Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Multiple instances of printers deployed through GPO

$
0
0
For the last few weeks, I am facing problems of having multiple instances of printers deployed through GPO. In the Active Directory under Windows Server 2012R2, I have deployed two network printers (Panasonic 8035 and Konica Minolta 367) through GPO. {Default Domain Policy >>Computer configuration >> Policies >> Windows Settings >> Deployed Printers}. On various client computers containing Win 7 / 8.1, users find multiple instances of Panasonic 8035. I have gone through all the remaining Group Policy to find any duplicate entry etc, but nothing is there. Please help me out.

Start Menu and the Apps List

$
0
0

I am working on a Windows 2012 R2 server that is the DC for my network.  The employees all use Windows 10 machines governed by Group Policy. We restrict what they see in their Start Menu as well as what is in their apps list.  We updated a few computers to see how they would be affected, and while the Start Menu portion is showing the correct programs, the apps list next to that is now showing quite a few things that we don't want them to see.  We have an .xml file on the server that determines what the start menu looks like, but that .xml file doesn't affect the apps list.

My question is this: How do I hide these new apps that are now in their apps list? I have scoured the internet for this answer and can find nothing. The only thing I can find is how to hide the apps list completely which I do not want to do.

Any suggestions?

Windows 10 Computer GPO not working but User GPO works fine.

$
0
0

Thank you for your input.

I'm attempting to deploy computer policy but am unable to. I am able to deploy user policy without issue.

Server 2012R2, Windows 10

I recently applied a GPO to a computer OU to schedule a task to have them shutdown at a specific time. I ensured to:

1. Link and enforce the policy at the specified computer OU.
2. Ensured the scope included Authenticated User, Domain Computers (ensured target computer is a member) and Domain Users and that all have Read and Apply Group Policy permissions.
3. Ensured the GPO Status was enabled.
4. Ensured that the computer was in the correct OU.
5. Ensured to create a GPO affecting the Computer Configuration not User Configuration.

However, when I run the Group Policy Modeling I receive the following error:

Group Policy Scheduled Tasks Failed 
Group Policy Scheduled Tasks failed due to an error and failed to log Resultant Set of Policy information.
Additional information may have been logged. Review the application event log on the domain controller on which the simulation was run for events...
 

The event logs provides the following information:

Log Name:      Application
Source:        Group Policy Scheduled Tasks
Date:          2/4/2018 10:12:21 AM
Event ID:      8196
Task Category: (2)
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      ComputerName
Description:
The client-side extension caught the unhandled exception 'simulated execution of package to apply policy' inside: 'Access violation (0xc0000005) occurred at 0x86cd8c78; the memory at 0x000012e0 could not be read.' See trace file for more details.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Group Policy Scheduled Tasks" />
    <EventID Qualifiers="34305">8196</EventID>
    <Level>2</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-02-04T17:12:21.000000000Z" />
    <EventRecordID>14937</EventRecordID>
    <Channel>Application</Channel>
    <Computer>ComputerName</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data>simulated execution of package to apply policy</Data>
    <Data>Access violation (0xc0000005) occurred at 0x86cd8c78; the memory at 0x000012e0 could not be read.</Data>
  </EventData>
</Event>

Running GPResult /R on a PC when policy is applied does not indicate policy was received.

Suggestions please.

Start Layout policy not reading XML file correctly

$
0
0

I'm using Group Policy to dictate what is on the Start Menu. I have enabled the Start Layout policy and linked and XML file that I exported from a test machine after I had configured that start menu the way I want it.

The problem is: the start menu isn't the way it's supposed to be. Some of the GP is working because I can't edit the start menu, but I'm not sure why it isn't correctly reading the XML file.

Any suggestions are quite welcome.

Thanks

AppLocker not preventing a service from running

$
0
0

Hello,

I'm new to implementing AppLocker.  I do have it running with the default 'allow all' exe, packages, and installers. I can block packages like the "Network Speed Test" app that comes with Win10, and Valve/Steam applications.  Those all seem to be working fine and appear in the eventviewer.  However...

Next, I want to block a program from running as a service, for example the Chrome Remote Desktop service which gets installed as a service and has this path to executable in my computer:

"C:\Program Files (x86)\Google\Chrome Remote Desktop\76.0.3809.21\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"

So I go into my group policy and add a new EXE rule and deny the above remoteing_host.exe, even tried to make it more generic by not allowing the publisher.  I do a GPUPDATE /FORCE.  Then I see the service is still running.  Try to restart the service and it stops/starts fine. 

Why isn't it blocked from running?  I dont even see it being logged in the event viewer as being allowed (or blocked) to run.  Any tips on how to block the service?

