Quantcast
Channel: Group Policy forum
Viewing all 19997 articles
Browse latest View live

GPO to add domain to safesenders list

May 10, 2020, 5:09 pm
$
0
0
Hi Experts

One of my user is facing issue with email receiving from one domain. for example lets say domain name is abcd, when any email he is received from abcd domain the images are not being displayed the user has to manually click download picture.Experts guide me on this as how to make  these images download automatically using GPO by adding the domain to safe sender.
Search

log on/log off

May 4, 2020, 5:08 am
$
0
0

dears,

is there any gpo that we can apply in order to make a user signout from his desktop following certain rules ( example 15 mins of no activity) ? with having login and logout information logs?

it is a bit urgent

thank you in advance

Group policy applied result

May 6, 2020, 10:05 am
$
0
0

Hi Team,

I need report for applied group policy

Report for bulk machines. I need only

The applied police name. Any script?

Policies_NTFRS

May 8, 2020, 2:40 am
$
0
0

Hi,

I found a folder named (Policies_NTFRS_00e488e2).

Within this folder are other folders that appear to be from GPOs, but do not have much content.

But I went to get the ID from ADSEDIT and found one.

I read in some guidelines how to rename to OLD and execute (Repadmin / syncall / d / e) and then delete.

When this happens, is there a problem with SYSVOL? Any replication problem?

All results from DCDIAG and REPADMIN Status show that AD's health is healthy.

Does this interfere with the migration of SYSVOL from FRS to DFRS?

The only warning events I found were these:

Latency information for 23 entries in the vector were ignored.
23 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).

Event String: Windows failed to apply the Scripts settings. Scripts settings might have its own log file. Please click on the "More information" link. A warning event occurred. EventID: 0x0000043D

Event String: During the past 4.25 hours there have been 2004 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients.

Thank you.

Chrome App

May 8, 2020, 5:21 am
$
0
0

Hallo Team,  

ich muss eine Desktop verknüpfung  erstellen und die App mit Google Chrome Offnen. 
"C: \ Programm (x86) \ Google \ Chrome \ Application \ chrome.exe" http://apps.net.com 
leider hat etwas nicht funktioniert :( 

Vorschlag zur Lösung, Danke

Disabling IPV6 and renaming domain clients computer name using GPO - windows server 2016

May 9, 2020, 3:14 am
$
0
0

Hi,

How can disable IPv6 and renaming computers using GPO in windows 2016, we are using windows 7 & 10

Thank you

Delete a registry key only for 1 time

May 11, 2020, 11:11 pm
$
0
0

Hi

I want to create a GPO to delete a registry key for 1 time only. I want to delete below registry key

Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\DRM\EnableLoadingIRMonBoot

this key automatically recreated once user access Outlook-Permissions. but I don't want to delete once it is recreated

How to do this, please guide

Regards

Changing GPO/OU Layout Question

May 12, 2020, 6:11 am
$
0
0

Group Policy Management is a mess at the moment. There are 11 GPOs at the Domain level that is being applied to everything and thats how it has been since i've started with this company last year. This makes it very difficult to troubleshoot an issue that i'm having with one of the GPOs (can't figure out which one is causing the issue) and i don't want to disable a GPO in-case it is needed for production.

my other post explains the issue i'm having if you want to look at that here:  
https://social.technet.microsoft.com/Forums/windowsserver/en-US/3e5f1994-035f-4f8b-9915-f196d853a7e1/server-manager-wont-start?forum=ws2019

My thought to remedy this issue is to change the structure so that no GPO is at the Domain level so i can create an OU that can have all the same GPOs and then remove them one by one to see what is causing my issue.

All that to set up my main question:
If I create a new OU and link the GPOs to the new OU, move the Objects/OUs into the new OU then remove the GPOs from the domain level, should I expect any potential issues? 

