Search Results

Search found 9299 results on 372 pages for 'policy and procedure manual'.

Page 50/372 | < Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57 | Next Page >

Deny to administrators to change network configuration settings

- by moronrats

I need to provide admin rights to every user but the users should not able to change network configuration settings. For this I have enabled following policies in User Configuration\Administrative Templates\Network\Network connections Enable Windows 2000 network connection settings for administrators Prohibit access to properties of a LAN connection Prohibit access to properties of components a LAN connection Users (that exist in administrators) still can change the LAN properties. Are there any other solutions?

Read the article
New IE windows open in background on restricted computer

- by Adam Towne

We have a new computer build that is locked down via GPO. We have locked it down as tight as we can, but now new IE windows that are opened with shortcuts open behind the active window. I can post the whole list of restrictions if it is necessary, but there are a lot of restrictions. The machine has a domain account that automatically logs in, that account is the actual AD object that we have locked down. What restrictions could cause the new windows to not have focus? I apologize for a question like this, but I had 1 day to build this, and now 2 days to iron out bugs our clinical analysts find.

Read the article
Batch add/import of a list of users to a group in Active Directory?

- by JB

We have two lists of users (about 1000 each) that we need to add to groups in Active Directory (Windows Server 2003...one list will be in one group, one in the other). All the users currently exist in the directory, but we just need to assign them properly. Is there an easy way to do this without scripting? If not, can it be scripted with Ruby, Perl or Python? Thanks!

Read the article
Windows 7 Folder Redirection (GPO)

- by Kev

I have been fighting this issue for a day or two now, so I am looking for some insight. I am taking over admin duties in a domain of 800 users, and the previous admins really did not employ much of any GPO settings for the clients of the Domain. In each site, there is a location on the file server where "Home" folders were manually created. EX: \server\home\enduser Whenever a user got a machine, the admin would manually right-click on the "My Documents" folder and manually enter the path to the home folder. We are planning to start putting Windows 7 machines on the Network, and I am wanting to automate as much as I can, everything that was not done in the past. Since everyone has exising "Home" folders I have been fighting and trying to get Folder Redirection to work with a new Windows 7 machine (In a Test OU). I am getting all kinds of errors and I can't get the Windows 7 "Documents" folder to redirect to the users EXISTING home folders. As I stated earlier, all of the Home folders were (and still are) manually created on the File Server and are set with the following Security permissions - Domain Admins - Full Control euser (end user) - Modify (Everything but Full) Can someone point me in the right direction on the proper setting to put in the Folder Redirection GPO to get this to work with the Existing Home folders.

Read the article
Users can't change password trough OWA for Exchange 2010

- by Rémy Roux

Here's our problem, users who want to change their password trough OWA get this error "The password you entered doesn't meet the minimum security requirements.", even if users are respecting the minimum security requirements. With these settings, we have the error: Enforced password history 1 passwords remembered Maximum password age 185 days Minimum password age 1 day Minimum password length 7 characters Password must meet complexity requirements enabled With these test settings, we don't have an error: Enforced password history not defined Maximum password age not defined Minimum password age not defined Minimum password length not defined Password must meet complexity requirements not defined People can change their password but there is no more security! Just changing one parameter of the GPO for example "Enforced password history", brings back this error. Here's our server configuration : Windows Server 2008 R2 Exchange Server 2010 Version: 14.00.0722.000 If anybody has a clue it would very helpful !

Read the article
How Do I Get poledit.exe Out Of Windows 2000 Service Pack 4?

- by Nick

I've read that I can get poledit.exe from Windows 2000 Service Pack 4, but have been unable to figure out how. I've downloaded the service pack from Microsoft's website, "W2KSP4_EN.EXE", and extracted it using the "/x" option on the command line: W2KSP4_EN.EXE /x Which produced an i386 folder with a bunch of files in it, but poledit.exe isn't there. Theres a "poledit.ex_", but changing the "_" to an "e" and trying to execute it results in the error: The NTVDM CPU has encountered an illegal instruction. I'm trying to do this on a winXP Pro machine. I know I've gotten this to work before, but don't remember how I did it. What am I missing?

Read the article
Complete Active Directory redesign and GPO application

- by Wolfgang Kuehne

after much testing and hundreds of tries and hours invested I decided to consult you experts here. Overview: I want to apply some GPO to our users which will add some specific site to the Trusted Sites in Internet Explorer settings for all users. However, the more I try the more confusing the results become. The GPO is either applied to one group of users, or to another one. Finally, I came to the conclusion that this weird behavior is cause rather by the poor organization in Users and Groups in Active Directory. As such I want to kick the problem from the root: Redesign the Active Directory Users and Groups. Scenario: There is one Domain Controller, and we use Terminal Services (so there is a Terminal Server as well). Users usually log on to the Terminal Server using Remote Desktop to perform their daily tasks. I would classify the users in the following way: IT: Admins, Software Development Business: Administration, Management The current structure of the Active Directory Users and Groups is a result of the previous IT management. The company has used Small Business Server which has created multiple default user groups and containers. Unfortunately, the guys working before me have do no documentation at all. Now, as I inherit this structure I am in the no mans land. No idea which direction to head first. As you can see, the Active Directory User and Groups have become a bit confusing. There is no SBS anymore, but when migrating from SBS to the current Windows Server 2008 R2 environment the guys before me have simply copied the same structure. The real question: Where should I start cleaning from, ensuring that I won't break totally the current infrastructure? What is a nice organization for the scenario that I have explained above? Possible useful info for the current structure: Computers folder contains Terminal Services Computers user group Members: TerminalServer computer located at Server -> Terminalserver OU Member of: NONE Foreign Security Principals : EMPTY Managed Service Accounts : EMPTY Microsoft Exchange Security Groups : not sure if needed, our emails are administered by external service provider Distribution Groups : not sure if needed Security Groups : there are couple of groups which are needed SBS users : contains all the users Terminalserver : contains only the TerminalServer machine

Read the article
Which smartphone OS would you choose for your users ?

