Search Results

Search found 10800 results on 432 pages for 'e3 group'.

Page 49/432 | < Previous Page | 45 46 47 48 49 50 51 52 53 54 55 56  | Next Page >

• Active Directory - Lightweight Directory Services and Domain Password Policy

  - by Craig Beuker

  Greetings all, We have an active directory domain which enforces a strict password policy. Hooray! Now, for the project we are working on, we are going to be storing users of our website Microsoft's AD-LDS service as well as using that for authentication of our web users. By default, it is my understanding that AD-LDS inherits its password policy from the domain of the machine it's installed on. Is there any way to break that link such that we can define a lighter password policy (or none if we so choose) for users in AD-LDS without affecting our domain? Note: AD-LDS is going to be hosted on a machine which is part of the domain. Thanks in advance.

  Read the article

• Fiddler not working in Windows 7 - LAN Settings locked?

  - by Glen Little

  I've been using Fiddler for years, but now, on Windows 7 (64 bit) I cannot get it to monitor traffic from IE 8. With the Firefox add-on, it is able to monitor Firefox traffic with no problem. This is not related to monitoring HTTPS traffic, or traffic to localhost. I've tried running IE and/or Fiddler with "Run as Administrator", but no luck. The best clue to the problem that I have is that in IE8, the "Local Area Network (LAN) Settings" dialog accessed from "LAN Settings" in the Internet Options / Connections tab is all grayed out. I have two Windows 7, 64 bit computers, both on the same LAN. One works fine, the other has these settings grayed out, and a note on the Connections tab: "Some settings are managed by your system administrator". However, the system administrator has NOT set any. Any ideas?

  Read the article

• How do i remove a password expiration policy?

  - by jimmygee

  We had a password expiration policy recently removed from our AD but some users continued to get the "..your password will expire in x days. would you like to change it now?" message. So we added a reverse/undo policy to correct the local registry settings Maximum password age = 0 days Minimum password age = 0 days This hasn't worked as new users still seem to encounter the above "change password" message sporadically. We have now removed all custom password policy GPOs and are left with the "Default Domain Policy". Still no good. Can someone point me in the direction to fix this? And an explanation into what i was doing wrong (/how password expiration policies apply) would be useful too. thanks Environment is 2k3 server with mostly XPsp2 clients.

  Read the article

• Folder Redirection Issues - Freezing, Strange Warnings

  - by JCardenas

  I have Folder Redirection set up in a test environment for a couple accounts. I have followed the instructions for setting up the folder security settings here, and I can confirm that folders are created automatically by the system with the correct security settings when a user logs in. The GPO has been configured to automatically move user files up to the redirected folders, and this is working properly. Problems start occurring when a Windows 7 PC is in use. It is rare, but Explorer will lock up when performing a file write operation (move/copy/save from application). This results in the entire system being unusable, with only a hard reset resolving it (Task Manager doesn't start, the "three finger salute" does nothing, apps stop working). The mouse functions, but clicks do nothing. The other issue is that occasionally when copying/creating/modifying files a dialog box will pop up with the message "You need permission to perform this action. You require permission from XYZ\cardenas to make changes to this folder." The folder that was created by copying an existing one has the correct security settings and lists me as the owner. My company will not be implementing Folder Redirection on XP, since we are making a "clean break" with implementing new technologies with the Windows 7 rollout, so this behavior has not been - nor will be - checked for in XP. Thanks in advance for your help!

  Read the article

• How to hide distribution group from "All Groups" Address Book in Outlook 2010?

  - by cparker4486

  I'm working with Outlook 2010 and Exchange 2010 and while writing this post I found another post on the topic but it was for Exchange 2007. It mentioned Address List Segregation which, as it turns out, is not supported in Exchange 2010. So it seems another method is required. I've successfully hidden a distribution group from the GAL by removing the Authenticated Users group but the group is still visible in the Address Book called "All Groups". I would expect it to be hidden in all address books not just the GAL. Are there any other security groups I should remove to hide it from All Groups? To give visibility in the GAL I am manually adding the user (the group is being used for Send As purposes). In the image below the green line represents where the group is visible and the red line indicates the opposite.

  Read the article

• GPO Startup script did not execute on some computers

  - by Aaron Ooi

  The GPO Startup scripts works fine on other machine but not for another half of the machine. gpresult show that GPO was there. I ran RSOP and it show that the Startup script was there but it was never executed. There nothing on application error or anything related to the failed execution in the event viewer. I have set to Allow slow network connection too but it did not help for the startup script to execute. Permission read/execute granted to Domain Computers & Authenticated Users Other GPO settings works except Startup Script did not execute. The scripts works fine as other machine which success without any issue except some machine. I need help to sort this out as it troubles me where another half of the machine did not execute the script at all. It was all WIndows 7.

