Search Results

Search found 3926 results on 158 pages for 'same origin policy'.

Page 25/158 | < Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32  | Next Page >

  • Event ID for modified GPOs

    - by Hinek
    I have to know, who (usersid or loginname) changed a specified GPO for a specified OU in the Active Directory. Given our audit settings include this, what would be the right Event ID to look for?

    Read the article

  • Configuring only one Internet Explorer zone (IntranetZone) thru GPO without affecting other zones?

    - by MadBoy
    I need to deploy some trusted intranet sites into Intranet Zone in Internet Explorer. It works fine when using GPO at: Setting Path: Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page Supported On: At least Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Problem is this settings also affect other zones making it impossible for people in company to add sites to other zones themselves. Is there a way to fix this so that Intranet Zone is deployed thru GPO and rest of settings stay in gesture of users?

    Read the article

  • Active Directory: delete vs. disable departed employees

    - by Matt Rogish
    When an employee leaves your organization, do you delete or disable their Active Directory account? Our SOP is to disable, export/purge the Exchange mailbox, and then after "some time" has elapsed (usually quarterly), delete the account. Is there any need for that delay? After exporting and purging their mailbox, why shouldn't I delete the account right then and there?

    Read the article

  • Security and Windows Login

    - by Mimisbrunnr
    I'm not entirely sure this is the right place for the is question but I cannot think of another so here goes. In order to login to the windows machines at my office one must press the almighty CTRL-ALT-DELETE command combo first. I, finding this very frustrating, decided to look into why and found claims from both my sys and Microsoft stating that it's a security feature and that "Because only windows could read the CTRL-ALT-DELETE it helped to ensure that an automated program cannot log in. Now I'm not a master of the windows operating system ( as I generally use *nix ) but I cannot believe that "Only windows can send that signal" bull. It just doesn't sit right. Is there a good reason for the CTRL-ALT-DELETE to login thing? is it something I'm missing? or is it another example of antiquated legacy security measures?

    Read the article

  • Setup.exe called from a batch file crashes with error 0x0000006

    - by Alex
    We're going to be installing some new software on pretty much all of our computers and I'm trying to setup a GPO to do it. We're running a Windows Server 2008 R2 domain controller and all of our machines are Windows 7. The GPO calls the following script which sits on a network share on our file server. The script it self calls an executable that sits on another network share on another server. The executable will imediatelly crash with an error 0x0000006. The event log just says this: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Setup.exe because of this error. Here's the script (which is stored on \\WIN2K8R2-F-01\Remote Applications): @ECHO OFF IF DEFINED ProgramFiles(x86) ( ECHO DEBUG: 64-bit platform SET _path="C:\Program Files (x86)\Canam" ) ELSE ( ECHO DEBUG: 32-bit platform SET _path="C:\Program Files\Canam" ) IF NOT EXIST %_path% ( ECHO DEBUG: Folder does not exist PUSHD \\WIN2K8R2-PSA-01\PSA Data\Client START "" "Setup.exe" "/q" POPD ) ELSE ( ECHO DEBUG: Folder exists ) Running the script manually as administrator also results in the same error. Setting up a shortcut with the same target and parameters works perfectly. Manually calling the executable also works. Not sure if it matters, but the installer is based on dotNETInstaller. I don't know what version though. I'd appreciate any suggestions on fixing this. Thanks in advance! UPDATE I highly doubt this matters, but the network share that the script is hosted in is a shared drive, while the network share the script references for the executable is a shared folder. Also, both shares have Domain Computers listed with full access for the sharing and security tabs. And PUSHD works without wrapping the path in quotes.

    Read the article

  • Deny to administrators to change network configuration settings

    - by moronrats
    I need to provide admin rights to every user but the users should not able to change network configuration settings. For this I have enabled following policies in User Configuration\Administrative Templates\Network\Network connections Enable Windows 2000 network connection settings for administrators Prohibit access to properties of a LAN connection Prohibit access to properties of components a LAN connection Users (that exist in administrators) still can change the LAN properties. Are there any other solutions?

