Search Results

Search found 252 results on 11 pages for 'gpo'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 3/11 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11  | Next Page >

  • GPO best practices : Security-Group Filtering Versus OU

    - by Olivier Rochaix
    Good afternoon everyone, I'm quite new to Active Directory stuff. After upgraded Functional level of our AD from 2003 to 2008 R2 (I need it to put fine-grained password policy), I then start to reorganized my OUs. I keep in mind that a good OU organization facilitate application of GPO (and maybe GPP).But in the end, it feels more natural for me to use Security-group filtering (from Scope tab) to apply my policies, instead of direct OU. Do you think it is a good practice or should I stick to OU ? We are a small organisation with 20 users and 30-35 computers. So, we got a simple OU tree, but more subtle split with security-groups. The OU tree doesn't contain any objects except at the bottom level. Each bottom level OU contains Computers,Users, and of course security groups. These security groups contains Users & Computers of the same OU. Thanks for your advices, Olivier

    Read the article

  • Non existing GPO applying? WSUS

    - by Jake
    I recently took my WSUS server offline. In the mean time I want the clients to update from the internet until I get WSUS up again. However, Windows Updates is tring to contact the old server and (obviously) failing to get new updates. I have updated the WSUS GPO to disabled. Checked DNS is resolving. Deleted WSUS GPOs. GPRESULT reports that policy is not being applied Run GPUPDATE /force No issues reported from DCDIAG I delete the registry keys HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate But the keys return after a reboot. What else can I try ?

    Read the article

  • Locking down remote desktop using AD GPO

    - by Brettski
    I am currently locking down a companies remote desktop access via a VPN. What I need to do is disable remote printing, file transfer and clipboard via active directory for the workstations that will be accessed. I am having trouble figuring out which GPO's are used to restrict this. My basic approach is to restrict VPN users to port 3389 so the will be able to access their work computers remotely but nothing else (I will look into layer 7 scanning later). With this I want to ensure they are unable to transfer and data via files, printing or the clipboard. The environment is Windows Server 2003

    Read the article

  • Windows GPO order - beginner

    - by Andras Sebestyen
    I have some software that required e.g. .NET 4 install before them. I wonder what is the best way to make a GPO order list. I also have some software that needs certain files so I need to prepare them (via batch file). I have done a quick research however I haven't found the answer. Any help, link would be appreciated. Please feel free to down vote it if it is a real dummy one. Thanks for example: batch file cleans some folder install .NET Framework 4 install apps through MSI (commercial software) I can't pack everything in the MSI and I also need to make sure that all the steps succeed

    Read the article

  • Deploying Office 2013 via GPO

    - by NickC
    Looking at potential ways to deploy Office 2013 via GPO. First and most obvious way is to run a startup script which calls the Office 2013 setup.exe. Problem here is what happens after it is installed, will that startup script keep re-installing the product every time the machine boots? Another potential way is to install each Office component separately using the multitude of .msi files which are present, would that work and provide the same thing as a full install of Office? There is actually twenty three separate .msi files. What about officemui.msi is that a wrapper which contains calls to all of the other office components.

    Read the article

  • Behaviour of disabling "Allow non-administrators to receive notifications" GPO

    - by Jaymz
    Hi everyone, As the title suggests, I'm trying to figure out the specific behaviour of the following GPO when disabled: Administrative Templates Windows Components Allow non-administrators to receive update notifications We've just started using WSUS, and have added a few machines for testing. At the moment, this is set to Enabled. The problem with this setting is it seems to allow users to opt out of certain updates if they deselect the checkbox after hitting custom install. My main concern with disabling this setting is this: Does it stop non-admins from getting the installs deployed to them? My guess would be that it will just install them silently at the set scheduled time, suppressing any prompts and ensuring they don't get the opportunity to cancel them (this is what I want). My worry is that non-admin users will never get updates pushed to them unless an admin goes and logs on to their machine (not what I want, and seems like a silly situation to be in). Thanks in advance, Jaymz.

    Read the article

  • GPO Startup Script can't modify HKU Registry?

    - by pepoluan
    I've been scratching my head with my current problem. You see, I have this Startup Script that I pushed via GPO. Problem is, although the script starts alright (I see the event it created when starting in the event log), it always fails when trying to enumerate and/or modify registry settings under HKU. If I login as administrator and execute the script manually, it works! If I startup a Command Prompt as SYSTEM (using the "at" workaround) and execute the script manually, it also works! If I reboot... the script always fails. Can anyone shed a light on my problem? Additional information: This script injects some registry values for the Local Administrator (i.e., S-1-5-21-etc etc etc-500), so I'm not sure that it's doable via GPP, not to mention that since nearly all the workstations in my domain are still using XP, so no guarantee of GPP support.

