Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

WMI Filter Option Missing from GPMC

October 6, 2019, 11:03 pm
$
0
0

I have upgrade an AD forest from 2008 R2 to 2016, after the upgrade if I try to open the GPMC from an Azure AD Windows 10 Machine (not domain Join) i will receive the following error message:

- Error text not available. Error Code =80041009

After several research I have that the issue is located into the WMI filtering properties, that say VMI Filtering "information not available". From any domain join server or Windows 10 machine no issues at all.

Before the upgrade to AD 2016 I was capable to manage the GPO also from an Azure AD machine. It is not a show stopper but I would like to know what it is not working anymore as before. Please be aware that I have not still upgraded the domain or forest level, everything is still  2008.

Any idea? Kind regards

Andrea

Search

Microsoft Group Policy change to UPDATE for mapping network drives, when previously it was REPLACE

October 1, 2019, 9:17 pm
$
0
0

All - I was experiencing problems with blank pages in my PDF's when viewing them in my software Nuance Power PDF and also Nitro Pro PDF, and when searching I found that the same problem was occurring in Acrobat PDF software.

Someone on Acrobats forums who were having problems with other tax software which had started crashing had spent hours and hours trying to fix the problem reported this -

"Group Policy was previously using "Replace" to map network drives.  Apparently Microsoft changed the way that Replace behaves via Group Policy on Win 8, Win 10, and Server 2012 machines and now says to use "Update" to map the drives."

When they changed group policy to make it "Replace" instead of "Update" they no longer had problems with their Tax software crashing.

Subsequently they no longer had problems with blank pages in their PDF either.

However I believe this problem goes way further than just the above.

I use a NAS for all my files, with mapped drives to different folders on my NAS. Quite often -

* I lose the mappings with an image of a cross coming up over the drives. however all I have to do is click on them to restore them.

* I am the only one that ever uses my files, but I can open one up, make changes and when I go to save it tells me someone else is using the file (normally when in compatibility mode).

* my PC slows down when using my NAS especially with PDF files, where they like freeze for a minute or longer.

Now possibly it is something else, but I don't believe so.

So my question is, as a complete noob in this area, how do I change group policy to Replace when mapping network drives. I really need a step by step.

I am running Windows 10 (not pro or anything) on a 64 bit machine

Thank you.

How to Convert dismounted EDB to PST?

October 4, 2019, 3:39 am
$
0
0

Dear users,

Pleas

Suggest me a proficient edb to pst converter application.

Regards

Parkar Layn

I need to be exported data from edb to pst for Exchange Server

October 1, 2019, 12:55 am
$
0
0

Pleas  share some Advance idea about freeware edb to pst file converter.

I need to be exported data from edb to pst for Exchange Server

Regards

Bitcal

Windows will not load after restart - Spinning dots - Since enabling Software Restriction Policies

October 3, 2019, 1:02 pm
$
0
0

We are currently testing Software Restriction Policies and ran into a problem with the process.  We have Windows 10 Pro so we are using Software Restriction Policies.

The policy is Computer based and its applied to a single PC at this point.

Our default security level is Disallowed.

Enforcement is All software files

Policies apply to ALL users

We enforce certificate rules

We have added the following from Designated Fie Types

     WSF (Windows Script File)

     JAR (Executable Java File)

     JS (JavaScript File)


Path rules are in place to allow files to run from various locations.  

Once the policy is applied and the PC restarts the PC does not boot into Windows.  After the Dell logo load we see a animation of dots spinning in a circle (like windows is loading).  We let our PC sit for about 30  minutes and it never gets past this spot.  We have to restore the the PC to a previous recoveyr point to gane use of the system again.

Without the policy in place we see these same dots spinning in a circle for about 1 second before Windows loads.

Our path rules allow for executables to run from various locations

(Default HKEY Rules)

C:\ProgramFiles

C:\ProgramFiles (x86()

C:\ProgramData\Microsoft

C:\Windows

(along with other paths)


What am I doing wrong?


Session has exceeded its disconnect time limit, and was logged off

May 7, 2019, 3:14 pm
$
0
0

We have a couple of applications that only work while a user account is logged in and running them via a terminal. We're finding that the service account's disconnected session is being logged off after 24 hours with the message in Event Viewer: "Session has exceeded its disconnect time limit, and was logged off"

We checked the group policy configuration in both "Computer configuration" and "User configuration" and the disconnected session time limit is NOT CONFIGURED, which to me should mean it defaults to never ending disconnected sessions.

Where could I find where this 24 hour time limit is being set? 

This is for Windows Server 2012. It is under a corporate domain.

