Sokneang SAM
Dear Team,
I want to create folder redirection from GPO, my scenario is user will save the date on user desktop and wherever he will login he has get same data on his desktop.
Thanks in advance.
Bhaskar
Hello!
Have a task to install Windows SNMP service to a lot of my servers at once. Can i use Group Policy for this task?
Can i install Windows Feature to a lot of my servers via Group Policy? Can i configure this feature with GP? For example SNMP Security and other service option.
Thank you!
Hi,
Where i can download the AGPM version 4.0 SP3 server and client installtion files?
I searched over the net but unable to get the mentioned version.
I'm following an old microsoft article on fixing SceCli error 1202 and in step 4 of this: https://support.microsoft.com/en-us/help/324383/troubleshooting-scecli-1202-events it has you use this command: find /i “account name” %SYSTEMROOT%\security\templates\policies\gpt*.*
That command I guess has since server 2000, had it's syntax changed since when I go to do it in Server 2012R2 it says the parameter format is incorrect. If anyone might know the correct format for it, that would be fantastic.
Edit: Have checked the ACL of the 'groupPolicyContainer' in the schema, and the group in question have the following:
Allow domain\admingroupB SPECIAL ACCESS for groupPolicyContainer
CREATE CHILD
The Group Policy Creators Owners group has exactly the same displayed.....
Hello,
Scenario: Let's say there is already existing GPO 1(Test Gpo), then you decide to import settings from GPO2 into it...
Then you go through the wizard. The example settings are below:
My question is how importing settings from another GPO2 to given GPO(Test Gpo) would behave?
a)would the new settings wipe out the old totally and only GPO2 setting would be enforced?
(no settings from GPO1 would remain)
b)cumulative settings would be applied if conflicted?
GPO1 over GPO2? or GPO2 over GPO1
c)GPO1 settings would remain untouched no matter what GPO2 has?
What would be the values of:
enforce password history- 3 or 5?
min password age- 20 or 40?
complexity requirements? enabled or not
reversible encryption? enabled or not
Can anybody shed some light on this question?
Thank you!
Hi
Kindly share some idea about freeware converter edb to pst file
I need to be exported data from edb to pst for Exchange Server 2007 SP2
Regards
Md Ehteshamddin Khan
I would like to force PCs to be restarted in the evening time (for example at 10pm) if a user has kept postponing the restart after Windows 7 updates have been installed. Is there a group policy option that will do this?
Thanks for any replies.
Hi,
I have an OU called "Sales" multiple GPO has linked in sales OU.
There is a blank loopback GPO also linked to sales ou, in that blank loopback GPO there is no user and computer configured only "merge" option enabled.
My assumption is if any GPO does contains any user or computer settings however if loopback merge is enabled technically that GPO does not gives any benefits.
Please confirm I will unlink the GPO.
I run a Doman with two DC with AD and a few other servers and 40 computers. All client computers are in the same OU. I have recently got WSUS running and I have a GPO set up called "WSUS - Client". in the GPO I have the following setting
This is the RSOP results for several computers. Some computers have the correct info. Like I said before all computers are under the same OU
I have looked at all GPOs and this is the only GPO with info for WSUS.
I tried removing a computer from the domain and reinstalling it and this didn't fix the problem. I have move computer to a different OU under the domain and then back. This didn't change anything either.
I have also removed enforce and unlinked the GPO. When I do that and run RSOP I don't get any info from windows update as it should be. When I relink and enforce it comes back the same way. At one point I did try to install WSUS on the server that is listed in the computer's RSOP but I could get it to run the post install so I removed the roles and installed it on a different server. So at one point the GPO did sayhttp://flow:8530. This server no longer exist.
We have a domain environment, and we push out global settings via GPO to Windows 10 (and some Windows 7) machines.
GPO's specific to preventing the viewing or changing of network connection/adapter properties work as expected for users that are not Local Administrators on their machines.
Some of our users (ie developers) MUST have local admin rights on their machines due to some of our software requirements.
Since Windows 7, Local Admins have access to view/change network settings/properties by default, regardless of any GPO being enforced.
