Dear Support,
Please guide us to restrict user to save files to desktop,documents and other folder through group policy.
Regards,
Itsupport
↧
Restrict user to save file on desktop,documents,and etc.
↧
Individual user admin access for desktops using GPO
Hi,
I have AD infrastructure running on 2012R2 domain controller, my client PC’s are win7, win10.
My desktop user’s needs admin access for their using desktop alone, there are 4000 desktops resides in my network.
I aware adding individual user to local administrators group does not recommended.
If I follow AGLP method for providing access, however my users will get admin access to all desktops.
How do I grant individual users access to each desktops, is there any option available in GPO.
Additionally I want to restrict my users adding other users in local administrators group of their owning desktops.
↧
↧
GPO icon with replace create new icon
Hi,
I have on desktop icons created by GPO, some icons are configured as Replace some as Update and they are as system object to run C:\Program Files\Internet Explorer\iexplorer.exe specifis www sites.
Now I would to edit these shortcuts to open it in default browser instead of Internet explorer, so I changed its as URL and saved.
Now the problem is these new icons are appear as new instead replace previous. So I have doubled every icons.
↧
MS Policy Analyzer don't display all policy types!
Hi All ,
I'm trying to use MS policy analyzer to compare between GPOs , i tried to import GPO files , or user policies and computer policies but it seems the analyzer doesn't display all GPOs i have .
ex. i have a logon script in the User configuration >> Policies >> Windows Settings ..... the script is linked to a file .
When i import all GPOs in the analyzer, i never see this logon script policy .... when i save all GPOs as HTML , i can confirm i see the logon script policy .
Any idea why i can't display all policy types ?
Thanks
↧
Error (0X80070020) occured saving settings file
Hi,
I am having this error when try to make changes in the existing GPO (User Configuration>Preferences>Window Settings > Files)
Thing is, the source file is no longer available and need to update to the new one.
Error "the process cannot access the file because it is being used by another process" and no changes can be done.
Any advice?
Nursyafika
↧
↧
Hard quota
Hi all
how can i apply hard quota through roaming profile or the only way is through folder redirection i have a file server and i installed FSRM role on it .
↧
GPO for Scheduling Tasks not executed
Hello,
I should make GPO to change one wallpaper at 07:00 AM and change other wallpaper at 03:00 PM.
I have made two bat files.
I want to execute them with schedules tasks via GPO. My DC is Windows Server 2008 R2 Standard, The client PC is Windows 10.
My bat file content following:
reg add "HKCU\Control Panel\Desktop" /v Wallpaper /f /t REG_SZ /d path
RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True
exit
I have executed it successfully local on client PC . I make GPO with following parameters:( see attached screenshot).
The task available in the tasks in client PC and ecuted sucssessfylly but nothing happen.
Could you help mi , please?
↧
How to disable offline files by users
Hi,
we are currently testing a migration to work folders instead of Offline Files
All is working except I can't find a way to disable offline files usage by users.
The gpo "allow or disallow use of the offline files feature" can't be used because it's only a computer gpo and we have shared computers so all users will not be migrated at the same time.
I have try to use the user gpo : "Specify administratively assigned offline files" and set it to disabled for users that have been migrated to workfolders but it doesn't seem to work
GPO description :
If you disable this policy setting, the list of files or folders made always available offline (including those inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can
still specify their own files and folders for offline use).
the gpo is applied but when i go sync center I still see the folder :
I have look in registry, the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\NetCache is empty ...
Thanks for your help
↧
Fast User Switching disabled after Windows Update
Windows 10 1709 x64
CU May 19th 4505062 and CSU June 11th KB4503284 were installed last week. The option to Switch User is now missing from the user menu in Start.
A gpresult report does not show "Hide Entry Points for Fast User Switching" as being confirmed on the client and so the patch seems to have switched this to disabled by default.
Setting "Hide Entry Points for Fast User Switching" in local gpedit.msc brings the option back. The option says "Switch Account" now.
↧
↧
Before downloading firstly fill a desclaimer form with all details then start.
I need a policy , when User try to download any thing in System then firstly fill a desclaimer Form and save the data like Logs then Download start.
↧
Group Policy & RSOP
Hi all, I am setting up a new proxy, and in the Group Policy of my test group I have set a certificate to be installed, and the proxy IP to be added to Internet Options.
When I log into one of my test machines, I can see that the certificate has been installed, but the IP has not been amended.
I have run RSOP, and when I check the User Config section, all I see is Software Settings, Windows Settings, and Administrative Templates, ie the Preferences section is hidden completely. Has anybody ever come across this before? It is in this section in GP that the proxy IP is set up, so I am thinking that this particular subset of GP is somehow deactivated?
↧
dll that needs to be saved and registered on every client once
I have a dll that needs to be saved and registered on every client once (20 computers).