  Read the article

• Cleaning Up Unused Users and Groups (Ubuntu 10.10 Server)

  - by PhpMyCoder

  Hello experts, I'm very much a beginner when it comes to Ubuntu and I've been learning the ropes by diving in and writing a (backend-language independent) web app framework that relies on apache, some clever mod_rewrites, Ubuntu permissions, groups, and users. One thing that really annoys my inner clean-freak is that there are loads of users and groups that are created when Ubuntu is installed that are never used (Or so I think). Since I'm just running a simple web app server, I would like to know: What users/groups can I remove? Since you'll probably ask for it...here's a list of all the users on my box (excluding the ones I know that I need): root daemon bin sys sync man lp mail uucp proxy backup list irc gnats nobody libuuid syslog And a list of all of the groups: root daemon bin sys adm tty disk lp mail uucp man proxy kmem dialout fax voice cdrom floppy tape sudo audio dip backup operator list irc src gnats shadow utmp video sasl plugdev users nogroup libuuid crontab syslog fuse mlocate ssl-cert lpadmin sambashare admin

  Read the article

• Allowing users to install fonts in Windows 7 (through GPO)

  - by djk

  Hi, This is somewhat related to my previous question, http://serverfault.com/questions/48155/why-do-installed-fonts-disappear-after-reboot. Having got the font install issue sorted out under XP just fine, recently we've got a Windows 7 workstation and I've created a special GPO for it. Initially it was UAC that was demanding administrative access to C:\windows\fonts despite the fact the policy dictates that directory is writable (as is the relevant registry entries, on XP anyway). The issue now though is that when I try to copy a font or hit install it claims that the font "does not appear to be a valid font". This happens with every type of font as well. Is there some new and special consideration when allowing these changes on Windows 7? Any input would be appreciated. Many thanks, Doug

  Read the article

• How can I erase the traces of Folder Redirection from the Default Domain Policy

  - by bruor

  I've taken over from an IT outsourcer and have found a struggle now that we're starting a migration to windows 7. Someone decided that they would setup Folder redirection in the Default Domain Policy. I've since configured redirection in another policy at an OU level. No matter what I do, the windows 7 systems pick up the Default Domain Policy folder redirection settings only. I keep getting entries in the event log showing that the previously redirected folders "need to be redirected" with a status of 0x80000004. From what I can tell this just means that it's redirecting them locally. Is there a way I can wipe that section of the GPO clean so it's no longer there? I'm hesitant to try to reset the default domain policy to complete defaults. ***UPDATE 6-26 I found that the following condition occurred and was causing the grief here. I've already implemented the new policies for clients, and for some reason, XP was working great, 7 was refusing to process. The DDP was enforced. Because of this, and the fact that the folder redirection policies were set to redirect back to the local profile upon removal, it was forcing clients to pick up it's "redirect to local" settings. Requirements for to recreate the issue. -Create a new test OU and policy. -Create some folder redirection settings, set them to redirect to local upon removal -Remove settings on that GPO -Refresh your view of the GPO and check the settings. -You'll notice that the settings show "not configured" entries for folder redirection. -Enforce this GPO -Create another sub-OU -Create a GPO linked to this sub-ou and configure some folder redirection settings. -Watch as the enforced GPOs "not configured" setting overrides the policy you just defined. I've had to relink the DDP to all OU's that have "block inheritance" enabled, and disable the "enforced" option on the DDP as a workaround. I'd love to re-enable enforcement of the DDP, but until I can erase the traces of folder redirection settings from the DDP, I think I'm stuck.

  Read the article

• Blocking password policy (expiry) for a particular OU in AD

  - by Kip

  Hey SF Folks, Situation is this: I need to have a particular container in my AD environment which blocks password expiry policy, but accepts all other policies. Is this something that would work by simply adding in a GPO at the sub-ou level (the ou in question is a child of ou's where GPO's including password stuff is set). These accounts (and this ou) already exist and will have the default domain policy as well as other policies applied and they should continue to receive policy settings as per those GPO's, with the exception of the Password Expiry. We have tried the password do not expire tickbox and that seems not to have worked. Thanks in advance. Kip

  Read the article

• Splitting Servers into Two Groups

  - by Matt Hanson

  At our organization, we're looking at implementing some sort of informal internal policy for server maintenance. What we're looking at doing is completing maintenance on our entire server pool every two months; each month we'll do half of the servers. What I'm trying to figure out is some way to split the servers into the two groups. Our naming convention isn't much to be desired (but getting better) so by name or number doesn't really work. I can easily take a list of all the servers and split them in two, but with new servers are being added constantly, and old ones retired, that list would be a headache to maintain. I'd like to look at any given server and know if it should have its maintenance done this month or next. For example, it would be nice to look at the serial number. If it started with an even number, then it gets maintenance done on even months and vice-versa. This example won't work though as a little over half of the servers are virtual. Any ideas?

