Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Unable to apply lock screen custom wallpaper

March 10, 2019, 11:44 pm
$
0
0

Hi

We are trying to apply custom wallpaper for windows lock screen but we tried all the combinations and configurations it did not work even though the group policy applied on the end-user system. We are using the below client-server versions.

Windows10 Version-  1809 (OS Build 17763.107)

Windows Server 2012 - Version 6.3 (Build 9600)

Is lock screen wallpaper change option is not available for latest Windows 10 versions? if so which versions do we need to users on server and client machines?

Could someone prefer exact deployment method for lock screen deployment using Group Policy?

Let me know if you need any additional info.

Regards

Nagaraju Chengeli


Search

Windows lock screen not showing

March 18, 2019, 5:33 am
$
0
0

Hi,

We are using Windows server 2016 STD for our AD.

I have to set Lock screen image on all user PCs.

GP applied to PCs but screen is not changed.

Note : Now for test case we selected single OU.

I have run RSOP and gpresult /h C:\result.html.  (Will upload screen captures)

List of screen captures

1. GP on AD.


2.Configured group policy 


3. RSOP.MSC result on User PC.


4. Values related to registry


5. gpresult /h C:\result.html (On user pc)

Note : All users are using windows 10 pro (1809)

Thanks,

Waruna.


Waruna

GPO based on logging PC

March 18, 2019, 8:18 am
$
0
0

I have PC1 (Windows 10) and Server2 (Windows Server 2008 R2 Remote Desktop) and User MrSmith (active Directory 2008 R2 2003/XP Compliant).

User MrSmith can log on PC1 and Server2, but the applied GPO must be different: if MrSmith loggin on PC1 the applied GPO is GPOProxyNO, on Server2 GPOProxyYes.

I tried to put User in OU Accounting where there are GPOProxyYes applied and another OU Direction where is a UserGroup with MrSmith as member and with GPOProxyNo, but this method fails.

Can you help me?

Server 2016 applying group policy to domain administrator account

March 18, 2019, 1:19 pm
$
0
0

Totally confused here.  We have a number of VMs running in a failover cluster setup and the same AD group policy applied to all VMs. 

In that GPO we have enabled disk quotas to 10Gb per user and this works fine but for one VM when we logon the disk quota is also being applied to the domain admin so we cannot load certain software as it thinks there is not enough space. 

I have compared the settings between the other VMs where the quota is not applied to the domain admin account to the VM where it is and I cannot see any difference. The domain admin is a member of the local administrators group on all VMs. 

Does anyone have any suggestions as to what I should be looking for or any useful commands as I am relatively new to Windows and AD. 

Thanks 

interactive logon messages

March 18, 2019, 2:41 pm
$
0
0

Can you set more than one interactive logon message?  Example would be a legal notice and when you click ok another message pops up which you have to accept as well then it proceeds to login?

GPO Feedback

March 8, 2019, 9:21 pm
$
0
0

Hi all

How to get feedback when apply GPO to workstation ?i mean find out GPO apply to which workstation or user by detail .

Thank you in advance

How to restrict USB Tethering using GPO

March 19, 2019, 1:03 am
$
0
0

Hi Guys,

I  work on an environment With Windows Server 2012 and Clients on windows 7,8.1 and 10.

In our organisation Internet is restricted for all users. However we notices Users are accessing Internet  by connecting their Mobile phones via USB cable and Tethering using Mobile Hotspot. This is a big security threat for us.


I need to prevent Users connecting mobile phones via USB tethering and deny accessing internet.

Kindly assist.

Regards

Peter.K

Group Policy for users not working due to other GPO failed the processing?

March 5, 2019, 1:08 am
$
0
0

Some of my Group Policy for users is not working with the below error when I run the command GPUpdate /Force.
For example, I am a member of the AD group called Permanent Corporate Users, and this is the result:

Computer Policy update has completed successfully. User Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\MyDomain.com\SysVol\MyDomain.com\Policies\{65Ab29CD-B068-454A-BD31-73298424BC8}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

a) Name Resolution/Network Connectivity to the current domain controller. 
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

Upon looking at the existing group policy with the GUID 65Ab29CD-B068-454A-BD31-73298424BC8 it is because I have categorized the AD group called Permanent Corporate Users a DENY Read permission at the higher container.


So what to do to ensure the rest of the Users GPO under the OU tree is working again?
What to look in the HTML file generated by the command GPRESULT /H GPReport.html?

I need to make sure the other group policy is working or applied, but somehow not working due to this one particular GPO was DENIED to read.

