Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

GroupPolicy Event ID 1112 : The Group Policy Client Side Extension Software Installation was unable to apply one or more settings

March 8, 2019, 8:57 am
$
0
0

Hi,

Once if the LAPSx64.msi and Lapsx86.msi is copied to a share path. It is configured to install from group policy. But below message appears when updating the group policy in Windows 7 32 bit Enterprise edition.

The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.

I followed the below suggestion and it did not work

https://mywinsysadm.wordpress.com/2011/07/22/windows-7-the-assignment-of-application-from-policy-failed-the-error-was/

Please help why the above error appears and how to solve it

Regards, Boopathi

Search

GPO not working when user logs in... NEED HELP!!!

March 12, 2019, 8:48 pm
$
0
0

Hello all, 

I was wondering if someone could help me out or explain to me what I'm doing wrong. I just started playing around with GPO and loving it. I created a new GPO that will be pushing out a one-time software install agent. Took me days to figure out the software deployment using GPO. Now it's working perfectly with a glitch. The issue I'm having is I restart workstation win7. I log in as a domain user and I see the desktop. I go to the add/remove section to see if the software was installed. I don't see it anywhere. 

While still logged in as the same user. I do a gpresult /r and I see the GPO applied to the computer. If I do a gpupdate /force it updated the policy and tells me to reboot (Y) and log out (Y). Once the machine restarts I notice it takes a while to log in. Once I log in I see the software installed. 

I have about 200+ machines I need to update. If a computer is sitting there from my understanding if a user logs in it should look at the policy and install the software. Not wait for me to run the gpupdate /force once they log in. Double the work I would be doing.  How can I get around this and make it work if the computer has been sitting there all weekend without a re-start? I want the software to install the first time someone logs in. From all the videos I have seen they create the software installation under the "Computer Configuration" and not the "User Configuration"

Hopefully, I explain it well if not let me know.


GPO Automatic Archive

March 12, 2019, 11:57 pm
$
0
0
Hello,

I have set up a GPO for automatic archiving using admx outlook 2013. GPO works but I have some points that I have not understood:

- I fixed the option "Clean items older than 3 months" -> Items in the inbox are moved to the inbox of the archive except that at the level of the main inbox the elements of the date February and March 2018 are displayed !!

- The archive file is named archive.pst -> Is there a way to rename it? because on user computers there are already archives with the same name and when launching automatic archiving, they will be overwritten.

Thank you for your help.

Pushing Screensaver from Group Policy

March 5, 2019, 9:56 pm
$
0
0

Dear All,
I want to push screen savers weekly to all computers on my domain using group policy. How can I achieve this and what tools can I use to convert a *.jpg to <g class="gr_ gr_36 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" data-gr-id="36" id="36">an  *</g>.scr

Regards,

Tony Mbogo



Group policy cannot set correct value on gpedit.msc and regedit

March 5, 2019, 9:59 pm
$
0
0

I am an administrator of Windows Server 2012 R2 that is one of memeber server in our domin. There is domain controller server which is Windows Server 2008 R2, and my member server got applied some group policy from the domain controller.

Recently I just found out that group policy configuration does not match between gpedit and regedit.

For example, when I open gpedit.msc and take a look at the following configuration, and it said "Not Configured"


Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Printer Redirection -> "Redirect only the default client printer"


However when I open regedit and take a look at the actual registory key that should be as same as on gpedit.msc, it said "Enabled"


Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Microsoft\Windows NT\Terminal Services\
Value Name: RedirectOnlyDefaultClientPrinter
Type: REG_DWORD
Value: 1

Both of gpedit and regedit should be the same "Enabled" just as GPO sat up, but they are different.

I have confirmed the gpresult setting is applied by GPO by executing gpresult command. It is my understanding that if GPO is applied, the value will be forcely set up to member server, and gpresult and regedit supposed to be the same setting. I reboot the member server and execute gpupdate /force by command just in case, but it did not fix the difference. I really have no idea why gpedit and regedit show different configuration like this. Is there any possiblitiy that my cause of this situation?

Any advice will be greatefully appreciated. Thank you.. 


