Search Results

Search found 23301 results on 933 pages for 'check in policy'.

Page 2/933 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Kerberos Policy section not appearing in RSop / GPResult

    - by Chloraphil
    I am attempting to confirm via RSoP or GPResult that the correct settings for "\Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy" are being applied, however the "Kerberos Policy" node is missing from the treeview / report. These settings are set in the "Default Domain Controllers Policy" which is linked in the "Domain Controllers" OU. Should "Kerberos Policy" appear at all? If not, how can I confirm the correct settings are being applied?

    Read the article

  • BES IT Policy: Radio disabled after device startup?

    - by DaveJohnston
    Can anyone tell me which BES IT policy option controls the radio being disabled when the device first starts up. I have been given an IT policy which when applied to a user causes the radio on the device to be off by default when it starts up, requiring the user to activate it every time (after entering his password). When the default policy is applied this does not happen, so it is an option in the IT policy that has caused it. Does anyone know which of the options this is?

    Read the article

  • How can I erase the traces of Folder Redirection from the Default Domain Policy

    - by bruor
    I've taken over from an IT outsourcer and have found a struggle now that we're starting a migration to windows 7. Someone decided that they would setup Folder redirection in the Default Domain Policy. I've since configured redirection in another policy at an OU level. No matter what I do, the windows 7 systems pick up the Default Domain Policy folder redirection settings only. I keep getting entries in the event log showing that the previously redirected folders "need to be redirected" with a status of 0x80000004. From what I can tell this just means that it's redirecting them locally. Is there a way I can wipe that section of the GPO clean so it's no longer there? I'm hesitant to try to reset the default domain policy to complete defaults. ***UPDATE 6-26 I found that the following condition occurred and was causing the grief here. I've already implemented the new policies for clients, and for some reason, XP was working great, 7 was refusing to process. The DDP was enforced. Because of this, and the fact that the folder redirection policies were set to redirect back to the local profile upon removal, it was forcing clients to pick up it's "redirect to local" settings. Requirements for to recreate the issue. -Create a new test OU and policy. -Create some folder redirection settings, set them to redirect to local upon removal -Remove settings on that GPO -Refresh your view of the GPO and check the settings. -You'll notice that the settings show "not configured" entries for folder redirection. -Enforce this GPO -Create another sub-OU -Create a GPO linked to this sub-ou and configure some folder redirection settings. -Watch as the enforced GPOs "not configured" setting overrides the policy you just defined. I've had to relink the DDP to all OU's that have "block inheritance" enabled, and disable the "enforced" option on the DDP as a workaround. I'd love to re-enable enforcement of the DDP, but until I can erase the traces of folder redirection settings from the DDP, I think I'm stuck.

    Read the article

  • How can I edit local security policy from a batch file?

    - by Stephen Jennings
    I am trying to write a utility as a batch file that, among other things, adds a user to the "Deny logon locally" local security policy. This batch file will be used on hundreds of independent computers (not on a domain and aren't even on the same network). I assumed one of the following were my options, but perhaps there's one I haven't thought of. A command line utility similar to net.exe which can modify local security policy. A VBScript sample to do the same. Write my own using some WMI or Win32 calls. I'd rather not do this one if I don't have to.

