Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Unsure How to Proceed Because of Modified Default Domain Policy

October 3, 2018, 5:18 am
$
0
0

Hello,

In our current environment, our Default Domain Policy has the Windows Firewall set to 'off'. This then turns Windows Firewall off by default for everything within the domain.

This isn't necessarily too bad of an issue at the moment as we have modified and configured firewalls provided through a 3rd party on most of the machines within the domain.

But, we are needing to enable the Windows Firewall on a server and because of this top level setting that was set in the past by previous administrators, we seem to be unable to turn on the firewall for that particular computer.

If I remember correctly, Domain GPO overrules Local GPO so we also wouldn't be able to modify the local computer's GPO settings to enable it (though I could be wrong).

Here is kind of just a picture, showing that it is set to 'off' at the top level domain policy. It's also set to all authenticated users at the location of the entire directory.

I was just curious if there might be a relatively simple way to go about trying to enable the Windows Firewall on the specific server.

Thanks.

Search

Where are the ADMX For 1809 for new Edge Policies?

October 3, 2018, 9:17 am
$
0
0

https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/

So Microsoft has released 1809 and they are saying new policies are available for Edge but then you go to download the ADMX and it is just 1803?

Anyone know where the new ADMX are? Seems kind of silly to release a new OS an have articles on new policies and then not provide the actual ability to set them?

lforbes

Wifi GPO authentication method configuration, force it to skip domain?

October 3, 2018, 11:02 am
$
0
0

Looking at setting up a wifi auto connection via GPO, and under Authentication Method Configuration, there is a setting that says

Automatically use my Windows logon name and password(and domain if any)

Is there a setting somewhere to force it to skip the domain even if it does exist, so it just passes through the logged on user's username and password only?

Windows Firewall with Advanced Settings - GPO keeps losing settings for Firewall

October 3, 2018, 12:13 pm
$
0
0

Hello all,

I am creating a Group Policy to be applied to my 2012 R2 servers.

This policy is being set up to be compliant with CIS standards.

I have been having issues with getting firewall settings to stick. Seemingly at random, some or all of the firewall settings will suddenly be gone out of the GPO.

This includes having the firewalls enabled, settings, logging, etc. 

I am setting these up at Computer Configuration > Policies > Security Settings > Windows Firewall with Advanced Security.

I've had this same issue in 2 different domain environments now.

What do I do to make sure these GP settings stick?

Thanks.

Activex

July 9, 2012, 9:34 am
$
0
0
windows will not allow activex to be installed because it cant verify publisher(what do i do to fix this?)

Do not allow creation of local admin via GPO

September 20, 2018, 5:05 pm
$
0
0
Hello everyone,

I have a situation regarding local admin users. We have several stores that users can do what they want from the machines and the outsourced support ends up giving free access (admin) to these users. The question is, did I create a GPO from Restricted Groups where only those defined members will be local admin! This helped a lot, but we still have a problem ...

The support is in the local admin group and can create a local user on the machine and set this user as administrator, that is, it did not solve the root problem!

Please, does anyone have any suggestions for what I can do to restrict the administrator from creating a user and set administrative permission for it, or any other action that might somehow help in this?

Thank you in advance !!!

Unable to connect to Desktops Win 10 Pro via RDP or RPC from Windows Server 2016

October 4, 2018, 12:41 am
$
0
0

Windows Server 2016 Std domain

Win 10 Pro

Would like to be able to ping, rdp, computer management, and tasklist from both Server DC and Windows 10 Pro

What is the GPO that controls this?


GPO Caused Performance Monitor (PerfMon) no working , access denied

October 4, 2018, 3:01 am
$
0
0

After applied a GPO to the Server 2012 R2 Vsersion 6.3 (Build 9600). The Perfmon user defined Data Collector Set not showing with status.

When you tried to start the data collector set , the screen showing Access Denied.

Anybody have ideal, which security value have blocked the performance monitor working?

Search

Would a Windows 10 PC fully understand and obey Windows Server 2003 Group Policy

October 4, 2018, 6:15 am
$
0
0

Our environment runs at Server 2003 functional level. Most of the PCs in the environment are Windows 10. Thousands of them. I'm noticing that GPOs are not being obeyed by numerous machines. Simple things such as setting homepage for IE, Chrome, Firefox using Admin Templates where applicable. Even password requirements is not enforcing on all machines

Would a Windows 10 PC fully understand and obey a Windows Server 2003 Group Policy? The domain controllers are 2008R2 and 2012 running at 2003 functional level.

