Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Group Policy Preferences not applying printer

May 3, 2016, 2:28 am
$
0
0

Hi Guys,

We are currently experiencing an issue with out Windows Server 2012 R2 Terminal Servers were they are not mapping the printer which is assigned under Group Policy Preferences. The printer is assigned to the user, and maps perfectly fine on our Windows 10 stations but not on the Terminal Servers. I have included a copy of the error message that we are seeing in the Event Viewer in the hopes this might help.

The user 'Follow-You' preference item in the All Users {F9EEAB73-F0A5-41F3-903E-53B034BA8980}' Group Policy Object did not apply because it failed with error code '0x80070057 The parameter is incorrect.' This error was suppressed.

Follow-You
MAG All Users
{F9EEAB73-F0A5-41F3-903E-53B034BA8980}

0x80070057 The
parameter is incorrect.

The policy was Originally created by a Windows 10 Engineer PC, I wondering if might have something to do with it.

If I try and map the printer by hand (Control Panel > Hardware > Printers and Devices > Add Printer or by browsing to the server and double clicking on the printer), the printer maps perfectly fine with no errors and I am able to use it. I can do this as a normal user and as an Administrator.

Any suggestions or ideas as to why this might be happening are welcome.

TPark IT Technician

Search

GPOs do not apply on Windows 10 Enterprise x64

September 10, 2015, 6:03 am
$
0
0

Hi there,

When booting a Windows 10 machine (Lenovo laptop) GPOs are not loaded. Of course I can apply them later on via gpupdate /force.

When I have a look into the system log I get always an error in there with the ID 1058. Checking the error code in the details says: Network access is denied (error code 65).

It tries to access a gpt.ini file from the policies but does not get through.

When I restart the computer, click the link in the error message I get an error that the file cannot be accessed. Nevertheless after about 30 seconds the access to the file just works.

For me it seems that there is a service pending start which is needed for the domain access. I bet it has to do with DFS as the GPO access works via DFS path(namespace).

This is quite annoying as the machine policies are not loaded neither the user policies.

Here the details from the error message:

Log Name:      System

Source:        Microsoft-Windows-GroupPolicy

Date:         10.9.2015 13.19.02

Event ID:      1058

Task Category: None

Level:        Error

Keywords:     

User:         xxxxxxx\xxxxxxx

Computer:      xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Description:

The processing of Group Policy failed. Windows attempted to read the file \\my.domain.com\SysVol\my.domain.com\Policies\{3933BE19-C3FF-4C22-9434-B64C654C8B06}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.

b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).

c) The Distributed File System (DFS) client has been disabled.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />

    <EventID>1058</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>1</Opcode>

    <Keywords>0x8000000000000000</Keywords>

    <TimeCreated SystemTime="2015-09-10T10:19:02.977910800Z" />

    <EventRecordID>1318</EventRecordID>

    <Correlation ActivityID="{9C0C77C4-AFC1-4A0E-9BFE-BE698091D73C}" />

    <Execution ProcessID="932" ThreadID="3588" />

    <Channel>System</Channel>

    <Computer>xxxxxxxxxxxxxxxxxxx</Computer>

    <Security UserID="S-1-5-21-1410795398-2781916069-518169928-1178" />

  </System>

  <EventData>

    <Data Name="SupportInfo1">4</Data>

    <Data Name="SupportInfo2">912</Data>

    <Data Name="ProcessingMode">1</Data>

    <Data Name="ProcessingTimeInMilliseconds">421</Data>

    <Data Name="ErrorCode">65</Data>

    <Data Name="ErrorDescription">Network access is denied. </Data>

    <Data Name="DCName">\\xxxxxxxxxxxxxxxxxxxxxxxxxxx</Data>

    <Data Name="GPOCNName">cn={3933BE19-C3FF-4C22-9434-B64C654C8B06},cn=policies,cn=system,DC=xxx,DC=xxxxxxxx,DC=xxxxx</Data>

    <Data Name="FilePath">\\my.domain.com\SysVol\my.domain.com\Policies\{3933BE19-C3FF-4C22-9434-B64C654C8B06}\gpt.ini</Data>

  </EventData>

</Event>

GPO for Secuirty Group to Restrict PST import and Export

May 3, 2016, 6:52 am
$
0
0

Hi ,

I have multiple OU’s every OU contains few users. We are migrated our exchange, Now what be want user from Any OU, Who have been migrated to new exchange can’t Import, Export or create PST. For That i have created a Group policy, Now  i created one security group, Add that group into Group policy’s delegated assign read & apply group policy permission. Later add few users in that group from different-different OU’s , User are still able to import & export the PST. note : same policy is working fine on OU but not on security group.
Please let me know which step i am missing.

Thanks in advance

Help installing MSI via GPO

May 3, 2016, 12:47 am
$
0
0

Hello,

This is driving me crazy, I'm never installed software via a GPO before and have been asked to install an MSI silently to our users.

MSI - https://www.citrix.com/downloads/citrix-receiver/additional-client-software/hdx-realtime-media-engine-201.html

Some already have an older version of the MSI some don't have it.

I've copied the file to a share that all users can get to and tried to assign a package to my Computer or User policy and neither works.