    Read the article

  • Policy Administration is the Top 2011 IT Priority for Insurers

    - by helen.pitts(at)oracle.com
    The current issue of Insurance Networking News includes an interesting column by Novarica's Matt Josefowicz.  Recent research by the firm revealed that policy administration replacement or extension is the most common strategic IT project for insurers this year.  The article goes on to note that insurers are keenly focused on the business capabilities that can be delivered once the system is in production as well as the ability to leverage agile development methodologies and true business/IT collaboration during implementation. The results are not too surprising given that policy administration is a mission-critical system for life and annuity insurers.  As Josefowicz notes, "Core systems are called core for a reason--they are at the heart of the insurer's ability to function.  Replacing them is not to be done lightly, but failing to replace them can mean diminishing the ability to compete or function effectively as a company." Insurers can no longer rely on inflexible policy administration systems that impede their ability to rapidly configure and bring to innovative new products, add riders, support changing business processes and take advantage of market opportunities.  The ability to leverage the policy administration systems to better service customers and distribution channels by providing real-time access to policy information throughout the policy lifecycle is also critical to sustain loyalty and further fuel growth.Insurers can benefit from a modern, adaptive policy administration system, like Oracle Insurance Policy Administration for Life and Annuity.  You can learn more about the industry's most highly advanced, rules-based system, which is unmatched for its highly flexible, rules-based configurability, performance and extensibility, as well as global market industry trends by viewing a complimentary, on-demand Webcast, Adapt, Transform and Grow:  Accelerate Speed to Market with Adaptive Insurance Policy Administration.Data conversions can be a daunting process for many insurers when deciding to modernize, in particular when consolidating from multiple, disparate legacy policy administration systems to a single new platform.  Migrating from a legacy system requires a well-thought out approach that builds on the industry's best thinking from previous modernization efforts and takes data migration off the critical path by leveraging proven methodology and tools to capitalize on the new system's capabilities.  We'll discuss more about this approach in a future Oracle Insurance blog.Helen Pitts is senior product marketing manager for Oracle Insurance's life and annuities solutions.

    Read the article

  • Problem with network policy rule in Network Policy Server

    - by Robert Moir
    Trying to configure RADIUS for a college network, and have run into the following frustration: I can't set an "AND" condition for group membership of authenticated objects in the network policy rules, e.g. I'm trying to create a NPS rule that says, essentially "IF user is a member of [list of user groups] And is authenticating from a computer in [wireless computer group] then allow access. The screenshot above is the rule I am having trouble with. It does not work as written. The rule underneath it, which is identical in every aspect except the conditions rule, does work. I've tried changing the non-working rule to define each set of groups as "Windows group" rather than specifically as machine and user groups, with no change. With the "faulty" rule enabled and the working one disabled, any attempt to login with a valid account from a machine that is in the wireless computers group gives a 6273 audit event in the windows event log: Reason code 66 - "the user attempted to use an authentication method that is not enabled on the matching network policy". Disabling the "faulty" rule, enabling the other rule and logging in with the same account and computer works just fine.

    Read the article

  • Policy based design and defaults.

    - by Noah Roberts
    Hard to come up with a good title for this question. What I really need is to be able to provide template parameters with different number of arguments in place of a single parameter. Doesn't make a lot of sense so I'll go over the reason: template < typename T, template <typename,typename> class Policy = default_policy > struct policy_based : Policy<T, policy_based<T,Policy> > { // inherits R Policy::fun(arg0, arg1, arg2,...,argn) }; // normal use: policy_base<type_a> instance; // abnormal use: template < typename PolicyBased > // No T since T is always the same when you use this struct custom_policy {}; policy_base<type_b,custom_policy> instance; The deal is that for many abnormal uses the Policy will be based on one single type T, and can't really be parameterized on T so it makes no sense to take T as a parameter. For other uses, including the default, a Policy can make sense with any T. I have a couple ideas but none of them are really favorites. I thought that I had a better answer--using composition instead of policies--but then I realized I have this case where fun() actually needs extra information that the class itself won't have. This is like the third time I've refactored this silly construct and I've got quite a few custom versions of it around that I'm trying to consolidate. I'd like to get something nailed down this time rather than just fish around and hope it works this time. So I'm just fishing for ideas right now hoping that someone has something I'll be so impressed by that I'll switch deities. Anyone have a good idea? Edit: You might be asking yourself why I don't just retrieve T from the definition of policy based in the template for default_policy. The reason is that default_policy is actually specialized for some types T. Since asking the question I have come up with something that may be what I need, which will follow, but I could still use some other ideas. template < typename T > struct default_policy; template < typename T, template < typename > class Policy = default_policy > struct test : Policy<test<T,Policy>> {}; template < typename T > struct default_policy< test<T, default_policy> > { void f() {} }; template < > struct default_policy< test<int, default_policy> > { void f(int) {} }; Edit: Still messing with it. I wasn't too fond of the above since it makes default_policy permanently coupled with "test" and so couldn't be reused in some other method, such as with multiple templates as suggested below. It also doesn't scale at all and requires a list of parameters at least as long as "test" has. Tried a few different approaches that failed until I found another that seems to work so far: template < typename T > struct default_policy; template < typename T, template < typename > class Policy = default_policy > struct test : Policy<test<T,Policy>> {}; template < typename PolicyBased > struct fetch_t; template < typename PolicyBased, typename T > struct default_policy_base; template < typename PolicyBased > struct default_policy : default_policy_base<PolicyBased, typename fetch_t<PolicyBased>::type> {}; template < typename T, template < typename > class Policy > struct fetch_t< test<T,Policy> > { typedef T type; }; template < typename PolicyBased, typename T > struct default_policy_base { void f() {} }; template < typename PolicyBased > struct default_policy_base<PolicyBased,int> { void f(int) {} };