Thanks,

Richard J. IT Administrator

Search

Laptop GPO for users in and out of office

May 15, 2020, 7:25 am
$
0
0

Hi all, with the IT changing for remote users, I have a site that just purchased a number of new laptops that are going to be working primarily from home but will come into the office for a day, that sort of thing. I’ve joined them to the domain. At this point, I created a ‘Laptop’ OU and put all the laptops in there.

For the rest of the network, I have folder redirection turned on for all local folders (except for downloads).

Folder redirection is not a problem for the workstations but for the laptops, I don’t want gobs of sync files on the laptops since they will be VPN’ing into our terminal servers for everything. Also, I've nightmares in the past with it.

What I want to do is to sync JUST their desktop and nothing else. This way, I can create icons for them for the FortiClient and RDS icon and any other shortcut that they may need.

How do I do this with the current folder redirection GPO set to Domain Users? I’m thinking that I will need to create a new group called Folder Redirected and move everyone into that group and remove Domain Users. Then all the laptop users, add to a new GPO called ‘Laptop Users’.

Anyway, as you can see, I’m all over the place flailing. Just need some direction.

One more thing, if these laptops are created as part of AD, how long can they be away from the domain before they expire?

Extra Registry Settings (Firewall) showing on RSOP?

May 15, 2020, 9:24 am
$
0
0

Hi Guys

I seem to have a ton of "Extra Registry Settings " relating to Firewall.

How can these be removed/set correctly please....my understanding is this usually occurs when the settings were set on an old template which has since been updated...but this is not the case here...as we set the policy after the 1809 templates were added.

We have a central store on Server 2019 with windows 1809 templates added.

Devices being deployed to are also 1809.

The Firewall Policy is set via: Policies /Windows Settings/Security Settings/Windows Defender Firewall.

Assistance appreciated, please let me know if you require further info.

Cheers.

Which is the best EDB to PST Converter software?

November 13, 2019, 2:19 am
$
0
0

Dear friend 

My EDB File does not inaccessible in Outlook.

Pleas advise me a proficient EDB to PST Converter Software.

Regards

Parkar Layn

Migrate Active Directory to a New Domain Controller

May 15, 2020, 5:33 pm
$
0
0

Is it possible to migrate Active Directory Users to a new Server? 

Look like the SYSVOL folder is corrupted and Group Policy isn't working properly. I want  to create a new domain controller, but im not sure how to get users onto the new server.

Regards

KP

Windows Hello With Domain Account

May 15, 2020, 5:37 pm
$
0
0

Hello,

I would like to sign into my PC with Windows Hello using my laptop's fingerprint sensor. However, I sign into Windows using a domain account, not a local or Microsoft account. Apparently, Windows Hello is not enabled by default for domain accounts. I am curious as to how I can enable it. Should I check the Group Policy on my Domain Controller? If so, where would I find it in Group Policy? I have already tried enabling "Enable PIN sign-on" in Group Policy, but that did not work. My laptop is running Windows 10 1909 and my DC is running Windows Server 2012 R2.

Any suggestions would be appreciated.

Group Policy not updating multiple member server

May 16, 2020, 12:57 am
$
0
0

Hi Guys,

I'm having problem to execute "gpupdate /force" on multiple member servers. getting variety of error and not able to figure this problem.

Error 1:

The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon, 

Error 2:

Computer Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempt to read the file \\domain.com\sysvol\domain.com\Policies\{GUID}\.gpt.ini

Error 3:

User/Computer Policy update failed.

I'm struggling to fix this types of error from DC and member server side.

DC side verified the replication and DC reach ability is fine. Still, I'm looking some troubleshooting steps. can you please help on this

Corrupt System Files

May 16, 2020, 9:51 am
$
0
0

I was having some problems using my Search in my settings so I a sfc scannow in the cmd and there were four files that were corrupt which sfc could not fix.

I was wondering if I could download these those files online and replace them .

Just wanted to be sure if I could do this.

The four dll files were: 

1.fdeploy.dll

2.fde.dll

3.gpedit.dll

4.gptent.dll

Search

Edge browser as default browser through Group Policy not applying over VPN only, rest all applied successfully

April 29, 2020, 10:44 am
$
0
0

Hi,

We have created one test OU and applied Edge Browser as default browser via GPO applied as below.