 

    

How to rename login screen login prompt

March 6, 2019, 10:58 am
$
0
0

I have a computer that has a duplicate "Other User" login prompt.  We have a global policy that puts four login options ,but the issue isn't getting corrected after I run gpupdate /force.

The prompts should say:

Other User

Password

Local or Domain Account

Smart Card

But the 4 prompts that show up say:

Other User

University *****

Smart card

Other User

The first "other user" prompts for a  "email address or phone number" while the second one should be named"Local or Domain Account" prompt.

Is there a way to fix this so that the prompts are renamed to what they should be as per the global policy?

Steps for Standardising Outlook font size and typeface using Group Policy?

March 7, 2019, 2:40 am
$
0
0

Hi People,

I need some help steps by steps to standardize the Font size and typeface for all users in my company using Office 2010,2013,2016 and Office 365 suites.

I have downloaded the Administrative Template files (ADMX/ADML) and Office Customization Tool for Office 365 ProPlus, Office 2019, and Office 2016 both 32 and 64 bit from https://www.microsoft.com/en-us/download/details.aspx?id=49030

And then since I'm using the PolicyDefinitions, I have overwritten anything under the directory: \\domain.com\sysvol\domain\Policies\PolicyDefinitions.

But the problem is, I still cannot see any option in the Group Policy Management Console when creating new GPO - Users Policy Administrative Templates which sets the Default Font Size and also Font typeface.



Any help would be greatly appreciated.

Thank you in advance.

/* Server Support Specialist */



Server 2016 automatic updates (GPO) fail due to service regulation

February 28, 2019, 2:05 am
$
0
0

Hey guys,

I'm trying to let our 2016-DCs install windows updates automatically. So I created some GPOs (same config different days) to do this:

WinAutoUpdateTue

Always automatically restart at the scheduled time Enabled  
The restart timer will give users 
this much time to save their work (minutes):  60 

Configure Automatic Updates Enabled  
Configure automatic updating: 4 - Auto download and schedule the install 
The following settings are only required and applicable if 4 is selected. 
Install during automatic maintenance Disabled 
Scheduled install day:  3 - Every Tuesday 
Scheduled install time: 01:00 
Install updates for other Microsoft products Disabled

The policy is active on the right servers, but the updates fail to install. WindowsUpdateLog keeps logging errors like:

2019.02.28 10:21:26.4161604 1292  4200  DownloadManager Regulation: {9482F4B4-E343-43B6-B170-9A65BC822C77} - Update 8C40921E-C258-49EE-84B8-87718DF0ECCF is PerUpdate" regulated and CANNOT download. Sequence 9601 vs AcceptRate 0."
2019.02.28 10:21:26.5131306 1292  4200  DownloadManager Regulation: {9482F4B4-E343-43B6-B170-9A65BC822C77} - Update 8C40921E-C258-49EE-84B8-87718DF0ECCF is PerUpdate" regulated and CANNOT download. Sequence 9601 vs AcceptRate 0."
2019.02.28 10:21:26.5132549 1292  4200  DownloadManager Update {8C40921E-C258-49EE-84B8-87718DF0ECCF}.201 is not allowed to download due to service regulation.

I tried to clear %systemroot%\SoftwareDistribution with update-service stopped and restarted several times, but it didn't help.

When I install the updates manually there is no problem. No WSUS is used.

I hope you can help me

Search

GPO to adjust Windows 10 desktop experience

March 7, 2019, 1:09 pm
$
0
0

Hi,

I have a customer that is rolling out Windows 10 desktops to their domain.  They have a Server 2016 domain controller.  They have asked me to create a GPO that will do the following.

1. Remove/hide various undesirable icons that come "out of the box" on the start menu and task bar.
2. Add the Internet Explorer Icon to the start menu and task bar.  
3. Remove the Edge browser from the start menu and task bar.
4. Specify a specific Windows screen saver, along with a screen timeout and screen lock (password required).
5. Disable Microsoft OneDrive from being used.

Can someone tell me how to accomplish these items, assuming it is possible?

Regarding the screen saver, I have done it in the past with Windows 7 and had great success.  But I have tried the same GPO settings against a Windows 10 machine and can't seem to get it to work.  I assume something is different related to Windows 10 screen savers and its lock screen, etc.  Thanks, Chris

Folder Redirection still appearing in gpresult after GPO removal/unassignment

March 8, 2019, 9:34 am
$
0
0

Hi folks!

