How to create the GPO to distinguish different users ? that means different users have different IE Setting through one GPO setting ? Is it feasible to do that ? Pls advice. Thx !!
↧
different user have different IE setting through GPO
↧
Windows Server 2008 R2 Computer Group Policy not applying after error 40961
Getting the following error in the event log of my Client Computer.
The Security System could not establish a secured connection with the server ldap/servernps.nps.curriculum.network/nps.curriculum.network@NPS.CURRICULUM.NETWORK. No authentication protocol was available.
User policy is working fine, however when applying gpupdate /force it throws an error saying that it cannot apply the computer policy.
Using gpresults /r shows that it is not getting the computer policy at all either.
It was working prior to the new image being depolyed via WDS.
Would love some help on this
↧
↧
I need help creating a GPO for Firefox
I am trying to set a homepage for Mozilla Firefox via GPO. I am trying to apply the policy to Winxp and Win7. I have tried several adm/admx/adml adminstrative templates that I have found on the web and I have run into issues with all of them. The issues are:
I put in the homepage and enable the setting, then go back into the policy and it is disabled. I have had that issue with adm and admx templates.
I was successful in setting the homepage with one of the adm templates, but the policy did not work on my xp machine. The policy was applied for sure after running gpresult. And, it was not filtered out..
I was succssful in setting the homepage with one of the admx templates, but the policy did not work on my win 7 system.
Any help would be appreciated..... I have been working on this for some time.. Also, I did load the admx and adml templates to the central store on the pdc emulator.
I would like to avoid using a script if possible, since I am trying to set the homepage via policy when and when not connected to the network and a script is located on the dc.
Thanks all...
↧
Problem with removal of "Don't run specified windows applications" Group Policy
I wanted to prevent one of my users from running QuickBooks, so I added a "Don't run specified Windows applications" from Administrative Templates group policy. When I first linked it, though, I didn't change the default Security Filtering, so the GPO applied to all users. I changed the filtering to the specific user. However, all users still got the message "The operation has been cancelled due to restrictions in effect on this computer." So I removed the GPO completed, but users are still getting the message. I have even done a System Restore on the workstation with QuickBooks, to no avail.
Are there any additional steps to completely removing this GPO and its affects? For now we can still use the Command Line to get to the program, but obviously that doesn't work long term.
↧
Drawbacks of enabling 'Do not forcefully unload the user registry at user logoff' in Group policy
I am receiving errors 1530 which is breaking the application associated.
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
Below is the solution i found:
The policy setting 'Do not forcefully unload the user registry at user logoff' counters the default behavior of Vista and newer operating systems. When enabled, the User Profile Service will not forcefully unload the registry, Instead it waits until no other processes are using the user registry before it unloads it. The policy can be found in the group policy editor (gpedit.msc). The policy is located under:Computer Configuration->Policies ->Administrative Templates->System-> User Profiles 'Do not forcefully unload the user registry at user logoff'Change the setting from "Not Configured" to "Enabled" which disables the new User Profile Service feature.
If you enable this policy setting, Windows will not forcefully unload the users registry at logoff,but waits until no other processes are using the user registry before it unloads it.
But, i would like to know whether this will cause performance issues ? Since, the registry handles wont be unloaded and the numbers might keep increasing entil not being used by any process.
Please help me to know the drawbacks of enabling this policy. If everything is good, this will be enabled throughout a domain.
↧
↧
Windows cannot access the file gpt.ini - branch computers only
I have been having this problem for a while, and never been able to figure it out. We have 2 Windows 2008 R2 controllers. At HQ, all of our desktops (WinXP Pro SP3) work fine and get no errors. All of our branch computers can log on to the domain but not process group policies. In the application log we get
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 4/9/2013
Time: 7:24:47 AM
User: NT AUTHORITY\SYSTEM
Computer: TLH11018
Description:
Windows cannot access the file gpt.ini for GPO cn={11C84A30-0281-4777-B570-DAED34149B5E},cn=policies,cn=system,DC=private,DC=flabar,DC=org. The file must be present at the location <\\private.flabar.org\SysVol\private.flabar.org\Policies\{11C84A30-0281-4777-B570-DAED34149B5E}\gpt.ini>.
(Access is denied. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 4/9/2013
Time: 7:24:47 AM
User: NT AUTHORITY\SYSTEM
Computer: TLH11018
Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Ive read through the other posts on this, and followed many of the solutions. I checked that sysvol is there, the group policy is there, permissions are correct, DNS is working, replication is working. I can log on to a branch PC and get to the specified file. We do have sonicwall and Steelhead devices at the branches which I suspect might be involved, but where else can I look to try and figure this out? Thanks in advance.
↧
Group Policy Client service does not start
Hi,
As soon as I (administrator on my PC) logon to Windows 7, I get a message saying that the Group Policy Client service failed to start. I'm not sure why I'm getting this error even though the dependencies are very much up and running..
Below is the error message I get in the notification area as soon as I logon
Failed to connect to a windows service
Windows could not connect to the Group Policy Client service. This problem prevents stndard users from logging on to the system.