Security and Privacy/Telemetry Baselines

October 15, 2019, 1:45 am
$
0
0

(N.B. This was previously posted in the Windows Server 2019 General forum but I couldn't see a way to move it. I think it's more appropriate to ask here.)

I'd like to know if the Security Baselines (https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines) are backwards compatible? I.e. Can I put version 1903 of the security baseline on an 1803 or 1809 server and it will just apply the settings which are valid?

Also, regarding the Privacy/Telemetry baseline (https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) - is there a way to import the GPOs into Active Directory Group Policy to roll out to multiple machines? You have GPO backup files in the Security Baselines but not in the privacy/telemetry baseline. Why is this? Do I need to configure each setting manually?

Also, for both the Security and Privacy baselines - how do I know which policies apply to machines and which apply to users? Do I need to worry about this?

I've read all the documentation I can find on the Microsoft website but can't find any answers to these questions.

Best regards.

install app with file extensions

October 10, 2019, 12:31 am
$
0
0

In gpmc how I can set file extensions for installing programs?

for example in client user want to open a pdf file and client doesn't have pdf reader,

what can I do to set extensions for programs?

Search

Registry.pol not updating

October 4, 2019, 12:01 am
$
0
0
Hi everyone I am currently using Ansible to control multiple Windows Server machines to export their registry.pol under the machine folder of group policy and convert it to .txt using LGPO.exe before sending it to my Ansible Server. The Ansible Server will then read line by line and change the registry.txt file according to the CIS standards. After changing the registry.txt the Ansible Server will then send the registry.txt to each Windows Server machines and call out the LGPO.exe to convert these .txt files back into registry.pol and use "gpupdate /force". I have test 2 settings and I have noticed that the registry keys will be updated. However I notice that doing this messes up the registry.pol in a sense that in the future whenever I would like to use the Group Policy Editor to edit the changes, it would update the registry keys but the registry.pol would not store the settings. May I know if there is any issue with my idea? So far it has been working except for this issue on my automation somehow bricking the GUI.

Software not Installing

October 6, 2019, 10:45 am
$
0
0

Hi

I have deployed some software "laps" msi installer  using group policy > computer settings   > assign software

This works on some machines and not others.   All machines are windows 10

On all machines I can see the policy has taken effect

On some machines however when I run rsop.msc    I can a see an exclamation mark over the assigned software

When I run the install manually using admin creds it installs fine each time, seem to only fall down when using group policy.

I would have thought that permissions would not be a factor for software installs if this has been assigned by a domain admin using group policy.

Didnt see anything in the event logs using filters msi install etc.

The gpresult command on the machine confirms the policy has taken effect.

Not sure where to troubleshoot next.


confuseis

Software Restriction Policy - Path shortcut not working

October 15, 2019, 9:27 am
$
0
0

I have a scheduled task that was created as part of a  GoToMeeting installer.  The task runs an executable that checks for any updates.  The file lives at %localappdata%\GoToMeeting\15160\g2mupdate.exe. 

Our default software restriction mode is disallow.

We have an path rule set for %localappdata%\GoToMeeting\" for unrestricted.  This should allow this file to run unrestricted.

When this scheduled task runs Event 865 gets logged in the Application event log and the file is blocked.  

"Access to C:\Users\(username)\AppData\Local\GoToMeeting\15160\g2mupdate.exe has been restricted by your Administrator by the default software restriction policy level."

If I manually run the file it works just fine. No block. NO event message logged.

If I change my path rule from %localappdata%\GoToMeeting\" to "C:\Users\(username)\appdata\local\GoToMeeting\15160\" the job runs just fine.

Both these paths resolve to the same location.  Why doesn't "%localappdata%"\GoToMeeting" work?

I have also tried the following path rules with the same block

c:\Users\%username%\appdata\local\GoToMeeting\

%userprofile%\appdata\local\GoToMeeting\



suddenly unable to install xps viewer with gpo enabled

October 15, 2019, 10:23 am
$
0
0

hello,

a few weeks ago i had users requesting to install xps viewer so i enabled the following gpo   "Computer Configuration\Administrative Templates\System\Specify settings for optional component installation and component repair" with the "download repair content and optional featues from wsus" option checked. it fixed the issue and they were able to install. now, another user wants it and they are unable to install. all prior installations still work. i can upload the dism.log to another platform if someone wants to examine it. i appreciate your time.

Error : The Security database on the server does not have a computer account for this workstation trust relationship - On multiple domain controllers

October 15, 2019, 2:46 pm
$
0
0
I have a friend who is getting this error "Error : The Security database on the server does not have a computer account for this workstation trust relationship" on multiple domain controllers in his AD environment.  I know numerous ways to fix this on a workstation or member server but I am not getting any clear instructions on how to resolve this on a domain controller.  any suggestions?