    Read the article

  • New IE windows open in background on restricted computer

    - by Adam Towne
    We have a new computer build that is locked down via GPO. We have locked it down as tight as we can, but now new IE windows that are opened with shortcuts open behind the active window. I can post the whole list of restrictions if it is necessary, but there are a lot of restrictions. The machine has a domain account that automatically logs in, that account is the actual AD object that we have locked down. What restrictions could cause the new windows to not have focus? I apologize for a question like this, but I had 1 day to build this, and now 2 days to iron out bugs our clinical analysts find.

    Read the article

  • Batch add/import of a list of users to a group in Active Directory?

    - by JB
    We have two lists of users (about 1000 each) that we need to add to groups in Active Directory (Windows Server 2003...one list will be in one group, one in the other). All the users currently exist in the directory, but we just need to assign them properly. Is there an easy way to do this without scripting? If not, can it be scripted with Ruby, Perl or Python? Thanks!

    Read the article

  • Users can't change password trough OWA for Exchange 2010

    - by Rémy Roux
    Here's our problem, users who want to change their password trough OWA get this error "The password you entered doesn't meet the minimum security requirements.", even if users are respecting the minimum security requirements. With these settings, we have the error: Enforced password history 1 passwords remembered Maximum password age 185 days Minimum password age 1 day Minimum password length 7 characters Password must meet complexity requirements enabled With these test settings, we don't have an error: Enforced password history not defined Maximum password age not defined Minimum password age not defined Minimum password length not defined Password must meet complexity requirements not defined People can change their password but there is no more security! Just changing one parameter of the GPO for example "Enforced password history", brings back this error. Here's our server configuration : Windows Server 2008 R2 Exchange Server 2010 Version: 14.00.0722.000 If anybody has a clue it would very helpful !

    Read the article

  • Windows 7 Folder Redirection (GPO)

    - by Kev
    I have been fighting this issue for a day or two now, so I am looking for some insight. I am taking over admin duties in a domain of 800 users, and the previous admins really did not employ much of any GPO settings for the clients of the Domain. In each site, there is a location on the file server where "Home" folders were manually created. EX: \server\home\enduser Whenever a user got a machine, the admin would manually right-click on the "My Documents" folder and manually enter the path to the home folder. We are planning to start putting Windows 7 machines on the Network, and I am wanting to automate as much as I can, everything that was not done in the past. Since everyone has exising "Home" folders I have been fighting and trying to get Folder Redirection to work with a new Windows 7 machine (In a Test OU). I am getting all kinds of errors and I can't get the Windows 7 "Documents" folder to redirect to the users EXISTING home folders. As I stated earlier, all of the Home folders were (and still are) manually created on the File Server and are set with the following Security permissions - Domain Admins - Full Control euser (end user) - Modify (Everything but Full) Can someone point me in the right direction on the proper setting to put in the Folder Redirection GPO to get this to work with the Existing Home folders.

    Read the article

  • Complete Active Directory redesign and GPO application

    - by Wolfgang Kuehne
    after much testing and hundreds of tries and hours invested I decided to consult you experts here. Overview: I want to apply some GPO to our users which will add some specific site to the Trusted Sites in Internet Explorer settings for all users. However, the more I try the more confusing the results become. The GPO is either applied to one group of users, or to another one. Finally, I came to the conclusion that this weird behavior is cause rather by the poor organization in Users and Groups in Active Directory. As such I want to kick the problem from the root: Redesign the Active Directory Users and Groups. Scenario: There is one Domain Controller, and we use Terminal Services (so there is a Terminal Server as well). Users usually log on to the Terminal Server using Remote Desktop to perform their daily tasks. I would classify the users in the following way: IT: Admins, Software Development Business: Administration, Management The current structure of the Active Directory Users and Groups is a result of the previous IT management. The company has used Small Business Server which has created multiple default user groups and containers. Unfortunately, the guys working before me have do no documentation at all. Now, as I inherit this structure I am in the no mans land. No idea which direction to head first. As you can see, the Active Directory User and Groups have become a bit confusing. There is no SBS anymore, but when migrating from SBS to the current Windows Server 2008 R2 environment the guys before me have simply copied the same structure. The real question: Where should I start cleaning from, ensuring that I won't break totally the current infrastructure? What is a nice organization for the scenario that I have explained above? Possible useful info for the current structure: Computers folder contains Terminal Services Computers user group Members: TerminalServer computer located at Server -> Terminalserver OU Member of: NONE Foreign Security Principals : EMPTY Managed Service Accounts : EMPTY Microsoft Exchange Security Groups : not sure if needed, our emails are administered by external service provider Distribution Groups : not sure if needed Security Groups : there are couple of groups which are needed SBS users : contains all the users Terminalserver : contains only the TerminalServer machine

    Read the article

  • Which smartphone OS would you choose for your users ?

