Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Languages not listed in Item-Level targeting for GPP User policy Registry Item in Windows 10 or Windows Server 2012 R2

November 18, 2016, 10:35 am
$
0
0

I have 2 issues:

1) I believe this is a bug...  In GPMC using RSAT tools for windows 10 or GPMC on Server 2012 R2 I navigate to User Configuration->Preferences->Windows Settings->Registry and attempt to create a new Registry item.

I can create the item and target to:

HKLM\CurrentControlSet\Control\MUI\Settings the REG_MULTI_SZ item is PreferredUILanguages

Here I can see the top selected language present.  If I change it, it would be the alternative.

I'm working with en-CA and fr-CA.

Then when I use the Common tab and select Item-Level targeting, I select User Item languages and cannot select the language I need which is English (Canada) and French (Canada). The choices aren't there despite both being installed on my system.

2) I need to automate the OS or System language following the UI language.  I'm aware that there is a setting to do this called Copy settings in the advanced settings of the languages control panel applet.  The operation when done manually requires elevation which is why I'm configuring a GPP to do it.

Does this seem right?





Search

Block Certain Setting from SystemSettings.exe

November 8, 2016, 7:40 am
$
0
0

So I found that there is one GPO "Prohibit access to Control Panel and PC settings"

This blocks everything, even control.exe

But I just want to block certain things. for the classic control panel I can do this via the "Show only specified Control Panel Items" GPO setting.

Nothing to be found for the PC settings (=systemsettings.exe)

How can I achieve this?

For use on a Windows 2016 Remote Desktop Session Host

Group Policy Preferences Errors - Event ID 8194

November 24, 2016, 4:54 pm
$
0
0

I have a Windows 7 workstation (possibly more than one) that keeps giving the following error every time Group Policy is refreshed.

Event ID 8194

The client-side extension could not apply user policy settings for 'PolicyName  {PolicyGUID}' because it failed with error code '0x80070003 The system cannot find the path specified.' See trace file for more details.
I have tried applying the following hot fixes but they both say they are not applicable to the workstation

https://support.microsoft.com/en-au/kb/2904034
https://support.microsoft.com/en-au/kb/979731

I have turned on the trace files and found the following

2016-11-25 08:02:22.995 [pid=0x510,tid=0x15b0] Failed to open file. [ hr = 0x80070003 "The system cannot find the path specified." ]
2016-11-25 08:02:22.996 [pid=0x510,tid=0x15b0] Error reading GPE XML data file. [ hr = 0x80070003 "The system cannot find the path specified." ]
2016-11-25 08:02:22.996 [pid=0x510,tid=0x15b0] Completed loading of package. [ hr = 0x80070003 "The system cannot find the path specified." ]
2016-11-25 08:02:22.998 [pid=0x510,tid=0x15b0] Completed apply GPO. [ hr = 0x80070003 "The system cannot find the path specified." ]
2016-11-25 08:02:23.003 [pid=0x510,tid=0x15b0] Leaving ProcessGroupPolicyExPrinters() returned 0x00000003

I have also run a dcdiag on the domain controllers and everything looks fine from what I can tell. I also manually checked a few DC's sysvol folders for replication and everything looks fine there too.

Anyone have any ideas as to where to look next?

Thanks in advance :)


Modify Windows server 2012

November 18, 2016, 6:08 am
$
0
0

We currently have a published desktop in Citrix for server 2008, I can assure you this topic is related to Microsoft Group Policy.

The objective is to publish a server 20120 desktop instead of an the existing server 2008 published desktop. Internally that would be a large learning curve for the end users  SO we want to make it easily adaptive to 2008 yet it must be 2012. 

I know that server 2012 has a toggle between tiles and the desktop and of course to add to the confusio9jn comparing this to group policy without using classic shell, I have found some information on the internet including installing feature, desktop experience and then cleaning away the tiles.

We need group policy to have them only login to the desktop and then only allow Logoff from the Start menu or if tile switch and start menu is not available I can see that there is a group policy to remove the Do not show start menu at login, but what about removing the Tile feature altogether and the start menu?   We could put application shortcuts on their desktop and then a shortcut to logoff.

This way they can just logoff at the desktop, but if we do that we would need to ensure that they do not delete the shortcut.  Hopefully I have defined the objective, please help.  Please let me know if you have any questions that I have not described.

Windows 10 Downloads folder - not redirecting

November 24, 2016, 1:04 am
$
0
0

Hey,

We redirect all folders possible through GP.  Got a weird issue with the Downloads folder on Windows 10 though.  Windows still wants to use C:\Users\<username>\Downloads when you click the folder under 'This PC'.

