Hello, I am testing out Windows 10 1903 in my environment and am having issues with some GPO's not automatically applying that have up until now. When I log onto the computer and run gpresult it shows all the policies as it should, and when I manually
run gpupdate /force the policies apply properly, but not automatically as in the past. I have checked the wmi and security filtering on the policy and that is set correctly. Domain controller is Server 2016. Sorry for the kind of generic
info but any info would be appreciated. Thanks!
↧
Group Policy not automatically applying
↧
policy for blocking subject editing in outlook 2013 i
I need that my users with outlook 2013 can not edit the subject of the emails.
I have researched and disabled the option "allow in-cell editing"
Are 1000 users I need a policy to block this option in all users?
I have installed the outlook ADMX 2013 but I can not find the option
I have researched and disabled the option "allow in-cell editing"
Are 1000 users I need a policy to block this option in all users?
I have installed the outlook ADMX 2013 but I can not find the option
↧
↧
GPO For Specify Settings for Optional Component Installation When Using WSUS
How can I configure a GPO to have WINDOWS 10 FEATURE ON DEMAND pulled from WSUS?
I found that OPTIONAL COMPONENTS (like RSAT and .NET) are not appearing on my customers Win10 Pro/Ent PC's (nearly all 1903 now) even though they use WSUS and have WINDOWS 10 FEATURE ON DEMAND selected
Sooo, I found the GPO for "Specify Settings for Optional Component Installation..." DOWNLOAD REPAIR CONTENT AND OPTIONAL FEATURES DIRECTLY FROM WIN UPDATE INSTEAD OF WSUS which gets around the problem but strikes me as duplication. Why go to MS WUpdate when the files should be on the LAN's WSUS?
Thoughts?
Ian Matthews www.urtech.ca www.commodore.ca
↧
Allow connections from only the computers running remote desktop with NLA
We want to set the option "Allow connections from only the computers running remote desktop with NLA " for all servers and desktops (windows 7 /10 / Server 2008 R2 / 2012 r2 / 2016)
This is not necessarily a RDSH server.
How to achieve it with GPO
↧
Windows 10 apps and Group Policy
Good Day,
I am setting up some Windows 10 systems and I would like to remove some of the apps (People, Mail and Calendar) as we use Outlook. I have found a way to remove them with scripts which I can run on each system so that any user logging on would not have them with there profile but I feel that a feature update will just install the apps again which is my dilemma.
So my question...Is there a Group Policy that will hide or disable the apps in windows 10 so that users will no longer see them?
If so can you provide some detail on them
Thanks
Adam Raff
↧
↧
GPRESULT /H GPReport.html =>ERROR: Invalid pointer
When I enter GPRESULT /H GPReport.html I get the following error...ERROR: Invalid pointer
With the syntax /X it´s possible to get an xml report. Any ideas?
Thanks in advance
Martin
↧
GPO to disable LanmanServer SMB1 not being applied
Hi,
I've setup a default domain policy GPO to disable SMB1 for both server and workstation on a Windows Server 2008 R2 machine, and all attached workstations as per article https://support.microsoft.com/en-gb/help/2696547/detect-enable-disable-smbv1-smbv2-smbv3-in-windows-and-windows-server
My GPO looks the same as the one in the article, but when I gpupdate /force the lanmanserver registry setting on the server and other workstations is not being created. gpresult shows only the lanmanworkstation/MRxSMB10 changes are being applied, the create item which set SMB1 to 0x0 is not listed at all.
Does anyone have any suggestions as to what is failing ?
Thanks
Tony
↧
desktop folder redirection change, now files disappearing
took over from another Admin ... server 2012 R2 AD, windows 10 clients
He had a group policy that redirected favorites and desktop and documents to
\\server\D\users\%username%\favorites\
\\server\users\%username%\desktop\
\\server\D\users\%username%\documents\
but \\server\users and \\server\D\users are actually the same location, he had shared both D and Users. I was having a few clients with problems saving to their Desktops, plus the inconsistencies of the format above was bothering me so I changed it
to
\\server\D\users\%username%\favorites\
\\server\D\users\%username%\desktop\
\\server\D\users\%username%\documents\
and then the next day about 10% of the users started to loose the files on their Desktop. Some were fine after I restored from a backup, others would go missing once or twice more and then they were fine. Logging into a Remote App or Remote Desktop seem to increase the likelihood of this happening, but it was not a 1:1 correlation. By the EOD it seemed everything had settled in and we were all good ... until the next day when it was 15% of the users, some the same, some not, that it was happening to again
I know it's not just me because https://social.technet.microsoft.com/Forums/en-US/abeaade0-774d-4bba-94e4-b2f4deb886f8/desktop-folder-redirection-files-disappearing?forum=winserverGP
The first reply really describes my problem verbatim, but he suggests"you should redirect them to local userprofile location first, then modify the location to where you want after the policy has been applied." but that means multiple reboots of 100+ computers and it just seems there has to be a more straight forward approach ... and is \\Server\D\Users = \\Server\Users why would it even matter?
When I go to Event Viewer and look at System and Application logs, there is nothing there that indicates why this is happening ... called MS for support, but our 100+ Office 365 accounts don't count for anything when you need Server help
TIA,
Jordie
↧
OK to add several computers to security filtering instead of using a security group?
I have a scheduled task that I would like to push to various PCs. However, I want it to apply ASAP. If using a new AD security group, machines will need to reboot to see that it has been added to a group before applying the GPO settings. Is it okay to
add several machines directly to the security filtering for the GPO? Any reason not to?
