Our IE GPO is set to Start with home page.
User Configuration - Preferences - Control Panel Settings - Internet Settings - Internet Explorer 10
However when you look at any of the users settings in IE11 the option "Start with tabs from last session is selected". When you change it, it reverts back again after the user logs in again.
Any idea why this would happen?
Thanks
Hello, With my shared deployment of Office 2016 on my RDS server my users are getting notifications in Outlook that there are updates available and gives them the option to install which on a heavily used server will hang it up.
I installed the Office ADMX template on my AD server and then set the policy under Updates to Hide. I then did a gpupdate /force and logged in as a standard user. The notifications still exist. I ran gpresult /r from the users desktop and the policy was applied. I added the correct user groups and server into the secion that the policy be applied to. Not sure what to do at this point. Any suggestions would be appreciated
I have created a folder using Group Policy if a member is part of a specific AD Group. Also, if a member is added to this specific AD Group, it will create a shortcut to a folder location.
If the member is taken out of this AD Group, I want the shortcut and the folder to be removed. I have the shortcut working correctly, however the folder is not being removed.
I have the 'Delete this folder (if emptied)' checkbox checked, but still no deletion of the folder...
I need some help along these lines but I am not sure exactly what is going on. I have a lot of custom GPOs that I cannot lose and need to recover. We had some kind of catastrophic failure that caused the DCs to enter AD recovery mode. I was gone over the weekend and another administrator recovered one of the DCs, built another, and demoted the other. Everything seems to work fin now except group policy. I am very knowledgeable in AD but for the life of me, I cannot find a way to fix this. Here are the details:
MSP-DC00 - Windows Server 2008R2 Standard
MSP-DC01 - Windows Server 2008R2 Standard
MSP-DC02 - Windows Server 2012R2 Standard
DC00 was the FSMO and all of the other roles holder. The other administrator demoted DC01, built DC02 and transferred all roles.
DCDIAG on both servers shows:
* The current DC is not in the domain controller's OU
......................... MSP-DC00 failed test MachineAccount
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=analytics,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=analytics,DC=local
......................... MSP-DC00 failed test NCSecDesc
Unable to connect to the NETLOGON share! (\\MSP-DC00\netlogon)
[MSP-DC00] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... MSP-DC00 failed test NetLogons
The new DC02 also shows:
Several of these:
An error event occurred. EventID: 0x00000422
Time Generated: 01/26/2017 11:45:12
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\analytics.local\sysvol\analytics.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
......................... MSP-DC02 failed test SystemLog
Bonjour users,
I want a tightly controlled environment of Windows Server to deploy my sensitive application.
How can i only allow CA signed trusted applications/programs on Windows Server. The unsigned and untrusted publishers should not be allowed to run on my server machine. Please guide me.
Scott Thomas
Scott Thomas
Hello,
Do you know where I can find, in the registry, the matching value "Audit: Shut down system immediately if unable to log security audits" ?
Is there a other way to interrogate a Windows server (not a DC), thoughs command lines , on this configuration "Audit: Shut down system immediately if unable to log security audits" ?
The goal is to build an inventory, not to make any change.
In fact, "Audit: Shut down system immediately if unable to log security audits" is just an example of what we search.
We many many items to search for many servers.Also, the changes are done by people Inside Active Directory, and directly on each server Inside local GPO.
We try to build a tool to control this activity.
Regards,
Hello,
I am trying to setup two terminal servers to have the PDF printer set as default via a GPO. I understand how to do this with physical printers, but I am unsure how to point the policy to a software on the servers themselves. The PDF printer is installed on the server for all users. Is this possible to point it to a file path possibly or a printer name on the server?
Hi
Can anyone tell me how to set SparseExclusionList using Group Policy please?
I tried GPO setting "Files not cached" but it creates a RegKey named "ExcludeExtension" which does not fix our issue with .tmp files and Offline File sync conflict. Only SparseExclusionList works.
DC -> Win2008R2
Client -> Win7 SP1 Enterprise
Hello,
I try to find this file : WindowsServer2008R2andWindows7GroupPolicySettings.xlsx
But the link is not working.
and for you ?
Regards,
Hi,
I created a group policy "block USB disk access", applied it to the domain and it worked properly. After that I removed the "Apply policy" from authenticated users and created a user security group and added it under policy delegation with read and apply policy permissions. It is not applied to a user that belongs to this security group. Group policy results shows "Access denied (Security filtering)" for the specific policy. What's wrong with the settings?
I'm stumped on this one.
I have an AD environment with five sites, ten domain controllers. All DCs are running Server 2012 R2 and that is also the functional level of the domain. I built up a new print server (running Server 2016 w/ full GUI) and when deploying a printer from print management, I get this error when browsing for the GPO to add the printer to:
"Failed to query for the list of Group Policy Objects linked to this container." Details: "A referral was returned from the server."