    Read the article

  • Networkmapping script (VBS) Vista doesn't work, XP does

    - by The_cobra666
    Hi all, I've got a weird problem, (like always :p ) Okay: Situation: Windows 2003 domain with XP clients. With a GPO I'm running a VBS script on login to map a few drives. This works great on XP, but not on Vista. If I manually run the script after the user has logged on, it works. So I know the script works on Vista, it just doesn't run via the GPO. The user has admin privileges. I also have the same problem on Windows 7 RC1. So it must be related. The script: on error resume next Dim objNetwork Dim strDriveLetter, strRemotePath, strUserName strDriveLetter = "Z:" strRemotePath = "\\Onsgeluk.ons_geluk.local\Profieldoc" Set objNetwork = WScript.CreateObject("WScript.Network") strUserName = objNetwork.UserName objNetwork.RemoveNetworkDrive "Z:" objNetwork.MapNetworkDrive strDriveLetter, strRemotePath _ & "\" & strUserName objNetwork.RemoveNetworkDrive "X:" objNetwork.MapNetworkDrive "X:" , "\\Onsgeluk.ons_geluk.local\Data" objNetwork.RemoveNetworkDrive "Y:" objNetwork.MapNetworkDrive "Y:" , "\\Onsgeluk.ons_geluk.local\Mappen\hoofdverpleging" Does anyone have a clue? Thanks in advance guys (and girls) ps: sorry for my bad english!

    Read the article

  • With no password expire notification at logon in Windows 7, how are you configuring password expire

    - by J. L.
    To my understanding, Windows 7 users do not receive password expiration notification during the logon process - it occurs strictly from the system tray. We currently have tray balloon notifications disabled to lessen user distraction, and I expect the password change process is a smoother one during the logon process rather than in an existing session. As a result, users will get prompted to change their passwords at expiration. The users also connect to Terminal Services boxes, but receive the advanced notification for password expiration there. So, Windows 7 is not notifying, but TS/RDS and XP boxes are. Any guidance on configuring this? Personally, I would turn off all expiration notices, but I understand most users would prefer to see the notification. Thoughts? Any GPO or other settings I might be overlooking? The interactive logon setting below is already enabled for our Win7 workstation GPO. My thought is balloon notifications will get turned back on for Windows 7, but I wanted to see if anyone was aware of alternatives. Thanks. Computer Configuration\Windows Settings\Security Settings\Local Policies - Security Options Interactive logon: Prompt user to change password before expiration

    Read the article

  • Windows Server 2003 R2 SP2 GPO Conditional Terminal Services Client Redirection

    - by caleban
    We have a lot of mobile/home users with different client side printers attached. Most of these users don't need to print on the client side and we don't want all of these users Terminal Services sessions trying to map their client side printers and we don't want all of these drivers on the Terminal Server. What is the best way to set up around 90 users to have no client side printer redirection and 10 users to have client side printer redirection (to the printers attached to their home computers)? Do I need to create two separate OU's in AD one for redirection and one for no redirection and create two different policies one for each OU? One GPO with Client Server data redirection Do not allow client printer redirection disabled and one enabled? Is it preferrable instead to change each user's AD User Properties Enviroment Client devices Connect client printers at logon setting? Is there any for me to direct "ALL HP Printers" to a single HP Universal Printer Driver, "ALL Canon Printers" to a single Canon Universal Printer Driver, etc without specifying hundreds of unique printer names in the printsub.inf file? Thanks in advance.

    Read the article

  • Using GPO to collect data about VMware view activity

    - by MoSiAc
    Our security group wants us to begin logging data for external access to our view enviroment. At first we thought that view security would be logging all source ip's that are external in nature so if for some reason there is an intrusion we would have record of it there. Of course our firewall logs all that information but correlating it to view is sketchy at best with our current implementation. We know on viewdesktops there is a set of keys in VolitateEnviroment that contains stuff such as source ip and username, etc. We have a script in place that, when run as a logon script attached to a user account in AD collects the information as we need it. If we have a GPO run the same script the information does not get collected. We feel like there is a piece of the puzzle we're missing but we don't know what. If anyone knows what we're forgetting or misconfiguring that would be great, or if you have a better way of us collecting external source ip's for view specifically we'd be interested in that as well. Thanks, EDIT CODE Batch script to dump to text file @echo off timeout 20 echo %computername%/%username% %time% %date% c:\vdi\vmware.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~c:\vdi\vmware.txt reg query "HKEY_CURRENT_USER\Volatile Environment" /v "ViewClient_LoggedOn_Username"c:\vdi\vmware.txt reg query "HKEY_CURRENT_USER\Volatile Environment" /v "ViewClient_IP_Address"c:\vdi\vmware.txt echo.c:\vdi\vmware.txt VB Script to display values Const HKEY_CURRENT_USER = &H80000001 Set wmiLocator=CreateObject("WbemScripting.SWbemLocator") Set wmiNameSpace = wmiLocator.ConnectServer(".", "root\default") Set objRegistry = wmiNameSpace.Get("StdRegProv") sPath = "Volatile Environment" lRC = objRegistry.GetStringValue(HKEY_CURRENT_USER, sPath, "ViewClien_Machine_Name", vMachine) lRC = objRegistry.GetStringValue(HKEY_CURRENT_USER, sPath, "ViewClien_IP_Address", vIP) lRC = objRegistry.GetStringValue(HKEY_CURRENT_USER, sPath, "ViewClien_MAC_Address", vMAC) msgbox "The Remote Device Name is " & vMachine & " @ " & vIP & " (" & vMAC & ") " he wanted me to mention that the batch file actually runs and I can see it counting down when I reconnect but it does not grab the registry values.

