Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

GPP issue when using Proxy Override for IE10

April 4, 2013, 9:54 am
$
0
0

I am trying to use Group Policy Preferences to set the proxy server address, port and proxy exceptions for computers that have IE10 installed.

If I try to create a GPP for IE10 (from a Windows 8 computer, Windows 2008 R2 DCs) and just choose the proxy server address and port number, it works.

if I choose to bypass proxy server for local address, go into advance and add anything to the exception list, it will grey out the proxy server address and port that I had previously filled out and it will no longer work.

not sure if this matters but when I tried the GPP for IE 8/9 and did this, it worked fine. Only the GPP for IE10 seems to be not working.

Heath

Search

How to use Restricted Groups to assign user to the local admin group on a specific computer

April 3, 2013, 11:07 am
$
0
0
It's important to assign specific users to specific computer admin rights.  I'm aware some of this can be done using restricted groups, but how can this group be used to only add a specific user to specific computer and not all computers?

Screen Saver GPO not working

March 27, 2013, 8:13 am
$
0
0

Hi!

Firstly, thanks to whomever can assist me with this baffling issue. I'll start with my setup.

Server 2008 R2 Domain, Windows 7 client (brand new HP laptop), 64 bit OS.

We have a GPO set to lock the PC's after 10 minutes of idle time. The user then would have to enter credentials when back at their desk. We have a mix of Win 7 and XP clients, and all is working except for 1 win 7 machine (specifically, the above client). Unfortunately, this is of course our VP's machine and it's a large security concern for him as he obviously has a lot of important and confidential emails, that he doesn't want anyone to just be able to browse when he's not in his office.

Performing a GPRESULT, it does show that the GPO is getting applied. However, his screen doesn't lock and just remains on and the machine remains open.

Has anyone ever ran into this where it is just one machine out of 20 that is not actually behaving correctly as to what the GPO it is receiving??? This situation has me baffled....

Any ideas or assistance would be greatly appreciated.

Cheers!

Neil

I want to provide read only access to security event logs of all client pc in domain to one group, throw GPO.

March 28, 2013, 9:32 pm
$
0
0
I want to provide read only access to security event logs of all client PC in domain to one group, throw GPO.

BGInfo - Windows cannot open .bgi file on client machines

April 4, 2013, 11:42 pm
$
0
0

BGInfo wallpaper of sysinternals working properly in server machine (Domain). I try to run the following batch code on client machines via user log on  group policy..

----------------------------------------------------

start \\servername\path\to\bginfo.exe

\\servername\path\to\configfile\circle.bgi /accepteula /timer:0

-----------------------------------------------------------------------------

Client displays following message :

--------------------------------------------------

Windows cannot open this file circle.bgi

--------------------------------------------------

Help me to run wallpaper configuration file .bgi on client machines.

FIVE NAS AS A SINGLE STORAGE DIVECE

April 4, 2013, 9:04 pm
$
0
0
i have five NAS , can i use them as a single machine. if yes then how pls help me. i have windows 2003 r2 server with me.

Invoke-IpamGpoProvisioning : Failed to import GPO. The data is invalid. (Exception from HRESULT: 0x8007000D) Event ID 2002

April 3, 2013, 2:10 am
$
0
0
HI,

at the momemt I am testing the new IPAM Feature of Server 2012. I followed this guide: http://technet.microsoft .com/de-de/library/hh831622.aspx

in the task of configuration the powershell command Invoke-IpamGpoProvisioning should be runned, but it fails with the following error:

Invoke-IpamGpoProvisioning : Failed to import GPO. The data is invalid. (Exception from HRESULT: 0x8007000D)
At line:1 char:1
+ Invoke-IpamGpoProvisioning -Domain domainname.tld -GpoPrefixName ipam -Ip ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Invoke-IpamGpoProvisioning], Exception
    + FullyQualifiedErrorId : InvalidOperation,Invoke-IpamGpoProvisioning



In the event viewer is the following event logged:


