Hi,
I am having this error when try to make changes in the existing GPO (User Configuration>Preferences>Window Settings > Files)
Thing is, the source file is no longer available and need to update to the new one.
Error "the process cannot access the file because it is being used by another process" and no changes can be done.
Any advice?
Nursyafika
Hi
I am looking to set windows defender firewall via group policy
I have configured the settings in group policy and can see that the Private and public profiles
are turned on and configured as expected.
The Domain policy though wont bite though and remains off ! Ive done a gpresult and see the policy has applied
restarted the machine,
Blocked inheritance,
enforced the policy,
moved the policy to highest precedence.
gpupdate /force wait an hour repeat.
Double checked and the policy is definitely set to in in the GPO
Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security
Tried internet searches and now out of ideas
Anyone encounter ?
confuseis
I have a registry key that I can run that updates the registry to change the computer name display to read: <user> on <computer name>.
It changes the keys at: Computer\HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
If I open Regedit, this is what I see:
Default: Computer Name: %COMPUTERNAME%
LocalizedString: %username% on %computername%
---------------------
My Registry hack that I run from windows is:
----------- Begin ---------
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
@="Computer Name: %COMPUTERNAME%"
"InfoTip"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,\
2d,00,32,00,32,00,39,00,31,00,33,00,00,00
"LocalizedString"=hex(2):25,00,75,00,73,00,65,00,72,00,6e,00,61,00,6d,00,65,00,\
25,00,20,00,6f,00,6e,00,20,00,25,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,\
00,72,00,6e,00,61,00,6d,00,65,00,25,00,00,00
--------- End ------
This hack works perfectly. But must be run manually from the workstation. I would love to get it into a GPO.
I can't figure out how to get this into a GPO. If I just update the key LocalizedString to "%username% on %computername%" the display becomes <computername> on <computername>. So I never get the username.
any ideas here? I would like to apply this to my OU, so when I remote in I can always tell the user that is logged in, and the computer name.
Thanks.
-Frank
Hi All,
I'm trying to create a cmd script that I can add to my SCCM's Task Sequence that will effect all users, this is what I have so far:
REG ADD HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\Windows\Explorer /v DisableNotificationCenter /t REG_DWORD /d 1
The idea being that it will disable & hide all notifications from the action centre bubble in the bottom right corner of the screen, I believe it has to be none on a per user bases, but if you can configure the default user, will in impact the new user profiles as there added or at least that what I'm trying to achieve.
Is there a way to restore Delegation permissions on a OU in group policy from a backup if you want to go back to the permissions that were set the previous day?
Thanks
I set up a small virtual lab with a domain controller with Windows Server 2012 and a client with Windows 7 that I joined the domain. My objective is to block with App Locker some application that comes from a specific publisher.
I created a group policy with some rules in the "Executable Rules". I added the default rules and then I denied the run of C:\Windows\System32\Notepad by path and also by publisher, also I denied another program by publisher.
Also, in the same GPO I enabled the Application Identity Service and I set it to automatic start.
On the client computer I checked that the policy is being applied, also with Powershell I follow the instructions found hereTest an AppLocker Policy by Using Test-AppLockerPolicy and the results show that the programs should be blocked.
Here is the XML obtained with the Get-AppLockerPolicy –Effective –XML
command effective.xml.
And these are the two CSV obtained with the Test-AppLockerPolicy
command
testapplocker.csv testapplocker2.csv.
It seems that both Notepad.exe and MSIPackageBuilderEnterprise.exe should be blocked, but nonetheless they are not.
I need your help to understand why it is not working.
PS: this is my second try, the first one was in our production Active Directory domain but it didn't worked anyway.
Hi,
We have shared folders on user's systems across AD.We want to disable the sharing through GPO so that we dont have to do for individual user.Is there a way we can achieve it through GPO?
Hello Team ,
Suddenly we started facing one issue .all domain users able to access AD server RDP from my network
i have checked AD server Remote desktop allow service and its restricted to access RDP for all users
please let me if you do you have any solution
1. End users should have admin access to machine they log in (not others machine)
2. Users should not take RDP of others machine.
3. Users should not map C: drive of other machine.
4. User to access another user’s profile (if another user profile is already present on the PC he logged in with local admin rights).