    Read the article

  • How do i remove a password expiration policy?

    - by jimmygee
    We had a password expiration policy recently removed from our AD but some users continued to get the "..your password will expire in x days. would you like to change it now?" message. So we added a reverse/undo policy to correct the local registry settings Maximum password age = 0 days Minimum password age = 0 days This hasn't worked as new users still seem to encounter the above "change password" message sporadically. We have now removed all custom password policy GPOs and are left with the "Default Domain Policy". Still no good. Can someone point me in the direction to fix this? And an explanation into what i was doing wrong (/how password expiration policies apply) would be useful too. thanks Environment is 2k3 server with mostly XPsp2 clients.

    Read the article

  • Windows 7 Group Policy blocking Adobe Reader

    - by Danny Chia
    A few weeks ago, my company blocked Adobe Reader due to an unpatched security issue. However, we recently moved one of our computers to a project that didn't require access to the corporate network, and IT gave us the green light to override Group Policy and re-enable Adobe Reader. However, this is something we've been unable to achieve. We've tried the following (in no particular order), all to no avail: Ran the program as administrator Renamed the program (the blocking is likely signature-based) Deleted registry.pol Changed the value of "Start" in \HKEY_LOCAL_MACHINE\CurrentControlSet\services\gpsvc to "4" (to prevent group policy from applying, even though it's no longer on the corporate domain) Checked SRP settings under Local Security Policy - nothing was there Checked AppLocker settings under Local Security Policy - nothing there either Incidentally, I found a few registry keys with descriptions referring to Adobe Reader being blocked. I deleted all of them, but it didn't help. Changed the permission settings of the program Re-installed Adobe Reader Is there anything I missed, short of doing a clean install?

    Read the article

  • Cannot seem to disable ability to view temporary internet files via group policy

    - by user162707
    Windows XP Pro SP3, IE8 (8.0.6001.18702), within local gpedit.msc I did the below: User Config/Admin Temp/Windows Comp/IE enabled: disable changing temporary internet file settings User Config/Admin Temp/Windows Comp/IE/Delete Browsing History enabled all (11 items) However there is a loophole that lets me still wipe history & other files via: Tools, Internet Options, Browsing History, Settings, View Objects, delete everything, hit up arrow, go to History (hidden folders has to be on), delete everything Only way around this I can see is to disable General Internet Options Page via group policy, setup NTFS folder restrictions on that temp internet files (worried about adverse affects like not being able to store them), or further grind-down group policy somewhere else to prevent deleting files. Just odd group policy wouldn't have a settings to simply disable the Browser History Settings button (as it further shows the location which a user could just go to). So just curious if someone can confirm maybe this is simply not available in group policy & their suggested action

    Read the article

  • disable possword policy using command prompt in Server 2008

    - by user50273
    Is there a way to disable password policy in Windows Server 2008 using command prompt. I know how to do it using Local Security Policy in Administrative Tools. I was wondering if there is a way to change using command prompt. I guess there must be some registry settings that needs to be changed but I do not know which entry in registry will disable the password policy. If you can tell me which registry entry I can write the command prompt myself. Thanks