GPO - Software and Games - INSTALL OR RUN PROGRAM FROM YOUR MEDIA

October 15, 2019, 10:56 pm
$
0
0

Hi,

We are implementing a USB management solution, that the USB has a software can be running to insert a Password before start using it.

The software can be automatically running if INSTALL OR RUN PROGRAM FROM YOUR MEDIA is selected under Software and Game.

Control Panel\All Control Panel Items\AutoPlay

I tried to dig into GPO, but could not find any thing specifically related to this setting, I only found the following:

but these settings did not help me, as these settings only enables Autoplay. So this has the following effect:

the issue, the end-users need to manually click on these windows (1) and (2), to run the App, and most of them dont know how.

So is there a CMD, Registry, or GPO settings I can use to change this option for all users?

thanks,




لوحة التحكم \ جميع عناصر لوحة التحكم \ تشغيل تلقائي

Remove Archive button from Outlook 2016

October 9, 2019, 11:49 am
$
0
0
How can I disable / grey out or remove Archive button in Outlook 2016 via group policy?  We do not want user to use this feature.

Neil O'Connor

Search

Windows 10 1809 - group policies not applying from 2012 R2 DC using either 1809 or 1903 templates

October 9, 2019, 6:51 am
$
0
0

Hi,

I am unable to apply any group policy on windows 10 devices on corp network. I have created a test policy and linked to OU with security filtering for specific devices to receive policy - Computer Config > Admin Templates > Windows Components> Microsoft Edge > Allow InPrivate Browsing AND Computer Config > Admin Templates > Windows Components > MDM > Enable automatic MDM enrollment...

I have tried using 1809 and most recent 1903 admx templates in central store. 

Appreciate any help.

Disable Pinch Zoom for Microsoft Edge

October 8, 2019, 11:47 pm
$
0
0

Hello! 

I need to be able to disable pinch zoom in Windows 10 kiosk mode with Microsoft Edge.
Im using a HP ProOne 400 G4 with touchscreen configured with Windows 10 Pro verison 1903 (OS-verison 18362.418) in kiosk mode as a Digital sign or Interactive display with Microsoft Edge.

The problem is that users can pinch zoom the website I am pointing to. (I do not have access to change the HTML of the site itself)
They should not be able to do this.
I cannot find a setting in Microsoft Edge to disable this.
I can't find any group policy or registry key to disable this either.
In Internet Explorer you could fix this by going to Settings > Internet Options > Accessibility > User style sheet and pointing to a CSS file with the proper code.
This does not appear to apply to Microsoft Edge and I cannot find any similar options for it.
I cannot use any other browser than Microsoft Edge as Windows 10 kiosk mode enforces the use of it.
The only way i have been able to get any kind of effect is to open the developer tools for Microsoft Edge and adding "-ms-content-zooming: none;" to the html, but again I don't have access to permanently edit the website.

This setting really should be core Microsoft Edge functionality especially for kiosk mode.
Would it be possible to get a GPO to disable Pinch Zoom in Microsoft Edge?

Help would be greatly appreciated,
Best regards// Mikael

GPO's not getting applied with 1903

October 9, 2019, 12:31 am
$
0
0

I have an MDT for 1809 and 1903 configured. When I push an 1809 deployment all works well and all policies get applied. When I push a 1903 deployment my GPOs don't seem to work. I have checked out everything and all seems to be in place. GPOs are the same for 1803 so it points directly to the 1903 setup. Has anyone else had issues like this? If I run a gpresult /H I realise that the Admin template do not appear. They only appear after a gpupdate /force. 

An example of my issue is that when we deploy a device the computer object goes to a specific OU which keeps the local admin password. This is due to the autologin part of the MDT. Once this object moves to a different OU then the LAPS policy kicks in and changes the local admin password. With 1903 the LAPS policy kicks in and changes the password which then stops the MDT as its a different password than the password file.  If I deploy an 1809 device then I have no problems at all. 

Disable SMBv1 without using startup script

October 9, 2019, 6:13 am
$
0
0

Hi,

In our current Group Policy, we have power shell startup script for disabling SBMv1. So this is enabled in our entire organizational OU which I believe will run every time a user logs in. I think this is causing us log on delays and complaints from users.

Kindly suggest any other recommended method to do this permanently via registry or any other setting.

Thanks in advance,

Sanjai

Home Drive Intemittent map issue

October 16, 2019, 6:07 am
$
0
0

Some of our users are having issues where the home drive disappear in the morning.

We have got the folder redirection enabled and the home drive is setup in the active directory.

We had an old server 2008 R2 and migrated the home drive to Server 2019.

I have checked the group policy and there is not conflict. Has anyone come across this issue?

Thanks,


Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>