If I close the error and try browsing again, eventually it will show me all of my OUs and GPOs. It usually takes about 4 attempts. I have never seen this error appear anywhere other than print management. It shows up regardless of whether I'm using print management from my desktop (connected to the print server) or from the print server directly.
I ran a dcdiag and everything passes. Group policies are applied properly to clients. At the site my desktop and the print server live in, I've powered off one DC at a time to see if I could isolate it to a request made to one or the other. There was no change in the behavior when either one was shut down.
Any ideas? Thanks!
I have a need
to set Internet Explorer homepage to open an additional tab to an internal
SharePoint site. The site is for company managers to view\edit.<o:p></o:p>
The need is
for both IE and Chrome browsers. I have the ADMX installed for Chrome. I have
the following settings set for IE.<o:p></o:p>
Path is User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\Disable changing secondary homepage settings<o:p></o:p>
I have it set
to Enabled and using the Show list for the Secondary Home Pages in the Options
box I set the SharePoint site.<o:p></o:p>
I have
basically the same settings for Chrome but I would guess that I would need to
contact Google to research that issue so I'm not adding that here, unless
someone here wants to discuss that.<o:p></o:p>
<o:p> </o:p>
I've created
a Security group in Active Directory to use to add the necessary people to
instead of listing out each user and having to edit the GPO each time a user
needs added\removed. And I have that setting made in the GPO under Security
Filter on the Scope tap of this GPO. I then linked the GPO to the top level
(not at the Domain level) OU containing the OU's for all the departments where
the managers accounts live. I've even set it to Enforced to ensure that Block
Inheritance will not stop the GPO from being applied.<o:p></o:p>
My issue is
that it never actually makes the browser setting changes and opens the
additional tab in IE and Chrome. I've run the Group Policy Modeling Wizard
against the users individually and the policies show as applied.<o:p></o:p>
<o:p> </o:p>
I've even
changed the policy to not look at the Security group and only at the users listed
individually and the GPO does show as applied but settings never get passed to
the browsers.<o:p></o:p>
Any and all
assistance is greatly appreciated.<o:p></o:p>
<o:p> </o:p>
Len<o:p></o:p>
Leonard Hoffman
I'm getting a syntax error on the following WMI filter what am I doing wrong?
SELECT * FROM CIM_DataFile WHERE path = "\\Program Files\Bluebeam Software\Bluebeam Revu\2016\Pushbutton PDF\\" OR WHERE Path = "\\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\\" AND filename="PbMngr5" AND extension="exe"
Mary
On the Win 2008 DC 64 bit version opening the administrative templates
I receive an error for each template: Encountered error while parsing. An appropriate resource file could not be found for file \\domain\sysvol\domain\Policies\Po... Appcompat.admx (error = 2) The system cannot the file specified.
But if I browse to the same file position the admx files are there.
The server2008 has been migrated from 2003. Any idea?
Mauro
We have a VM of our Server 2012 DataCenter - We have some remote users who we add to the local "Remote Desktop Users" on the PC - but they disappear after Group Policy is refreshed. How do I track down which group policy is doing this? I've looked at the few we have and there is nothing indicated that would delete the users from the remote desktop group.
I can supply my group policies as well if you need to see them.
Hi
After instaling admx temlates (Version 2) for Windows 10 or after last Windows Update, computers with Windows 7 and Windows 10 start requiring administrative credentials durign install some shared printers. Last week everything was ok. Users can add printers without administrative credentials. In GPO i set up option:
Computer Configuration\Admin Templates\Printers > Point and Print Restriction
This setting has:
Security Prompt:
When installing drivers...: Do not showe warnings
When updateting drivers...: Do not showe warnings or elevation prompt
But now it is look like it doesn't work now. How to solve this problem?
Kind Regards Tomasz
Hi,
i want to block few websites like facebook,youtube for some time period for ex: 1 pm to 2 pm for all domain users.please guide me how to apply these settings.
Thanks
Hello,
Basically, I was testing a script which disconnects a share. I tried to run on a local PC and got an execution policy error. Then I have updated a script with "-SetExecutionPolicy Remote Signed" and ran locally and it worked. The share was gone.
The script looks like this:
Set-ExecutionPolicy RemoteSigned
$mapped = Get-WmiObject Win32_MappedLogicalDisk | Select DeviceId, ProviderName foreach ($item in $mapped) { if ($item.ProviderName -eq '\\DC1\Work') {net use $item.DeviceId /del} }
But when applied over Group Policy it does not seem to work. I have followed the steps by adding a script over GP objectedit->Computer Configuration->Policies->Windows Settings-> Scripts-> Startup->PowerShell Scripts ->add
Also tried adding over User configuration as per Microsoft link: https://technet.microsoft.com/en-us/library/ee431705(v=ws.10).aspx on windows server 2008 R2.
My question would be where do I find any logs on what happened and why the script does not get applied to a user which is under OU where GP object is linked ?
MK
How do I delete Cookies from windows 10