    Read the article

  • Deploying Windows Service through group policy fails with Event ID 102

    - by Sören Kuklau
    I'm trying to deploy a custom Windows Service (written in C#; installed through a VS setup project) using a group policy. To help debug this, I also have two additional MSIs in the same policy. All three packages are deployed as a machine policy, not a user one. On one machine (runs Windows Server 2008; no UAC), all three deploy fine. The service is set to Automatic, as expected. On two machines (run Windows 7; UAC), the two other MSIs deploy fine, but my service fails to install. The event log gives an event ID of 102, which appears to be a permissions problem: The install of application "Package Name" from policy "Policy Name" failed. The error was The installation source for this product is not available. Verify that the source exists and that you can access it. However, all three packages come from the same share linked through UNC, so this is unlikely. My guess is that UAC is the problem; that the service requires additional permissions. Do I need to alter the MSI somehow?

    Read the article

  • Export local security policy

    - by Jim B
    I am trying to export the local security policy on a number of servers into a template file which I can then import into a group policy. I cna do this manually without issue but I have been unsuccesssful in finding a way to script this process. Is is possible to script the creation of the export of local security policy?

    Read the article

  • Group Policy is not being applied from Server 2003 to win7 client

    - by John Hoge
    Hi, I'm experimenting with Group Policy settings. My DC is running Server 2003, and the client I am using for this test is running Win7. I've restarted the client a few times, and tried running gpupdate/force for good measure. This machine is in it's own OU with a group policy applied to change one setting, Computer Configuration/Administrative Templates/Network/Offline Files. When I run MMC and look at Local Computer Policy on the client this setting shows up as "not configured". Thanks, John

    Read the article

  • Sharepoint discussion board w/ attachments expiration policy

    - by Mike
    I want to set a retention policy (DB Settings - Information Management Policy Settings) on a discussion board, but does the attachment get deleted as well? Also, I have a discussion board retention policy right now that isn't working properly. The criteria is: Last Updated + 30 days Delete There are plenty of dicussion items that are long past "Last Updated". Any ideas why?

    Read the article

  • Config Time Service on Server 2008 DC using Group Policy Only

    - by Ed Fries
    I want to configure the Time Service using only GP in a Server 2008 R2 domain. I have created a GP as follows: Computer Config, Policies, Administrative Templates, System, Windows Time Policy: =Global Configuration Settings -Enabled w/ default settings. Computer Config, Policies, Administrative Templates, System, Windows Time Policy,Time Providers: =Configure Windows NTP Client -Enabled w/ default settings. =Enable Windows NTP Client -Enabled w/ default settings. =Enable Windows NTP Server -Enabled w/ default settings. The policy is linked, enforced and applied to Domain Controllers OU. The GP modeling results shows the policy is in effect on the DC (Single DC domain) and the DC is recognized as the PDC emulator. I have run gpupdate /force and logged off/on. The issue is that the DC shows the time source as internal. I understand I can force this at the cmd line using w32tm to set the peer but I would like to understand what is missing in the GP. The default NTP Client GP setting includes time.windows.com,0x9 as the source but it does not appear to be taking effect.

    Read the article

  • Is Openness at the heart of the EU Digital Agenda?

