Hello,
I'd like to know how can I disable remote access (RDP) as LOCAL Administrator to our Work-Stations. So only AD users could access remotely on this work stations.
I know I can block it locally on each PC, but I'd like to do it using GPO policy if it is possible.
Thank you in advance!
Regards.
Hi,
We've configured the GPO setting "Delete user profiles older than a specified number of days on a system restart" which is applied to Windows 10 Enterprise computers.
This setting successfully deletes local user profiles after the specified number of days, but leaves the user profile folders at C:\Users\
You can check under 'Advanced System Settings --> User Profiles' and the profiles are not listed, however the users profile folder is not removed from C:\Users\ All the user data and files are still present taking up disk space, freeing up space is one main reason for wanting this setting.
The next time the same user logs in, they get a user profile folder under C:\Users\ in this format 'username.domainname'. If they login again they get 'username.domainname.001', then 'username.domainname.002' and so on.
Similar to this:
https://community.spiceworks.com/topic/2115362-gpo-delete-user-profiles-older-than-a-specified-number-of-days
This cant be expected?
hi All
can someone point me in the right direction on how to set this proxy via GPO policy.
I can find some proxy settings but it sets on IE
are there any GPOs for this setting.
Appreciate the help
thank you in advance
Hi,
I am trying to secure several Windows Server 2008 terminal server; although this also applies to Vista.
In the 'Network' window there is a button to 'Search Active Directory'. I want to prevent users from doing this. Ideally I want to completly remove the 'Network' location from the start menu and from explorer. Alternatively I would like to remove the 'Search Active Directory' button from that window.
Could anyone offer me any assistance with this. I have searched in depth in 2k8 group policies by cant find any way of disabling either feature.
Many Thanks,
Ben
Good Day,
I am setting up some Windows 10 systems and I would like to remove some of the apps (People, Mail and Calendar) as we use Outlook. I have found a way to remove them with scripts which I can run on each system so that any user logging on would not have them with there profile but I feel that a feature update will just install the apps again which is my dilemma.
So my question...Is there a Group Policy that will hide or disable the apps in windows 10 so that users will no longer see them?
If so can you provide some detail on them
Thanks
Adam Raff
Hi All
We have one group policy object with user configuration, specifically used the preferences .
Preferences --> Windows Settings --> Registry
Registry item (Key path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings, Value name: AutoConfigURL)
The value data contains pac file address
We have done the item level targeting by adding a security group.
There are more than 15 users in this group, Some of the users are facing the issue. There proxy settings are falling back to other pac file which is in different GPO. However that GPO is linked to all users( There is no item level targeting). I have pulled the GPresult, Precedence is taken by the GPO which has itemlevel targeting. Kindly advice
Affected users are getting below events in application log.
Hello support,
I have Windows Server Essential 2016 that was migrated from SBS 2012. This was done over a year ago. everything is working and no issues. when it was originally set up I created two network Mapped drives via Group Policy. Today i wanted to make some modification to the current mapped drives and create another one but I am unable to do so. when I go to the Windows settings under user configuration, preferences nothing opens or show up. please take a look at the picture. I appreciate your help.
Thanks,
Jamshid
We have a Computer Config policy with 'All Removable Storage classes: Deny all access' enabled, this applies to the computers OU. This works as expected in that users are unable to use USB storage devices.
We also have a User Config policy with 'All Removable Storage classes: Deny all access' disabled, this applies to the users OU with security filtering on the 'USB-Allow' security group. This doesn't work as expected as members of said security group are unable to use USB storage devices.
I take it that Computer Config 'All Removable Storage classes: Deny all access' win over User Config 'All Removable Storage classes: Deny all access'?
How should we go about denying access to removable storage on ALL systems EXCEPT for certain users?
We want to disable removeable storage against the computer so it applies to both local and ADDS accounts.
Hi,
This error has been a pain since it happened a week ago. Tried this link https://support.microsoft.com/en-us/help/2486643/sco-unable-to-generate-a-temporary-class-result-1-error-when-you-execu . I've been spending a lot of time on WSDL refactoring based on similar stuff from other sources, among them is this link https://stackoverflow.com/questions/6678934/unable-to-generate-a-temporary-class-result-1-error-cs0030-cannot-convert-ty showing how to modify the xsd schema here and there. But none of it has worked so far. Has anyone found a workaround? or a solution on how to go about it on orchestrator?
Looking forward to response(s).
Regards,
jc
I'm running CMD as administrator but when I run GPRESULT /R so I can also see computer policies that are applied or fitlered out, I get "The user xxx does not have rSoP data".
AD forest is 2012 R2 level
All the required firewall ports within the Windows OS is open
AD environment contains Windows 10 and Windows 7 OS
Within GPMC, if I right-click and OU and select group policy update the push is successful only on Windows 10 Machines. When it comes to Windows 7 it fails with error 800706ba The RPC Server is unavailable.
