Search Results

Search found 31355 results on 1255 pages for 'google group'.

Page 285/1255 | < Previous Page | 281 282 283 284 285 286 287 288 289 290 291 292  | Next Page >

• Applocker custom extension (Java, CPL, MSC etc.)

  - by test1839

  We have a Terminal server and want to prevent users from running inappropriate software. Previously we used Software Restriction Policies for this purpose. Now, Microsoft seems to recommend Applocker instead. However we found no possibilities to add custom extensions like JAR, CPL, MSC etc. which was possible in Software Restriction Policies. Do you know how to add custom extensions to the Applocker policies in Windows 2008? Or how can we block custom script interpreters like Perl etc.?

  Read the article

• Resrtict MS Access creation

  - by Rick

  Is it possible to restrict MS Access creation but still be able to view and execute Access files.

  Read the article

• GPO IE Favorites Adds Unwanted Folders

  - by Kyle Brandt

  I created a AD 2003 GPO to add a couple of the company's links to everyone's IE. I have the following: Checked: Place Favorites and Links at the Top of the List... Unchecked: Everything else Then: Favorites |-Company Link One |-Company Link Two Links However, the GPO seems to add Favorites Bar, Microsoft Websites, MSN Websites, and Windows Live folders. If they are deleted it seems to make them come back. Anyone know how to fix this?

  Read the article

• FirefoxADM not applying settings?

  - by alex

  I've followed the deployment instructions on: http://homepages.ed.ac.uk/mcs/FirefoxADM/ADM_Deploy.pdf I've applied some settings to a GPO: However, When I do GPUPDATE, log out, log back in, nothing has changed...? Am I missing something? I'm using Firefox 3.6.2.

  Read the article

• How to allow program updates without prompting UAC?

  - by Ryan Mortier

  We have about 15-20 users who have this software installed. We have UAC enabled through GPO as you should, which means the software prompts for admin approval if a standard user trys to install it. Thats fine, they can call the help desk to have the software installed. My problem is, our help desk is being bombarded every day because users can't update the software and there are updates almost every day which is prompting UAC. Using procmon.exe to find out where it was trying to write to, I then created a GPO to allow file permission access to the program files folder for this particular software, including the program data folder, but it still prompts for admin approval. It seems as though that the software is using msiexec.exe to run a .msp patch file. The only "ACCESS DENIED"s I can still see in procmon is things like this: What can I possibly do to stop this software from prompting UAC with admin password credentials aside from disabling UAC?

  Read the article

• Using Active Directory Security Groups as Hierarchical Tags

  - by Nathan Hartley

  Because active directory security groups can... hold objects regardless of OU. be used for reporting, documentation, inventory, etc. be referenced by automated processes (Get-QADGroupMember). be used to apply policy be used by WSUS I would like to use security groups as hierarchical tags, representing various attributes of a computer or user. I am thinking of (computer centric) tags something like these: /tag/vendor/vendorName /tag/system/overallSystemName /tag/application/vendorsApplicationName /tag/dependantOn/computerName /tag/department/departmentName /tag/updates/Group1 Before fumbling through implementing this, I thought I would seek comments from the community. Specifically in the areas: Does this make sense? Would it work? Has anyone else attempted this? Is there a good reference on the matter I should read? How best to implement the hierarchy? Tag_OU\Type_OU\GroupName (limits quantity in OU, uniqueness not guaranteed) Tag_OU\Type_OU\Tag-Type-GroupName (limits quantity in OU, uniqueness guaranteed, verbose) etc ... Thanks in advance!