    - by trond-arne.undheim
    At OpenForum Europe Summit 2010, to be held in Brussels, Autoworld, 11 Parc du Cinquantenaire on Thursday 10 June 2010, a number of global speakers will discuss whether it indeed provides an open digital market as a catalyst for economic growth and if it will deliver a truly open e-government and digital citizenship (see Summit 2010). In 2008, OpenForum Europe, a not-for-profit champion of openness through open standards, hosted one of the most cited speeches by Neelie Kroes, then Commissioner of Competition. Her forward-looking speech on openness and interoperability as a way to improve the competitiveness of ICT markets set the EU on a path to eradicate lock-in forever. On the two-year anniversary of that event, Vice President Kroes, now the first-ever Commissioner of the Digital Agenda, is set to outline her plans for delivering on that vision. Much excitement surrounds open standards, given that Kroes is a staunch believer. The EU's Digital Agenda promises IT standardization reform in Europe and vows to recognize global standards development organizations (fora/consortia) by 2010. However, she avoided the term "open standards" in her new strategy. Markets are, of course, asking why she is keeping her cards tight on this crucial issue. Following her speech, Professor Yochai Benkler, award-winning author of "The Wealth of Networks", and Professor Nigel Shadbolt, appointed by the UK Government to work alongside Sir Tim Berners-Lee to help transform public access to UK Government information join dozens of speakers in the quest to analyse, entertain and challenge European IT policy, people, and documents. Speakers at OFE Summit 2010 include David Drummond, Senior VP Corporate Development and Chief Legal Officer, Google; Michael Karasick, VP Technology and Strategy, IBM; Don Deutsch, Vice President, Standards Strategy and Architecture for Oracle Corp; Thomas Vinje, Partner Clifford Chance; Jerry Fishenden, Director, Centre for Policy Research, and Rishab Ghosh, head, collaborative creativity group, UNU-MERIT, Maastricht (see speakers). Will openness stay at the heart of EU Digital Agenda? Only time will show.

    Read the article

  • Problems installing Windows service via Group Policy in a domain

    - by CraneStyle
    I'm reasonably new to Group Policy administration and I'm trying to deploy an MSI installer via Active Directory to install a service. In reality, I'm a software developer trying to test how my service will be installed in a domain environment. My test environment: Server 2003 Domain Controller About 10 machines (between XP SP3, and server 2008) all joined to my domain. No real other setup, or active directory configuration has been done apart from things like getting DNS right. I suspect that I may be missing a step in Group Policy that says I need to grant an explicit permission somewhere, but I have no idea where that might be or what it will say. What I've done: I followed the documentation from Microsoft in How to Deploy Software via Group Policy, so I believe all those steps are correct (I used the UNC path, verified NTFS permissions, I have verified the computers and users are members of groups that are assigned to receive the policy etc). If I deploy the software via the Computer Configuration, when I reboot the target machine I get the following: When the computer starts up it logs Event ID 108, and says "Failed to apply changes to software installation settings. Software changes could not be applied. A previous log entry with details should exist. The error was: An operations error occurred." There are no previous log entries to check, which is weird because if it ever actually tried to invoke the windows installer it should log any sort of failure of my application's installer. If I open a command prompt and manually run: msiexec /qb /i \\[host]\[share]\installer.msi It installs the service just fine. If I deploy the software via the User Configuration, when I log that user in the Event Log says that software changes were applied successfully, but my service isn't installed. However, when deployed via the User configuration even though it's not installed when I go to Control Panel - Add/Remove Programs and click on Add New Programs my service installer is being advertised and I can install/remove it from there. (this does not happen when it's assigned to computers) Hopefully that wall of text was enough information to get me going, thanks all for the help.

    Read the article

  • Trouble creating a Java policy server for a simple Flash app

    - by simonwulf
    I'm trying to create a simple Flash chat application for educational purposes, but I'm stuck trying to send a policy file from my Java server to the Flash app (after several hours of googling with little luck). The policy file request reaches the server that sends a harcoded policy xml back to the app, but the Flash app doesn't seem to react to it at all until it gives me a security sandbox error. I'm loading the policy file using the following code in the client: Security.loadPolicyFile("xmlsocket://myhostname:" + PORT); The server recognizes the request as "<policy-file-request/" and responds by sending the following xml string to the client: public static final String POLICY_XML = "<?xml version=\"1.0\"?>" + "<cross-domain-policy>" + "<allow-access-from domain=\"*\" to-ports=\"*\" />" + "</cross-domain-policy>"; The code used to send it looks like this: try { _dataOut.write(PolicyServer.POLICY_XML + (char)0x00); _dataOut.flush(); System.out.println("Policy sent to client: " + PolicyServer.POLICY_XML); } catch (Exception e) { trace(e); } Did I mess something up with the xml or is there something else I might have overlooked?