In my research I found that on all Windows 7 machines, in the task scheduler there is no group policy task folder in the following path:
\Microsoft\Windows\GroupPolicy
How do recreate the group policy task scheduler folder on Windows 7 machines?
Hi,
In GP there are both: Startup/Shutdown Scripts
Then User Configuration has Logon/Logoff Scripts
Both groups have "normal" scripts and Powershell scripts
Now when I go to Administrative Templates-System-Scripts there are even more options to choose:
For Powershell Scripts direct policies are 2, then there are general policies like "run startup/logon scripts" and my question is : are Powershell Scripts included in those policies even if there is no direct policy like "run Powershell scripts async/sync" etc? Normal way of running scripts is "basic" first then "Powershell". Can anyone expand on this?
We have a remote desktop server which I need to allow a subset of users access to. This needs to be extremely restricted to allow access only to certain key programs. I can sort this fine. However, I have been also requested to deny access to certain file types, eg .txt, .xml etc
I assumed I could do this using Software Restriction.
So have created a group with a test user, used this as the scope for the group policy and applied a path rule of *.txt.
Restarted the server, yet when I logon with my test user, they can still open txt files etc.
Any ideas where the issue may lie or is there a better way?
Regards
Ian
I have an issue, wherein, I have three AD DCs. I have several GPOs that point different OUs to different forced Desktop Backgrounds. When I edit the GPO, I simply changed where the background file will be (it exists, and can be reached by everyone). I did this on the baseline server, and when I went to look at the other DCs, and I went into edit on the GPO, and I see that the change has replicated, and it is now pointing to the new share for the background image.
This is where it gets funny though. The background picture was always on a server which we wanted to decommission. So we moved it to another server, shared it, and can access it from anywhere as anyone. However, as machines got rebooted, the backgrounds started to show up black on the users machines.
When I went into Group Policy Manager, and went to the GPO (without opening it to edit), I looked at the "settings" and it showed the OLD server path and background file. It did this for maybe 12 GPOs where this background is forced to different OUs. ALL of them when you edit the GPO show the correct new path, but they all show in GPM under Settings, the old path. And all three AD DCs are the same way.
I don't see any issues with replication. It does not have to do with any SMBv1 sharing issues. It just has one path setting when you open and edit the GPO, but another in the summary (that should simply reflect what is inside the GPO). And it would appear that the original path is still what is in place, since the backgrounds are turning black instead of having the image which was simply moved to another server. I have checked and double checked the path, made sure it could be reached from any machine by anybody. The path that is inside the GPO when you edit it IS correct.
Any help or ideas would be greatly appreciate.
I've got some RDS servers and when a user locks the terminal the switch user button is not there. However if you login to the rds server via the hyper-v console it shows up. Maybe something to do with the Dell Wyse Terminals we are using? We are using the Wyse 3040 terminals.
I've added the GPO
Computer Configuration\Administrative Templates\System\Logon - Hideentry points for Fast User Switching and set it to disabled.
Still not luck, any ideas?
thank you
Hello Everyone,
I was trying to implement ODFB "silently move Known folders to onedrive" GPO for all the test computers.
steps: Created one GPO for computers and applied for the OU which has test computers
2. created another GPO for users only and implemented "prevent users from changing the location of their Onedrive folder" and some other policies. This one was applied to a security group. ---- this part is working fine.
However, the KFM GPO for the computer is not working. I ran GPresult CMD and the log shows that my policies are applied successfully. However when I verify "registry key" HKey_current_user\SOFTWARE\Policies\Microsoft\OneDrive , there are no registries registered for KFM GPO.
I ran Gpupdate /force, however nothing seems to be working. I also tried to logout and login back 4-5 times and still there is no luck.
current OneDrive version: 19.070.0410.0005
enabled:
Note: There is no existing GPO policy to redirect folders other than KFM.
DO anyone know how to investigate this issue? I verified registry key and there are no keys for KFM, however if I ran gpresult /h I am getting the log which shows that GPO's are applied successfully.
I applied a group policy for computer configuration to push an app to a user PC.I already added the .msi package to the software installation package but when i ran gpresult /scope computer /v on the user PC i could see the app under software installation but the app can't be found on the PC.Kindly help me out.
Hi all.
I have a strange occurrence at the moment, whereby users loose access to trusted sites, the wallpaper set by GPO disappears to be replaced by a black screen and single sign on to our intranet site stops working.
the "fix" so far is to either,
1.) delete the HKLM key for Group Policy Objects then reboot and all works again. Or failing this.
2.) rename the user profile, log the user in again and everything works like a charm again.
Is there someone that can guide me in the right direction to find a solution to this bane in my existence?