  Read the article

• Windows 2003 GPO Software Restrictions

  - by joeqwerty

  We're running a Terminal Server farm in a Windows 2003 Domain, and I found a problem with the Software Restrictions GPO settings that are being applied to our TS servers. Here are the details of our configuration and the problem: All of our servers (Domain Controllers and Terminal Servers) are running Windows Server 2003 SP2 and both the domain and forest are at Windows 2003 level. Our TS servers are in an OU where we have specific GPO's linked and have inheritance blocked, so only the TS specific GPO's are applied to these TS servers. Our users are all remote and do not have workstations joined to our domain, so we don't use loopback policy processing. We take a "whitelist" approach to allowing users to run applications, so only applications that we approve and add as path or hash rules are able to run. We have the Security Level in Software Restrictions set to Disallowed and Enforcement is set to "All software files except libraries". What I've found is that if I give a user a shortcut to an application, they're able to launch the application even if it's not in the Additional Rules list of "whitelisted" applications. If I give a user a copy of the main executable for the application and they attempt to launch it, they get the expected "this program has been restricted..." message. It appears that the Software Restrictions are indeed working, except for when the user launches an application using a shortcut as opposed to launching the application from the main executable itself, which seems to contradict the purpose of using Software Restrictions. My questions are: Has anyone else seen this behavior? Can anyone else reproduce this behavior? Am I missing something in my understanding of Software Restrictions? Is it likely that I have something misconfigured in Software Restrictions? EDIT To clarify the problem a little bit: No higher level GPO's are being enforced. Running gpresults shows that in fact, only the TS level GPO's are being applied and I can indeed see my Software Restictions being applied. No path wildcards are in use. I'm testing with an application that is at "C:\Program Files\Application\executable.exe" and the application executable is not in any path or hash rule. If the user launches the main application executable directly from the application's folder, the Software Restrictions are enforced. If I give the user a shortcut that points to the application executable at "C:\Program Files\Application\executable.exe" then they are able to launch the program. EDIT Also, LNK files are listed in the Designated File Types, so they should be treated as executable, which should mean that they are bound by the same Software Restrictions settings and rules.

  Read the article

• Auto Log-Off Windows users - Windows 2003 domain

  - by thehatter

  Hi! I am trying to make windows clients automatically log off after some time, I have been trying to use the winexit.scr which I have seen working else where in a similar environment. After working though these instructions (I did read the comments and notice the original ADM provided is buggy) I've had no joy what so ever! Winexit.scr refuses to read any settings in the registry, even while using a test account I can access the required reg key(s); edit, add, and remove values. Essentially winexit.scr always uses it's default values: 30 second timeout, no forced log-out. What I really want is a 30 minute timeout with a forced log-out, closing all the users apps etc. I've tried removing and re-adding the ADM template, creating the GPO from scratch several times, giving various registry permissions - including full control to "Everybody" just for fun! Oh, clients are all win XP SP3, DC is win 2003 R2 SP2. So, can anybody suggest something? Cheers!

  Read the article

• Cross-forest GPO between 2003 and 2008 Denied Beacuse it's "Inaccessible"

  - by j.rightly

  I have a two-way, non-transitive trust between two forests and domains, "W2003" and "W2008". In W2008 I have a GPO with user settings linked to a machine OU containing machine "Server". The GPO applies to Authenticated Users. Cross-forest loopback processing is enabled in merge mode. When I log onto Server as User (whose account exists in the W2003 domain), the GPO does not apply. I run RSoP and see that the GPO is "Denied" for the reason "Inaccessible." The GPO name is not listed, but the GUID is. I have checked the file-level permissions on the DC to ensure that User has access to read the GPO's folder and all its contents. What is going on?

  Read the article

• IE9 GPO Setting "Configure Tracking Protection Lists"

  - by Daniel B

  I've just installed IE9 on my workstations and Server in our network. According to technet article http://technet.microsoft.com/en-us/library/gg699401.aspx There is a GPO setting for IE9 called "Configure Tracking Protection Lists" located at Windows Components\Internet Explorer\Privacy in the admistrative templates. I can find all the other IE9 settings in the GPO, but I cannot find this one. Does anyone know if there is an updated template, or if this setting was removed from the RC version of IE9? Thanks, Daniel

  Read the article

• Unable to launch google.com inside Linux Ubuntu

  - by Anuradha

  I have installed Ubuntu Linux VM in my Win XP box. I am able to open http://google.com on Win XP but when I login to, ubuntu linux.. and launch this site: I am getting an error: Server not found. The network settings I have on LinuxUbuntu VM is : Adapter1 : attached to Bridge adapter. I tried NAT as well. But nothing seems to work. I am not in China. I provide google.com as mere example. We have a test website which cannot be launched inside Linux Ubuntu.

  Read the article

• Experiences with Google TiSP?

  - by Zypher

  i got an email from google a couple of hours ago (around 12AM EST today) that Google's TiSP service is now available in my area. this seems like a great deal compared to my cUrrent 16Mbps cable coNction at work, however i'm a lIttle nervous about the fact that linux support is "Coming soon". i was wOndering if anyone had successfully installed this system and gotten it woRking with their linux infrastructure? I'm assuming that there shouldn't be any issues siNce we have an ASA in front of our internet. TiSP Shouldn't care what is behind that. Any insight would be greatly appreciated!