I set the GPO DENY permission from the Delegation tab, then click on Advanced button, then add the AD group called Permanent Corporate Users, and then DENY the Read

This is the error when I access the GP console under my normal username as I'm part of the AD group called Permanent Corporate Users

/* Server Support Specialist */




Search

I need to be exported data from edb to pst for Exchange Server 2007 SP2

April 18, 2012, 5:41 am
$
0
0

Hi

Kindly share some idea about freeware converter edb to pst file

I need to be exported data from edb to pst for Exchange Server 2007 SP2

Regards

Md Ehteshamddin Khan

Best practices - Printer Mappings for Windows 10

February 13, 2019, 3:03 am
$
0
0

Hello everyone,

I'm researching this topic for weeks now, so I decided to ask a "simple" question here:

What is the best practice to map printers in an Windows Server 2016 environment with Windows 10-Clients?
All printers are installed on a fileserver (Windows Server 2016), shared. 
I've tested multiple ways to mount printers depending on the clients' location, none works well. I've tried to add printerconnections via GPO (Computer-Configuration), tried various options (refresh, replace etc.), created multiple guidelines (one for each printer) or one guideline for all printers.

Last thing I did was to switch back to LogonKix-Scripts, but this isn't the way to do this either.

In every scenario, printers don't get mapped, the wrong ones are mapped or everything works for a while until the system decides to destroy my hopes having a working system.

I can't be the only one trying to map printers in an environment depending on the clients location. But every Google-entry is at least 2 years old, so maybe there is an obvious solution I don't know about....

How do you do this or is there an official statement from Microsoft how to deal with this?

Thank you in advance and pls ignore the grammar; English isn't my native language.

Greetings

Marcel

Help Please - My GPO Folder redirection is not applying.

March 19, 2019, 6:59 am
$
0
0

Summary of what i'm trying to do is move Users documents from one file server to another. Problem is My GPO will not overwrite a previous policy directing the Documents to the old file server. I did not create the original policy and it has been deleted from our domain controller before i took ownership. I have isolated my own OU, testing multiple policies to move my own documents to the new server, but it always reverts to the old server file location. I can see that it did copy some of my documents to the new Server during one of my policy test, but my documents still show location on the old server. I verified that it was still connected by removing access to my own share, which resulted in hung reboot because it could not contact my old share. I have tried changing the policy to move all of my documents back to my local machine but it would not apply. I have run a reg edit tool to default my folder locations back to original, but all that accomplished was disconnecting my documents from the Server (Blank Folder). Any recommendations will be greatly appreciated. I will be working on this all day because i was asked to find a solution by the end of the week.
Thank you,

Windows 10 "Engaged Restart Transition" GPO and Feature Updates Behavior

February 5, 2018, 2:16 pm
$
0
0

We are trying to transition to a GPO/Windows Update for Business based update model, but I am frustrated with the behavior of the Feature Updates with the GPO "Specify engaged restart transition and notification schedule for updates." I have the following configured:

-Specify the timing before transitioning from Auto-restart to Engaged restart (pending user schedule: 7 days

-Specify snooze for Engaged restart reminder notifications: 1 day

-Specify the deadline before a pending restart will automatically be executed outside of active hours: 14 days

For the normal monthly/security updates, this behaves as expected, and it's great.


However, for the "Feature Updates" it doesn't seem to respect the "deadline", and computers will be perpetually waiting (far past 14 days) for the user to manually run the Feature Update. Is this normal behavior? Do Feature Updates not follow the same "deadline" as quality/security updates and never install automatically? Is there a way to force the Feature Updates to install while still maintaining the control/user friendliness of the "engaged restart" GPO?





Win 10 Pro GPO Options

March 19, 2019, 7:26 am
$
0
0

Hello,

I've been asked to ensure that our Win 10 pro boxes have certain GPOs appilied to them. Would anyone know of a list or site they could point me to that would let me know how I can disable access to items like:

xBox

StickeyNote

News

Weather

OneNote

3D Viewer

Feedback Hub, etc...

I've been looking on line and I can't seem to find anything for these apps. I don't want to uninstall anything as I feel at some point MS will decide it needs to be re-installed due to an update. My thinking is no matter what MS decides my GPO should always make sure the app is disabled.

Any help is greatly appreciated,

Scott


Mouse and Touchpad Settings

March 19, 2019, 7:21 am
$
0
0

Good morning,

I am currently deploying new laptops and I want to disable the touchpad, but not all the time. I found the setting that disables the touchpad when a mouse is connected but it only applies to the user that is logged in when the setting is made. Is there a group policy setting that I can apply to all users logging into these laptops (they have their own OU)?

