Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Group Policy to add network location

June 28, 2019, 4:51 am
$
0
0

My client is having problem with Outlook dropout with PST files

PST are located on users home drive mapped as normal group policy

So H = \\server\share\%username%

PST listed as H:\Exchange\file.pst

This breaks outlook

f you setup a manual Add Network Location (windows 10) to \\server\share\%username%\Exchange and then reattach PST it shows as \\server\share\username\Exchange\file.pst rather that H:\Exchange\file.pst

Outlook now works fine

Regardless of the whys its easier to just try to have a GPO to replicate what Add network location does - can I do this ??

Ian Burnell, London (UK)

Search

OneDrive GPO Resource String Error

June 28, 2019, 7:56 am
$
0
0

I have put the ADMX and ADML files into \\[domainname]\SysVol\[domainname]\Policies\PolicyDefinitions like I have done for other policies before, when opening Administrative Templates in the GPO it gives me the following error:

Resource '$(string.GPOSetUpdateRing)' referenced in attribute displayName could not be found.

File
\\[domainname]\SysVol\[domainname]\Policies\PolicyDefinitions\OneDrive.admx, line 23, column 235

Not entirely sure what I'm doing wrong, I'm on Windows 10 1903, the DC is Server 2016, OneDrive version 19.086.0502.0006, I got the ADMX and ADML from %localappdata%\Microsoft\OneDrive\[version#]\adm

Here is line 23 from the ADMX

<policy name="GPOSetUpdateRing" class="Machine" displayName="$(string.GPOSetUpdateRing)" explainText="$(string.GPOSetUpdateRing_help)" presentation="$(presentation.GPOSetUpdateRing_Pres)" key="SOFTWARE\Policies\Microsoft\OneDrive">

And what it's calling in the ADML

<!-- turn on GPOSetUpdateRing for app updates --><string id="GPOSetUpdateRing">Set the sync client update ring</string><string id="GPOSetUpdateRing_help">Updates to the OneDrive sync client (OneDrive.exe) are released to the public through three rings-first to Insiders, then Production, and finally Enterprise. This setting lets you specify the sync client version for users in your organization. When you enable this setting and select a ring, users won't be able to change it.

Insiders ring users will receive builds that let them preview new features coming to OneDrive.

Production ring users will get the latest features as they become available.

Enterprise ring users get new features, bug fixes, and performance improvements last. This ring lets you deploy updates from an internal network location and control the timing of the deployment (within a 60-day window).

If you disable or do not configure this setting, users will get OneDrive sync clients updates when they become available in the Production ring. Users can join the Office or Windows Insiders programs to get updates on the Insiders ring.</string><string id="Enterprise">Enterprise</string><string id="Production">Production</string><string id="Insider">Insiders</string>


OneDrive Group Policy Resource String Error

June 28, 2019, 9:58 am
$
0
0

I'm following this article: https://docs.microsoft.com/en-us/onedrive/use-group-policy 

So I've copied my ADML and ADMX file over to \domain\sysvol\domain\Policies\PolicyDefinitions (I'm using a centralized store), I've done this before for other policies such as Chrome etc and have not had an issue, however, the OneDrive ADMX is giving me an error when I expand Administrative Templates:


Resource '$(string.GPOSetUpdateRing)' referenced in attribute displayName could not be found.



File \\domain\SysVol\domain\Policies\PolicyDefinitions\OneDrive.admx, line 23, column 235

So I checked both line 23 on the ADMX and what it calls on the ADML, which are below:

ADMX:

<policy name="GPOSetUpdateRing" class="Machine" displayName="$(string.GPOSetUpdateRing)" explainText="$(string.GPOSetUpdateRing_help)" presentation="$(presentation.GPOSetUpdateRing_Pres)" key="SOFTWARE\Policies\Microsoft\OneDrive"><parentCategory ref="OneDriveNGSC" /><supportedOn ref="windows:SUPPORTED_Windows7" /><elements><enum id="GPOSetUpdateRing_Dropdown" valueName="GPOSetUpdateRing"><item displayName="$(string.Enterprise)"><value><decimal value="0" /></value></item><item displayName="$(string.Production)"><value><decimal value="5" /></value></item><item displayName="$(string.Insider)"><value><decimal value="4" /></value></item></enum></elements></policy>