↧
↧
Lock Screen GPO not applying on Windows 10 Pro v 1709
Hello Admin,
am trying to apply Lock Screen GPO but it’s not applying
My Environment Details
• Windows Server 2016 Std
• Windows 10 Pro 64 bit – Version 1709
GPO Settings are
Created Share folder with everyone Read permission
Applied GPO as per your MS instructions, but it’s not applying. "Computer Configuration \ Policies \ Admin Templates \ Control Panel \ Personalization"
I checked registry it’s updated
Can you help me on this
↧
Proxy GPO
hi All
can someone point me in the right direction on how to set this proxy via GPO policy.
I can find some proxy settings but it sets on IE
are there any GPOs for this setting.
Appreciate the help
thank you in advance
↧
Deny USB storage on all systems - Allow USB storage for certain users
We have a Computer Config policy with 'All Removable Storage classes: Deny all access' enabled, this applies to the computers OU. This works as expected in that users are unable to use USB storage devices.
We also have a User Config policy with 'All Removable Storage classes: Deny all access' disabled, this applies to the users OU with security filtering on the 'USB-Allow' security group. This doesn't work as expected as members of said security group are unable to use USB storage devices.
I take it that Computer Config 'All Removable Storage classes: Deny all access' win over User Config 'All Removable Storage classes: Deny all access'?
How should we go about denying access to removable storage on ALL systems EXCEPT for certain users?
We want to disable removeable storage against the computer so it applies to both local and ADDS accounts.
↧
Security Filtering
I am trying to get only the permissions listed under Security Filtering for the group policy objects. Since I have many GPOs I want to perform this through a script. However when I export the GPOs as XML, I don't see any element for security filtering specifically. I can see the TrusteePermissions, however there is nothing which differentiates between the Security Filtering permissions and the permissions under the delegation tab. Is there anyway to get the Security Filtering permissions only for the GPOs using powershell.
Currently I am trying to query $xml3.GPO.SecurityDescriptor.Permissions.TrusteePermissions.Trustee.Name
However it is listing the permissions in the delegation as well as security filtering tab, I just want the permissions under Security Filtering.
↧
↧
DNS manager console is not showing all entries.
There are four DNS servers (For convenient understanding, lets assume server A with IP 7.7.7.7 ; Server B with IP 8.8.8.8 ; Server C with IP 9.9.9.9 & server D with 10.10.10.10 . All of them are replicated with one another. Replicate regularly. There are 6972 work station entries in DNS manager. Unfortunately After opening DNS manager of server A, I can't see all entries except couple of parent folder from yesterday.
Server Manager dashboard & DNS manager shows the following errors,
When we are adding other servers (Server B,C or D) using "connect to a DNS server" option in that defect machine(Server A), shows same problem.But when we add server A in Server B,C or D using "connect to a DNS server" option, we get DNS manger working appropriately. DCDIAG shows an error in Server A given below,
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
Remaining three servers are showing all records appropriately.
Wahid.
↧
Execute script through task manager didn't work
Hi to all,
i'm trying to deploy this simple script through GPO using a scheduled task:
Script: C:\Windows\System32\cmd.exe
Arguments: netsh advfirewall firewall set rule group="Windows Firewall Remote Management (RPC)" new enable=yes
The rule is correctly deployed on client but it's loop. Task Scheduler last execution column says "The activity is currently running (0x41301)".
Thanks in advance for the answers.
↧
App pushed through group policy not applying on user PC
I applied a group policy for computer configuration to push an app to a user PC.I already added the .msi package to the software installation package but when i ran gpresult /scope computer /v on the user PC i could see the app under software installation but the app can't be found on the PC.Kindly help me out.
↧
Microsoft LAPS and Local Admin User Setting (Password Never Expired)
Dear All,
i have small issue With LAPS wit Local Admin User Setting (Password Never Expired)
LAPS not able to change the password because local admin setting ( Password Never Expired) checked.
i guess it can be done via GPO?
Waiting your Advise
Regards
Dweik
↧
↧
Where to get ADMX templates - 1903?
Hi All,
Successfully downloaded the brand new Windows 10 (1903) and want to deploy and poke around in the GPO options in my LAB.
But...
I can't find a download link to the ADMX templates?
Where do we get the ADMX templates for 1903 from to load into PolicyDefinitions?
Thanks in advance,
durrie.
↧
User GPO doesn't apply when computer in certain OU
Hi Everyone,
I have a weird issue with group policies not applying when the computer account is not in a certain OU.
Let me explain.
I have a new domain with separate OUs for Desktops and Laptops, and another OU for users. Each OU has a specific GPO to accomplish different tasks.
When the computer is in the Desktops OU, everything works fine, which means the computer gets its computer GPOs (thus the computer policies) and the logged in user gets settings as defined in the Users GPO. No problems there.
The issue, however, is that when I place a computer in the Laptops OU, only the computer policies apply, butnot the user policies. If I move the computer account to the Desktops OU, it works properly and everything gets applied.
I checked for all kinds of filtering, group memberships etc, but there is none. I even created a different OU to test, but that one exhibits the same issues as the Laptops OU.
Searching support groups for this issue has gotten me nowhere, so here I am asking you guys.
Any help is greatly appreciated.
George↧
Outlook 2016 GPO Settings Not Being Applied
Hi All,
I am using Office 2016 downloaded via a Office 365 subscription. Operating in a Server 2012 R2 environment with Windows 8.1 client computers.
I am trying to setup a new GPO that will disable email alert notifications for all outlook users.
The setting in question is: software\policies\microsoft\office\16.0\outlook\preferences\newmaildesktopalerts
I have confirmed that the policy is being applied by checking gpresult /r and also the rsop.msc
I can see that the correct policy is applied and the correct settings are included in that policy via rsop.msc. No other policies are setup to conflict with these rules.
Any suggestions?
↧