PC's in 1 AD Site not getting updated Group Policies

October 4, 2018, 6:40 am
$
0
0

Within the past few months I had a Domain Controller fail and I performed a BMR Restore of the server to get it back online and everything seemed like it was working perfectly.  

A couple months have past and I have made some Group Policy changes that would affect all machines in my domain.  The problem I am having is that the PC's that are connected to the site where the DC failed and has been restored are not getting any updated polices.  The lasted polices they receive are from before the server was restored.  I check the sysvol Polices folder on the affected server and compare that with a good server and they are the same.  If I pull up group policy management on the affected machine I see all updated polices but if I run a rsop it is not getting these polices.

Any ideas where I can look?

----E----

Fond-d'ecran

October 4, 2018, 6:40 am
$
0
0
Good evening

I am in a company with 500 employees I deploy a GPO for the wallpaper its applied on all the machines of the company.
The problem is that when I changed the same GPO by changing the Wallpaper some users saw their desktop changes but most of the machines did not change wallpaper

Thank you advance 

Loopback policy technique, this probably won't work but I have to ask

October 4, 2018, 11:41 am
$
0
0

Hello,

I am deploying RealVNC settings out with a GPO, and there is a permissions string that I can set for a whole OU of computers that will give access to a group of admin users. That works great! However, a new request has come about to give full unbridled access to their own computers.

I am pretty sure that I'd have to script this out, but in a GPO, there is no variable that I can use that reference a user's sid (i.e., a user using this GPO)? Then I could use the variable in the permissions string and out come the unicorns, but I'm pretty sure that such a variable does not exist, correct?

Thanks for reading!

How to Deploy Asian IME Languages Via GPO

October 4, 2018, 3:18 pm
$
0
0

Hello all,

We have recently been experiencing issues with our custom images where sysprep is removing input (keyboard) languages from the reference image on deployment. We usually installed the languages throughSettings > Time & language > Language > Add a language, then we would use a third-party app called DefProf that would copy the settings on the setup account to the Default Profile which would carry over to any user who would log into the computer, since our image requirements include that we do not ask the users to manually add the languages through the Settings app as we block them from accessing it. This used to include the languages installed (using the method above) but it stopped working recently after updating the reference image with the September Security updates.

We have tried multiple methods to get the languages to copy over to the new accounts, including using a PowerShell script at logon to add the languages throughSet-WinUserLanguageList, adding Registry keys to the HKCU\Keyboard Layout\Preloadhive, and trying to use GPO to deploy Registry keys to the Default Profile on the computer. Each of these methods fail to add four specific languages: 1) Chinese (Simplified), 2) Chinese (Traditional), 3) Japanese, 4) Korean. The one thing that we can tell is similar between the languages is that they all show up as IME input types. All other languages, including languages like Cambodian, German, French, Thai, and Vietnamese, work just fine and show up being deployed through GPO.

Has anyone been able to deploy these 4 Asian languages via GPO? Or even through the Registry?

Thanks.


Issues when applying lock screen GPOs

October 4, 2018, 3:08 pm
$
0
0

Hello,

I am running a client pc with Windows 10 Enterprise 1803, along with RSAT to configure GPOs.

I created a GPO for managing and deploying lock screen settings. The GPO is linked to the Workstations OU, where my client pc belongs to. Then, in the created GPO I have setup these settings:

- force specific default lock screen and logon image: ENABLED along with the UNC path to the picture to be shown;

- prevent changing lock screen and logon image: ENABLED.

Ok, finally the "show lock screen background picture on sign-in screen" option (Settings>Personalization>Lock Screen) is set to ON.

Unfortunately, when I lock the computer the locked screen is filled by a solid color and no picture is being shown, while going to to Settings>Personalization>Lock Screen the picture (in preview) is being shown.

Another weird thing is that if I set the "show lock screen background picture on sign-in screen" option to OFF and lock the computer, the lock screen shows the picture, but I would like to view the picture in the sign-in screen as well, but it is not possibile having disabled that feature by choosing OFF.

Any idea? What I was missing?

Thank you. Bye.