  Read the article

• Auto Log-Off Windows users - Windows 2003 domain

  - by thehatter

  I am trying to make windows clients automatically log off after some time, I have been trying to use the winexit.scr which I have seen working else where in a similar environment. After working though these instructions (I did read the comments and notice the original ADM provided is buggy) I've had no joy what so ever! Winexit.scr refuses to read any settings in the registry, even while using a test account I can access the required reg key(s); edit, add, and remove values. Essentially winexit.scr always uses it's default values: 30 second timeout, no forced log-out. What I really want is a 30 minute timeout with a forced log-out, closing all the users apps etc. I've tried removing and re-adding the ADM template, creating the GPO from scratch several times, giving various registry permissions - including full control to "Everybody" just for fun! Oh, clients are all win XP SP3, DC is win 2003 R2 SP2. So, can anybody suggest something? Cheers!

  Read the article

• Which GPO is making my Domain Controller my clients' DNS server?

  - by Harry Muscle

  I maintain a small domain (about 20 clients) and we need to make some changes to the DNS server that's being used by the clients. All the clients have been hard coded to use the domain controller as their DNS. Since these are new machines, and I never changed their DNS settings, I'm guessing there must be a GPO that's causing them to use the domain controller as their DNS. Since we don't have any GPO other than the default one yet, it's got to be the default GPO, however, I have looked through all the GPO settings and none of them refer to anything related to DNS. So I'm wondering if there's anything else that might be causing this. Any help or advice is highly appreciated. Thanks, Harry

  Read the article

• Remote running program from server

  - by Armen Khachatryan

  Hello, I have Windows serrver 2008 and more computers in it domain. all i need is to run program from server in all comps , for example install kaspersky for all comps. can i do it? thanks

  Read the article

• How can I create a windows shutdown script from powershell/command-line?

  - by David Rubin

  I've read the TechNet pages that describe using computer/user startup/shutdown scripts, and that's great, but I'd like to create those scripts via the command-line (and not have to click around in gpedit.msc). It looks like scripts.ini and psscripts.ini in %SYSTEMROOT%\System32\GroupPolicy\Machine\Scripts specifies the scripts to run, but those don't exist until running gpedit.msc for the first time. Is it safe to create and edit those directly? Or do I need to muck around with Set-GPO or something similar? Thanks!

  Read the article

• Can't add HKCU entries via GroupPolicy Preferences

  - by Lou H

  2008 R2, XP and W7 64 bit workstations. Trying to add/modify two registry entries for Lync2010 for each user. Created using GP Management, User Configuration, Preferences, Registry. If the two registry entries already exist, then the policy works correctly. If they don't exist, nothing changes. GPReults reports it was successful. If I import the .reg file manually, it also works, so I don't believe it is a rights issue. I have tried the Update, Create, and Replace as the Action. I am not familiar with ADM templates, is that the only way to do it?

  Read the article

• Possible to disable smart card PIN change in Windows 7?

  - by bobmagoo

  I'm looking for a way to disable the smart card PIN change ability provided with Windows 7's native minidriver. It doesn't allow us to enforce any PIN complexity requirements such that users could change their PIN to 000000 or blank without any issues so we'd like to disable that ability. I've been googling around and haven't found any way to do this, but perhaps someone has encountered a similar issue and found a resolution? A third party minidriver is the next step, but if we could do it without additional tools I'm all for it.

  Read the article

• Password Authentication Fails - NTLMv2

  - by JMeterX

  Environment: Windows 2000 sp4 EDIT: Domain Controller with no trust setup with the Win2008 Server Windows XP machines Windows 2008 Server Netapp NAS Problem: We have a shared folder that resides on a NAS using a Windows 2008 AD for the authentication with the proper permissions setup. When the Windows 2000 machine tries to open the share residing on the Win2008 machine, it is prompted for a username and password. Upon entering the credentials it continuously re-asks for credentials. Important Details: The Windows 2000 machine can ping both the XP machines and the Windows 2008 Server The Windows 2008 machine is mandated to only use NTLMv2 The Windows 2000 machine was originally set to NTLM but was recently switched to NTLMv2 if negotiated for the purpose of trying to connect to the share. As I am sure it will come up, we are using Windows 2000 because of contractual obligations Questions: Why is password Authentication failing in this case? After setting a GPO for the Win2000 machine for it to use NTLMv2, do we need to reboot the machine for the changes to take affect? We used SECEDIT to update the GPOs without rebooting. UPDATE We checked both of the 2008 Domain Controllers to find an error code. We received: Microsoft_Auth_Package_V1_0 0xc000006a Event ID: 4776 I know this to be an authentication error via THIS article "The value provided as the current password is not correct" We know this password to be correct, but since these two domains (Win2000 & Win2008) do not have a trust setup what authentication account needs to be used? One that resides on the Win2000 hosted domain?