Below code save as xml file shared location.

<?xml version="1.0" encoding="UTF-8"?>

<DefaultAssociations>

<Association Identifier=".htm" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />

<Association Identifier=".html" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />

<Association Identifier="http" ProgId="AppXq0fevzme2pys62n3e0fbqa7peapykr8v" ApplicationName="Microsoft Edge" />

  <Association Identifier="https" ProgId="AppX90nv6nhay5n6a98fnetv7tpk64pp35es" ApplicationName="Microsoft Edge" />

</DefaultAssociations>

  1. Login to domain controller server

  1. Start èrunègpmc.mscègo to Group Policy Objects and Right clickè Select “New” and give new GPO name as “Set Edge as the Default Browser” Click Okay.

  1.  Right click on that GPO è select editègo to computer configurationèpolicesèadministrative templateè windows componentsè file explorerèselect and doble click on “Set a default association configuration file”è enable the policyè go to options set the path as below.

\\server name \netlogon\”MSEdgeBrowser.xml” or C:\Temp\MSEdgeBrowser.xml

  1. PreferencesèWindows SettingsèFilesèRight click on Files or Right sideèSelect“File”èSelect Source as \\servername\netlogon\MSEdgeBrowser.xml
  2. Select destination should be C:\temp\ MSEdgebrowser.xml
  3. Action item should be create or update

  1. Restart end computers and run gpupdate /force from command prompt
  2. Where you link this GPO. There “temp folder and MSEdgeBrowser.xml” will create in C:\ drive automatically.

 

  1. Then automatically MS Edge Browser come as default browser.

Thank you😉

in test OU nearly 50 workstations with Windows 10 OS. 20 Users connected over VPN and remaining 30 users connected from Office.

Able to get 30 user (computers) get Edge browser as default browser. who are connected over the VPN from home, those are not getting Edge browser as default browser.

Note: When we tested rsop.msc in 20 machines, seems policy applied successfully but in default apps IE showing as default browser.   

Applying Advanced Audit Policies

May 13, 2020, 1:32 am
$
0
0

Is there any way to apply Advanced audit policies on Server 2008 R2, 2012 R2 and 2016, outside of "Default Domain Policy" scope?

In a separate gpo?

The purpose is to avoid applying these settings on users' workstations.

Open a web page on first unlock of the PC

May 17, 2020, 6:44 am
$
0
0

Hi

I need to be able to open a web page on the first unlock of the day

I was able to create a gpo that pop the web page on first login but i need to customize it further


Enabling RDP to only one machine

May 11, 2020, 3:48 am
$
0
0

Hello,

So.. Whats the best way to allow users to remote only onto once machine without giving them access to a AD group which lets them remote onto all machines? I could do it via GPO but it seems to be a overkill for something which is only temp (unless someone knows a easy way in GPO)

We usually add engineers to 1 AD group which allows them to remote onto any laptop or server etc. However we have a few users who need to remote onto a desktop in the office. Usually they would log in and run their reports etc. But due to Covid-19 they are WFH. 

- I tried to add them to the remote desktop users group in the local users and groups, but they get an error "To l on to this remote computer you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote Desktop Users group or another group that has this right, or if the Remote Desktop Users group does not have this right, you must be granted this right manually."

- I tried to update the local security policy option and add them to the allow remote access group, but it's greyed out.

Any other ways? 

Log off idle sesion does not work on Windows server 2008

May 13, 2020, 2:37 am
$
0
0

Hi

I have enabled 2 policies on Windows Server 2008 R2 with terminal services role.

Administrative Templates> Windows Components>Remote Desktop Services> Remote Desktop Session Host >Session Time Limits. "Set time limit fo active but idle..." and " End session when time limits..."

I tried both Computer and User templates

From "rsop -r" commande everything looks OK policies applied

No errors?

Works OK on different servers 2012, 2016 and 2008 but not for that one with terminal services role? 
Viewing all 19997 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>