    - by Florent
    While we currently only use windows mobile smartphone, my boss seems less and less reluctant to try and choose a new kind of OS for our users corporate phones. For some reasons, we can't use a Blackberry Enterprise Server, so i guess our only choice is between Iphone OS and Android (or Blackberry without BES ? I don't really know if this works fine) We need activesync capable smartphones of course, and activesync security policies must be available (pin when using your phone for example). Centralized Phone management would be nice too :D Any ideas on what should be the best smartphone to choose for our users ?

    Read the article

  • How Do I Get poledit.exe Out Of Windows 2000 Service Pack 4?

    - by Nick
    I've read that I can get poledit.exe from Windows 2000 Service Pack 4, but have been unable to figure out how. I've downloaded the service pack from Microsoft's website, "W2KSP4_EN.EXE", and extracted it using the "/x" option on the command line: W2KSP4_EN.EXE /x Which produced an i386 folder with a bunch of files in it, but poledit.exe isn't there. Theres a "poledit.ex_", but changing the "_" to an "e" and trying to execute it results in the error: The NTVDM CPU has encountered an illegal instruction. I'm trying to do this on a winXP Pro machine. I know I've gotten this to work before, but don't remember how I did it. What am I missing?

    Read the article

  • Is there a way to set access to WMI using GroupPolicy?

    - by Greg Domjan
    From various documentation it appears that to change WMI access you need to use WMI to access the running service and modify specific parts of the tree. Its kind of annoying changing 150,000 hosts using the UI. And then having to include such changes in the process of adding new hosts. Could write a script to do the same, but that needs to either connect to all those machines live, or be distributed for later update say in an startup/install script. And then you have to mess around with copying binary SD data from an example access control. I've also found you can change the wbem/*.mof file to include an SDDL but I'm really vague on how that all works at the moment. Am I just missing some point of simple administration?

    Read the article

  • Applocker custom extension (Java, CPL, MSC etc.)

    - by test1839
    We have a Terminal server and want to prevent users from running inappropriate software. Previously we used Software Restriction Policies for this purpose. Now, Microsoft seems to recommend Applocker instead. However we found no possibilities to add custom extensions like JAR, CPL, MSC etc. which was possible in Software Restriction Policies. Do you know how to add custom extensions to the Applocker policies in Windows 2008? Or how can we block custom script interpreters like Perl etc.?

    Read the article

  • What should I be doing while I wait for a progress bar?

    - by Malnizzle
    So I am sitting here waiting for a progress bar to run (20 mins or so), and was wondering how best to use my time as a SysAdmin. I debated not posting this question briefly, as this could get flagged as subjective, but I think it's an important question, and a question that can be legitimately answered (per the FAQ) I know this something a lot of sys admins deal with, especially if they are client-based I would venture to guess. There is a lot of material out there about how to multi task, but SysAdmin work is unique in this area as well. I could switch over to another project, but I could get wrapped up in that, and forget about the original project I was working on, and that's hard if you are billing a client for your time, both for tracking your time, as well as being fair to that client. I could check ServerFault, but that isn't directly work related, I could sort my email, so on and so forth. What do you do, or what should I do when I have time waiting for a progress bar? Thanks! (download done, back to work!)

    Read the article

  • GPO IE Favorites Adds Unwanted Folders

    - by Kyle Brandt
    I created a AD 2003 GPO to add a couple of the company's links to everyone's IE. I have the following: Checked: Place Favorites and Links at the Top of the List... Unchecked: Everything else Then: Favorites |-Company Link One |-Company Link Two Links However, the GPO seems to add Favorites Bar, Microsoft Websites, MSN Websites, and Windows Live folders. If they are deleted it seems to make them come back. Anyone know how to fix this?