  Read the article

• Windows 2008 R2 CA and auto-enrollment: how to get rid of >100,000 issued certificates?

  - by HopelessN00b

  The basic problem I'm having is that I have 100,000 useless machine certificates cluttering up my CA, and I'd like to delete them, without deleting all certs, or time jumping the server ahead, and invalidating some of the useful certs on there. This came about as a result of accepting a couple defaults with our Enterprise Root CA (2008 R2) and using a GPO to auto-enroll client machines for certificates to allow 802.1x authentication to our corporate wireless network. Turns out that the default Computer (Machine) Certificate Template will happily allow machines to re-enroll instead of directing them to use the certificate they already have. This is creating a number of problems for the guy (me) who was hoping to use the Certificate Authority as more than a log of every time a workstation's been rebooted. (The scroll bar on the side is lying, if you drag it to the bottom, the screen pauses and loads the next few dozen certs.) Does anyone know how to DELETE 100,000 or so time-valid, existing certificates from a Windows Server 2008R2 CA? When I go to delete a certificate now, now, I get an error that it cannot be delete because it's still valid. So, ideally, some way to temporarily bypass that error, as Mark Henderson's provided a way to delete the certificates with a script once that hurdle is cleared. (Revoking them is not an option, as that just moves them to Revoked Certificates, which we need to be able to view, and they can't be deleted from the revoked "folder" either.) Update: I tried the site @MarkHenderson linked, which is promising, and offers much better certificate manageability, buts still doesn't quite get there. The rub in my case seems to be that the certificates are still "time-valid," (not yet expired) so the CA doesn't want to let them be deleted from existence, and this applies to revoked certs as well, so revoking them all and then deleting them won't work either. I've also found this technet blog with my Google-Fu, but unfortunately, they seemed to only have to delete a very large number of certificate requests, not actual certificates. Finally, for now, time jumping the CA forward so the certificates I want to get rid of expire, and therefore can be deleted with the tools at the site Mark linked is not a great option, as would expire a number of valid certificates we use that have to be manually issued. So it's a better option than rebuilding the CA, but not a great one.

  Read the article

• Windows 2008 terminal server - How to restrict access to DVD/floppy?

  - by test1839

  I has a very simple task. I need to block access to removable media (CD, DVD, floppy, USB drives etc.) on a Windows 2008 R2 Terminal Server for users and allow it for admins. I tried to enable the following policy in GPO: User Configuration/Administrative Templates/System/Removable Storage Access All Removable Storage classes: Deny all access = Enabled But it did not work. I tried different physical and virtual 2008 servers with the same result. It works on Windows 7 but not on Windows 2008. Has anyone had success with this parameter on Windows 2008? Thank you

  Read the article

• How can I edit local security policy from a batch file?

  - by Stephen Jennings

  I am trying to write a utility as a batch file that, among other things, adds a user to the "Deny logon locally" local security policy. This batch file will be used on hundreds of independent computers (not on a domain and aren't even on the same network). I assumed one of the following were my options, but perhaps there's one I haven't thought of. A command line utility similar to net.exe which can modify local security policy. A VBScript sample to do the same. Write my own using some WMI or Win32 calls. I'd rather not do this one if I don't have to.

  Read the article

• Where default settings are stored after applying GPO?

  - by tester5566

  When I apply a GPO that changes Service startup settings, where the default service startup settings are kept? And how can I read and modify them? The reason of the question is that I have a hundred of servers where most of services are disabled by a baseline GPO for hardening purposes. I want to relax this GPO by removing some services but I do not want that the service startup settings becomes default ones after the GPO is relaxed. So I want to keep the actual hardened state as a default state but allow local admins to change it if necessary. Thank you

  Read the article

• GPO refresh error - Policy Refresh has not completed in the expected time. Exiting...