ADML:

<!-- turn on GPOSetUpdateRing for app updates --><string id="GPOSetUpdateRing">Set the sync client update ring</string><string id="GPOSetUpdateRing_help">Updates to the OneDrive sync client (OneDrive.exe) are released to the public through three rings-first to Insiders, then Production, and finally Enterprise. This setting lets you specify the sync client version for users in your organization. When you enable this setting and select a ring, users won't be able to change it.

Insiders ring users will receive builds that let them preview new features coming to OneDrive.

Production ring users will get the latest features as they become available.

Enterprise ring users get new features, bug fixes, and performance improvements last. This ring lets you deploy updates from an internal network location and control the timing of the deployment (within a 60-day window).

If you disable or do not configure this setting, users will get OneDrive sync clients updates when they become available in the Production ring. Users can join the Office or Windows Insiders programs to get updates on the Insiders ring.</string><string id="Enterprise">Enterprise</string><string id="Production">Production</string><string id="Insider">Insiders</string>

I'm not 100% on editing an ADML/ADMX so I'm not sure what could be wrong, but I don't see anything based on what I'm seeing? Any help would be appreciated as I'm running out of options, but here is what I'm trying to accomplish: set up a GPO to auto log users into OneDrive, then also set Desktop, Documents and Pictures to sync in the background for the user.

Also, I'm using Windows 10 1903, the DC is Server 2016, OneDrive version 19.086.0502.0006,

Thanks in advanced!


Group Policy causing corrupt User profiles

June 20, 2019, 5:19 am
$
0
0

Hi all.

I have a strange occurrence at the moment, whereby users loose access to trusted sites, the wallpaper set by GPO disappears to be replaced by a black screen and single sign on to our intranet site stops working.

the "fix" so far is to either,

1.) delete the HKLM key for Group Policy Objects then reboot and all works again. Or failing this.

2.) rename the user profile, log the user in again and everything works like a charm again.

Is there someone that can guide me in the right direction to find a solution to this bane in my existence?

Restrict access to certain file types

June 7, 2019, 1:53 am
$
0
0

We have a remote desktop server which I need to allow a subset of users access to.  This needs to be extremely restricted to allow access only to certain key programs.  I can sort this fine.  However, I have been also requested to deny access to certain file types, eg .txt, .xml etc

I assumed I could do this using Software Restriction.

So have created a group with a test user, used this as the scope for the group policy and applied a path rule of *.txt.

Restarted the server, yet when I logon with my test user, they can still open txt files etc.

Any ideas where the issue may lie or is there a better way?

Regards

Ian

Is it possible to set up a GPO to allow non-admin users to install signed software?

June 28, 2019, 12:01 pm
$
0
0

Hi everyone,

I have a cenario where users could request the installation of some whitelisted software.

I was wondering if it's possible to sign those softwares, maybe using Microsoft SignTool, and allowing installation using a GPO to verify the signature or certification.

Has anyone tried anything similar? 

Any thoughts?

Thanks in advance!

Samuel

Apply Group policy to only specific IP subnets using WMI filtering.

June 28, 2019, 12:09 pm
$
0
0

There is a group policy I want to apply a group of specific IP subnets and not to all. To achieve this, I created a below WMI filter query for a particular subnet, attached it to a GPO and this is working fine. 

select * from Win32_IP4RouteTable where Name like "10.x.50.%"

My question is, I have list of specific subnets (for example below list), so how to fit all those subnets in this single WMI query. 