I am hoping you can help me with this...

I am having an issue where I have disabled the Folder Redirection GPO on the Domain Controller (Server 2012 R2) but the policy entries still remains under "Folder Redirection" list after doing a gpresult via the logged in users domain account on their laptops.

This is only happening to users who previously had the folder redirection policy applied. For some reason the remenance of the folder redirection still applied to these effected users.

However, newly logged in accounts on the same machine do not pick up the folder redirection settings (as they have been disabled) and the folder redirection area of "gpresult /v" appears as below (as expected):

Folder Redirection
        ------------------
            N/A

An example of the output of "gpresult /v" on the effected machines are similar to the below (ignore the arrow):

https://filedb.experts-exchange.com/incoming/2016/11_w46/1126504/FR-GPO.jpg

Is there any way I can remove these entries on the effected existing user accounts via registry entries or something else? (as I do not want to have to wipe their profiles!).

Please do let me know! Looking forward to your responses!

Thank you

Windows 2012 - Restrict access to C drive, but folders on desktop remains accessible?

March 13, 2019, 1:48 am
$
0
0

In GPO, how do i restrict access to C drive, but folders on desktop remains accessible (List contents, read and write)?


My environment needs to access folders that are placed in desktop but limited all access to C drive.


Is there a way i can do folders exception in C drive rather than the GPO blocks the whole C drive access?

Increasing temporary internet file size via GPO 250mb to 1024 MB

March 4, 2019, 11:04 pm
$
0
0
Hi Team,

i am trying to increase tempo internet file size via GPO in windows 7  but its not working 
 i have applied users based policy VIA GP-Preference registry changes.

i have followed below link :
https://social.technet.microsoft.com/Forums/lync/en-US/ca55adf8-c739-4ac5-8b76-14b7efd86b87/increasing-temporary-internet-file-size-via-gpo-?forum=winserverGP

Event id 8194 error? Client side extension could not remove computer policy settings for ' ' because it failed with error code '0x8007000d The data is invalid.'

March 4, 2013, 1:53 am
$
0
0

Hi I got this error from my windows 2008 server:

Eventid 8194

Client side extension could not remove computer policy settings for ' ' because it failed with error code '0x8007000d The data is invalid.'

Detail: remove computer 0x8007000d The data is invalid

How do I solve the issue?

Regards.

Intermittent issues with GPO drive mapping

April 5, 2018, 9:04 pm
$
0
0

Greetings from New Zealand!

We have a User drive mapping GPO policy linked to the Users OU.
GPO is linked to the OU that users are in

GPO is set up via User Configuration\Preferences\Windows Settings\Drive Maps
Report of GPO attached below.

We’re currently having issues where the network drives would sometimes disconnect between 60 minutes and 90 minutes after login (happens about 50% of the time). This seem to coincide with group policy refresh.

  • gpupdate /force would sometimes bring back the drive mapping (80% of the time),
    but sometimes it doesn’t - we we had to result to logging off or even rebooting the workstations in order for the drives to come back up.
  • Replication summary, dcdiag and repadmin /showrepl shows no health issues on the DC’s.
  • Have tried changing drive mapping action to 'update' rather than 'replace', however this doesn’t fix the drive mapping disappearing issue.
    It also causes issues with drive mapping for users logged on our 2012 R2 Terminal Server environment where the network drives doesn’t map at all.
  • Authenticated Users and Domain Computers has Read acess to this GPO.
  • Report of GPO here - https://1drv.ms/u/s!ANQIfLSOn9cxjHk
    GPRESULT /H shows the winning GPO with a Result: Success
  • Workstations: Windows 10 Enterprise (build 1607, and also 1703) + Windows 7 Enterprise
    File Servers: Server 2012 R2

Users have full access to the path, and both Net Use and Net Use UNC commands complete successfully.

Confirmed with the networks team there hasn’t been any network issues.

Any suggestions would be appreciated!