    Read the article

  • GPO errors filling up event viewer

    - by burntehsky
    there have been a few issues with the server i have been working on i check the event viewer and it is filled with the errors below i was not sure how to go about fixing this i looked in the path where the file is and it is there Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ISPHOME,DC=NET. The file must be present at the location <\\isphome.net\\sysvol\ISPHOME.NET\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted. C:\Documents and Settings\Dimitri>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : ispserver Primary Dns Suffix . . . . . . . : ISPHOME.NET Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ISPHOME.NET Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection #2 Physical Address. . . . . . . . . : 00-07-E9-AA-3E-C3 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.1.50 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 127.0.0.1 *dcdiag /c /v is below* Summary of test results for DNS servers used by the above domain contro llers: DNS server: 192.168.1.1 (<name unavailable>) All tests passed on this DNS server This is a valid DNS server DNS server: 192.168.1.50 (<name unavailable>) All tests passed on this DNS server This is a valid DNS server Name resolution is funtional. _ldap._tcp SRV record for the fores t root domain is registered Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________ Domain: ISPHOME.NET ispserver PASS FAIL PASS PASS PASS PASS n/a ......................... ISPHOME.NET failed test DNS

    Read the article

  • logon script not running

    - by Morten
    i tried make a logon script to map some network drives since it need more than homedir only but when i apply to script to "logon" in a GPO on server 2008 it doesnt run it on the pc when i logon. when i make a Gpresult -r it show as applied but it never ran the script. i tried run the script manual and that works fine. In Event Viewer in windows 7 it show an error "Event ID 1129" with this text in the general tap: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

    Read the article

  • How to add NT Virtual Machine\Virtual Machines to GPO

    - by Nicola Cassolato
    I have a Windows 2012 Server with Hyper-V enabled and a few virtual machines. My current configuration has a few account in the "Log on as a service" list in the domain policies, and sometimes this prevent my virtual machines from starting (I get this error: 'Error 0x80070569 ('VM_NAME' failed to start worker process: Logon Failure: The user has not been granted the requested logon type at this computer.') As described in this KB I would like to add NT Virtual Machine\Virtual Machines to my "Log on as a service" list to resolve my problem. My problem is that when I try to add that user to my domain policy I get an error message: "The following account could not be validated". My domain controller obviously doesn't know about that user since it's not an Hyper-V enabled server. How can I add that account to my Domain Policies?

    Read the article

  • Deploy binary hex registry via GPO or PowerShell

    - by Prashanth Sundaram
    I am trying to deploy a custom registry entry which I exported from a test machine. It looks like below. I came across THIS similar request on another site, but I couldn't make it to work. "TextFontSimple"=hex:3c,00,00,00,1f,00,00,f8,00,00,00,40,dc,00,00,00,00,00,00,\ 00,00,00,00,ff,00,31,43,6f,75,72,69,65,72,20,4e,65,77,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 As per the other solution, my PS command below, throws error."A parameter cannot be found that matches parameter name" Set-ItemProperty -Path "HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MailSettings" -Name "TextFontSimple" -PropertyType Binary -Value ([byte[]] (0x3c,0x00,0x00,0x00,0x1f....0x00)) Any ideas? ====EDIT===== The key & value already exists. When I use Get-ItemProperty PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MailSettings PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common PSChildName : MailSettings PSProvider : Microsoft.PowerShell.Core\Registry TextFontSimple : {60, 0, 0, 0...}

    Read the article

  • Windows Explorer view style via GPO or registry edit

    - by iamninja
    I'm having some difficulty adjusting the default view style in windows explorer (e.g. list, detail, large icon, small icon). There does not seem to be any pre-baked GPOs for this and next to no documentation on the subject outside of using GUI configuration tools built into windows explorer. Does anyone know the specific registry keys that need to be edited for this? I've already taken a look at HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Settings but the adjustments I've made there don't seem to make any change on their own.