10.x.50.x
10.x.60.x
10.x.70.x
10.x.80.x
10.x.90.x



Domain Administrator unable edit GPO

June 17, 2019, 10:36 am
$
0
0

I am running a 2016 domain The I am unable to edit GPOs.  Just a few weeks ago I was able to edit them with no problems. No I get the following error

This is happening will all of my GPOs not just one.  I can navigate to the Windows\SYSVOL\domain\Policies folder and open any of the GPO folder with no problem.

Search

2008r2 upgraded to Server 2019/ GPP Scheduled task not showing option for Windows 10?

June 28, 2019, 3:22 pm
$
0
0

Hey Guys

We have recently upgraded our Domain controller from 2008r2 to Server 2019.

In group policy management editor, under GPP/ Scheduled tasks, I was expecting to see the option for Windows 10, but I only have the same options that I had for 2008r2 ?

Is this correct?



Server 2008r2 upgrade to Server 2019 / are the new admx templates in central store?

June 28, 2019, 3:52 pm
$
0
0

Hey Guys

We have just upgraded our Domain controller from 2008r2 to 2019.

On 2008r2 we had a central store, that had legacy templates in it, I then added Windows 10 templates to it and chose "overwrite" for any that had the same name (windows\Sysvol\Domain\Policies\PolicyDefinitions) ...which has migrated over to 2019

My question is, now that the OS has been upgraded, how can I be sure that the templates for the Group Policy Management Editor are new?

I am concerned it is still reading from the old 2008r2 templates, as the graphics/icons look the same (old)? :

I would appreciate assistance please...thanks.


Multiple *.adml, *.opal files, why??

June 26, 2019, 9:37 am
$
0
0

I downloaded and extracted the latest Office 2016/2019 admx files and corresponding adml files and opax/opal files.

I observed that now instead of one adml file, there's multiple numbered adml files. Same for the Office opal files.

e.g. access16.opal, access16.opal0, access16.opal1, access16.opal2, up to .opal9

e.g. access16.adml, access16.adml0, access16.adml1, access16.adml2, up to .adml9

Why is this?? What does this mean?? I assume all the adml files, numbered or not, should be put into the central store.

Also, where are opax/opal files installed??

Thank you, Tom


Group Policy not automatically applying

June 20, 2019, 10:51 am
$
0
0
Hello, I am testing out Windows 10 1903 in my environment and am having issues with some GPO's not automatically applying that have up until now.  When I log onto the computer and run gpresult it shows all the policies as it should, and when I manually run gpupdate /force the policies apply properly, but not automatically as in the past.  I have checked the wmi and security filtering on the policy and that is set correctly.  Domain controller is Server 2016.  Sorry for the kind of generic info but any info would be appreciated.  Thanks!

User Folders not Deleted with GPO "Delete user profiles older than a specified number of days on a system restart"

June 6, 2019, 7:11 am
$
0
0

Hi,

We've configured the GPO setting "Delete user profiles older than a specified number of days on a system restart" which is applied to Windows 10 Enterprise computers.

This setting successfully deletes local user profiles after the specified number of days, but leaves the user profile folders at C:\Users\

You can check under 'Advanced System Settings --> User Profiles'  and the profiles are not listed, however the users profile folder is not removed from C:\Users\  All the user data and files are still present taking up disk space, freeing up space is one main reason for wanting this setting.

The next time the same user logs in, they get a user profile folder under C:\Users\  in this format 'username.domainname'.  If they login again they get 'username.domainname.001', then 'username.domainname.002' and so on. 

Similar to this: https://community.spiceworks.com/topic/2115362-gpo-delete-user-profiles-older-than-a-specified-number-of-days

This cant be expected?

Group Policy modelling error

July 1, 2019, 9:06 am
$
0
0

Unable to generate the report , getting below error.

"An error occurred while generating report:

The given key was not present in the dictionary."

Getting this error only for few GPO's



Domain Administrator unable edit GPO

July 1, 2019, 9:42 am
$
0
0

I am running a 2016 domain The I am unable to edit GPOs.  Just a few weeks ago I was able to edit them with no problems. No I get the following error

This is happening will all of my GPOs not just one.  I can navigate to the Windows\SYSVOL\domain\Policies folder and open any of the GPO folder with no problem.