Weirdly, event viewer shows it as directing successfully, but the Location tab (and registry) shows the local folder.  If I change the registry to be the network share, the Location tab updates, but it still wants to use local folder when clicking it under 'This PC'

Registry after GP update:

Location tab after GP update:

Registry after manual change:

Location tab after manual change:

But even after the manual change in registry, we still get the same error as the first image attached here.

GP Settings:

Any ideas?

Internet Explorer policy

November 24, 2016, 9:30 pm
$
0
0

Hi,

In our IE 10/11 group policy, the "Play Animated in web page" option is not check, however users are able to view animated contents from webpages.

Trying to figure out how come users are allow to play animated gif - which other policy setting(s) that could actually allowed this?

please shed some lights.

Thanks

Best Regards,

Client-Side Extension could not apply user policy settings / There is a time and/or date difference between the client and server

November 17, 2016, 11:46 am
$
0
0

So I'm having some time/date issues pertaining to group policies.  I'll try to explain the situation as simply as I can.  

We have 3 servers outside the US (they are an hour behind in time from our PDC time because of their time zone).  Those servers were in a domain that is setup as a two way trust with our domain in the US.  

Now, two of those servers were joined to our domain.  The remaining server which happens to be their domain controller has not been demoted and then promoted on our domain yet.  Here is the problem I'm having:

Users on our domain RDP into those two servers that were joined to our domain.  They process group policies located on our domain.  The problem that we are having is that not all the policy settings are being applied.  I am seeing these messages in the event viewer:

The client-side extension could not apply user policy settings for 'GroupPolicy Name F57D3-3F35-4747-8E3A-C89EE330FAF8}' because it failed with error code '0x80070576 There is a time and/or date difference between the client and server.' See trace file for more details.

So what I did is went to every domain controller in our domain and the trusted domain and synced up the time with our PDC.  It applies the time zone during the sync but they are all synced up.  The servers that we joined to our domain are also synced up with the PDC but I'm still getting this message.  

I read somewhere about the kerberos time threshold and how you can change that from the default 5 minutes to whatever you want.  But I shouldn't have to do that, the group policy should see that the time is synced up but the server is just in a different time zone from where it's pulling the group policies from.  Can anyone help?  


WMI Filter Generic Failure

November 8, 2016, 1:25 pm
$
0
0

Hi, 

When I am Trying to create WMI filter (On Any Queries)

I am getting this message



and this error as soon as i click on SAVE

I am a domain admins 

im using Windows Server 2012 R2

Search

GPO filtered out

November 20, 2016, 4:52 am
$
0
0

Hi, i configured a group policy object that changes some value on the registry.
but for some reason, not matter where i am linking that GPO I am always getting "the following GPO was not applied because they were filtered out"

I think it's maybe because we already have a gpo that has some settings and one of the settings is that setting that i configured into that GPO that doesn't work... (this GPO that doesn't work does the opposite - I want to do exceptions for some users).

Maybe I have a way to do exceptions for that existing GPO I have? I will be more than happy if you will tell me how to do that.

Thank you

Windows Auditing: policy is applied but categories defined in GPO are not.

November 17, 2016, 2:07 pm
$
0
0

DC: Server 2012 R2

Target (Fileserver): Server 2012 R2

I have a GPO in place that is being applied, and policy is showing up as applied with no errors in RSOP. However, the additional categories set ...\Security Settings\Advanced Audit Policy Configuration are not being set as defined in the GPO. 

After an auditpol \clear and gpupdate, event 4719 are logged on the target showing that the policy configuration was changed and gives details of categories being set to success/failure. However, not the categories defined in the GPO.

I have attempted an update of the policy both with Audit: Force Policy subcat settings to Enables and Disabled.

I gather from scenarios in other forum posts that this may somehow relate to legacy auditing policy, but I am unclear on how to affect this. There is no audit.csv in the sysvol folders on any of my DCs, and I've checked the only other GPO applied to the target (the default domain policy) which does not have these categories defined. I'm super confused, any help appreciated!!

Added new server - GPMC can't see it

November 17, 2016, 12:04 pm
$
0
0

Ok, so, I've setup a new server running 2008 R2, and it's going to be the new WSUS server for my workplace. Now, in order to get it to work, I have to exclude it from a couple of rules in the GPO. (It's complicated, I'm new here.) I've logged it into the domain, and it's visible in the Active Directory, but when I try to add the exception to the GPO in the Group Policy Management Console, it doesn't come up when I search for it. Every other machine with its naming prefix does, though.