    Read the article

  • Windows Update when Group Policy Forbids

    - by David Beckman
    I am in the administrators group for my local Windows XP machine and I would like to get updates via http://update.microsoft.com/[1]. However, this is prevented via the group policy: Network policy settings prevent you from using this website to get updates for your computer. Is there anyway to override this specific policy for my machine or my user? [1] Several installed applications are Microsoft based, but are not part of the machine standard (eg Visual studio). As such, I am not getting the updates for these applications. I could periodically go to the various application sites and look for hotfixes, but that is beyond tedious.

    Read the article

  • Active Directory - Lightweight Directory Services and Domain Password Policy

    - by Craig Beuker
    Greetings all, We have an active directory domain which enforces a strict password policy. Hooray! Now, for the project we are working on, we are going to be storing users of our website Microsoft's AD-LDS service as well as using that for authentication of our web users. By default, it is my understanding that AD-LDS inherits its password policy from the domain of the machine it's installed on. Is there any way to break that link such that we can define a lighter password policy (or none if we so choose) for users in AD-LDS without affecting our domain? Note: AD-LDS is going to be hosted on a machine which is part of the domain. Thanks in advance.

    Read the article

  • Software restriction policies set in the registry don't update Local Group Policy

    - by Jon Rhoades
    The joys of a Samba domain... First off Domain Group policy can't be used until Samba 4 arrives. We need to setup Software Restriction Policies (SRPs) on most of the computers in our Samba domain and I would dearly like to automate this. (We are moving away from just disabling the Windows installer). The traditional way is to set SRPs using Local Group Policy (LGP) Computer Conf-Windows Settings-SRP but this involves visiting every machine as it can't be set using in NTConfig.pol. It is possible to attempt to create the SRPs directly in the registry: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{30628f61-eb47-4d87-823b-6683a09eda87}] "LastModified"=hex(b):40,a2,94,09,b5,5d,ca,01 "Description"="" "SaferFlags"=dword:00000000 "ItemData"="C:\\location\\subfolder" SaferFlags DWORD seems to be what turns it on or off, but although this seems to work it does not update the Local Group Policy - SRPs still show as "No SRPs Defined". Where does the LGP store this setting - is it even in the registry and more importantly - Is there a cleverer way of setting up SRPs?

    Read the article

  • Blocking password policy (expiry) for a particular OU in AD

    - by Kip
    Hey SF Folks, Situation is this: I need to have a particular container in my AD environment which blocks password expiry policy, but accepts all other policies. Is this something that would work by simply adding in a GPO at the sub-ou level (the ou in question is a child of ou's where GPO's including password stuff is set). These accounts (and this ou) already exist and will have the default domain policy as well as other policies applied and they should continue to receive policy settings as per those GPO's, with the exception of the Password Expiry. We have tried the password do not expire tickbox and that seems not to have worked. Thanks in advance. Kip

    Read the article

  • Group policy issues

    - by Alex Berry
    We are having an issue on one of our clients relatively new sbs installs. The domain consists of a single SBS 2011 server with 4 windows 7 clients and 3 xp clients. Most of the time everything is fine however roughly every 3 days windows 7 clients start timing out when trying to receive computer group policy. This results in hour long delays before getting to the login screen in the morning. This is accompanied by event ID 6006, win login errors stating it took 3599 seconds to process policy. Once they've booted they can log in without issue however gpupdate fails again on computer policy and gpresult comes back with access denied, even when run as domain admin... At this point if we restart the server the network is fine for 3 days. I thought perhaps it might be ipv6 or smb2, but disabling ipv6 on the clients doesn't help and the clients can browse the sysvol folder freely on smb2 anyway. Does anyone have any ideas or routes I can take to further diagnose the issue? Thanks in advance :)

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >