Hi.
We have a bunch of PCs with Office 2019 and an other bunch with 2016.
I was wondering whether there's a way to specify both in a file association .xml file through the File Exporer set default associations GPO template so that depending on which of the two is present it will assign that version to the mailto protocol.
Does anyone know if this would work if I add two lines to the .xml mentioning both versions? Will it just assign it to whichever of the two is present?
Thanks.
Hi
IE Security Settings – Local Intranet Zone
ActiveX controls and plug-ins
1 Allow ActiveX Filtering
2 Display video and animation on a webpage that does not use external media player
Miscellaneous
3 Allow webpages to use restrict protocols for active content.
I cannot locate the three polices under “User/or Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone/”
can someone please advice
hi all
i want to implement a new roaming GPO but i have a question abut ( enable roaming on primary computer )
if i assign group's in primary computer attribute on the domain (msDS-PrimaryComputer ) that mean the same user will have more than one primary computer this will effect the roaming GPO .
i work in a company that have a lot off users which they work also in shifts and they use every computer and im palning to delete profiles on non user primary computer ( the main case is my PC's Storage is full and i need roaming in same time )
Hello, i have a problem with Active Directory, i have 2 servers(windows 2016 and windows 2008) with active directory(replication) and few others servers. I have setup(in Group Policy Management) account lockout after 10 invalid logon attempts, and for testing, lockout duration 1 min. (my policy is forced and first piority)
Now, if I enter the wrong password 3 times, AD blocks me, but does not unblock after a minute(im waiting few minutes).
Where do i have to change something, to block after 10 mistakes, and unlock after a set time?
The LockoutStatus tool, say im locked after 3 bad pwd count.In resultant set of policy is old set-up with 5 invalid logon attempts, and 30min duration.(after 30 min still not unblocking me)
Hello, i have a problem with Active Directory, i have 2 servers(windows 2016 and windows 2008) with active directory(replication) and few others servers. I have setup(in Group Policy Management) account lockout after 10 invalid logon attempts, and for testing, lockout duration 1 min. (my policy is forced and first piority)
Now, if I enter the wrong password 3 times, AD blocks me, but does not unblock after a minute(im waiting few minutes).
Where do i have to change something, to block after 10 mistakes, and unlock after a set time?
The LockoutStatus tool, say im locked after 3 bad pwd count.In resultant set of policy is old set-up with 5 invalid logon attempts, and 30min duration.(after 30 min still not unblocking me)
Platform: Windows 10 Pro x64
Domain Functional Level: 2016
I am having an issue with Slow-Link Mode for Offline Files. I have set the below group policy to disabled:
Which means that a folder should never go in to Slow-Link mode while connected to a network share/resource. I only want the share/resource to go to Slow-Link mode (Work Offline / Offline Files) if the share/resource is inaccessible, not with a slow latency/connection.
However I see the following log in the Event Viewer (Applications and Services\Microsoft\Windows\ Offline Files\Operational):
Event ID= 1004
Description: Path \server\share$ transitioned to slow link with latency = 81 and bandwidth = 258888
A folder that is not synchronized for offline use has a grey X on it so when I try to open the folder, it says
I have also tried using the registry editor to add the Key and DWORD value with no success (supposedly only confirmed to apply up to Windows 8).
HKLM:\Software\Policies\Microsoft\Windows\NetCacheSlowLinkEnabled
REG_DWORD = 0
I can manually remove the "Work Offline" flag when I'm in the folder, but I don't want to make users do this, as it should never work offline unless there is NO network connectivity.
The network latency is only for users connected to VPN working from home, so as I understand Windows default value for transitioning to Slow-Link mode is 35ms round-trip latency, and the users go up to 100ms round-trip latency on VPN.
Also, I have made nearly all the same configurations as in this article: https://social.technet.microsoft.com/Forums/windows/en-US/ca9921e5-3fb8-41dd-b46e-eb4cf3f74a2d/on-slow-connections-automatically-work-offline-uncheck?forum=win10itpronetworking
Any suggestions or has anyone configured a similar scenario for Windows 10 environment?
Is there a way to force a Windows 10 computer to slow down the boot process so that Group Policy gets a chance to run?
I setup a program to install on all networked computers and it installed fine on all of the Windows 7 computers but doesn't install on the Windows 10 computers.
I've modified these settings in the local group policy:
Computer Configuration - Administrative Templates - System - Logon
Always wait for the network at computer startup and logon - Enabled
Computer Configuration - Administrative Templates - System - Group Policy
Configure Logon Script Delay - Disabled
Those settings slowed it down enough to allow the drives to map properly and show the users home directory, but it's not slow enough to install a program.
The Event Log has two entries:
Warning - Application Management Group Policy - 108 - None
Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274
Warning - Group Policy (Microsoft-Windows-GroupPolicy) - 1112 - None
The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
However the application has yet to install and we rebooted the computer six times. How do we get the computer to apply GP?
Thanks,
Jessica
Hello to everyone!
I am having windows 10 computers inside our organization that needs to have enabled the windows feature '.net framework 3.5 (includes .net 2.0 and 3.0). If i remember correctly is giving me this error code: 0x800F0906. I believe there is a group policy that prevents enabling that feature. Could you please help me out what i have to check inside group policy editor?
if you need any additional information please let me know.
Thank you
Hi,
How to remove Taskbar completely in Windows 10(Version 1903).