  - by Albert Widjaja

  Hi All, I'm having problem with my GPO changes, that I'd like to force to my terminal server users here's what I've done: I've made some necessary changes in one of the Domain Controllers to disable the GPO which applies to my Terminal Server user OU and then I go to the Terminal Server mstsc /admin console to perform the GPo refresh by using /force parameter, however I got this error instead: C:\Documents and Settings\Adminisratorgpupdate /force Refreshing Policy... User Policy Refresh has not completed in the expected time. Exiting... User Policy Refresh has completed. Computer Policy Refresh has not completed in the expected time. Exiting... Computer Policy Refresh has completed. but then the changes still got no effect yet as I logged in to the terminal server ? is there any way of how to make it in effect immediately please ? Thanks

  Read the article

• Deploy binary hex registry via GPO or PowerShell

  - by Prashanth Sundaram

  I am trying to deploy a custom registry entry which I exported from a test machine. It looks like below. I came across THIS similar request on another site, but I couldn't make it to work. "TextFontSimple"=hex:3c,00,00,00,1f,00,00,f8,00,00,00,40,dc,00,00,00,00,00,00,\ 00,00,00,00,ff,00,31,43,6f,75,72,69,65,72,20,4e,65,77,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 As per the other solution, my PS command below, throws error."A parameter cannot be found that matches parameter name" Set-ItemProperty -Path "HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MailSettings" -Name "TextFontSimple" -PropertyType Binary -Value ([byte[]] (0x3c,0x00,0x00,0x00,0x1f....0x00)) Any ideas? ====EDIT===== The key & value already exists. When I use Get-ItemProperty PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MailSettings PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common PSChildName : MailSettings PSProvider : Microsoft.PowerShell.Core\Registry TextFontSimple : {60, 0, 0, 0...}

  Read the article

• Configuring only one Internet Explorer zone (IntranetZone) thru GPO without affecting other zones?

  - by MadBoy

  I need to deploy some trusted intranet sites into Intranet Zone in Internet Explorer. It works fine when using GPO at: Setting Path: Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page Supported On: At least Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Problem is this settings also affect other zones making it impossible for people in company to add sites to other zones themselves. Is there a way to fix this so that Intranet Zone is deployed thru GPO and rest of settings stay in gesture of users?

  Read the article

• Event ID for modified GPOs

  - by Hinek

  I have to know, who (usersid or loginname) changed a specified GPO for a specified OU in the Active Directory. Given our audit settings include this, what would be the right Event ID to look for?

  Read the article

• Kerberos Policy section not appearing in RSop / GPResult

  - by Chloraphil

  I am attempting to confirm via RSoP or GPResult that the correct settings for "\Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy" are being applied, however the "Kerberos Policy" node is missing from the treeview / report. These settings are set in the "Default Domain Controllers Policy" which is linked in the "Domain Controllers" OU. Should "Kerberos Policy" appear at all? If not, how can I confirm the correct settings are being applied?

  Read the article

• GPO Software Uninstall Not Taking Place

  - by burmat

  I am having some trouble with my software GPO's and can't seem to find any answers using Google. I successfully deployed software using my policy but when I delete another, the uninstallation of the software does not take place. What I did: Deployed software using a GPO, used gpupdate /force on the workstation to update, reboot, and install the software Deleted another software installation by: Right-Click All Tasks Remove 'Immediately uninstall the software from users and computers' From there, I did another gpupdate /force to try and get the GPO to refresh and uninstall the software on the workstation. This did not work. I then forced replication between my domain controllers and ran another gpupdate /force on the workstation and this did not uninstall the software. There are not error logs or indications that the uninstall is being triggered when I go into the event viewer, and I know for a fact that the policy is working in other aspects. So my questions is: Where do I look next to find the answer as to why GPO software deployments are working but un-installations are not, based off of what I have already tried? Thank you in advance. UPDATE: After using gpresult /z, there is no indication of a pending un-installation or removal of software. Under the section entitled "Software Installations", the software I am trying to uninstall is not listed. There is no other indication that the software I am trying to uninstall even exists. I also turned on RSoP logging and did (yet another) gpupdate /force to yield no blatant results. There is no indication that an uninstall event was even triggered, let alone incapability or failure. Although I am sure I marked it to uninstall in case of two events (the falling out of the scope of management, as well as the removal of the entry), I am beginning to think the entry just never triggered something that should have been triggered. UPDATE #2: After troubleshooting this (frustrating) application assignment, I have chalked it up as a fluke. I have tested with other software to make sure that the uninstall of other application assignments is actually working, so I am assuming it is something related to the package directly. There is the possibility that my problem resides in something related to what @joeqwerty linked in a comment below but because I can't go back in time, I don't think I will be able to prove it. I will probably be running a script via another GPO to guarantee the un-installation of left over package installs. For now, Evan Anderson is getting the answer because of the debugging information I was able to put to good use. Thank you to everyone that helped contribute so far!

