Hi All,
Successfully downloaded the brand new Windows 10 (1903) and want to deploy and poke around in the GPO options in my LAB.
But...
I can't find a download link to the ADMX templates?
Where do we get the ADMX templates for 1903 from to load into PolicyDefinitions?
Thanks in advance,
durrie.
Hi,
We were formally using Win32_Battery to find mobile devices but this has became a problem when desktop computers are connected to a UPC. The desktops are being wrongly identified as mobile devices and then mobile device policies are being applied to them.
I created a GPO with a WMI Filter:
Namespace: root\CIMv2
Query: select * from Win32_SystemEnclosure where ChassisTypes = "{8}" or ChassisTypes = "{9}" or ChassisTypes = "{10}" or ChassisTypes = "{11}" or ChassisTypes = "{12}" or ChassisTypes ="{14}" or ChassisTypes = "{18}" or ChassisTypes = "{21}"
Although the WMI query examples that I have seen do not use { } in the query, when I used it without { }, I did not see the new GP applied to my test device. When I use PowerShell to get the ChassisTypes for my test device, it returns {9}. WMIC also returns {9}.
The status right now is that the new GP is not being applied with either version of the query above (with/without {}). What do I need to do to get a GPO to apply to mobile devices?
Hi there!
I have the following GPO, which is supposed to install a printer:
When I log on to an affected system and check the applied GPOs via...
GPRESULT /USER MYUSER /R
...I can also find the GPO:
What I can not find is the printer. However, if I enter the path to the printer in "Run", I have it immediately.
What did I do wrong?
I am running a 2016 domain The I am unable to edit GPOs. Just a few weeks ago I was able to edit them with no problems. No I get the following error
This is happening will all of my GPOs not just one. I can navigate to the Windows\SYSVOL\domain\Policies folder and open any of the GPO folder with no problem.
I have fixed this problem once by changing permissions of the Sysvol folder to full control for the domain administrator. That fixed the problem. Now the problem is back and the permission for the Sysvol folder are still set to full control for the domain administrator. I tried it directly from the server and using the remote admin tools. The only GPO that I can edit is the default Domain. I have 12 different GPOs set up for different things.
What is the criteria that the user profile service looks at before deleting a profile on reboot.
I had an issue where a user stayed logged in for an extended amount of days without logging off and his computer rebooted. Upon logon again, he was given a completely new profile and the old profile was deleted.
I looking for what exactly is being queried to see if a profile should be deleted.
Hi,
We currently have a GPO created as we want to disable a few systems where the screen saver does not appear on the screen and prompt for a password each time after 20 minutes. These are windows 10 computers.
I created a GPO to disabled Enable Screen saver, disable password protect the screen saver and screen saver timeout is set to 0 Seconds.
The issue is the GPO looks to be applying to the machine as I can see the password protect timeout is set to 0 but the system screen saver comes on and after I hit any key on the keyboard I have to type in the password. The system is getting the correct GPO but not sure exactly what I am doing wrong.
The GPO string is User configuration> Policies> Administrative Templates> Control Panel/Personalization
Hope someone can help me understand why this keeps happening.
I have a dll that needs to be saved and registered on every client once (20 computers).
How can this be done? do you have a step by step?
I read this can be done by adding a file this can be done under Computer Configuration> Windows Settings > Security Settings > File System
hi all
i want to implement a new roaming GPO but i have a question abut ( enable roaming on primary computer )
if i assign group's in primary computer attribute on the domain (msDS-PrimaryComputer ) that mean the same user will have more than one primary computer this will effect the roaming GPO .
i work in a company that have a lot off users which they work also in shifts and they use every computer and im palning to delete profiles on non user primary computer ( the main case is my PC's Storage is full and i need roaming in same time )
Dear Support,
Please guide us to restrict user to save files to desktop,documents and other folder through group policy.
Regards,
Itsupport
Hi
I'm sitting with a dilemma. We have about 1500 computers on the network and about 500 of them have no TPM's (models e.g HP 4540s, HP 450 G0, HP 450 G1 to name a few.) I have a WMI filter on the TPM GPO that works 100%. The non-TPM computers shows access denied to this GPO when you do a "gpresult /r".
Non-TPm computers uses: Recovery Key backed up to AD(Numerical Password) and Password(e.g "P@ssw0rd").
TPM computers uses: Recovery Key backed up to AD(Numerical Password) and TPM.
The TPM computers however starts with the wrong GPO. 90% of the time, the TPM computers starts encrypting with the non-TPM GPO. I have been looking at WMI filters and still failing.
One example is: "SELECT * FROM Win32_SystemDriver where NOT Caption LIKE 'Trusted Platform%' ".
I need a WMI filter or powershell script to test for TPM presence(e.g "(Get-Tpm).TpmPresent") and thenNOT apply to the TPM group if the TPM is not present.
Thanks in advance.