As an administrative user, you can review the System Event Log for details about why the service didn't respond.
↧
Screen Saver GPO not working
Hi!
Firstly, thanks to whomever can assist me with this baffling issue. I'll start with my setup.
Server 2008 R2 Domain, Windows 7 client (brand new HP laptop), 64 bit OS.
We have a GPO set to lock the PC's after 10 minutes of idle time. The user then would have to enter credentials when back at their desk. We have a mix of Win 7 and XP clients, and all is working except for 1 win 7 machine (specifically, the above client). Unfortunately,
this is of course our VP's machine and it's a large security concern for him as he obviously has a lot of important and confidential emails, that he doesn't want anyone to just be able to browse when he's not in his office.
Performing a GPRESULT, it does show that the GPO is getting applied. However, his screen doesn't lock and just remains on and the machine remains open.
Has anyone ever ran into this where it is just one machine out of 20 that is not actually behaving correctly as to what the GPO it is receiving??? This situation has me baffled....
Any ideas or assistance would be greatly appreciated.
Cheers!
Neil
↧
Group Policy to remove Hibernate and Sleep from the start menu
Hi, I have been looking for the past week to successfully disable the hibernate and sleep buttons ONLY, on the start menu for my users.
I am using Server 08 R2 and Windows 7 clients. From what I have been reading, this was an issue with server 2003 also. Surely there is a simple group policy somewhere for this in 08R2?
Any help would be greatly appreciated!
Thanks
Matt
↧
↧
GPO Question
Hi
I want to create remote desktops for users where they will have access only to 3 or 4 application shortcuts on the desktop
and restrict rest of all settings.
need to create different GPOs based on different user levels
like one group may have some extra icons, another group may have some less icons.
How can i do this Using Group Policy's
Can some one help me..
Please “Vote As Helpful” and/or “Mark As Answer” if this post helped you.
↧
RICOH Printing Preference failed to deploy through Group Policy
It is failed to deploy Printing Defaults of RICOH C4502A PCL6 through Server 2008 R2 Group Policy Preference, whether it is at Computer Configuration or User Configuration for Windows 7 and XP.
At Print Management, the required Printing Preference has been set at both Set Printing Defaults and Properties, e.g., black and white A4 as the first priority and color A4 as the second. However, both of them do not appear at client PCS and there are RICOH default settings only.
On the other hand, I have tried to have the shared printer manually by double clicking the server's shared printer at client PC. The result is the same.
I have called RICOH's support. They replied that it is beyond their specialist and it must be solved by Microsoft specialist.
Please help! It is urgent!
At Print Management, the required Printing Preference has been set at both Set Printing Defaults and Properties, e.g., black and white A4 as the first priority and color A4 as the second. However, both of them do not appear at client PCS and there are RICOH default settings only.
On the other hand, I have tried to have the shared printer manually by double clicking the server's shared printer at client PC. The result is the same.
I have called RICOH's support. They replied that it is beyond their specialist and it must be solved by Microsoft specialist.
Please help! It is urgent!
↧
Best way to set GPO for Windows 7 Power Management so computer never sleeps
I see in Computer config/Policies/Admin Templates/System/Power Management, there are a lot of power settings you can configure for Windows 7 machines. We do a lot of work at off hours, and we have problems with machines going to sleep so we can't access them remotely to work on them.
What we want to do is disable the machines from sleeping/hibernating/shutting down after an inactivity period or to set the inactivity period to a very long period so it won't affect our off hours work, and also have the monitor go to sleep after 20 minutes.
Which policies should I enable to best accomplish this?
↧
Printer mapping using GPP
Hello
I have in several occasions experienced problems with the GPP print mapping feature. I receive the following error:
Group Policy object did not apply because it failed with error code '0x80070bc4 No printers were found.' This error was suppressed.
I have experienced this in a couple of different setups now, setups at different customers with different printers and both 2003 print servers and 2008/2008R2 print servers.
I create a GPO that maps printers based on AD group membership, I configure the GPP to"Run in logged-on user's security context (user policy option)" and "Remove this item when it is no longer applied" and I configured the needed AD group in the"Item level targeting" feature. Usually the GPP works at first logon, the printer maps correctly, but if I remove the user from the AD group specified in the item level targeting section, the printer is NOT deleted/removed and the error specified above appears in the event viewer.
For now I have reproduced this error message in setups at different customers and in my own test environment on RDS and Citrix XenApp 6 servers running 2008 R2/2003 R2 Service Pack 1. I have tried 3-5 different private hotfixes all aimed at different issues regarding print or GPP on 2008 R2, nothing has working so far.
Right now I am working on a new Citrix XenApp 6 server at a customer and I yet again have experinced the issue described above. I am current ly testing using on ly one printer, a Canon LBP6750 with a PCL5e driver.
Print server OS: 2008 R2 Service Pack 1
Citrix XenApp 6 server OS: 2008 R2 Service Pack 1
Both servers have all the latests updates installed, with the exception of Internet Explorer 9.
