Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

Slow copy file : Data encrypt

July 25, 2019, 5:26 am
$
0
0

Hi every body.

I have a Windows domain with a lot of servers (2012, 2016, 2019). All of the servers are virtual in vSphere 6.5

I have a 10 Gbps network and iSCSI 10 Gbps storage SSD and HD 10k. The SAN is new from 3 days :-) Before I had already 10 Gbps storage, no SSD.

When I copy file between 2 virtuals servers, I have ~300 Mo/s, not very good at all. It's better with this new SAN, but there is a problem.

I did many test and I find the problem. I use the security baseline GPO from Microsoft and the problem come from here !

In the MS security baseline, the data are encrypt, see capture :

If I disable all this value, my file copy increase to 700 Mo/s !

Can you explain me exactly what do these parameters please ? Is it very important to leave them enable ?

There is the same security baseline for the client computer in Wimdows 10 :-(

Many thanks for the explanation.

Best regards

Search

User Policies NOT Applying

July 25, 2019, 7:29 am
$
0
0

Hi, 
I've noticed an issue where I've linked a User GP to the required OU's, but it doesn't seem to be applying?

One problem we have is that they have put almost all their GP's (Computer and User) in the Default Domain Policy, so I'm trying to move away from that slowly.

This policy makes a change to the Internet Connection LAN Settings under preferences, so should be a pretty simple policy, the only complicated bit is that the domain policy has multipleInternet Connection LAN settings as well. This policy however is further down the structure so should take priority?


When I run a gpresult, the user policies which are applying only seem to be the default domain and 2 others which are similar to the default domain one?

The GP looks to be replicating OK (apart from one, which I'm addressing), but I'm running out of idea's as to why it doesn't look to be applying?

Thanks in advance!

How to implement Hardened UNC Paths policy

July 25, 2019, 6:59 am
$
0
0

Hello Microsoft Community,

I just figured out that anyone in my domain can access SYSVOL and Netlogon folders..

and im trying to block it asap.. I'm working with Windows Server 2016

Where do I need to put the policy? under the DC's? or under user computers?


Group policy for EDGE browser settings

July 25, 2019, 8:29 am
$
0
0

Hi There,

There is a requirement that we are implementing the GPO for setting the home page for all the browser lie IE, Chrome and EDGE temporarily.

The home page is work fine in all the 3 browsers.

But issue is when I remove the user from the security filtering from the GPO both IE and Chrome browser are reverting to the original home page. But on EGDE it is not.

Is there a reason for it? Or the EDGE designed in such a way to not to revert to its previous settings?

Can someone explain me how we can implement this?


Deploying the ADMX template for Win10 1903

July 25, 2019, 8:31 am
$
0
0

Hi,

I have a query, If I deploy 1903 ADMX template,

1) What will happen to the existing template.

2) Is there any specific steps to deploy.

If we replace the new ADMX template in place of 1803, what will happed in the GPO settings which is already in production. Can somebody guide me through this process.

Local security policy will not take effect no matter what! Windows 7 Pro

July 25, 2019, 1:22 pm
$
0
0

Here's what going on, running windows 7 pro on a stand alone laptop. I just want to be able to change my password and allow users to be able to change there's to what they like. Everytime I attempt to use my password that i've used before on other machines, it kicks back a message stating I don't meet the requirements. After hours of research into this ordeal i've tried the following:

1. Checking to see if it's on a domain, it's not...it's in a work group...

2. Tried resetting the security policies using secedit, successfully reset them, but for some reason still kicks back the same message! even when no password is required....

3. I used rsop.msc to check the policies taking effect, due to some behavior issues of this command it does not show local policies...

4. I used the gpresult /scope computer /v command to produce the details of the policies being applied...shows N/A for all local policies, i'm assuming this is for the same reason as the rsop.msc...just meant for domain policies not local ones..but I noticed it states that the group policy was applied from: SCI-DC-01.scinet.local.... i've never heard of this server, but it makes me think something in the OS is telling it override my local policies...

5. Last i looked towards the idea of a domain server still having a hold on this machine...I found a source stating to remove some Registry entries inside, I backed up the registry hive just incase and proceeded...to my suprised no key values were found, all stated blank and default. 