I've followed this.

https://support.microsoft.com/en-gb/kb/816102

In the event logs all I see is event code 1040 which says "Beginning a Windows Installer transaction....."

Server 2012 R2 Standard cannot push out MSI via GPO

May 3, 2016, 8:22 am
$
0
0

Hi All,

I am having a bear of a time with this, I have created a GPO to push out an MSI to a test windows 10 workstation. The MSI

is Symantec AV software, I have created the proper folder with permissions to the Everyone object and used the UNC path

in the GPO to get to that path. When I do a gpupdate /force on the PC and reboot the PC, the GPO get enabled however the MSI never gets pushed out to the PC. There are no errors in any of the logs just good confirmations that the GPO was accepted.

I have also tried this with a windows 7 PC with same results. I do want to mention this, I created an OU in AD and moved the 2 computers from the computer OU to the test OU. In the GPM console, I created the GPO off of the test OU and not directly under

the Domain name (school.local)

Any ideas as to what I am missing here. By the way, this did work once last week and never worked since.

Thank you -Al

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.

May 3, 2016, 8:32 am
$
0
0

The error in the title is now showing up in the Event Logs of dozens of different Windows 7 workstations.  It is now taking some machines over 1 hour to log in. A user will enter their name and password and then press Enter. They see the "Welcome" screen on Windows 7 and it hangs at the Welcome screen. One machine took over 2 hours to log in. Why? What can cause this?

In our GPO Management we have only a few GPO policies being applied.   And they have not changed in a long while.  We do NOT install any software via GPO.   We use it mainly for IE settings, Trusted  Site lists, to call a login script, custom wallpaper....stuff like that.

This started to happen a few weeks ago and now it is happening more and more and uses are very upset.   I've Googled this a bit and I've seen some posts that speak of Printer Drivers.  That does not appear to be our issue.  It is something else. 

Also it is hit or miss.  User "A" can take 45 min to log in today and then tomorrow it takes 1 minute. 

mqh7

I wanted to add that here is how the service is setup on the machines where it won't start. 

Internet Explorer 11 favorites location - Folder Redirection

May 3, 2016, 12:33 am
$
0
0

Hello,

we configured Folder Redirection for our user profiles. Additionally, we enabled the move of the Internet Explorer favorites to a new location.

I noticed that, despite running fine on Windows 7 with IE9, the IE favorites don't show up on Windows 10 with IE11. The online folder with the favorites is fine, but IE11 just ignores the setting to NOT save them local.

Context:
Win 7 / IE9 (works):

Old location: C:\Users\<user>\Favorites

GPO defined new location: \\<servername>\...\<user>\Favorites

Win 10 / IE11 (Doesn't work):

Old location: C:\Users\<user>\Favorites

GPO is active and working, but it stays at the old location.

Can anyone help me out?

Regards,

Phillip


Outlook 2010 Auto Complete

October 12, 2010, 2:31 pm
$
0
0

With Outlook 2010, the name cache is no longer stored in an N2K file it is actually stored in the Exchange mailbox (or pst) in your contacts folder in a sub folder called "Suggested Names".  I have found the way via Outlook to purge the names in here but does anyone know of a way via GPO or a script to do this?

Thanks!

Search

Group Policy For Wireless Clients Not Working As Desired

April 22, 2016, 10:21 am
$
0
0

Hello All,

(Windows Server 2012 R2 Domain, Windows2008 Radius, Windows7 Wireless Clients)

(Goal)

- We want to have the ability to create a domain password policy so that our wireless client computers will get prompted to change their passwords when prompted (right now our default domain policy is not setup yet to force password changes) at login but we ran into some issues when testing password changes.

- Our wireless clients connect through a Microsoft Radius NPS server. We also have a NAC device that acts as a proxy so that computers can register their laptops - the NAC then hands the connection back to the Radius after the registration is complete.  If a password is changed then there appears to be an issue authenticating unless we go hardwire, change the password and then connect back to wireless after the password gets cached. For us to get around an issue with wireless clients having authentication issues when the password is changed we needed to create an OU and used the settings from this link as a guideline:  https://msdn.microsoft.com/en-us/library/dd759176.aspx

- So we created the OU and enabled and linked the OU and here is a summary of what is going on:

(Testing Password Change/Rebooting Laptop)

- If we set the account in AD to prompt user to "change the password at  next login" after a reboot we do not see the "wireless OU" splashed at the login screen. When logging in the previous password is cached and the user is not prompted to change the password.

(Logging Off and Logging On)

- However if we logoff (after the logging on at reboot) we then do see the Wireless OU and then we do get prompted to enter the old password and enter a new password.  So it appears that when the computer is shutdown or rebooted, during the reboot and the login process the wireless GPO policy is not processed but when you logoff and logon the wireless GPO policy is processed. 

Sorry for the long post. Hope this making sense to someone.

Thanks for the time,

Bob

Error 0xc00ce558

May 4, 2016, 12:38 am
$
0
0

Hi

I have a problem with Windows Server 2012.When I click on Windows Setting (GPO Editor-->Computer Configuration) this error appears

error 0xc00ce558 occurred parsing file.