How can this be done? do you have a step by step?
I read this can be done by adding a file this can be done under Computer Configuration> Windows Settings > Security Settings > File System
↧
Drive Mapping/Network Location Design and Performance Impacts
Hello,
My company is currently mapping drives using a logon script that was created 15 years ago with very little maintenance and thought as to how to properly maintain it. It is at a point where we don't have anymore drive letters to use, more security groups then actual employees to manage NTFS permissions, an enormous amount of custom drive mappings to various locations, and it is getting out of control.
My end goal is to get rid of using the logon script and use group policy to map drives. The thing is I need to keep everyone happy at the same time which I know is most likely going to be impossible.
My first idea is to restructure file servers at the root level and maybe one to two levels by organizing it my location and maybe department. Then create a standard of mapping at a much higher level in the file tree. This of course would break some users ability to find their files and open stuff from recent files in word, excel, etc.
My second idea is to get rid of mapped drives completely. Just map them as network network location using a GPO and then use item level targeting to map the network location using the security groups already in use for NTFS permissions.
The thing is, there are at least 500 security groups currently in use for NTFS permissions and the logon script also uses them to map drives.
If I stuck everything into one GPO and use item level targeting to map 500 different network locations by specifying a security group, will this negatively impact the users login time?
Are there any other ways to tackle this issue? I was thinking about using DFS as well but there are just so many shares I'm not quite sure what is the best way to do this. Are there any 3rd party utilities that I could use?
It seems like the work to move away from the logon script would make users to angry to benefit from moving away from logon scripts.
Any suggestions and ideas are greatly appreciated.
Thanks!
↧
↧
Remove the Taskbar
Hi,
How to remove Taskbar completely in Windows 10(Version 1903).
Best,
Harsha
Harsha
↧
Group policy question... Something prevents the .net framework 3.5
Hello to everyone!
I am having windows 10 computers inside our organization that needs to have enabled the windows feature '.net framework 3.5 (includes .net 2.0 and 3.0). If i remember correctly is giving me this error code: 0x800F0906. I believe there is a group policy that prevents enabling that feature. Could you please help me out what i have to check inside group policy editor?
if you need any additional information please let me know.
Thank you
↧
How would I exclude some users from "Do not allow storage of credentials" policy?
I need to have my environment set to not allow regular users to store their credentials for Apps or RDP. However, I need to have some accounts, mostly service accounts, be able to store credentials.
How would I be able to exclude them because AFAIK "Network Access: Do not allow storage of passwords and credentials for network authentication" is applied to computers and can only exclude computers, not users.
↧
WMI filter/security filter for non-TPM computers GPO
Hi
I'm sitting with a dilemma. We have about 1500 computers on the network and about 500 of them have no TPM's (models e.g HP 4540s, HP 450 G0, HP 450 G1 to name a few.) I have a WMI filter on the TPM GPO that works 100%. The non-TPM computers shows access denied to this GPO when you do a "gpresult /r".
Non-TPm computers uses: Recovery Key backed up to AD(Numerical Password) and Password(e.g "P@ssw0rd").
TPM computers uses: Recovery Key backed up to AD(Numerical Password) and TPM.
The TPM computers however starts with the wrong GPO. 90% of the time, the TPM computers starts encrypting with the non-TPM GPO. I have been looking at WMI filters and still failing.
One example is: "SELECT * FROM Win32_SystemDriver where NOT Caption LIKE 'Trusted Platform%' ".
I need a WMI filter or powershell script to test for TPM presence(e.g "(Get-Tpm).TpmPresent") and thenNOT apply to the TPM group if the TPM is not present.
Thanks in advance.
Regards,
Shorty
↧
↧
Wallpaper group policy issues
I configured a default wall paper for all users in the organisation.I applied the policy on user configuration on the AD and all user were able to see the wallpaper after a restart, those that couldn't get the policy i did gpupdate /force on the
PC and it showed.the issue now is that some of the user whose wall paper were showing before is no more showing .If the same user log in another domain joined computer the wallpaper shows but if he login in his own PC the wallpaper refuse to show.The
second issue is that after the user logged in another domain joined computer the wall paper policy stopped working for current user on thesame PC but works on another PC.This really look strange to me.kindly help me out
↧
Are there any issues with the ADMX 1903 (german adml)?
Hi,
with the first released version of the 1809 admx files we had so many problems. Are there any issues with the 1903 ADMX files?
Especially with the german adml files?
Best Regards.
↧
How to push proxy exceptions via Group Policy.
Hello Guys,
I just pushed the proxy settings via GPO. Created/Updated registry values like ProxyServer, ProxyEnable successfully via GPO but I am not able to push proxy Exceptions via GPO. When I created 'ProxyOverride' registry value (via GPO), it cleared the value of proxy address.
Please help to resolve this.
↧