Our end-users are not being notified of password to change password, and then get locked out. Win7 workstations
Been trying various GPO changes with no success.
↧
Server 2012R2 password notification
↧
IPSEC Communication between Domain Controllers
Hi,
We have a small guest network with 2 DC's which are separated using Firewalls. We have created IPsec between the DC's so that we need not to open all replication ports in Firewall. The pre-shared key is used for the same and the IPSEC is applied using Group Policy. All is working fine however we need to test changing the pre-shared key password but I have a doubt. When I change the preshared key password in policy by connecting to one DC the communication will stop immediately because of password mismatch. How the other DC will get this password when communication stops and replication is hampered.
If I change the password in Policy using other DC also then after the replication resumes there will be conflict in policy.
Please suggest how to do that
↧
↧
Group Policy Preference: Network Locations - How to add network locations
Hello! I found that we can now deploy mapped drives through the new GP preferences area. However, we do not use Mapped Drives in our enviroment, but instead set up Network Locations. How can I automatically add these Network Locations using the GP Preferences area? I was unable to find an option for this.
Thanks.
Thanks.
↧
"Location has been blocked by your system administrator"
Hello,
I want to Share several Office Apps (e.g. Word, Outlook etc.) via RemoteApp based on a Windows Server 2012 infrastructure.
But before I do, I want to configure the Office 2016 Group Policy Preferences, especially theRestricted Browsing part.
IMO I think the policy is configured well:
Approve Locations is enabled and links to severel UNC paths in our Network
Activate Restricted Browsing is also enabled for Word, Excel, Powerpoint and Outlook.
Now my Problem, as soon as I want to browse a location i receive the following warning message: "Location has been blocked by your system administrator."
The thing is, it is possible to save anything to the defined paths, but I want wo get rid of that warning.
Do you have any clue of what I might can do or are there any known issues regarding Outlook 2016 and Group Policies?
I'm looking foward for you answer.
Best regards
Dominik Beckers
↧
how to find local group policy
Hello
I am Active Directory admin.
just wanted to know if there is a way to find out only the local group policy applied to client machine. i dont want domain pushed GP
thanks
NA
↧
↧
Group Policy is not applying on Security Group
Hello Friends,
I am facing very strange issue in our environment, environment details and GPO details are as per below..
1. Windows 2008 R2 Domain Controllers.
2. Test GPO with Computer Settings has been created and Security Filtered on Security Group ( Global Security).
3. Added Particular Computer into Security Group (Global Security).
4. Linked GPO to Test OU and Moved Computer account to that Test OU.
Obervation
1. Policy is not applying on Computer.
2. If I remove the Group from Security Filtering & Add Authenticated Users - Policy Applying.
3. When I remove Group from Security Filtering & Add only Particular Test Computer - Policy Applying.
Troubleshooting Done.
As per MS https://support.microsoft.com/en-us/kb/3159398 provided the required read permission to "Authenticated Users" Group and "Domain Computers" Group, but still Policy is not applying when Security Filtering is enabled on Group.
In GPRESULT it is showing "Access Denied (Security Filtering) even after read permission to "Authenticated Users" Group and "Domain Computers" Group is provided.
Please Suggest.
MCP, MCTS
↧
Moving users to different OU but keeping GPOs
Hi
IT management wants to move users from their current organizational units over to a new OU structure within the AD.
Main problem is that users will end up in different organizational units so I can't just assign the GPOs to the target folder as it will hold other accounts too.
How can I do this while keeping the same GPOs applied to the users?
Thank you
↧
Get-GPO command renames all GPOs?
Hi guys!
Something really weird happened to me yesterday. I was troubleshooting a GPO that was not being accessed by one of the domain controllers (event ID 1058 / 1030 - actually the problem is still on and I will start a discussion about that too because I tried several things and it didin't work, and probably because of this tries that I expirienced the situation I'm about to explain). I used the command Get-GPO in PowerShell. I had used that before and it was pretty OK.