GroupPolicy Event ID 1112 : The Group Policy Client Side Extension Software Installation was unable to apply one or more settings

March 8, 2019, 8:57 am
$
0
0

Hi,

Once if the LAPSx64.msi and Lapsx86.msi is copied to a share path. It is configured to install from group policy. But below message appears when updating the group policy in Windows 7 32 bit Enterprise edition.

The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.

I followed the below suggestion and it did not work

https://mywinsysadm.wordpress.com/2011/07/22/windows-7-the-assignment-of-application-from-policy-failed-the-error-was/

Please help why the above error appears and how to solve it

Regards, Boopathi

Search

Not applying group policy on some clients

March 6, 2019, 1:53 am
$
0
0

Hello

Everyday we are having some clients, that are not reachable via ping. The client is able to access every network ressource (fileshare, exchange and so on) normally. After forcing the group policy manually the client is reachable again. It wouldn't apply some of our GPO (for example: updating from our WSUS or blocking the Microsoft store) and the automatic update after 90 Minutes didn't work either.

We analysed the eventviewer logs and the only error we found was following:
Error: Bandwidth estimation failure: Failed to query Intranet capability. Error code 0x15.

That happend usually in the morning. After some researches we changed the GPO Processing mode to asynchrous (always wait for the network at computer startup and logon):
https://blogs.technet.microsoft.com/grouppolicy/2013/05/23/group-policy-and-logon-impact/ 

After this change it seemed to be better, there were cleary less clients that are having gpo problems. But we are still having cases, where clients are not applying the group policy correct. 

What could cause this problem with our group policy?

Further information about our environment:

Client OS: Windows 10 (1709)

DC OS: Windows Server 2012 R2 and Windows Server 2016

Continued support or versions of Microsoft Advanced Group Policy Management

July 22, 2018, 11:26 pm
$
0
0

Will the Microsoft Advanced Group Policy Management 4.0 tools continue to be supported past the current version, which is SP3?

I ask because the Microsoft web site says it's end of mainstream support was 4/10/2018. Here is the link: https://support.microsoft.com/en-us/lifecycle/search/15961

Will there be an SP4 or another supported version, like a version 5.0?

I asked because we are looking at leveraging AGPM 4.0 SP3 but the support site says that it is already out of mainstream support.

Thanks.

Group Policy not removing from VDI

March 20, 2019, 1:09 am
$
0
0

We are running VDI environment on Windows Server 2012 R2, We have applied some hardening policies on those servers which are successfully applying. But when we remove the policy it doesnt remove from the server. On server when we run gpresult /r we dont see the policy, but when we run rsop.msc, we can see the policy is still applying. On other servers same policy is applying and removing successfully. On issue is with VDI Servers. 

Policy Name: Allow remote server management through WinRM

GPO based on logging PC

March 18, 2019, 8:18 am
$
0
0

I have PC1 (Windows 10) and Server2 (Windows Server 2008 R2 Remote Desktop) and User MrSmith (active Directory 2008 R2 2003/XP Compliant).

User MrSmith can log on PC1 and Server2, but the applied GPO must be different: if MrSmith loggin on PC1 the applied GPO is GPOProxyNO, on Server2 GPOProxyYes.

I tried to put User in OU Accounting where there are GPOProxyYes applied and another OU Direction where is a UserGroup with MrSmith as member and with GPOProxyNo, but this method fails.

Can you help me?

Windows 10 machines unable to apply Default Domain Policy (31B2F340-016D-11D2-945F-00C04FB984F9):

February 1, 2019, 10:57 pm
$
0
0

Hello Team,

Group Policy processing failed. Windows attempted to read the \\Domain Name \ <g class="gr_ gr_6 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling" data-gr-id="6" id="6">sysvol</g> \ Domain name \ Policies \ {31B2F340-016D-11D2-945F-00C04FB984F9} \ gpt.ini file from a domain controller and was unsuccessful. Group Policy settings cannot be applied until this event is resolved.

Only happens to Windows 10. Windows 7 and 8 are not affected machines (affected and nonaffected) are able to navigate to the path of the gpt.ini  without any issue.

Gpupdate throughs an error with Computer policy update failed. Test file on SYSVOL is getting replicated across all of the DC's

Could anyone suggest what could be the reason behind and the fix?

Regards, Aatif Kungle


Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>