Best,
Harsha
Harsha
Hi
We are trying to apply custom wallpaper for windows lock screen but we tried all the combinations and configurations it did not work even though the group policy applied on the end-user system. We are using the below client-server versions.
Windows10 Version- 1809 (OS Build 17763.107)
Windows Server 2012 - Version 6.3 (Build 9600)
Is lock screen wallpaper change option is not available for latest Windows 10 versions? if so which versions do we need to users on server and client machines?
Could someone prefer exact deployment method for lock screen deployment using Group Policy?
Let me know if you need any additional info.
Regards
Nagaraju Chengeli
Hi,
We currently have a GPO created as we want to disable a few systems where the screen saver does not appear on the screen and prompt for a password each time after 20 minutes. These are windows 10 computers.
I created a GPO to disabled Enable Screen saver, disable password protect the screen saver and screen saver timeout is set to 0 Seconds.
The issue is the GPO looks to be applying to the machine as I can see the password protect timeout is set to 0 but the system screen saver comes on and after I hit any key on the keyboard I have to type in the password. The system is getting the correct GPO but not sure exactly what I am doing wrong.
The GPO string is User configuration> Policies> Administrative Templates> Control Panel/Personalization
Hope someone can help me understand why this keeps happening.
Hi
I'm sitting with a dilemma. We have about 1500 computers on the network and about 500 of them have no TPM's (models e.g HP 4540s, HP 450 G0, HP 450 G1 to name a few.) I have a WMI filter on the TPM GPO that works 100%. The non-TPM computers shows access denied to this GPO when you do a "gpresult /r".
Non-TPm computers uses: Recovery Key backed up to AD(Numerical Password) and Password(e.g "P@ssw0rd").
TPM computers uses: Recovery Key backed up to AD(Numerical Password) and TPM.
The TPM computers however starts with the wrong GPO. 90% of the time, the TPM computers starts encrypting with the non-TPM GPO. I have been looking at WMI filters and still failing.
One example is: "SELECT * FROM Win32_SystemDriver where NOT Caption LIKE 'Trusted Platform%' ".
I need a WMI filter or powershell script to test for TPM presence(e.g "(Get-Tpm).TpmPresent") and thenNOT apply to the TPM group if the TPM is not present.
Thanks in advance.
Regards,
Shorty
I have a dll that needs to be saved and registered on every client once (20 computers).
How can this be done? do you have a step by step?
I read this can be done by adding a file this can be done under Computer Configuration> Windows Settings > Security Settings > File System
Hello,
i wanted to know is it possible to make a GPO for richcopy software to automatically backup everyone's computer in the office? The way i have it set up right now is over the past weekend i set a task on each machine individually to run the richcopy file to backup all files on the machine everyday when the user is logged in at a specific time. Now my boss gave a challenge to figure out if what i did for each machine could have been achieved by making a GPO to do this. By the way I am using MW S2012-R2 as the DC and W10 for all machines in the building.
Thanks
Hi!
I would like to deploy a program via GPO wich require admin right. I setting user policy, Software distribution\ and makeing the package Published (thats the ideal, tried assigned too). I am using UNC path at the package. The user (with no admin right) can access the share, and see in control panel\install from network location the new program. But still can not install, 'admin priviliges needed' error.
I even enabled the following gpo:
User Configuration\Administrative Templates\Windows Components\Windows Installer \ "Always install with elevated privileges"In the group AND computer policy too. Still no luck, restarted, forced gpo update a hundred times.
Server: Win Server 2016 Standard Client: Win 10 pro x64
Problem is same as here: https://social.technet.microsoft.com/Forums/en-US/1aecdac4-c274-4d14-85ea-432a9674f70d/pushing-out-software-that-quotrequiresquot-admin-rights?forum=winservergen
Still none of here suggested working for me.
One more interesting thig: If i choose assign, the available program icons do not appear in desktop or start menu ( or i miss understanding something source : https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc783635(v=ws.10) ). I do not choose install at logon, i would like to instal on demand.
Any help would be welcome. We do not have SCCM and i do not like to use intune. I know this is maybe the worst option, but i very like to make this work.
Thank you
Hello,
I have a GPO to associate the JNLP extension files to the JAVAWS.EXE program, and set as default.
However, the icon of the files that have the JNLP extension is not correct. I have to right click the file, open with, and check the "Always use this app to open JNLP
files" checkbox in order to make the files to show the correct icon.
Where do I fix this in my GPO?
Many thanks.
Hello,
I need to deploy the below reg file to a group of computers:
Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\JNLPFile\DefaultIcon]@="C:\\Program Files\\Java\\jre1.8.0_211\\bin\\javaws.exe,0"
I am trying a GPP>reg page, but it does not seem to work. Would someone please check and advice?
My ultimate goal is to have the result in the second screenshot.
I've already submitted this to MSFT via Feedback and resolved my issue for now, so this is basically informational for anybody coming across the same thing and searching for a resolution.
After installing the Win10-1803 GPO Templates, I'm presented with the below error:
Resource '$(string.Win7Only)' referenced in attribute displayName could not be found. File \\SysVol\...\Policies\PolicyDefinitions\SearchOCR.admx, line 12, column 69
I searched the folder on my PC where the files were installed. There's no SearchOCR.admx file in the new download, but there is an ADML file. After reinstalling the old and new ADML files, I found that the old file has a line for Win7Only, where the new one doesn't.
After reverting to the Win10-1511 SearchOCR template files, it's working normally again.