As usual, I never get the syntax right the first time. I wrote something like that:
> Get-GPO -ALL | Where {$_.DisplayName -like '*blablabla*'} | Select id, displayname
> Get-GPO -ALL | Where {$_.id -like '*{I put part of the ID here}*'} | Select id, displayname
I was trying to identify the GPO that appeared in the event 1058. I tried sometimes because I was typing it the wrong way and any results appeared. Then I looked for other GPOs that I new existed, using the same syntax, and any results appeared as well.
For last, I used the command Get-GPO -All | Select id, displayname . All GPOs were displayed, but the DisplayName was the same to all of them. I'm pretty sure the previous Get-GPO commands I gave were the responsible for that, because the DisplayName
of all GPOs were renamed to the same string I used in the previous queries (*blablabla*). I started the gpmc, Users and Computers console, and all GPOs were displayed like *blablabla* , including the asterisk
Luckly, I was able to rename them with the correct displayname because the displayname in the GPT.INI file under the GPO folder was not changed.
Do you have any ideas about what may have happened? As I said, all GPOs were renamed with the string I used in the search.
↧
The Desktop Wallpaper do not apply in the client computers Windows 7.
Hi,
I use a environment Windows Server 2012 R2 and when i apply the "GPO Desktop Wallpaper", it not applied on the stations client Computer Windows 7.
What is?
Kind Regards,
Bruno Turato.
I am from Brazil.
↧
↧
custom start menu & locked down
We need to create a GPO that does the following.
a) removes everything from the Start Menu including from the all programs area. b) then under start menu \ all programs only show 2 custom folders we create.
I can remove everything but how/where do I still allow for custom folders (or shortcuts) to still appear?
mqh7
↧
Account Management -> Computer Account Management - Failure
Hello,
I am new in windows 2012 .
I am working on the following rule, .Can any one tell me "what activity should i do to get the failure log".just want to check this policy.
The system must be configured to audit Account Logon - Computer Account Management failures
To get the logs i have done the following (Os is windows 2012 r2).
Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> System Audit Policies -> Account Management -> "Audit Computer Account Management" with "Failure" selected.
↧
Event ID : 4624
Hi, We have the following Advanced Audit policies configured for our domain, but still we dont see the event logs with machine & user logon details. your help is very much appreciated.
Log Name: SecuritySource: Microsoft-Windows-Security-Auditing
Date: 9/30/2016 10:48:37 PM
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: DC
Description:
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain:-
Logon ID: 0x0
Logon Type:3
Impersonation Level:Delegation
New Logon:
Security ID: S-1-5-21-3803837968-1534464277-3267097699-47311
Account Name: L-3PLHH92$
Account Domain:CORP
Logon ID: 0x15B72B10B
Logon GUID: {07261433-bae2-c8ef-34e8-4aa451c95ab9}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name:
Source Network Address:10.20.111.50
Source Port: 55026
Detailed Authentication Information:
Logon Process:Kerberos
Authentication Package:Kerberos
Transited Services:-
Package Name (NTLM only):-
Key Length: 0
↧
Changing lock screen image
I have applied a custom lock screen image using group policy. I have pushed that image to all the computers and applied that path in policy. Now I have change the image. I have again pushed the new file on all the computers in the domain. I applied policy
also but it is not pushing the new image on the computers. Any one can help how to fix this issue.
↧
↧
Disable UAC Policy for Windows Server 2012 R2
Hi
I have recently supplied an existing customer of mine with 2 new laptops which has Windows 10 on them. Every time the user wants to install software when logged in with their account it requires an administrator user name and password to allow the installation of the software.
I have how ever added a group policy with the "User Account Control: Run all administrators in Admin Approval Mode" disabled as well as a registry setting for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System - EnableLUA = 0 with no success. Currently I had to change this user's account to have administrator rights so they stop contacting me to log in with my administrator account.
Currently I have this issue with Windows 10 only and the other Windows 7 and 8.1 laptops don't have this issue.
I don't want to leave this user as an administrator and would appreciate if somebody can give me some input.
Many thanks
Claude
I have recently supplied an existing customer of mine with 2 new laptops which has Windows 10 on them. Every time the user wants to install software when logged in with their account it requires an administrator user name and password to allow the installation of the software.