 

GP update failing only on Windows 10 clients

March 13, 2019, 1:14 pm
$
0
0

Hi, I need help to the below issue please

I have a number of windows 10 clients in our environment and gpupdate is not working, it's giving an error 

he processing of Group Policy failed. Windows attempted to read the file \\ourdomain\sysvol\ourdomain\Policies\{7D0E901A-}XXXXXXXXXX\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
User Policy update has completed successfully.

- I tried rejoining the pc to the domain, still same issue 

-Tried adding a value to the registry ( Hardened UNC Paths), didn't resolve it 

-I am able to access the dc and ping it with internal ip from the pc

-No error on the DC event viewer 

-Updated the machines to the latest windows updates available

-Same issue with different Win10 versions, Windows 10 Enterprise and Pro

Any ideas? Thanks for the help in advance


Search

Encountered an error while parsing

September 2, 2016, 7:26 am
$
0
0

Dear all,

I am not sure what Windows Server is updated (I choose automatically update) after few day and I go to check server again with GPO, suddenly it has display this pop up! Screenshot

I try to Google but it no best my problem.

Any idea solution please.

Thanks,

Asking for better knowledge in future.

How to hide start up all app ( left side) from windows 10 via users based GPO ( right side startup app has been removed using start layout policy.)

March 14, 2019, 4:06 am
$
0
0

Hi Team,

I wanted to restrict all startup menu applications(left side app) from windows 10  via users based GPO . kindly sugested me.

since  i have restricted right hand side start up menu app using  startup layout. with the help of  below link .

https://blogs.technet.microsoft.com/deploymentguys/2016/03/07/windows-10-start-layout-customization/ 

Please guide .

Not applying group policy on some clients

March 6, 2019, 1:53 am
$
0
0

Hello

Everyday we are having some clients, that are not reachable via ping. The client is able to access every network ressource (fileshare, exchange and so on) normally. After forcing the group policy manually the client is reachable again. It wouldn't apply some of our GPO (for example: updating from our WSUS or blocking the Microsoft store) and the automatic update after 90 Minutes didn't work either.

We analysed the eventviewer logs and the only error we found was following:
Error: Bandwidth estimation failure: Failed to query Intranet capability. Error code 0x15.

That happend usually in the morning. After some researches we changed the GPO Processing mode to asynchrous (always wait for the network at computer startup and logon):
https://blogs.technet.microsoft.com/grouppolicy/2013/05/23/group-policy-and-logon-impact/ 

After this change it seemed to be better, there were cleary less clients that are having gpo problems. But we are still having cases, where clients are not applying the group policy correct. 

What could cause this problem with our group policy?

Further information about our environment:

Client OS: Windows 10 (1709)

DC OS: Windows Server 2012 R2 and Windows Server 2016

Applocker not working

June 30, 2016, 3:54 am
$
0
0

Hi there, I am creating my first user lock down policy for Windows 10 clients in a test lab, I must say I'm finding windows 10 terrible to secure with the metro apps and search functions acting like a run command

So far my policy has worked for my standard lockdowns (control panel, run etc) but now I'm trying to block the windows store apps (store policy has worked, despite being windows 10 pro) I have attempted to do this through app locker, by blocking candy crush etc which hasn't worked, despite the policy applying. In addition I've tried to block command prompt, mmc and mstsc which also has not worked. 

I have been having issues with the policy applying full stop, whilst now I have some applied it hasn't been refreshing with gpupdate /force , whilst it states it's applied successfully it actually hasn't. I don't know if fast boot is to blame, so I disabled it. And enabled a 60 second wait time as the system boots for group policy sync. 

I'm really stuck, when I did server 2008 and windows 7 group policy was instant, and just seemed to work, yet server 2012 r2, windows 10 and check clients seem to just be working horribly, I've never had as many issues with group policy before.

Generally, should u be doing a gpupdate /force on a DC prior to a client as well? I mught be a but rusty on that front

Thanks :-)

windows crash with application identity

March 14, 2019, 7:15 am
$
0
0

I create 3 GPO

1. applocker configuration with exceptions.

2. applocker allow to technicians group.

3. start application identity.

Now, If the win10 PC is started ,applying the 3 GPO's works fine, but when I restart the PC, the system crash. I check applying one by one and restarting the system, and the problem appears, when I apply the app identity GPO.

computer-policies-windows settings-security settings-system services- application identity set to auto


Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>