Hi All,
I have 4 Domain Controllers on windows server 2016 and getting the following error on 3 domain controllers with replication in progress.
I have tried this below, but with no success.
Hi folks,
When you start Group Policy Management Console there is "domain part" and also less used "sites part":
In what instance you would use "site part" . I understand the precedence rules but wonder how would this behave---if I change link from DDP to one of the sites(ex: default-first-site-name/ other "NY")??? Can't find any documentation on this instance!
Any link, insight, manual much appreciated! Thanks in advance for shedding the light on this topic!
Hi,
When I try to schedule I get an error "A specified logon session does not exist" and it is because there is group policy which enables "Network access: Do not allow storage of passwords and credentials for network authentication" in window security options.
as there a lot of policies created by ex-administrator so I want to know how can I find relevant policy and exclude my ID so that I can schedule a task. please guide how to find policy and then exclude myself from policy.
Regards
Hi,
Recently I created one "Security Global Group named "Training" and added the required users then created new GPO and configured using "Item Level Targeting" with option enabled "Run in logged-on Users security context (users policy option) and linked to he OU's where the users resides and it successfully mapped the drive to all the users in the Training Group.
Now, I need to remove couple of users so what is the preferred way to do this,
I tried few steps like removing the users from group, removing the link to the OU but no luck,
TIA
Looks for a group policy we can push out from the server (server 2016 essentials) to set all users file explorers to have the same view settings , so far I have been unable to see how to do this through either group policy or registry .
Any help would be great?
Hi All,
Really hoping for some help here if someone has come across this before.
We have a DC on Server 2016 with a Group Policy for RDS Lockdown. This policy has AppLocker enabled.
We have an RDS Server on 2008 (limited to this OS by an app they're trying to migrate away from, but is being blocked).
Basically, we have C:\AppName\AppFolder\App.exe as an executable, and within AppLocker we've Allowed this to run for Everyone.
When logging into the terminal server and checking Policies, this policy and this setting has applied, but when trying to run the application I'm still getting "This has been blocked by Group Policy". Then checking Event Viewer under AppLocker\EXE and DLL shows "%OSDRIVE%\AppName\AppFolder\App.exe has been prevented from running".
I've tried adding all sorts to the Allow list, I've tried both levels of folders above, I've tried the UNC to the folder via \\Servername\C$, the UNC to the Redirected Desktop (but fails when browsing via C:\ too) and even added this %OSDRIVE% path taken directly from EventViewer, but still no luck.
I can get it to work if i add the account to Local Admin, but I'm not doing that for the user group.
I have raised this with MS but I seem to be going back over the same things I've already done and it's taking longer than I'd like, the system is meant to be Live already so there's pressure from the client. I'm also half expecting them to come back with "This is 2008 which is no longer in support" which, to be fair, they haven't yet, but the AppLocker GPO is on a 2016 DC.
I thought it would be worth reaching out and trying multiple attack vectors, so if any of you have any ideas it would be hugely appreciated.
Thanks!
Bob
I have configured OneDrive for Business Sync Client to redirect Windows Known Folders for my users. Now I am trying to create a GPO that puts a target on their Desktop but I am having issues getting this to work.
Normally, I would use %DesktopDir% or %UserProfile%\Desktop but with the introduction of OneDrive Sync WKF that no longer works.
I tried %UserProfile%\OneDrive - Company Name\Desktop but that doesn't work because of the spaces in the line. If I do it in File Explorer, it works fine but not in GPO. I even tried adding " " but those are invalid characters for the GPO.
Has anyone done this before or found a workaround to put a shortcut on the desktop after Syncing with OneDrive WKF?
Thanks.
Hello,
I'm having an issue running a PowerShell script at logon using a GPO. The Configuration settings are applying to the machine however the User Configuration settings do not apply.
The logon script is configured under GPO | User Configuration | Policies | Window Settings | Scripts | Logon | PowerShell Scripts
The script is appears in the setting and is also located in the DOMAIN\Policies\GUID\User\Scripts\Logon folder when clicking "Show Files"
Authenticated users have been added to Security Filtering.
The GPO's computer configuration settings have been applied to the system however the user configurations settings have not.
Hi,
would it be possible that a certain gpo if applied/enabled, would affect the error stated above?
Thanks
So I am getting ready to load new gpo templates and found this article https://support.microsoft.com/en-us/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra and at the bottom it talks about organizing the templates into folders based on the gpo template version, such as
\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions-1803
\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions-2019
however, when I try to do it the new templates do not show in group policy manager. I tried adding templates and the folders are blank.
What am I missing?
TIA,
Jim
I am trying to set a group policy for my domain to define a set of trusted add-ins for Outlook 2016 so that they bypass the macro and add in warning settings. I have looked at the description for the key "User Configuration\Policies\Administrative Templates\Microsoft Outlook 2016\Security\Security Form Settings\Programmatic Security\Trusted Add-ins" however I am unable to determine what to put in the value field. I have included the description below:
"To create a new entry, enter a DLL file name in the ''Value Name'' column and the hash result in the ''Value'' column."
What am i supposed to hash? the file name? the DLL itself? and what hashing algorithm? I have tested it using both MD5 and SHA1 for both the file name and the entire DLL itself, neither of which worked.
Dear friend
My EDB File does not inaccessible in Outlook.
Pleas advise me a proficient EDB to PST Converter Software.
Regards
Parkar LaynWe are locking down the C: drive in Win10 1809 ENT. We allow FULL CONTROL to %userprofile%\Documents, Downloads, Desktop, Picture and Favorites. However GPMC directs to the following path: C:\windows\system32\config\systemprofile.
How can we edit the paths to point to %userprofile%\Desktop instead in GPMC ?
Hi All,
I am at my wits end with a GPO I am attempting to apply which does not seem to be working.
Basically, I need to change I.E. (11) home page on our intranet site so that our windows 10 client machines can access the new home page. This is a User GPO change.
We have a test OU in GPMC. I have created a new GPO and made the necessary amendments to the GPO and linked it etc. I have created a new user ID and ensured he has access to the GPO. I have logged into a machine kicked off a gpresult and can see the GPO that I created is being applied. I run I.E. but I don't see the updated home page.
What am I missing. Any information would be greatly appreciated.
Regards and thanks for any help.
We used globalprotect vpn to connect to our corporate network. We are upgrading to windows 10. Our windows 7 computers using VPN do not have any problems mapping to our DFS folders. We receive red X and share not available when accessing with windows 10. The drive never gets mapped no matter how long the user waits. I use preferences in the group policy to map the drives to the DFS folder(update). Map using UNC.
As a test, I added the following to item level targeting on the group policy using wmi:
Select * from Win32_Pingstatus Where address="server.horizon.hbc" and StatusCode=0
nameSpace Root\cimv2
The windows 10 user was able to access the drive after I added the server name. Can someone tell me why this worked. I did not configure the VPN, so I do not know how it is setup. I do not want to hard code the server name in a group policy.
How can I fix the drive mapping for Windows 10 and VPN?
Any help would be appreciated. Thanks.
Hi,
We have configured a GPO to enable the built-in Administrator account on windows 10 machines but it is not working. The Domain Controller is Windows 2012 Standard. Do we need any update?
Thanks.
Hi,
We need to apply a GPO on Domain Root Level but deny it on all the Servers. Can it work if we create a security group for the servers, add that group under delegation in GPO and select the option "Deny Group Policy" under security tab?
Thanks.