Regards,
Shorty
Hi,
I have on desktop icons created by GPO, some icons are configured as Replace some as Update and they are as system object to run C:\Program Files\Internet Explorer\iexplorer.exe specific www sites.
Now I would to edit these shortcuts to open it in default browser instead of Internet explorer, so I changed its as URL and saved.
Now the problem is these new icons are appear as new instead replace previous. So I have doubled every icons.
How to configure existing icons to edit its properties, but not to create new ones?
I had GPO working nicely, but now they don't seem to apply. The Group Policy Modelling Wizard gives the right results, but GPRESULT run from the users' account on the TS does not mention my policy objects in either the Applied or Denied sections.
As I said this was working perfectly - now suddenly stopped. I've got nothing appearing in the event logs. Running RSoP.MSC on the user's account does say
"The RSoP snap-in was unable to generate the computer's data due to insufficient permissions"
But when I tried to run "GPRESULT /Z " it work normally and I can Run RSoP.MSC on the user's account and I have the report again.
GPRESULT /Z : Displays all available information about Group Policy. This includes detailed settings that were applied with a precedence of 1 and higher.
My question is : how can Policy back to normal using "Gpresult /Z"
Hi everyone,
I have a cenario where users could request the installation of some whitelisted software.
I was wondering if it's possible to sign those softwares, maybe using Microsoft SignTool, and allowing installation using a GPO to verify the signature or certification.
Has anyone tried anything similar?
Any thoughts?
Thanks in advance!
Samuel
Ok so I have been working on this problem for almost two weeks now, I'm entry level and my boss is having me do this while he is busy upgrading some of our servers. I've posted a few different questions here, and have gotten some answers, but after having worked on it for so long now I think I'll be able to pose my question better.
Currently we have two domains, a production domain, and a development domain. The production domain is the one all our employees computers and IP phones are on. The dev domain is a somewhat replica of the production domain and it is our experimental environment.
I've been tasked with replicating the Group Policy of our production DC in our dev DC. I've gotten almost all of it, which has been quite the project because like I said it is a somewhat replica so I have had to alter some things to fit the dev environment.
Now this may not come as a surprise to you but the thing that has been giving me the most trouble has been dictating the Start Layout with group policy. I have set up folder redirection to point to a list of apps, and I also have an xml file that I had exported on a test computer and used that on the DC.
The problem is this, when a new user logs into the computer, it doesn't load the xml file correctly. No matter how many gpupdate /force, restarts, etc. I do it doesn't matter, it won't load it. It has Notepad in one of the groups I have, and also all the apps in the taskbar that I have, but nothing else that is supposed to be there is there.
But then if I add 1 line of white space onto the xml file and save that, then log off and log in on the test computer, boom the start layout looks exactly like it is supposed to.
This happens with multiple different users, on multiple different test computers. They are all in the correct OU with the same policies being applied and the same permissions, I have removed all other polices to see if any are conflicting, and nothing.
I have scoured the internet over the past couple weeks, I have asked friends, I have posted here multiple times, I cannot find a solution to this problem. If anyone can think of a solution I will take any suggestion.
<LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"><LayoutOptions StartTileGroupCellWidth="6" /><DefaultLayoutOverride><StartLayoutCollection><defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"><start:Group Name="Applications" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"><start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\Latitude.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\Internet Explorer.lnk" /></start:Group><start:Group Name="Microsoft Office" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"><start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\Outlook 2013.lnk" /><start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\Skype.lnk" /><start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\Excel 2013.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="2" Row="2" DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\Word 2013.lnk" /></start:Group><start:Group Name="Tools" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"><start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\notepad.lnk" /><start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\Calculator.lnk" /><start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\Snippingtool.lnk" /></start:Group></defaultlayout:StartLayout></StartLayoutCollection></DefaultLayoutOverride><CustomTaskbarLayoutCollection PinListPlacement="Replace"><defaultlayout:TaskbarLayout><taskbar:TaskbarPinList><taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" /><taskbar:DesktopApp DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\Internet Explorer.lnk" /><taskbar:DesktopApp DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\CRM.website" /><taskbar:DesktopApp DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\Sharepoint.website" /><taskbar:DesktopApp DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\Report Manager.website" /><taskbar:DesktopApp DesktopApplicationLinkPath="\\apr-dev-dc1\startmenus$\StartMenu\Outlook 2013.lnk" /></taskbar:TaskbarPinList></defaultlayout:TaskbarLayout></CustomTaskbarLayoutCollection></LayoutModificationTemplate>
Hi
IE Security Settings – Local Intranet Zone
ActiveX controls and plug-ins
1 Allow ActiveX Filtering
2 Display video and animation on a webpage that does not use external media player
Miscellaneous
3 Allow webpages to use restrict protocols for active content.
I cannot locate the three polices under “User/or Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone/”
can someone please advice
Hi,
I want to remove all program from start layout by using GPO for that i have taken the Backup of empty start layout and copied the xml file in the path.But is not working and i want to disable Windows search by using GPO.
XML
Harsha