  Read the article

• Looking for alternative to NetNewsWire and Google Reader

  - by Janine Sisk

  I have used NetNewsWire on both Mac and iPhone for years, and have been reasonably happy. Unfortunately the latest version of NNW for Mac, which I just upgraded to, now matches Google Reader's policy of marking items read after 30 days. The older version I had been using did not do this. I regularly keep unread items for way longer than 30 days, and do eventually read them, so this is a major bummer for me. The iPhone version has behaved this way forever, but I was ok with that as long as I had the full list on my desktop. Keeping in sync between the iPhone and Mac is very important, so I need to find another online solution with clients available on both sides. I've done a little digging but haven't found much; it seems like Google has pretty much taken over this space. Any suggestions?

  Read the article

• I want Lotus Domino to only send one email to users that are both recipients and members of a cc'ed lotus group.

  - by Marcus

  Lotus Domino 7 and now Lotus Domino 8.5 The scenario: A@mycompany writes an email to b@internet and cc's it to group@mycompany. A@mycompany is a member of group@mycompany. With the initial email Domino is intelligent enough to not send the email which a@mycompany just wrote to a@mycompany again. But when b@internet answers to all (a@mycompany + group@mycompany) then a@mycompany gets this email twice, because he is not only the author but also a member of group@mycompany. During the smtp session the email is sent once with the recipients set to a@mycompany and group@mycompany and a single esmtp id. So Domino should well be able to see that the mail should only be sent to a@mycompany once. Can I make Lotus Domino behave in this sane fashion?

  Read the article

• Can the users can apply Windows update without local administrator rights?

  - by AAA-Super

  My users are running on windows XP 32bit. normally WSUS automatically download and notify them to select which update want to install in the past they were in local administrator rights,now I reduce them to user rights so now they can't see the yellow notification said updated are available. Is there a way to give users permission to see the yellow notification and they can select updates by hand without local admin rights or power users? Any advice would be appreciated Thanks

  Read the article

• Active Directory - Using GPO To Update Multiple Versions Of .NET

  - by Joe Wilson

  OK, I have searched everywhere for this one. I have all the MSI's and packages I need to deploy .Net 3.5 SP1, and 2.0 and 3.0 (which are prerequisites for 3.5). I can't figure out how to install all of them at once via GPO. Basically, the computers on the network do NOT have any version of .Net installed, and I need them to be at 3.5 SP1. I know I can deploy each version via GPO, force reboot the client, then push the next one, force reboot, and so on. Is there a way to streamline install all 3 at once via GPO? Thanks

  Read the article

• Windows GPO order - beginner

  - by Andras Sebestyen

  I have some software that required e.g. .NET 4 install before them. I wonder what is the best way to make a GPO order list. I also have some software that needs certain files so I need to prepare them (via batch file). I have done a quick research however I haven't found the answer. Any help, link would be appreciated. Please feel free to down vote it if it is a real dummy one. Thanks for example: batch file cleans some folder install .NET Framework 4 install apps through MSI (commercial software) I can't pack everything in the MSI and I also need to make sure that all the steps succeed

  Read the article

• No password is complex enough

  - by Blue Warrior NFB

  I have one user in my AD domain who seems to not be able to self-select a password. I may have another one, but they're on a different enough password-expiration schedule that I can't remember who it is right now. I can set a password via ADU&C just fine, but when he tries it via C-A-D he gets the "doesn't meet complexity" message. Figuring he was just doing something like 'pAssword32', I did some troubleshooting of my own and sure enough it doesn't want to take a password that way. He's one of our users that habitually uses a local account and then maps drives using his AD credentials so he doesn't get the your password will expire in 4 days, maybe you should change it prompts, so he's a frequent "my password expired, can you fix it" flyer. I don't want to keep having him set it via ADU&C over my shoulder every N days. I'm just fine setting temp passwords of 48 characters of keyboard-slamming and letting him change it something memorable. My environment is at the Windows 2008 R2 functional level, and I am using fine-grained password policies. In fact, I have two such policies: For normal users (minimum length, remembered passwords) For special utility accounts The password complexities I've tried match both policies for length and char-set selection. The permissions on the User object themselves look normal, SELF does indeed have the "Change Password" right. Is there some other place I should be looking for things that can affect this?

  Read the article

< Previous Page | 281 282 283 284 285 286 287 288 289 290 291 292  | Next Page >