Pls. let me know if this can be achieved through GPO.
Warm Regards, Hariprakash T
Hi!
So we decided to start using Windows Server 2019 and Microsoft Active directory. But I came to a problem. If I run gpresult I can see, that computer policy is not applied but user policies are. I tried changing security filtering but nothing changed.
I removed the computer from the domain and tried again, but also nothing works. Weirdly, user policies are applied but not computers.
I get a warning in gpresult about Fast link detected. Could be this the problem?
And group policy is not enforced and Link enabled is checked.
Thank you for help!
Hi,
Windows 10 1803 version workstations provide the below message. Windows 7 workstations does not give the error
Verified that Shell.vbs script exists in the path in domain controller. Please help why this error occurs in Windows 10 and how can this be solved.
Regards, Boopathi
Hola comunidad
El día de hoy realice una configuración en el servidor en las normas GPO , bloqueo todo hasta el inicio de Windows y me deja todos los computadores con la pantalla en negro , de igual manera me bloques los servicios de cualquier ejecutable.
Ayuda por favor
Today I caused a denial of access to network resources due to some mistakes I made.
From the onset let me say that I take full responsibility for what happened.
This is what happened: We have implemented dot1x authentication on our network and I was reviewing the settings of the wired network policy.
I opened the Group policy editor and viewed what was supposed to be a test GPO that was not linked. (Mistake1)
I proceeded to create a Wired Network (IEEE 802.3) Policy to view the available settings. See screenshots below.
Computer Configuration\Policies\windows settings\security settings\Security settings 1.
Creating a new Wired Network Policy
New policy properties window appears blocking off the right pane of the editor window.
After Viewing the policy settings I clicked the ‘Cancel’ button, - thinking that the new policy would not be created (Mistake2).
Note: the ‘OK’ active and the ‘Apply’ buton greyed out.
Clicking on ‘Cancel” returned to the Group Policy Editor.
At this point the editor was closed.
After about 15 minutes the helpdesk phones started ringing off the hook with users unable to access network resources. This got progressively worse as time went by. - (Group Policy refresh interval)
Looking back at the previously viewed GPO it was observed that a ‘New Wired Network Policy’ was in effect. And to make matters worse the said GPO was in fact linked to the domain.
To resolve the issue the ‘New Wired Network Policy’ was deleted, helpdesk advised users to reboot their computers, and users were again able to access network resources.
To see whether the steps taken to create a ‘New Wired Network Policy’ from
'Computer Configuration\Policies\windows settings\security settings\Security settings\ a Wired Network (IEEE 802.3) Policies'
it was observed that the properties window again blocks out the created policy.
However when the ‘Cancel’ button is clicked a ‘New Wired Network Policy’ is created.
My questions are as follows.
1. Why does cancelling the properties windowstill create the policy?
2. Is this the default behavior when creating a wired network policy?
Can anyone shed some light on the above questions?
Additionally, I would like to suggest the following:
1. Clicking the ‘Cancel’ button in the properties window actually cancels the creation of the policy.
2. If this is the default behavior then the administrator should be prompted that the default policy is created and is enabled.
3. If the policy is created the default setting should be disabled.
What are your views?
SelloD
Today I caused a denial of access to network resources due to some mistakes I made.
From the onset let me say that I take full responsibility for what happened.
This is what happened: We have implemented dot1x authentication on our network and I was reviewing the settings of the wired network policy.
I opened the Group policy editor and viewed what was supposed to be a test GPO that was not linked. (Mistake1)
I proceeded to create a Wired Network (IEEE 802.3) Policy to view the available settings. See screenshots below
Computer Configuration\Policies\windows settings\security settings\Security settings
Creating a new Wired Network Policy
New policy properties window appears blocking off the right pane of the editor window.
After Viewing the policy settings I clicked the ‘Cancel’ button, - thinking that the new policy would not be created (Mistake2).
Note: the ‘OK’ active and the ‘Apply’ button greyed out.
Cli
Clicking on ‘Cancel” returned to the Group Policy Editor.
At this point the editor was closed.
After about 15 minutes the helpdesk phones started ringing off the hook with users unable to access network resources. This got progressively worse as time went by. - (Group Policy refresh interval)
Looking back at the previously viewed GPO it was observed that a ‘New Wired Network Policy’ was in effect. And to make matters worse the said GPO was in fact linked to the domain.