XML document must have a top level element

and also Shortcut Item isn't  in this.what do I do?

Disable only windows firewall notifications in Windows 10 with Group Policy

April 28, 2016, 1:59 am
$
0
0

Hi!

How to disable only the windows firewall notifications in Windows 10 with group policy? I tried with registry change but didn't work.

Anybody have a solution for this problem?

Szilard

GPO "Deployed Printer Connections" Component Failed

April 28, 2016, 4:23 am
$
0
0

Hi,

We are running a VDI environment with over 1000 Windows 7 desktops provisioned on top of a "thin" Windows 7 base image and we are attempting to deploy printers to the think Windows 7 base image, that will then get pulled through to the VDI session, to allow users to be able to print. This works for the majority however we have some users that report their printer is not available, and upon investigation it looks like the printer is not installed on the underlying base machines.

I've been running some troubleshooting and when I process group policy modeling with a user and the PC object in AD, the results fail with deploying the "Deployed Printer Connections"

This is a screenshot of the error that gets displayed running the modeling on the domain controller. Typically, I have checked the logs on the domain controller and there is not any additional information on what this might be, logged at all. Could anyone provide more information on what this actually means that's failed? Because it doesn't look like the actual GPO objects have failed to process at all. I don't understand this.

Find Grained policy apply on Domain_Users how is that ?

May 4, 2016, 5:39 am
$
0
0

Hello,

I am not mastering Microsoft world, i am a security guy and during a security audit there is something that i want to figure out , at the costumer i have seen they are managing the password policy from find grained password policy and not from group policy. when i looked at the fine grained policy i have seen they set  the policy to be apply on Domain_Users group (instead computer group) and actually it works. As i know the password policy should apply on computer objects so how it is possible ?

another question, how can i check from workstation the find grained policy ? secpol.msc and gpresult show only security policy from group policy objects.



Software Restriction Policy - Machine Policy Section - local Administrators

May 4, 2016, 4:59 am
$
0
0

Hello,

I have an issue with GPO and Software Restriction Policy.

I have defined a computer policy containing SRP and excluded it for local Administrators.

I am logged in with my domain user who is in the local administrators group on the Windows 7 client computer.

**Default setting is restricted - for all Software except dlls. And it should be applied to all except local Administrators.**

Still the SRP settings restrict programms altough I am in the local Administrators Group.

Can someone give me advice?

Regards.


Prevent Windows 10 upgrade from Windows 7 - GPO using "Turn off the upgrade to the latest version of Windows..." not working

May 4, 2016, 7:17 am
$
0
0
A month or so ago, various Windows 7 machines for my customers automatically started upgrading to Windows 10 without any user interaction. I created a GPO within various Windows Server 2008R2 domain controllers to disable Windows 10 upgrade using the settings for Computer Configuration/Policies/Administrative Templates/Windows Components/Windows Update "Turn off the upgrade to the latest version of Windows through Windows Update" - Enabled. This is applied at the root of the domain. However, Windows 10 is still being deployed. Is this not applied correctly? I've found other options to do this, but this appears that it should be the simplest way to do this IF it would work. Thanks
Search

How to add all the Local Group Policies of windows Server 2012 to Windows Server 2008

May 4, 2016, 4:54 am
$
0
0

Hello,

Is there any method to add the new local Security Policies of Windows Server 2012 to windows  Server 2008 as some of the Local Security Policies are not available in windows server 2008 but in Windows Server 2012 those policies Exists.

Thanks


GPO's for IE 11 and IEAK11?

May 4, 2016, 5:29 am
$
0
0

MS,

After upgrading all user to IE 11, the GPO's that were in place for prior versions of IE no longer work. I've created a INS file to include the Proxy Settings and other browser settings using IEAK11 tool. What do I do with the files created using this tool? The IEAK documentation is a bit sketchy on the steps after creating the files. Help is appreciated.

Thanks

Addition of URL in Local Intranet via GPO

May 4, 2016, 7:50 am
$
0
0

 We have Windows 2012 R2 DC and Windows 7 SP1 with IE11. We have got a request to add a URL in local Intranet via GPO.

I have tried to use the GPP to add the URL via registry, it creates the registry key but Its not Visible in Ie

I am using the below path to add the key.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1

Also what would be better User or Computer configuration?

Thanks HA

Printer Deployment and Restiction

May 4, 2016, 2:40 am
$
0
0

Hi Frenz,

            I have 03 Printers in my office each one in every floor. So we have deployed printers using GPO on each floor.

            So for example Printer 01 will be configured in my PC using GPO, that is perfect, but still I'm able to access the printer 02 and 03 and add on my PC through Network share. I should restrict this behavior (User should be able add the printers on their own apart from GPO printer). Someone please help me on the same.

Edit GPO 2008R2 with GPMC 2012R2

May 4, 2016, 2:39 am
$
0
0

Hi,

I wonder if there is a downside to edit domain 2008r2 GPOs with GPMC on a member server 2012R2.

I need the GPP for IE11, and the easiest way is to use a 2012 GPMC, but i don't want to corrupt the other GPO template...

Thanks.

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>