Hi,
I am running DC 2012 R2. Lately, we added some new member servers, running on 2016 Datacenter OS. I need to tighten the security by enabling/disabling some security policy settings (under Computer Configuration / User Configurations). May I know can I just create GPO, change the setting needed and apply to the new member servers?
I am unsure whether any compatibility issues or any new settings in 2016 that is not support by 2012 GPO template. What should I do? Appreciate any advise on this.
Here's what going on, running windows 7 pro on a stand alone laptop. I just want to be able to change my password and allow users to be able to change there's to what they like. Everytime I attempt to use my password that i've used before on other machines, it kicks back a message stating I don't meet the requirements. After hours of research into this ordeal i've tried the following:
1. Checking to see if it's on a domain, it's not...it's in a work group...
2. Tried resetting the security policies using secedit, successfully reset them, but for some reason still kicks back the same message! even when no password is required....
3. I used rsop.msc to check the policies taking effect, due to some behavior issues of this command it does not show local policies...
4. I used the gpresult /scope computer /v command to produce the details of the policies being applied...shows N/A for all local policies, i'm assuming this is for the same reason as the rsop.msc...just meant for domain policies not local ones..but I noticed it states that the group policy was applied from: SCI-DC-01.scinet.local.... i've never heard of this server, but it makes me think something in the OS is telling it override my local policies...
5. Last i looked towards the idea of a domain server still having a hold on this machine...I found a source stating to remove some Registry entries inside, I backed up the registry hive just incase and proceeded...to my suprised no key values were found, all stated blank and default.
I'm at a super loss. I've tried everything I can to get this computer to accept even no password when all settings have been verified and applied via gpupdate /force, i've restarted even tried changing the workgroup to see if that would do anything. I'm logged into the local built-in administrator account doing all this.
This is a tricky one for me. If anyone has some experience into this issue. It would a pleasure to learn more about this. Tough challenge for sure, but i'm out of ideas now.
edit: I've already gone through the local security policies to change them, they simply do not take effect regardless of what I change them to...it almost seems like an error within the OS at this point...
i need to find a way to search my group policies and find any GPO that are mapped to a specific path.
ex. i need to find all the gpo(if any) that are mapped to \\fileshare01
any help would be greatly appreciated
Hi,
Windows 10 1803 version workstations provide the below message. Windows 7 workstations does not give the error
Verified that Shell.vbs script exists in the path in domain controller. Please help why this error occurs in Windows 10 and how can this be solved.
Regards, Boopathi
I've setup a small test VM 6.5 network for build testing 2019.
Windows 2019 DC just built
Windows 2016 Member Server
Windows 10 Workstation
All machines are on same VM host with their own vswitch that is not bound to any external adapter currently so they have no internet access.
All machines show fine in ADUC, but when going into GPManagement the only entries are Domain Controllers, GPObjects, WMI filers and Starter GPOs, no other OUs are seen.
If you try to run a GPResults from the manager you can't find the other machines, but once I moved the member machines into the Domain Controllers OU they are ok and results can be found, and everything is being applied correctly.
As this is a test network I can do whatever I like to it currently, so weird and out there suggestions are welcome.
Thanks
David
Hi,
I have had a problem on my DC with creating, modifying and deleting Group Policy objects.
I have installed Windows Server multiple times on a test computer to see what has been causing this problem and this is what I have found so far.
I can edit, create and delete Group policy objects fine until I install File Server Resource Manager.
Everytime I install File Server Resource Manager Group policy stops working. If I remove the feature group policy starts working again. Nothing has been configured in the File Server Resource Manager so I am left clueless.
I have spent hours messing trying to figure out a way to fix this and any help would be appreciated.
Hello Microsoft Community,
I just figured out that anyone in my domain can access SYSVOL and Netlogon folders..
and im trying to block it asap.. I'm working with Windows Server 2016
Where do I need to put the policy? under the DC's? or under user computers?
Hi, We are tying to setup a one drive for business. We are trying move known as folder to one drive and Home drive but having some issue.
I created a policy to do this but its not working. When I click on One drive it comes with
Even in policy we said use default windows login.
This is which we created. policy applied to all Domain computers and OU which the test PC are located in
I can see the policy is being applied.
Computer Reg.
User Reg
We used these site for setup.
https://docs.microsoft.com/en-us/onedrive/use-group-policy
Hi ,
I would like to know if there is a method to use iCALCs command /anyother to restrict normal users from folders like the below
C:\ProgramData and its sub-folder ?
Why does Microsoft design allow the users to write data to this folder ?
What are the implications , if users are restricted to write data (creation or copy of files and folders) onto this folder.
Hi,
I am trying to tighten the security for my 2016 member servers. The setting to be done on Computer Configuration\Policies\Windows Settings\Security Settings\Security Options\. I am unable to find some policies (such as Restrict client allowed to make remote calls to SAM) in the GPO on my Domain Controller 2012 R2.
I have read some articles about ADMX. May I know does ADMX 2016 contains latest template for Windows Settings\Security Settings\Security Options\? Can provide some advise how I can do it as the Domain Controller has a lot of GPO configured on it and I do not wish to mess them up.
Thank you.
I have turned on Group Policy verbose logging and noticed that during a fast boot, several operations happen within 1ms and on a slow boot those same operations take a little over 1s or longer (see graphics below, both are from the same machine):
Fast Boot:
Slow Boot:
Here is what I know and have tried:
Hi,
I've noticed an issue where I've linked a User GP to the required OU's, but it doesn't seem to be applying?