Lock Screen GPO - multiple images

$
0
0

Hi

I found the following article regarding changing the lock screen to specific image

https://docs.microsoft.com/en-us/windows/configuration/windows-spotlight

I have a few questions

  1. Instead of a single specific image, is there a way to have multiple lock screen images on rotation?
  2. Also based on the GPO, I would assume that all i need to do in order to change the lock screen image from one picture to another is to just change the picture file in the designated shared location?

Thanks for your time

Group Policy not automatically applying

$
0
0
Hello, I am testing out Windows 10 1903 in my environment and am having issues with some GPO's not automatically applying that have up until now.  When I log onto the computer and run gpresult it shows all the policies as it should, and when I manually run gpupdate /force the policies apply properly, but not automatically as in the past.  I have checked the wmi and security filtering on the policy and that is set correctly.  Domain controller is Server 2016.  Sorry for the kind of generic info but any info would be appreciated.  Thanks!

Windows 10 Lock Screen GPO - Enterprise

$
0
0

Windows 10 GPO - Force a specific default lock screen image

First we copy all the necessary image files to C:\Windows\Web\Screen on all users computers - Policy then sets the lock screen image to the file located there

C:\Windows\Web\Screen\BackgroundDefault.jpg

The problem is that this only seems to apply once, if we change or replace the file then it does not update. This does not allow us to rotate the images as we have done in the past with previous versions of Windows.

Has anyone else experienced this/is there a solution? I know I have seen people who have come up with workarounds that essentially tell you to take ownership of the SystemData folder and basically just replace the files in there to 'force' it to update the images. However, this has never been a requirement before and it has always applied from the location specified in the GPO.


Bulk change of AD user passwords with Powershell script

$
0
0

Hi

I'm looking to reset in bulk AD user account passwords.  I have this script:

#
# Script: ResetPwd.ps1
# Description: Reset the password for bulk number of users, and 
# set the property to change passwrod required at next logon
#
# Written by: Anand Venkatachalapathy
#

Import-Module ActiveDirectory

# Set the default password
$password = ConvertTo-SecureString -AsPlainText “AwesomeP@ssw0rd” -Force 
 
# Get the list of accounts from the file on file
# List the user names one per line
$users = Get-Content -Path c:\MyScripts\UserList.txt
 
ForEach ($user in $users) 
{
    # Set the default password for the current account
    Get-ADUser $user | Set-ADAccountPassword -NewPassword $password -Reset
    
    #If you need to set the property “Change password at next logon”, 
    #leave the next alone. If not, comment the next line
    Get-ADUser $user | Set-AdUser -ChangePasswordAtLogon $true
    
    Write-Host “Password has been reset for the user: $user”
}

# ————- End ———–

Credit: http://anandthearchitect.com/2014/02/27/active-directory-bulk-user-password-reset-by-powershell/

This works, however it only lets me set each password to be the same. I'd like to have a second column in a source .csv which lists a unique password per user and have the script change the password as per the file.  Can anyone assist with the necessary changes to the above?  My experience with Powershell is very limited.

Any assistance is very much appreciated.

Paul


Problems with Wallpaper GPO

$
0
0

Hello.

I'm having some issues with the Wallpaper GPO in some terminals.

Scenario:

Server: Windows server 2012, completely updated.

Terminals: Windows 10 18362.

I make a copy of the wallpaper to a folder in the C of the machine, users have full permission to this folder.

I apply the GPO directed to this folder in C, so far everything is ok.

Some Windows 10 terminals are black, and do not apply to the GPO.

On these machines, I have already checked the permissions of the file, which are ok.

I also checked the HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ Wallpaper registry path that is directed to the correct folder and file, so that when I copy the path text and type in the run it normally opens.

I also checked the HKCU / Control Panel / Desktop \ Wallpaper registry, some machines were pointing to the path of the wallpaper in c, some were pointing to C: \ Windows \ web \ wallpaper \ Windows \ img0.jpg which is the image Windows 7 default, and in another it was pointing to C: \ Users \ gabriel.amaral \ AppData \ Roaming \ Microsoft \ Windows \ Themes \ TranscodedWallpaper that when I was running the file ia to the image file in the C folder.

I've tried manually putting the paths in the logs, but it did not work.

Would anyone have any tips?

Thank you!!

Multiple *.adml, *.opal files, why??

$
0
0

I downloaded and extracted the latest Office 2016/2019 admx files and corresponding adml files and opax/opal files.

I observed that now instead of one adml file, there's multiple numbered adml files. Same for the Office opal files.

e.g. access16.opal, access16.opal0, access16.opal1, access16.opal2, up to .opal9

e.g. access16.adml, access16.adml0, access16.adml1, access16.adml2, up to .adml9

Why is this?? What does this mean?? I assume all the adml files, numbered or not, should be put into the central store.