↧
↧
Event log custom views via GPO
Hi,
is it possible to deploy event log custom views through GPO?
kind regards
Martin
↧
Group Policy from User OU not applied on Windows 2008 R2
Hello,
We have a problem where any group policies defined on the organizational units of the user aren't applied when the user logs in to any of our Windows 2008 R2 servers.
Consider the following (simplified) situation:
Servers
- 2 Windows 2003 domain controllers
- Several Windows 2008 R2 domain members
- Several Windows 2003 domain members
Active directory
- Domains
- MyDomain
- GPO: DefaultDomainPolicy
- OU: MyUsers
- GPO: UserPolicy1
- GPO: UserPolicy2
- ...
- Users: User1, User2, User3, ...
- OU: MyServers
- GPO: ServerPolicy1
- GPO: ServerPolicy2
- ...
- Servers: My2008Server1, My2008Server2, My2008Server3, ...
- Servers: My2003Server1, My2003Server2, My2003Server3, ...
- OU: MyUsers
- GPO: DefaultDomainPolicy
- MyDomain
On the Windows 2003 domain members, all works as expected. When User1from OUMyUsers logs on to My2003Server1, these policies are applied:
- DefaultDomainPolicy
- UserPolicy1
- UserPolicy2
- ServerPolicy1
- ServerPolicy2
When User1 logs on to My2008Server however, only these policies are applied:
- DefaultDomainPolicy
- ServerPolicy1
- ServerPolicy2
UserPolicy1 and UserPolicy2 are not applied. We check the applied policies using gpresult /user <username> /s <servername>. The results show thatUserPolicy1 and UserPolicy2 don't get applied at all; gpresult doesn't mention them at all.
Everything else works as expected on the 2008 R2 servers:
- Changes to DefaultDomainPolicy and ServerPolicy1 are processed correctly.
- The event log doesn't contain errors about group policy processing, only happy messages like "The Group Policy settings for the user were processed successfully. New settings from 2 Group Policy objects were detected and applied."
We've reproduced the correct and incorrect behaviour for multiple users, multiple servers, multiple GPO's. We didn't find a situation where the 2008 servers worked as expected or where the 2003 servers did not.
Any help would be highly appreciated!
Cheers,
Aron
↧
Problems with Internet Explorer 10 GPO
I have created a user preference GPO for Internet explorer 10. The GPO sets the user's home page and then sets a number of the "Custom Level" security settings for the zone "internet". I am finding that some of the settings I choose are being applied while others are not. For instance, the home page I set is applied, the setting that allows users to download custom fonts ("Download fonts") is applied. However, at least one setting, "Display Mixed Content" is not getting applied. It is set to "Enabled" in the GPO but when I log on a user to test it the setting is set to "prompt" for that user.
Why do some settings get enforced while others don't? Is there anything I can do to enforce the "Display Mixed Content" preference?
Thanks in advance.
↧
Fine Grained Account Lockout Policy Capabilities Question
Greetings,
In native mode, does Windows Server 2008 fine-grained password policies have the following capability?
- After 5 failed login attempts within a 5 minute period disable (lock) account for 15 minutes
- After 5 more failed login attempts within a 5 minute period disable (lock) account for 30 minutes
Thanks in advance,
-Steve
↧
↧
Delete multiple GPOs
Hello everyone,
I found a bunch of unlinked and useless GPOs in our domain and would like to delete them all. I know by the time I find the solution to my question I could've deleted them one by one, but I still would like to know if it is possible to delete all unlinked GPOs.
I already isolated them in a txt excel, or any other file by name. so if you know of any way to delete them all at once please let me know.
Thank you all in advance.
↧
Migration Table, Free Text, and wildcard processing
I am trying to import GPOs into a test domain and I need to rewrite IE's "Site to Zone Assignment List" under "Windows Components/Internet Explorer/Internet Control Panel/Security Page".
I have been using a migration table like this, but the translation has not occurred. The literal value in the backup is preceded by an "*.".
*.xyz.net
Whether I put the "*." in the file or not, the translation does not occur.
<?xml version="1.0" encoding="utf-16"?><MigrationTable xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/MigrationTable"><Mapping><Type>Unknown</Type><Source>xyz.net</Source><Destination>xyz.qa1</Destination></Mapping></MigrationTable>
Is there a way to achieve this "substring" replacement when importing?
↧
GPO não altera proxy
Olá a todos preciso de uma grande ajuda pois tenho um servidor de terminal server com windows 2008 R2 e foi necessario fazer algumas atuliações, contudo tambem atualizei o IE9 para IE10, logo depois dito a minha GPO de proxy não quer definir mais o proxy.
Quando rodo um rpresult /v mostra que carregou uma gpo chamada proxya e uma gpo local, eu acho que esta gpo loca esta sobrepondo a minha do AD, existe uma forma de desabilitar a local, ou até forçar do AD.
Eu temtei o imposto mas não funcionou.
caso alguem já tenha passado por isto agradeço pela ajuda.
↧