To resolve the issue the ‘New Wired Network Policy’ was deleted, helpdesk advised users to reboot their computers, and users were again able to access network resources.
T To see whether the steps taken to create a ‘New Wired Network Policy’ from
'Computer Configuration\Policies\windows settings\security settings\Security settings\ a Wired Network (IEEE 802.3) Policies'
it was observed that the properties window again blocks out the created policy.
However when the ‘Cancel’ button is clicked a ‘New Wired Network Policy’ is created.
My questions are as follows.
1. Why does cancelling the properties windowstill create the policy?
2. Is this the default behavior when creating a wired network policy?
Can anyone shed some light on the above questions?
Additionally, I would like to suggest the following:
1. Clicking the ‘Cancel’ button in the properties window actually cancels the creation of the policy.
2. If this is the default behavior then the administrator should be prompted that the default policy is created and is enabled.
3 3. If the policy is created the default setting should be disabled.
What are your views?
SelloD
I create a group policy that change the Registry. This policy is for disabling Game bar. I need to disable game bar for a software .I have windows server 2012 R2 for AD. Below are the registry setting that have been changed
Under HKEY_CURREN_USER
SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR - KGLRevision to 0
System\GameConfigStore -GameDVR_Enabled to 0
I applied the policy for the users account in my organization.
I was testing the policy on one user. I was reviewing the report that I got from running gpresult /h gpreport.html on a CMD with admin privileges. Under both policy I see message " The following settings have applied to this object. Within this category, Settings nearest the top of the report are the prevailing settings when resolving conflict" and for the result i have success.
I tried to open the software but it did not open. Amessage pop out saying that game bar still active. Please advise.
Thank you.
Hi all, we're trying to set up the Group Policies that come with the OneDrive sync client, so that we can automatically sign users into OneDrive as well as enabling Files On-Demand for everyone, however we don't seem to be having much luck.
Following Microsoft's guide for configuring OneDrive policies doesn't seem to work - after adding the .admx and .adml files to our central store, trying to open the templates gives the below error:
"Resource '$(string.GPOSetUpdateRing)' referenced in attribute displayName could not be found.
File \\domain.co.uk\SysVol\domain.co.uk\Policies\PolicyDefinitions\OneDrive.admx, line 23, column 235"
We're somewhat at a loss as to how to continue, I've seen a few other threads that talk about editing the strings manually but this isn't really something we'd be comfortable doing - my manager much prefers to install GPOs using an .msi package so it was already quite difficult to persuade him to use the files provided with the sync client anyway!
I'd be grateful if anyone could offer any suggestions for this, thank you in advance!
Need help in configuring GPO settings (Win 2008 R2 DC) for Enable third party cookies for chrome browsers in win 7 machines.
Hi
I am trying to create an auto enrollment for my windows 10 desktops into Intune,I have already managed to build all the supported infrastructure and able to register any windows system in our company AD by changing the Local policy using GUI. Now I need to make it automated. I have identified the Registry settings which actually changed during the Local policy change .I created a script as below which will create a registry key and add the two corresponding key words as below.
New-Item -path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\" -Name MDM
New-Itemproperty -path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM" -Name AutoEnrollMDM -Value 1 -Type DWord
New-Itemproperty -path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM" -Name UseAADCredentialType -Value 1 -Type DWord
But Even after successful execution of this script my systems are not getting enrolled into Intune
Can someone please help me on this
-Sachin
Hello -
We are looking to expand our rollout of Windows 10 machines in our organization (we currently have less than 15). Prior to doing this I would like to tighten up some things by adjusting some GPO.
One thing I would like to restrict is access to the windows store. In my Windows 10 GPO on my domain I enabled the following setting:
Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store Application.
I then did a gpupdate /force on my machine and rebooted. I checked the registry that the GPO is supposed to modify:
HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore - RemoveWindowsStore = 1.
When I try to access the store on my machine I get "The Store App is Blocked, Contact your IT Administrator". DESIRED RESULTS!!
When I check other machines that this GPO is scoped to - I look at the registry, the proper key is set the same. Reboot, and try to acccess -- these machines are able to access the store?!?
Am I missing something? What else should I look at?
Thanks in advance
sb