document how to enable System restore, but I cannot find anything that actually tells you how to turn it on with that the system so that it actually starts creating system restore point on system changes.

Any suggestions?

Windows Server 2012 R2 : GPO related issue

April 29, 2016, 4:53 pm
$
0
0

I want to extended screensaver timeout for some users and that too only on some servers.

All users are placed in OU and nested OU

All servers are placed in OU and nested OU

Some set of users when login to any particular server from server Group should have timeout extended till 1 hr from 15 min.

How to do that. Please if anyone can help, would appreciate.

Can email me as well @ [email address redacted]


how restrict local administrator rights

May 2, 2016, 1:22 am
$
0
0

i want limit local administrator that he cant out any PC from domain

does it possible?

Disable only windows firewall notifications in Windows 10 with Group Policy

April 28, 2016, 1:59 am
$
0
0

Hi!

How to disable only the windows firewall notifications in Windows 10 with group policy? I tried with registry change but didn't work.

Anybody have a solution for this problem?

Szilard

Server 2012 R2 StarterGPOs not installing

May 2, 2016, 3:50 am
$
0
0

I've encountered a peculiar problem with a fresh Windows Server 2012 R2 domain configuration where when I load up the Group Policy Management Console and click "Create Starter GPOs Folder", the folder is created in Sysvol with all 10 starter GPOs inside it... however none show up in the console.

I've deleted the folder and recreated it again from GPMC but the same thing happens, so the good thing is it's a repeatable problem, but alas it's a problem I would rather not be having at all :)

Has anyone else come across this or has any suggestions how to fix it?

MrGoodBytes

Search

Auditpol Command

May 2, 2016, 8:41 am
$
0
0

Hi Team,

I am writing a script to compare the Audit Policies applied on the server against server baseline policy settings. 

"auditpol /get /category:*" is giving output only from Local Group Policy Settings. But we have applied few audit policies from AD as well. Those settings could not able to fetch using the using  auditpol command. is there any way to find the applied Audit policies on the servers to use it in the Script.

//Bala R

Folder redirection: Local documents lost after enabling

April 11, 2016, 11:30 pm
$
0
0

Hello,

after enabling the folder redirection for one user, I experienced a data loss: All local documents were overwritten with the documents on the mapped server folder.

We managed to get the data back, but I'm not entirely sure why this problem exists. 

Before this, we enabled it for several other users, without having issues at all.

So, how can it happen that the online folder overwrites my local folder after enabling the folder redirection?

My guess is the setting "Move the contents of Documents to the new location", is this possible?

Thanks in advance and best regards.

Error Applying Printer on Windows Server 2012 R2 Terminal Servers

May 3, 2016, 1:05 am
$
0
0

Hi Guys,

We are currently experiencing an issue with out Windows Server 2012 R2 Terminal Servers were they are not mapping the printer which is assigned under Group Policy Preferences. The printer is assigned to the user, and maps perfectly fine on our Windows 10 stations but not on the Terminal Servers. I have included a copy of the error message that we are seeing in the Event Viewer in the hopes this might help.

The user 'Follow-You' preference item in the All Users {F9EEAB73-F0A5-41F3-903E-53B034BA8980}' Group Policy Object did not apply because it failed with error code '0x80070057 The parameter is incorrect.' This error was suppressed.

Follow-You
MAG All Users
{F9EEAB73-F0A5-41F3-903E-53B034BA8980}

0x80070057 The
parameter is incorrect.

The policy was Originally created by a Windows 10 Engineer PC, I wondering if might have something to do with it.

If I try and map the printer by hand (Control Panel > Hardware > Printers and Devices > Add Printer or by browsing to the server and double clicking on the printer), the printer maps perfectly fine with no errors and I am able to use it. I can do this as a normal user and as an Administrator.

Any suggestions or ideas as to why this might be happening are welcome.

TPark IT Technician

GPO - Interactive Logon: Prompt user to change password before expiration

April 21, 2016, 3:10 am
$
0
0

Dear Microsoft's Support Team,

I'm encountering a case related to GPO that notify to users before users's password expiration. Although i set (Prompt user to change password before expiration: 3 days) and client are applied policy correctly. Unfortunately when user logon into webmail OWA, it always appear the message box that notify for user remain x days to expire date (x > 3).

I had double-check client that their PC has applied the GPO (also check on registry shows Password ExpiryWarning = 3), I tried on both domain joined workstation and non-domain joined laptop, the result also the same. Dont know have another parameters need to set or did i do wrongly or missing something. I'm very appreciated if you could help me to solve the problem.


My system environment as the following:

DC: Windows 2008 R2 Standard sp1

Domain functional level: 2003

GPO Settings:

- Max Password Age: 30
- Min Password Age: 0
- Interactive Logon: Prompt user to change password before expiration: 3 days

Mail: Microsoft Exchange 2013 Enterprise

Thanks and Regards,

Thanh

GPO Query

April 26, 2016, 5:57 am
$
0
0

Hi All,

        We have added a New Domain controller to the existing DC. I need to make sure my GPO's are applied Properly.

   Existing DC : Windows 2008 SP2, Integrated DNS and GPO

   New DC       : Windows Server 2012 R2 (Added the same to existing Forest and Domain)

   Domain/Function Level : 2008

   No: of GPO's : 12

 In Old Domain Controller, I can see the event ID 1502 with the description "Group policy settings for the computer were processed successfully. New settings from 12 GPO were detected and applied"

But in New Domain controller, I can see the event ID 1502 with the description "Group policy settings for the computer were processed successfully. New settings from9 GPO were detected and applied" 

Kindly help me to understand the behaviour.

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>