Riccardo

Any change with Windows 10 1809 or Server 2019 in On-Premise Domain for user-syncing via personal Microsoft accounts?

October 4, 2018, 8:37 pm
$
0
0

Originally, Windows 10 supported users syncing their Edge Favorites across devices via their Microsoft account, even to a computer connected to an on-premise domain but this was disabled in one of the Windows 10 updates. Microsoft made the ridiculous claim that this was in response to requests from IT pros. I don't believe that claim, because we would always ask for a Group Policy for something like that, never a blanket change. 

With the advent of Timeline with the 1803 update, this appears to suffer the same fate -- useless on a computer connected to an on-premise domain. Just no way to sync for those computers.

This is so bad, because it drives our users to avoid using the Edge browser (because they can Sync if they use the browser-sync in Firefox, Opera, or Chrome) and destroys any ability to leverage "use the same OS at work and at home and benefit for it." As a Microsoft fan, this is infuriating to me, both as a user (who desperately wants to sync my own personal systems) and as an admin, watching this alienate other users and lead to strong anti-Microsoft sentiment.

It has remained my hope that Microsoft would fix this tragic, self-inflicted stake to the heart of Windows personal usage with a subsequent update. Now that Windows 1809 has shipped and Server 2019 is available for testing, is there any evidence of Group Policy settings that we admins might be able to set to allow users to sync their Edge Favorites or Timeline on a computer connected to an on-premise domain?

Colin

Search

Mapped Network Drives not shown in elevated process when "Reconnect" is activated

September 19, 2018, 4:50 am
$
0
0

Hello,

we are mapping our network drives via Group Policy, what worked fine so far. Now I wanted to activate the "Reconnect" Option at every network drive. The reason for that was that the drives are not connected if there is no connection to the domain controller on startup.

After I've activated this option I cannot access the network drives from an elevated process. If uncheck this option everything works again. I already tried to set the registry key "EnableLinkedConnections" to 1 but that doesn't solve the issue.

I tested it on different Windows 10 versions (1803, 1709 and 1809) and we got the UAC activated.

Can you explain me if that behaviour is as expected or how I can solve this issue

Thank you!

Group Policies on new OUs

October 5, 2018, 7:28 am
$
0
0

Hi,

I have Active Directory 2016. as per requirement I have to either move or create new OUs of same name (for Example I have OU "IT" and want to move or create another OU with same name "IT" and want to move all old IT OU users to new IT OU". as we have some group polices implemented against old OU so I want to know how to implement same policies on new OUs?

Regards

Ali

Bypass UAC Credentials Via GPO for .exe? (Server 2016)

October 5, 2018, 10:51 am
$
0
0

Currently I am having an issue with an application within my domain that prompts UAC for administrative credentials.
I've tried looking up solutions to handle a "white list" solution for this application.

"Do you want to allow this app from an unknown publisher to make changes to your device?"

I tried using the attachment manager "Inclusion list for moderate risk file types". and adding .exe to it. But this didn't seem to fix it.

I've also tried to add it to trusted publishers. But this also didn't work.

I've recently moved from an old setup on a Windows server 2008 R2 to Windows server 2016. I didn't transfer GPO due to an issue with permissions and decided to start from scratch. This wasn't an issue on the 2008 Server. So I'm not sure where to go from here.


Any solutions?

Group Policy Preferences Drive Mapping Limit?

March 2, 2012, 10:04 am
$
0
0

Is there a limit to the number of drives you can map using Group Policy Preferences? I used GPP to map 8 different shares but only 6 show up on my Windows 7 clients. No matter what priority order I have the drives, only the 1st 6 ever show up. Is this a known issue with a solution or could I be missing something here? Thanks!

I am using Windows Server 2008 R2 SP1, Windows 7 SP1, drives mapped using GPP with Item-Level targeting based on Security Group.

deny logon local

October 5, 2018, 2:06 pm
$
0
0

Hi,

I have made a mistake and set users from logon local on my domain controlled Group policy. thus has resulted in my administrator not being able to logon to my DCserver.

Is there a way that I can change that policy. 

Background, just started a course in group policy, so this rookie mistake is a very helpful learning tool for me. But so far I have not been able to find a solution.

I Have set up a server as my domain controller and I have a client server as my second computer. 

Any help would be very appreciated.

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>