  Read the article

• What does "Use mandatory profiles on the RD Session Host server" do?

  - by Scott Chamberlain

  The description for "Use mandatory profiles on the RD Session Host server" is a little ambiguous: This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server. If you enable this policy setting, Remote Desktop Services uses the path specified in the Set path for Remote Desktop Services Roaming User Profile policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile. If you disable or do not configure this policy setting, mandatory user profiles are not used by users connecting remotely to the RD Session Host server. I have a situation where only some users need to use mandatory profiles for logging in to a Remote Desktop Session Host. If I have some users with ntuser.dat and some users ntuser.man in their roaming profile what will RD Session Host do To a user who has ntuser.man in their roaming profile and has the setting set to Disabled? To a user who has ntuser.dat in their roaming profile and has the setting set to Enabled?

  Read the article

• How do I perform multi-window operations on a non-combined group of windows in Windows 7?

  - by BACON

  With multiple windows/instances of an application open and the taskbar buttons set to "Always combine, hide labels", I can Shift + right-click the taskbar button for the window group to open a menu allowing me to "Cascade", "Show windows stacked", "Show windows side by side", "Restore all windows", "Minimize all windows", or "Close all windows". With the taskbar buttons set to "Combine when taskbar is full" or "Never combine", when I right-click, Shift + right-click, or Ctrl + right-click either the button or the Aero preview for a window in the group I get a menu allowing me to perform window operations on just that one window rather than each window in the group. When I have a non-combined group of windows in the taskbar, how would I cascade, stack, etc. that group of windows?

  Read the article

• Where in the stack is Software Restriction Policies implemented?

  - by Knox

  I am a big fan of Software Restriction Policies for Microsoft Windows and was recently updating our settings for this. I became curious as to where Microsoft implemented this technology in the stack. I can imagine a very naive implementation being in Windows Explorer where when you double click on an exe or other blocked file type, that Explorer would check against the policy. I call this naive because obviously this wouldn't protect against someone typing something in a CMD window. Or worse, Adobe Reader running an external application. On the other hand, I can imagine that software restriction policies could be implemented deep in the stack almost at the metal. In this case, the low level loader would load into memory the questionable file, but mark the memory in the memory manager as non-executable data. I'm pretty sure that Microsoft did not do the most naive implementation, because if I block Java using a path block, Internet Explorer will crash if it attempts to load Java. Which is what I want. But I'm not sure how deep in the stack it's implemented and any insight would be appreciated.

  Read the article

• Setup.exe called from a batch file crashes with error 0x0000006

  - by Alex

  We're going to be installing some new software on pretty much all of our computers and I'm trying to setup a GPO to do it. We're running a Windows Server 2008 R2 domain controller and all of our machines are Windows 7. The GPO calls the following script which sits on a network share on our file server. The script it self calls an executable that sits on another network share on another server. The executable will imediatelly crash with an error 0x0000006. The event log just says this: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Setup.exe because of this error. Here's the script (which is stored on \\WIN2K8R2-F-01\Remote Applications): @ECHO OFF IF DEFINED ProgramFiles(x86) ( ECHO DEBUG: 64-bit platform SET _path="C:\Program Files (x86)\Canam" ) ELSE ( ECHO DEBUG: 32-bit platform SET _path="C:\Program Files\Canam" ) IF NOT EXIST %_path% ( ECHO DEBUG: Folder does not exist PUSHD \\WIN2K8R2-PSA-01\PSA Data\Client START "" "Setup.exe" "/q" POPD ) ELSE ( ECHO DEBUG: Folder exists ) Running the script manually as administrator also results in the same error. Setting up a shortcut with the same target and parameters works perfectly. Manually calling the executable also works. Not sure if it matters, but the installer is based on dotNETInstaller. I don't know what version though. I'd appreciate any suggestions on fixing this. Thanks in advance! UPDATE I highly doubt this matters, but the network share that the script is hosted in is a shared drive, while the network share the script references for the executable is a shared folder. Also, both shares have Domain Computers listed with full access for the sharing and security tabs. And PUSHD works without wrapping the path in quotes.

  Read the article

< Previous Page | 45 46 47 48 49 50 51 52 53 54 55 56  | Next Page >