Also, where are opax/opal files installed??

Thank you, Tom


Deny USB storage on all systems - Allow USB storage for certain users

$
0
0

We have a Computer Config policy with 'All Removable Storage classes: Deny all access' enabled, this applies to the computers OU. This works as expected in that users are unable to use USB storage devices.  

We also have a User Config policy with  'All Removable Storage classes: Deny all access' disabled, this applies to the users OU with security filtering on the 'USB-Allow' security group. This doesn't work as expected as members of said security group are unable to use USB storage devices.  

I take it that Computer Config 'All Removable Storage classes: Deny all access' win over User Config 'All Removable Storage classes: Deny all access'?

How should we go about denying access to removable storage on ALL systems EXCEPT for certain users?

We want to disable removeable storage against the computer so it applies to both local and ADDS accounts. 

Wallpaper group policy issues

$
0
0
I configured  a default wall paper for all users in the organisation.I applied the policy on user configuration on the AD and all user were able to see the wallpaper after a restart, those that couldn't get the policy i did gpupdate /force on the PC and it showed.the issue now is that some of the user whose wall paper were showing before is no more showing .If the same user log in  another domain joined computer the wallpaper shows but if he login in his own PC the wallpaper refuse to show.The second issue is that after the user logged in another domain joined computer the wall paper  policy stopped working for current user on thesame PC but works on another PC.This really look strange to me.kindly help me out

Site added under a privacy tab of IE through GPO registry Not Showing in Sites Privacy Tab

$
0
0

I created the following GPO in Windows 2012r2, the registry setting and sites do get created. - However the Sites that are added to the registry don't get added to Internet Explorers Privacy Tab -Sites. - Even after a gpupdate /force.

Why don't the Sites show up in the Sites Privacy Tab example site introhive.com

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\introhive.com


and the key will be default and the DWORD value will be 1.

Outlook 2016 GPO Settings Not Being Applied

$
0
0

Hi All, 

I am using Office 2016 downloaded via a Office 365 subscription. Operating in a Server 2012 R2 environment with Windows 8.1 client computers. 

I am trying to setup a new GPO that will disable email alert notifications for all outlook users.

The setting in question is: software\policies\microsoft\office\16.0\outlook\preferences\newmaildesktopalerts

I have confirmed that the policy is being applied by checking gpresult /r and also the rsop.msc

I can see that the correct policy is applied and the correct settings are included in that policy via rsop.msc. No other policies are setup to conflict with these rules. 

Any suggestions? 



User group policy prevent addition of printers for one account and not all of them

$
0
0
I want into User group policy as administrator and turned on prevent addition of printers. The thing is though it blocks the administrator as well as the guest account to add printers. I want it to just block guest account. I dunno how to do this with user group policy. Any ideas thanks

Domain Administrator unable edit GPO

$
0
0

I am running a 2016 domain The I am unable to edit GPOs.  Just a few weeks ago I was able to edit them with no problems. No I get the following error

This is happening will all of my GPOs not just one.  I can navigate to the Windows\SYSVOL\domain\Policies folder and open any of the GPO folder with no problem.

Server 2008r2 upgrade to Server 2019 / are the new admx templates in central store?

$
0
0

Hey Guys

We have just upgraded our Domain controller from 2008r2 to 2019.

On 2008r2 we had a central store, that had legacy templates in it, I then added Windows 10 templates to it and chose "overwrite" for any that had the same name (windows\Sysvol\Domain\Policies\PolicyDefinitions) ...which has migrated over to 2019

My question is, now that the OS has been upgraded, how can I be sure that the templates for the Group Policy Management Editor are new?

I am concerned it is still reading from the old 2008r2 templates, as the graphics/icons look the same (old)? :

I would appreciate assistance please...thanks.


Group Policy to add network location

$
0
0

My client is having problem with Outlook dropout with PST files

PST are located on users home drive mapped as normal group policy

So H = \\server\share\%username%

PST listed as H:\Exchange\file.pst

This breaks outlook

f you setup a manual Add Network Location (windows 10) to \\server\share\%username%\Exchange and then reattach PST it shows as \\server\share\username\Exchange\file.pst rather that H:\Exchange\file.pst

Outlook now works fine

Regardless of the whys its easier to just try to have a GPO to replicate what Add network location does - can I do this ??


Ian Burnell, London (UK)

2008r2 upgraded to Server 2019/ GPP Scheduled task not showing option for Windows 10?

$
0
0

Hey Guys

We have recently upgraded our Domain controller from 2008r2 to Server 2019.

In group policy management editor, under GPP/ Scheduled tasks, I was expecting to see the option for Windows 10, but I only have the same options that I had for 2008r2 ?

Is this correct?



Viewing all 19997 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>