    Read the article

  • FirefoxADM not applying settings?

    - by alex
    I've followed the deployment instructions on: http://homepages.ed.ac.uk/mcs/FirefoxADM/ADM_Deploy.pdf I've applied some settings to a GPO: However, When I do GPUPDATE, log out, log back in, nothing has changed...? Am I missing something? I'm using Firefox 3.6.2.

    Read the article

  • How to allow program updates without prompting UAC?

    - by Ryan Mortier
    We have about 15-20 users who have this software installed. We have UAC enabled through GPO as you should, which means the software prompts for admin approval if a standard user trys to install it. Thats fine, they can call the help desk to have the software installed. My problem is, our help desk is being bombarded every day because users can't update the software and there are updates almost every day which is prompting UAC. Using procmon.exe to find out where it was trying to write to, I then created a GPO to allow file permission access to the program files folder for this particular software, including the program data folder, but it still prompts for admin approval. It seems as though that the software is using msiexec.exe to run a .msp patch file. The only "ACCESS DENIED"s I can still see in procmon is things like this: What can I possibly do to stop this software from prompting UAC with admin password credentials aside from disabling UAC?

    Read the article

  • Securing DRAC/ILO

    - by The Diamond Z
    This might be a dumb question but DRAC/ILO both have HTTP server interfaces. If I were trolling IP's port 80 on and I came across such a page I'd know it to be a high value target in the sense that if I can crack it, I can take control of the server to some extent (potentially installing another OS). Other than changing the port, what are the best practices for securing DRAC/ILO on public Internet facing machines?

    Read the article

  • Active Directory theme policies

    - by Tuinslak
    Hey, I'm currently managing a terminal server in a domain. As the TS-service just got installed, previous users (I logged in with every user once to test it and set up a few things) use the default windows 2008 theme. New users automatically use the fancy Aero theme. Is there a way to push the Aero theme to all current users? I currently have something like this in my policies: However, when logging in with a user, the theme is not changed. Only if I disable "prohibit access to the control panel", the theme can be changed (doesn't seem to change automatically). But this gives them access to every other control panel feature as well. And giving users only access to "desk.cpl" CP-applet, gives them an access error as well when attempting to change the theme. Another question: can I, as admin, take over and/or log in as another user when that user is not logged in? Thanks

    Read the article

  • Is there a way to apply a GPO to all but selective users? (SBS 2008)

    - by CandyCo
    I've created a GPO in SBS 2008 that deploys and updates software. Unfortunately, one of our VPN users lives out in the sticks and has severe latency, so the start up processes and updates time out and take an awfully long time, if they ever complete at all. I'd like to apply this GPO to all auth'd users except for him, without having to create a new custom user group. Any thoughts?

    Read the article

  • Windows Installer: System Admin Policies (Vista)

    - by Wesley
    Hi all, I have a friend with a Toshiba Satellite A200. He's running Vista HP SP2 32-bit. For some reason, when he attempts to uninstall Open Office or some other programs, a dialog box appears, which states, "The system administrator has set policies to prevent this installation." After I click OK, another dialog box entitled "Installed Updates" says that "You do not have sufficient access to uninstall _. Please contact your system administrator." Any ideas? Thanks in advance.

    Read the article

  • Cross-forest GPO between 2003 and 2008 Denied Beacuse it's "Inaccessible"

    - by j.rightly
    I have a two-way, non-transitive trust between two forests and domains, "W2003" and "W2008". In W2008 I have a GPO with user settings linked to a machine OU containing machine "Server". The GPO applies to Authenticated Users. Cross-forest loopback processing is enabled in merge mode. When I log onto Server as User (whose account exists in the W2003 domain), the GPO does not apply. I run RSoP and see that the GPO is "Denied" for the reason "Inaccessible." The GPO name is not listed, but the GUID is. I have checked the file-level permissions on the DC to ensure that User has access to read the GPO's folder and all its contents. What is going on?

    Read the article

< Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32  | Next Page >