I have how ever added a group policy with the "User Account Control: Run all administrators in Admin Approval Mode" disabled as well as a registry setting for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System - EnableLUA = 0 with no success. Currently I had to change this user's account to have administrator rights so they stop contacting me to log in with my administrator account.
Currently I have this issue with Windows 10 only and the other Windows 7 and 8.1 laptops don't have this issue.
I don't want to leave this user as an administrator and would appreciate if somebody can give me some input.
Many thanks
Claude
↧
enabling winodows 10 backup via gpo
So, I've got the eval of Windows Server 2016. And I'm trying to figure out where in GPO editor (I've already created a GPO for this) I can set the settings for this? I've looked in User Configuration\Administrative Templates\Windows Components\Backup and I don't find it.
Now this is in Group Policy Editor on the Server (It's pulling the administrative templates out of the central store). And in the central store I have WindowsBackup.admx.
All *.admx files were copied from the c:\windows\PolicyDefinitions folder on the domain control.
Any ideas? -Michael
↧
Problem with inetres.admx
Suddenly when opening Group policy manager and checking group policy settings, i get this:
Resource '$(string.SUPPORTED_IE11WIN8)' referenced in attribute displayName could not be found. File C:\Windows\PolicyDefinitions\inetres.admx, line 184, column 87
I tried copying same file (dated 14.11.2015) from another server > no change. Then downloaded newer version (dated 3.8.2016) and got this:
Resource '$(string.SUPPORTED_IE9_IE11NONWIN10)' referenced in attribute displayName could not be found. File C:\Windows\PolicyDefinitions\inetres.admx, line 162, column 103
Nothing GP related has been changed in weeks and old template has not given any errors before this. Similar errors before were fixed with replacing file with another copy or updating to newer version. Server is 2008R2 std sp1
Any ideas what to try next?
↧
Single computer always goes through managed software installs on every bootup
As the title says, we have a single computer on a domain that seems to go through the Software Installations policy every single time the computer boots up. Instead of realising that the software is already installed, it goes through all of them again, every single time - resulting in very long boot times (upwards of 15-20 minutes).
This only appears to happen on a single computer on the domain - other computers are inside of the same OU with the same policies being applied correctly (that is, they install the managed software once, but do not keep installing every single boot up after that). Event Viewer shows that there is MsiInstaller events that seem to be the software packages being installed - I can't find any reason why they would keep being done every time the computer starts though.
Any help here would be appreciated, thanks in advance.
↧
↧
The Operation has been cancelled due to restrictions on this computer, re trying to Open Google drive folder in Explorer window?
Afternoon All,
sorry to bother you all on a Monday but somewhere in GPO this is being blocked and it is doing my nut in.... we use Google drive and Google drive sync, no problems as Administrator but when a staff member logs in different story, when they click on the Google Drive link on the left hand side they get the following message.....
any ideas where in GPO this is hidden ??
many thanks
Andy
↧
Bug when copying items that have "Run Once" selected
Seems like I found a bug in ILT (Item Level Targeting).
When you copy items in GPPs that have "Apply once and do not reapply" selected,
the Filter-ID won't be changed.
So the new item has just the same ID.
For example if you use the CSE "Group Policy Files" and copy items,
only the first item will be processed.
If you have let's say three items (that are copied), there IDs would all look like this:
<Filters><FilterRunOnce hidden="1" not="0" bool="AND" id="{2B28F5C1-237A-4EDB-8318-F2B862493D89}"
If the item is processed, CSE will create the key for the ID in HKEY_CURRENT_USER\Software\Microsoft\Group Policy\Client\RunOnce
"{2B28F5C1-237A-4EDB-8318-F2B862493D89}".
The next two files will fail, because the RunOnce key already exists.
MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!
↧
Prefence Apply Once Counter?
Hello Everyone
Does anyone know how the GP preference apply once option works in regards to remembering who has run the preference? Is there a counter somewhere inside the users profile? Is it machine specific?
Why I ask is we need to apply settings to users profiles when they are first created or if the profile needs to be reset. It is working fine for a new users but want to make sure that if we need delete there roaming profile (And local copy in c:\user) that the settings will apply again.
Thanks
↧