- <System>
  <Provider Name="Group Policy Management" />
  <EventID Qualifiers="49152">2002</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2013-04-03T08:50:29.000000000Z" />
  <EventRecordID>272</EventRecordID>
  <Channel>Application</Channel>
  <Computer>hostname.tld</Computer>
  <Security UserID="S-1-5-21-2155411338-4212752665-2881386377-1108" />
  </System>
- <EventData>
  <Data>The data is invalid.</Data>
  <Data>C:\Users\username\AppData\Local\Temp\ipamprov</Data>
  <Data>{09673450-4573-42E8-85D0-104144DF0BA3}</Data>
  <Data>IPAMGPO_DNS</Data>
  <Data>IPAMGPO_DNS</Data>
  <Data>{7F345996-1D92-4194-85BF-72BFB5298EDA}</Data>
  <Data>ipamtestsetup.com</Data>
  <Data>ipam_DNS</Data>
  <Data>{F53ABEDA-B34B-4486-8E8F-D8537CCACC96}</Data>
  <Data>hostname.tld</Data>
  </EventData>

    


can someone give me a hint to resolve this error.



kind regards,

Reset Themes and Color Scheme to Default via Group Policy

April 4, 2013, 11:37 am
$
0
0

I just deployed new Windows 7 Machines and have used Group Policy to lock them down.  Because I don't work with group policy everyday, my policy didn't get immediately deployed.  In the brief window of time the machines were not locked down a few users managed to change themes and color schemes.  Is there any way to force those settings back to what I have set for everyone else?    I have a specific visual style working but I need to be able to set them back to a specific theme and set the window color and appearance back to Windows 7 default.

Thanks in advance.

Jamey

Search

IE 10 LINUX PROXY ISSUE

April 3, 2013, 11:08 am
$
0
0

Hi everyone!

I'm doing some tests in the company that I work, we have a Win 2003 server and I'm testing a Win 8 pro pc. In the company we have a linux proxy and IE 10 doesn't recognize the settings.

Please help!

Can I override "hide and disable all items on the desktop"

April 3, 2013, 9:54 pm
$
0
0

Is it possible to add shortcuts and/or windows components to the desktop if "hide and disable all items on the desktop" is enabled via GPO? For example, if I have a few specific program icons I want to show up and nothing else, what is the best way to accomplish this?

I tried the steps at technet posing: "Desktop Icons with Group Policy"

and

Henny Louwers blog: "Show / Hide Desktop Items Windows 2008 R2 / Windows 7 by means of registry and Microsoft Group Policy Preferences"

but neither worked. Either the shortcut never showed up or the registry key didnt exist (on either Win7 or S2K8 machine).

Thanks


Clear Temporary Internet Files From Specific Domains?

April 3, 2013, 1:45 pm
$
0
0

I noticed client personal data was being stored in the temporary internet files of employee's computers when the employees work with the data using web apps. 

Is there a way to set a GPO to either clear on exit or never store temporary files only from specified domains?

group policy displaying only all settings option under admin templates??

April 4, 2013, 6:23 pm
$
0
0
Hey Guys,

Very strange indeed. For some reason all GPO's on a client we have just taken over displaying All Settings only under Administrative Templates and this is blank, Computer or User having the same issue. I can't edit any settings and need to remove a home page someone has stuck in there. Does any one know how this is happening??? I have checked the reporting tab and it is all set to any and nothing special enabled from what i can see. This is an SBS 2011 server aswell. Previous IT company got very creative with some of there GPO settings. Creating a new GPO has the same result.

Thanks in advance,
Rob

Folder Redirection Errors on Win7 for user home directories

April 4, 2013, 8:05 pm
$
0
0

Environment : Windows Server 2008 R2, Windows 7 Sp1 (x64)

Issue: User home folders are saved in a shared (DFS) area in subfolders. 

One of the test users year8s1  homefolder is at : \\domainname\sharename\2012\year8s1

For another user it may be \\domainname\sharename\2013\year9s1

I am getting the below redirection error when they login and the home folders are not being redirected. 

-------------------------------------------- ------------------------- 

Log Name:      Application
Source:        Microsoft-Windows-Folder Redirection
Date:          5/04/2013 10:28:49 AM
Event ID:      502
Task Category: None
Level:         Error
Keywords:     
User:          PMACS\year8s1
Computer:      PMACSPE-ANH5FHC.pmacs.wa.edu.au
Description:
Failed to apply policy and redirect folder "Documents" to "%HOMESHARE%\Users\year8s1".
 Redirection options=0x9230.
 The following error occurred: "".
 Error details: "The specified path is invalid."

------------------ --------------------------- 

The problem is  ""%HOMESHARE%\Users\year8s1" " is wrong.