I logged it into the domain about 4 hours ago.

Ideas?

Fondo de pantalla no se aplica en Windows 10 por GPO.

November 17, 2016, 11:10 am
$
0
0

Buenas tardes!

Tengo Windows Server 2012 R2 y he creado una GPO para fondo de pantalla y los equipos con Windows 10 no se aplica la politica, como se puede solucionar este error??

Gracias por su apoyo!

GPO - computer configuration not applied

November 17, 2016, 5:11 am
$
0
0

Hello

I know there are many topics about not working compuer configuration but I didnt found the answer.

Im trying to create GPO where user will get specified printer determinated by location of computer but my policy isnt applied.

I have created OU's like below:

-ALL LOCATIONS
--Location 1
--Location 2
--Location 3
---Computer 1
--Location 4

Computer 1 is a member of security group and policy with printer config is applied for that group.

Gpresult as a applied gpo's shows only default two: Default domain policy and local domain policy.

What have I did wrong?

Regards


How to remove GPO Internet Explorer Maintenance

November 17, 2016, 2:23 am
$
0
0

Now we use windows server 2012, Win2012 don't have GPO of Internet Explorer Maintenance, But this GPO export from win 2008 r2 , when i want to remove that policy don't have option , Please help to advise or suggest to me . Thanks

We have standard GPO, how to generate a report to show the deviation between the standard and GPO applied?

November 14, 2016, 10:59 pm
$
0
0
We have standard GPO, how to generate a report to show the deviation between the standard and GPO applied?
Search

KB3163912 breaks Point and Print Restrictions GPO settings

July 13, 2016, 1:10 pm
$
0
0

Our labs install our printers through a simple Start Menu\Programs\Startup VBS script that points to a printer depending on the machine name.  This saves anywhere from 1-5 minutes from our login times.

This morning after the new cumulative update KB3163912 all our lab machines are now prompting for admin credentials to install these print drivers.

I have changed the Point and Print Restrictions section of our GPO to both "disabled" and "enabled" but without server restrictions, and disabling elevation prompts.  Neither take any effect.

After removing KB3163912 the printers install fine without any prompts.

We can add our printers back to the typical GPO location for now, but no doubt we will receive complaints on our login times increasing.

GPResults show our group polices are processing fine on machines that are both pre and post KB3163912.

Change default region

November 26, 2016, 12:19 pm
$
0
0

Hi

I have server 2012 R2 .I want to change default region via GPO but location (User Configuration ->Preference ->Control Panel Setting ->Regional Option) is disabled and language is not work properly.I tried to change registry (Computer Configuration ->Preference -> Windows Setting ->Registry) (HKEY_CURRENT_USER\Control Panel\International) but it also does not work.Other policy options working properly.Please help me.


password complexity

November 26, 2016, 4:23 pm
$
0
0
Soo, trying to create a new user and I get this: Windows cannot create the object <user? because:
Unable to update the password.  The value provided for the new password does not meet the length, complexity or history requriements of the domain.  Yet, in the Default Domain Policy, I have these settings:

computer configuration - policies - windows settings - security settings - password policy

Policy Policy Setting
Enforce password history Not Defined
Maximum password age Not Defined
Minimum password age Not Defined
Minimum password length Not Defined
Password must meet complexity requirements Disabled
Store passwords using reversible encryption Disabled                       Any ideas?

Windows Server 2012 Standart User Login Problem

November 27, 2016, 6:27 am
$
0
0

Hi,

I install Active Directory on my Microsoft Windows Server 2012 test server. I have created new standart users and groups. I want to login with the users. But I have an error when log on as like "The sign-in method you're trying to use ins't allowed. For more info, contect yout network administrator". 

So, I used secpol.msc , this opened "Local Security Policy". The "Add User or Group" button is inactive. So I invoke the "Group Policy Management Editor" from the command line using the command "gpmc.msc". This command invoked a "Group Policy Management" window. I have added my new users from it. Then I run "gpupdate /force" to apply the policy. 

But I can not login again. What is the problem?

Allow only single website URL for a Domain user

November 27, 2016, 9:36 pm
$
0
0

Hi, 

Please help me in solving the following concern:

OS: Windows Server 2012 R2

Need to allow only one or two specific URLs for a particular domain user with GPO. 

Thanks in Advance

Arun Madhav

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>