One problem we have is that they have put almost all their GP's (Computer and User) in the Default Domain Policy, so I'm trying to move away from that slowly.
This policy makes a change to the Internet Connection LAN Settings under preferences, so should be a pretty simple policy, the only complicated bit is that the domain policy has multipleInternet Connection LAN settings as well. This policy however is further down the structure so should take priority?
When I run a gpresult, the user policies which are applying only seem to be the default domain and 2 others which are similar to the default domain one?
The GP looks to be replicating OK (apart from one, which I'm addressing), but I'm running out of idea's as to why it doesn't look to be applying?
Thanks in advance!
Hi All ,
I'm working in an environment to build windows 10 1809 , I see there is GPO store and i see the ADMX/L files but i don't know they are for 1709 or lower.
How i can find out if the GPO store have the latest ADMX/L ?
Thanks
Hello,
We are currently migrating our users from Windows 7 to Windows 10.
User have their Desktop and My Documents redirected to network share with 1 GB soft quota. Laptop users have offline files enabled. We have seen in some user laptops that they exceeded their quota. No insufficient disk space error, but from what I understand, their data will not be synced, and that it will be cached somewhere on their local drive (C:\Windows\CSC) (?). Example, a 2+ GB .pst file in one laptop saved in "My documents", but after reimaging to Win 10, it is gone !
The management fear of losing any user data made them decide to take backup of the local drive, so I am thinking of writing a powershell script that focuses of data files (.pst, .pdf and all office files) and copy them to a dedicated shared folder. However, I am really not sure how to deal with files that are originally in a directed folder but are not synced.
Can I just copy C:\Windows\CSC folder?
Or copying the file from the user redirected folder will be fine ? i.e, in the example above, a 2 GB .pst files in "\\REDIR$\user1\My Documents\Outlook\aa.pst" is not synced because it exceeds the quota, will copying it from this location get the same full file ?
Thanks, and I hope my question make sense.
Domain Function: 2012 R2
I have a strange occurrence lately where whenever I edit a GPO, all the settings in the Admin Templates revert to Not Configured.
Ex: I need to add a website to Trusted Sites via Site to Zone Assignment. There are already entries in the list for various zones.
I enter the site, apply and exit GP edit. A few minutes later I look in the GPMC on the domain controller and all the various settings that fall under Administrative Templates are changed to not configured. The site I entered and all the sites have been removed.
The IE settings for Trusted Sites removed. Chrome settings, removed.
Note: the policy settings are all still there, they've been changed to "Not Configured". Don't have any replication issues and it's happened to multiple Techs trying to make changes.
Hello Guys,
I just pushed the proxy settings via GPO. Created/Updated registry values like ProxyServer, ProxyEnable successfully via GPO but I am not able to push proxy Exceptions via GPO. When I created 'ProxyOverride' registry value (via GPO), it cleared the value of proxy address.
Please help to resolve this.
Hi All,
We have had an issue occur recently where some of our staff received noticed drive mapping not showing up on their laptops.
At first I thought this would be fixed with a restart of the client machine but this didn't work.
After investigation there looks to be an authentication issue for some computers where any logged in user wont be able to access sysvol/netlogon with Access is Denied messages.
Also there has been message popups for 'Windows needs your current credentials' which seems related.
Recent Changes - group policy the 'Default Domain Policy' was unlinked which was re-enabled the day before the issue started occurring. I suspect this had something to do with the cause of the issue but I can't seem to work out how to fix.
I've attempted the Hardened UNC Access but this didn't fix.
Any ideas would be appreciated.
Thanks, Dean
Here's what going on, running windows 7 pro on a stand alone laptop. I just want to be able to change my password and allow users to be able to change there's to what they like. Everytime I attempt to use my password that i've used before on other machines, it kicks back a message stating I don't meet the requirements. After hours of research into this ordeal i've tried the following:
1. Checking to see if it's on a domain, it's not...it's in a work group...
2. Tried resetting the security policies using secedit, successfully reset them, but for some reason still kicks back the same message! even when no password is required....
3. I used rsop.msc to check the policies taking effect, due to some behavior issues of this command it does not show local policies...
4. I used the gpresult /scope computer /v command to produce the details of the policies being applied...shows N/A for all local policies, i'm assuming this is for the same reason as the rsop.msc...just meant for domain policies not local ones..but I noticed it states that the group policy was applied from: SCI-DC-01.scinet.local.... i've never heard of this server, but it makes me think something in the OS is telling it override my local policies...
5. Last i looked towards the idea of a domain server still having a hold on this machine...I found a source stating to remove some Registry entries inside, I backed up the registry hive just incase and proceeded...to my suprised no key values were found, all stated blank and default.
I'm at a super loss. I've tried everything I can to get this computer to accept even no password when all settings have been verified and applied via gpupdate /force, i've restarted even tried changing the workgroup to see if that would do anything. I'm logged into the local built-in administrator account doing all this.
This is a tricky one for me. If anyone has some experience into this issue. It would a pleasure to learn more about this. Tough challenge for sure, but i'm out of ideas now.
edit: I've already gone through the local security policies to change them, they simply do not take effect regardless of what I change them to...it almost seems like an error within the OS at this point...