    Read the article

  • Server 2012 GPO: PowerShell Script on Computer Startup not running

    - by Alex
    I've got a couple of Server 2012 instances on Amazon EC2 and I'm in the process of setting up the GPOs. All of the settings of the GPOs are being applied fine, except none of the PowerShell scripts specified on computer startup are actually being executed. The scripts are sitting on a UNC share which has Authenticated Users applied to it with full permissions. I'm assuming it probably has something to do with the Execution Policy, but I'm not sure how to automatically bypass it. I could just go in each instance and bypass the Execution Policy, but that's obviously not a good idea, plus I'm eventually going to connect Windows 7 computers that will be running the same scripts. How can I get the scripts to actually run? Google searches hasn't yielded a whole lot...

    Read the article

  • Script shutdown a computer with gpo

    - by user31568
    Hello everybody I have windows server 2003 domain and windows xp workstation. it is necessary that at 6.00 pm on computer was displayed a window (Do you really want to shutdown a computer and Yes/no button).If user click Yes or ?xpired 5 minutes computer shutdown, else user click No than appears after an hour window will display again.

    Read the article

  • Script shutdown a computer with gpo

    - by user35729
    Hello everybody I have windows server 2003 domain and windows xp workstation. it is necessary that at 6.00 pm on computer was displayed a window (Do you really want to shutdown a computer and Yes/no button).If user click Yes or ?xpired 5 minutes computer shutdown, else user click No than appears after an hour window will display again.

    Read the article

  • Ubuntu 10.04 Windows2003 adding a route for GPO assignment

    - by David Carvalho
    I want the PC's that receive IP from my Ubuntu DHCP3-server to be able to retrieve the GPOs that are on my windows 2003 server. I'm using virtualbox and 3 virtual machines: 1 windows 2003 server 192.168.0.2 with 1 NIC (internal network). 1 ubuntu server 10.04 lts 192.168.0.1 with 1 NIC (internal network) and 3 aliases 192.168.21.0, 192.168.22.0, 192.168.100.0 1 Windows XP machine with 3 NIC's (internal network).

    Read the article

  • Using Folder Redirection GPO and Offline Files and Folders

    - by user132844
    I want to use Folder Redirection to redirect user's My Documents to a network share. First question is: What is best practices for mapping the drive? Should I use the profile tab in AD with the %username% variable, or a net use logon script, or something else? Second question is: How do I deal with laptops and syncing the network with the local storage? I want to have 2-way syncing so if they manually map their networked home drive and edit it from a different computer, it will sync the newer version to their My Documents folder the next time they connect their normal work computer. I also want to be sure that if they edit a file offline on their laptop while away from the office, that the network version syncs the changes the next time they connect that laptop. Please advise best practices for this scenario in a 2008 R2/Win7 environment. I am also interested in Mac clients for this environment, and while I am very Mac savvy, I would like to hear what others consider to be best practices for Mac network homedirs in a Win environment.

    Read the article

  • Uncheck Automatically detect proxy for Terminal Server users via GPO

    - by Chris
    Good morning, I have a registry key that changes local users Internet Explorer LAN Settings to uncheck the "Automatically detect settings" tickbox. When I add this policy to the Terminal Servers user group it has no effect. I exported this key from my own registry after unticking the box. My computer runs Windows Vista Business Edition. Environment: We are using Server 2008 RC2 environment - two terminal servers with a session broker. Any idea's on how to get this working?

    Read the article

  • Managing self-updating Windows software in GPO-deployed packages

    - by Paul
    Being very new to Windows software distribution for a small network (<50 clients) I was wondering how software packages like Adobe's Reader or Java are handled. I can deploy them as MSIs via group policies just fine. But what happens when the client software detects updates? What are common ways to handle this? Disable the software's autoupdate feature? Redeploy when the admin detects a new version? Just fishing for knowledge, thanks for any hint.

    Read the article

  • Deleting sender from Outlook Safe Senders using GPO?

    - by Hutch
    We're having an external company do a mailshot to our users. The message contains images that are linked rather than embedded in the image (bandwidth isn't an issue). So of course on recent versions of Outlook you're prompted to download the images, not the end of the world, but it would be nice if that didn't happen. There's a bug in the Office/Outlook ADM/ADMX templates that means that a custom list of Safe Senders won't import unless you follow this: http://support.microsoft.com/kb/2252421 Thing is, if I remove an entry from the Safe Senders file, it doesn't seem to remove it from Outlook, which seems odd?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11  | Next Page >