Does anyone know whether any "new" functionality has been introduced since, which will allow us to prevent local admins from being able to view/change network adapter settings?... Or another way in which this could be enforced?
If not by group policy, maybe registry?
We ideally want to start preventing local admins from being able to view or change IP/DNS settings etc.
Unfortunately, not having these users as Local Admins is not an option for us.
We are running the ADMX for 1809. Windows 10 Enterprise 1809. When we launch Group Policy and set the
Windows Components - Data Collections and Preview Builds
Configure Telemetry opt-in Change Notifications = Enabled
Configure Telemetry opt-in setting user interface = Enabled
The Registry keys apply on the workstations BUT these settings DO NOT appear in the Group Policy "HTML report" nor in the Group Policy MMC snapin where it shows all the other settings.
The ADMX and ADML work of course or we wouldn't be able to see the settings to set them. However, we cannot set the settings unless we can see them being set?
I have never seen settings not show up before in 25 years of adm and admx usage.
lforbes
We have a domain environment, and we push out global settings via GPO to Windows 10 (and some Windows 7) machines.
GPO's specific to preventing the viewing or changing of network connection/adapter properties work as expected for users that are not Local Administrators on their machines.
Some of our users (ie developers) MUST have local admin rights on their machines due to some of our software requirements.
Since Windows 7, Local Admins have access to view/change network settings/properties by default, regardless of any GPO being enforced.
Does anyone know whether any "new" functionality has been introduced since, which will allow us to prevent local admins from being able to view/change network adapter settings?... Or another way in which this could be enforced?
If not by group policy, maybe registry?
We ideally want to start preventing local admins from being able to view or change IP/DNS settings etc.
Unfortunately, not having these users as Local Admins is not an option for us.
Is there maybe an updated or equivalent GPO to the following which works with Windows 7 and above?:
User Configuration -> Administrative Templates ->
Network -> Network Connections -> "Enable Windows 2000 Network Connections settings for Administrators"
Hello,
We have remote desktop environment where users logon through Thin Client. Controlled office 2010 has been provided to users. There is urgent requirement to disable Internet and network paths with hyperlink check box available in Word>options>proofing>Auto Correct Options>Auto format as you type. I have checked group policy and no option available.
Problem screenshot is also attached.
Thanks
Rox_Star
Hi
I can not find any article to show me how to disable "add account to mail" with GPO
i want to disable all except Exchange.
Thanks
I have a test VM of Win10 1809 within its own OU, 'Testing Computers.'
The computer itself is joined to the domain but is logged in for now with the local administrator account.
Some group policies are linked to only this OU and they don't apply.
Some group policies are linked to this OU *and* to the 'Domain Workstations' OU, which includes all our other Windows 7 PCs, notebooks, etc.
GPOs applied to the 'Domain Workstations' OU do apply as expected but not to the one computer in 'Testing Computers' OU.
The security group 'Domain Computers' has been given 'Read' permissions on all our GPOs in Delegation.
All our GPOs contain only 'Authenticated Users' in Security Filtering, the 'Testing Computers' OU is on the Scope tab.
No WMI filters are used, the Win10 VM has been activated with a MAK key and rebooted after being changed back to DHCP.
I've reviewed the '10 steps' for group policy troubleshooting and can't find that I've done anything wrong.
The Win10 1809 adml/admx files have been installed into the Central Store.
The domain controllers are Windows Server 2016.
Why are GPOs not applying?? Running gpresult /h /f on the computer gives me a report that says no GPOs are applying.
I have a GPO to remove the shutdown/restart options on Server 2016. It works fine on member servers, but it does not work on DCs. I know this is probably a permissions issue but I am wary of making changes without checking with others who may have had to do this themselves.
The GPO was introduced when we deployed 2012 servers because the layout of the power options made it too easy for someone in a hurry to restart or shut down a server. I created another GPO to do the same, just using a different WMI filter when we started to install 2016. We are in the process of upgrading the domain to 2016 and need to make sure the option to accidentally shut down a DC is removed.
Anyone encountered this issue and, more importantly, have a solution to it?