I'm at a super loss. I've tried everything I can to get this computer to accept even no password when all settings have been verified and applied via gpupdate /force, i've restarted even tried changing the workgroup to see if that would do anything. I'm logged into the local built-in administrator account doing all this. 

This is a tricky one for me. If anyone has some experience into this issue. It would a pleasure to learn more about this. Tough challenge for sure, but i'm out of ideas now. 

How to setup the MSTSC (remote desktop client) NOT to remember last server/wks IP info..

April 5, 2012, 2:16 am
$
0
0

Just similar to setup the Local/Group policy 'Don't remember last login information'

Please advise

Thanks in advance ... 

Use GPP to create a reg key and a value.

July 19, 2019, 11:04 am
$
0
0

Hello, 

I need to deploy the below reg file to a group of computers:

Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\JNLPFile\DefaultIcon]@="C:\\Program Files\\Java\\jre1.8.0_211\\bin\\javaws.exe,0"

I am trying a GPP>reg page, but it does not seem to work.  Would someone please check and advice?

My ultimate goal is to have the result in the second screenshot. 

Search

shrinking admistrative templates in GP EDITOR

July 25, 2019, 11:03 pm
$
0
0

Hello,

I downloaded some .ADMX files for external sofware. Cause these files aren't in .ADM format i cannot simply import them.

I copied them to '\\ad\SYSVOL\DOMAIN_NAME\Policies\PolicyDefinitions'  location

Now i see imported files in administrative templates, however only them. The rest of policies normally visible in administrative templates shrinks after that. When i delete "Policy definitions" folder everything back to the normal state.

I want to enrich administrative temapltes folder with additional policies, not get rid of old ones...

Can anyone explain this ?

Best Regards, Stefan

GPO for Scheduling Tasks not executed

July 17, 2019, 12:54 am
$
0
0

Hello,

I should make GPO to change one wallpaper at 07:00 AM and change other wallpaper at 03:00 PM.

I have made two bat files.

I want to execute them with schedules tasks via GPO. My DC is Windows Server 2008 R2 Standard, The client PC is Windows 10.

My bat file content following:

reg add "HKCU\Control Panel\Desktop" /v Wallpaper /f /t REG_SZ /d  path
RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True
exit

I have executed it successfully local on client PC . I make GPO with following parameters:( see attached screenshot).

The task available in the tasks in client PC and ecuted sucssessfylly but nothing happen.

Could you help mi , please?

SearchOCR.ADMX error after installing Win10-1803 ADMX templates

May 7, 2018, 7:51 am
$
0
0

I've already submitted this to MSFT via Feedback and resolved my issue for now, so this is basically informational for anybody coming across the same thing and searching for a resolution.

After installing the Win10-1803 GPO Templates, I'm presented with the below error:

Resource '$(string.Win7Only)' referenced in attribute displayName could not be found. File \\SysVol\...\Policies\PolicyDefinitions\SearchOCR.admx, line 12, column 69

I searched the folder on my PC where the files were installed. There's no SearchOCR.admx file in the new download, but there is an ADML file. After reinstalling the old and new ADML files, I found that the old file has a line for Win7Only, where the new one doesn't.

After reverting to the Win10-1511 SearchOCR template files, it's working normally again.

block websites on Internet Explorer 11 using group policy

November 5, 2014, 7:44 pm
$
0
0

hi everyone,

i have been trying to block website for domain users using group policy windows server r2 for IE the problem is in internet properties content adviser option is not active.

thanks in advance

vanishing admistrative templates in GP EDITOR

July 25, 2019, 11:03 pm
$
0
0

Hello,

I downloaded some .ADMX files for external sofware. Cause these files aren't in .ADM format i cannot simply import them.

I copied them to following location:

'\\ad\SYSVOL\DOMAIN_NAME\Policies\PolicyDefinitions'

Now i see imported files in administrative templates, however only them. The rest of policies normally visible in administrative templates vanished after that. When i delete "Policy definitions" folder everything back to the normal state.

I want to enrich administrative temapltes folder with additional policies, not get rid of old ones...

Can anyone explain this ?

Best Regards, Stefan





Allowing Non-Administrator Install fonts in WIndows 10

May 14, 2018, 4:02 am
$
0
0

Is there any way to allow user without administrator privilege to install fonts in windows 10? either via GPO or Locally?

i need this since there's some web designer in the office and i don't want to go back and forth every 15 minutes just for giving access to them for installing fonts.

 thx in advance

Windows 10 with SSD boots too fast for GP

July 18, 2019, 5:46 am
$
0
0

Is there a way to force a Windows 10 computer to slow down the boot process so that Group Policy gets a chance to run?