I have fixed this problem once by changing permissions of the Sysvol folder to full control for the domain administrator.  That fixed the problem.  Now the problem is back and the permission for the Sysvol folder are still set to full control for the domain administrator.  I tried it directly from the server and using the remote admin tools.  The only GPO that I can edit is the default Domain.  I have 12 different GPOs set up for different things.

Search

Printer mapping using GPP

April 27, 2011, 4:49 am
$
0
0

Hello

I have in several occasions experienced problems with the GPP print mapping feature. I receive the following error:

Group Policy object did not apply because it failed with error code '0x80070bc4 No printers were found.' This error was suppressed.

I have experienced this in a couple of different setups now, setups at different customers with different printers and both 2003 print servers and 2008/2008R2 print servers.

I create a GPO that maps printers based on AD group membership, I configure the GPP to"Run in logged-on user's security context (user policy option)" and "Remove this item when it is no longer applied" and I configured the needed AD group in the"Item level targeting" feature. Usually the GPP works at first logon, the printer maps correctly, but if I remove the user from the AD group specified in the item level targeting section, the printer is NOT deleted/removed and the error specified above appears in the event viewer.

For now I have reproduced this error message in setups at different customers and in my own test environment on RDS and Citrix XenApp 6 servers running 2008 R2/2003 R2 Service Pack 1. I have tried 3-5 different private hotfixes all aimed at different issues regarding print or GPP on 2008 R2, nothing has working so far.

Right now I am working on a new Citrix XenApp 6 server at a customer and I yet again have experinced the issue described above. I am current ly testing using on ly one printer, a Canon LBP6750 with a PCL5e driver.

Print server OS: 2008 R2 Service Pack 1

Citrix XenApp 6 server OS: 2008 R2 Service Pack 1

Both servers have all the latests updates installed, with the exception of Internet Explorer 9.



How to configure url shortcut in chrome by GPO

July 1, 2019, 11:09 pm
$
0
0
How to configure url shortcut in chrome by GPO

migrating from sbs 2011 to Winodws server 2019 essentials

June 25, 2019, 6:19 pm
$
0
0

I am planning to migrate a sbs 2011 (10 users) standard to Windows 2019 essentials. The remote web access is used by most of the users. The email is office 365 essentials. here are my questions.  I appreciate your support.

1- what is the alternative for Remote web Access? 

2- Should i get Windows 2019 or Windows 2019 essentials for this migration? apart from the os costs do I get any other benefits now the essential is so stripped>

3- is it recommended to get the RDS licenses and the GoDaddy Certificate to have the RWA? or is it cheaper and better to get GoToMyPC or something similar?

4-  I know Microsoft is pushing Azure.  But, if I have one or two LOB of business applications and file and print sharing and average internet speed, is it worth it to try Azure?

5-  When is Azure cost effective as a solution?

6- is Admin center a good replacement for the Windows server essentials dashboard, is thehttp://server/connect works for the admin center?

i appreciate your help

Jamshid

Unable to create network mapped drives.

June 18, 2019, 5:05 pm
$
0
0

Hello support,

I have Windows Server Essential 2016 that was migrated from SBS 2012.  This was done over a year ago.  everything is working and no issues.  when it was originally set up I created two network Mapped drives via Group Policy.  Today i wanted to make some modification to the current mapped drives and create another one but I am unable to do so.  when I go to the Windows settings under user configuration, preferences  nothing opens or show up.  please take a look at the picture.  I appreciate your help.

Thanks,

Jamshid

Where to get ADMX templates - 1903?

May 22, 2019, 12:37 am
$
0
0

Hi All,

Successfully downloaded the brand new Windows 10 (1903) and want to deploy and poke around in the GPO options in my LAB.

But...

I can't find a download link to the ADMX templates?

Where do we get the ADMX templates for 1903 from to load into PolicyDefinitions?

Thanks in advance,

durrie.

Viewing all 19997 articles
Browse latest View live
Search