------ ---------------------- -----------------

In Group policy the redirection is set to 

Setting: Basic (Redirect everyone's folder to the same location)

Path: %HOMESHARE%%HOMEPATH%

-------------- ----------------------- ----------

This works for some computers but not on others (as in, if a user logs into a desktop in a particular OU, it works and when the same user logs into another one, it doesn't work). The users have a drive mapping to the same, and it also fails to map when this happens. The redirection error code is not very helpful as its not very commonly seen while googling. 

Could anyone advise where I should be looking at first?

Many thanks,

Ramu<o:p></o:p>

Ramu V Ramanan

Server 2012 GPO - User Rights Assignment - Window Manager Group

April 5, 2013, 7:15 am
$
0
0

Hi

I'm currently setting up a new Default DC GPO for a new 2012 Domain Environment as it was full of old stuff, but an old GPO already written over all settings that came with the install so I cant just choose to not define the settings.

The problem is that a newly installed server have "Window Manager\Window Manager Group" set to "Increase a process working set" and "Bypass traverse checking" and I'm not able to add that group to the GPO as its not found, so how do I re-add this permission? I'm not able to do it on the local policy either.

Or alternatively somone could maybe explain me what the downside of Window Manager Group not having those 2 assignments, and maybe I can ignore it.

Thanks in advance!

Folder Redirection

April 5, 2013, 2:30 am
$
0
0

Hi,

We have windows 2008 Domain Controller, and clients we have Windows XP / Vista  and 7.  All users are mapped with additional home folder from Fileserver as H:\ Drive.

We are trying to redirect the "My Document" for all the desktop computers to the same location where their home directory is kept (H:\) drive. We have moved all the desktop on to a separate OU and on that OU we are applying this GPO.

We tried with the GPO.  " [Group Policy Object Name]\User Configuration\Policies\Windows Settings\Folder Redirection".

Screenshot is attached for more clarity, but still on desktop side it is not working. 

Please let me know how to fix this issue.

Thanks, Vijesh Rajan

Search

Group Policies on RDP

April 5, 2013, 8:07 am
$
0
0

I have a few group policies I am trying to enforce for 5 clients in India accessing their profiles on my server via RDP.

They connect to make use of a DOS-based program, which is years old.

Basically, I want to restrict their access to the program, to protect the companies data.

We currently have it set up in the following manner;

>India1 logs into server via RDP

>Program opens (closes within 60 seconds if user doesn't login)

>India1 has no access to explorer/desktop/basically anything except the Program.

Obviously the main problem here is if the program closes without the user logging in, the user is unable to log out/restart the program.

They can still log out via ctrl-alt-del or ctrl-alt-home, but to simplify matters, ideally we'd like them to automatically be logged out upon closure of the program.

GPO: Restrict WEB access to users

April 5, 2013, 8:16 am
$
0
0
Hello,

I'm trying to restrict the web acess to some users using GPO but i'm encountering a problem. I have windows Server 2003 and the clients are XP.

I enable the content rating on GPO with the approved sites but the following situation occurs:

User 1: Full acess > logs on to computer 1 > Have full access to the web
User 2:Restricted > logs on to computer 1 > Restrictions applies
User 1 > logs again on computer 1 > Restrictions applies

I think once a user with restricted access logs on to a computer the restrictions stay "bonded" to that computer. Is there any workaround this situation, using AD and windows services ?

Thanks

Desktop Icons

April 5, 2013, 8:02 am
$
0
0

Hallo Everyone,

I would like to have Desktop icons(My Documents,My Computer,My Network Places) show when users login especially for new profiles.

How do i enforce this on all computers using GPO. Am running AD on server 2003 R2 and 2008 R2 SP1, DFF & FFL are 2003, My Client computers are XP, Windows 7 and some windows 8

Meshack

Require server verification (https:) for all sites in this zone - IE7 Group Policy

April 5, 2013, 6:54 am
$
0
0

I have a Windows server 2003 terminal server running IE7.  I need every user that logs on to the server to have a particular website added to the Trusted Sites Zone in IE and the 'Require server verification (https:) for all sites checkbox must be unticked.  I have found how to add the site to each user using group policy but I can't find a setting for the checkbox.  Does this setting exist?  If not how do I change it for all users?

Thanks

Apply Wallpaper on Mac by GPO

April 3, 2013, 4:39 pm
$
0
0
I want to know if it is possible to apply a wallpaper to MAC computers from a group policy which would be the process to do so and if this is possible?


Thanks for your help
Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>