I setup a program to install on all networked computers and it installed fine on all of the Windows 7 computers but doesn't install on the Windows 10 computers. 

I've modified these settings in the local group policy:

Computer Configuration - Administrative Templates - System - Logon

     Always wait for the network at computer startup and logon - Enabled

Computer Configuration - Administrative Templates - System - Group Policy

     Configure Logon Script Delay - Disabled

Those settings slowed it down enough to allow the drives to map properly and show the users home directory, but it's not slow enough to install a program.

The Event Log has two entries:

     Warning - Application Management Group Policy - 108 - None

          Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274

     Warning - Group Policy (Microsoft-Windows-GroupPolicy) - 1112 - None

     The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.

However the application has yet to install and we rebooted the computer six times. How do we get the computer to apply GP?

Thanks,

Jessica


Search

GPO Settings revert to Not Configured after change

July 26, 2019, 10:46 am
$
0
0

Domain Function: 2012 R2

I have a strange occurrence lately where whenever I edit a GPO, all the settings in the Admin Templates revert to Not Configured.

Ex: I need to add a website to Trusted Sites via Site to Zone Assignment. There are already entries in the list for various zones.
I enter the site, apply and exit GP edit. A few minutes later I look in the GPMC on the domain controller and all the various settings that fall under Administrative Templates are changed to not configured. The site I entered and all the sites have been removed. The IE settings for Trusted Sites removed. Chrome settings, removed.

Note: the policy settings are all still there, they've been changed to "Not Configured". Don't have any replication issues and it's happened to multiple Techs trying to make changes.

SYSVOL to SYSVOL_DFSR issue

July 27, 2019, 8:04 am
$
0
0

Hoping someone can help me out on this.

I have started the move from SYSVOL to SYSVOL_DFSR and gone through all the stages however when in now run dfsrmig/getmigrationstatei get 3 DCs that are giving issues.

One is in the START stage and the other 2 are int he Wating for initial Sync stage - the trouble is i've gone right the way to eliminated and now feel like i'm in deeper water!

Is there anything that can be run to see why these servers are no going to the next stage?

I thought everything was going so well as the dfsrmig was reporting good things until now and i could see things being copied to the SYSVOL_DFSR folders on the domain controllers.

Hopefully someone can get me out of this situation.

This is what i'm seeing at the moment:

C:\Windows\system32>dfsrmig /getmigrationstate

The following domain controllers have not reached Global state ('Eliminated'):

Domain Controller (Local Migration State) - DC Type
===================================================

SHS-VM-DC01 ('Start') - Writable DC
SHS-PHY-DC01 ('Waiting For Initial Sync') - Primary DC
SHS-VM-DC04 ('Waiting For Initial Sync') - Writable DC

Migration has not yet reached a consistent state on all domain controllers.
State information might be stale due to Active Directory Domain Services latency.

I have followed this guide https://support.microsoft.com/sw-ke/help/4493934/sysvol-dfsr-migration-fails-in-place-upgrade-dc and removed the 2019 server but i still have 2x 2016 servers and they are still reporting Waitign for Initial Sync.

Redirect "Documents" Folder to OneDrive GPO?

July 28, 2019, 10:26 am
$
0
0

Is there a way to redirect a users "Documents" folder into their own OneDrive account using a GPO? 

I have about 200 users at my company and we just got everyone an Office 365 account that comes with 1TB of OneDrive space.

Everyone is running Windows 10 Pro workstation. The domain is a Server 2016 domain & forest level.

Compare two GPO html files

July 23, 2019, 9:58 pm
$
0
0

HI,

We have two Group policies exported / saved as html files from two different domains. I would like to compare the settings configured in these two html files and generate a report. Can you anyone please help how to achieve this?

Thanks,

Umesh.S.K

Group Policy Help

July 24, 2019, 9:12 am
$
0
0

i need to find a way to search my group policies and find any GPO that are mapped to a specific path.

ex. i need to find all the gpo(if any) that are mapped to \\fileshare01

any help would be greatly appreciated

Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>