- by Florent

While we currently only use windows mobile smartphone, my boss seems less and less reluctant to try and choose a new kind of OS for our users corporate phones. For some reasons, we can't use a Blackberry Enterprise Server, so i guess our only choice is between Iphone OS and Android (or Blackberry without BES ? I don't really know if this works fine) We need activesync capable smartphones of course, and activesync security policies must be available (pin when using your phone for example). Centralized Phone management would be nice too :D Any ideas on what should be the best smartphone to choose for our users ?

Read the article
Is there a way to set access to WMI using GroupPolicy?

- by Greg Domjan

From various documentation it appears that to change WMI access you need to use WMI to access the running service and modify specific parts of the tree. Its kind of annoying changing 150,000 hosts using the UI. And then having to include such changes in the process of adding new hosts. Could write a script to do the same, but that needs to either connect to all those machines live, or be distributed for later update say in an startup/install script. And then you have to mess around with copying binary SD data from an example access control. I've also found you can change the wbem/*.mof file to include an SDDL but I'm really vague on how that all works at the moment. Am I just missing some point of simple administration?

Read the article
Applocker custom extension (Java, CPL, MSC etc.)

- by test1839

We have a Terminal server and want to prevent users from running inappropriate software. Previously we used Software Restriction Policies for this purpose. Now, Microsoft seems to recommend Applocker instead. However we found no possibilities to add custom extensions like JAR, CPL, MSC etc. which was possible in Software Restriction Policies. Do you know how to add custom extensions to the Applocker policies in Windows 2008? Or how can we block custom script interpreters like Perl etc.?

Read the article
What should I be doing while I wait for a progress bar?

- by Malnizzle

So I am sitting here waiting for a progress bar to run (20 mins or so), and was wondering how best to use my time as a SysAdmin. I debated not posting this question briefly, as this could get flagged as subjective, but I think it's an important question, and a question that can be legitimately answered (per the FAQ) I know this something a lot of sys admins deal with, especially if they are client-based I would venture to guess. There is a lot of material out there about how to multi task, but SysAdmin work is unique in this area as well. I could switch over to another project, but I could get wrapped up in that, and forget about the original project I was working on, and that's hard if you are billing a client for your time, both for tracking your time, as well as being fair to that client. I could check ServerFault, but that isn't directly work related, I could sort my email, so on and so forth. What do you do, or what should I do when I have time waiting for a progress bar? Thanks! (download done, back to work!)

Read the article
GPO IE Favorites Adds Unwanted Folders

- by Kyle Brandt

I created a AD 2003 GPO to add a couple of the company's links to everyone's IE. I have the following: Checked: Place Favorites and Links at the Top of the List... Unchecked: Everything else Then: Favorites |-Company Link One |-Company Link Two Links However, the GPO seems to add Favorites Bar, Microsoft Websites, MSN Websites, and Windows Live folders. If they are deleted it seems to make them come back. Anyone know how to fix this?

Read the article
FirefoxADM not applying settings?

- by alex

I've followed the deployment instructions on: http://homepages.ed.ac.uk/mcs/FirefoxADM/ADM_Deploy.pdf I've applied some settings to a GPO: However, When I do GPUPDATE, log out, log back in, nothing has changed...? Am I missing something? I'm using Firefox 3.6.2.

Read the article
How to allow program updates without prompting UAC?

- by Ryan Mortier

We have about 15-20 users who have this software installed. We have UAC enabled through GPO as you should, which means the software prompts for admin approval if a standard user trys to install it. Thats fine, they can call the help desk to have the software installed. My problem is, our help desk is being bombarded every day because users can't update the software and there are updates almost every day which is prompting UAC. Using procmon.exe to find out where it was trying to write to, I then created a GPO to allow file permission access to the program files folder for this particular software, including the program data folder, but it still prompts for admin approval. It seems as though that the software is using msiexec.exe to run a .msp patch file. The only "ACCESS DENIED"s I can still see in procmon is things like this: What can I possibly do to stop this software from prompting UAC with admin password credentials aside from disabling UAC?

Read the article
Disabling Start menu items through user policies

- by Hipno

I am using Windows 7. I have a non-admin user on my computer and I want to apply on him user policies from the Microsoft Management Console. How can I disable the computer button from the Start menu through user policies? or something else?

Read the article
Securing DRAC/ILO

- by The Diamond Z

This might be a dumb question but DRAC/ILO both have HTTP server interfaces. If I were trolling IP's port 80 on and I came across such a page I'd know it to be a high value target in the sense that if I can crack it, I can take control of the server to some extent (potentially installing another OS). Other than changing the port, what are the best practices for securing DRAC/ILO on public Internet facing machines?

Read the article
Is there a way to apply a GPO to all but selective users? (SBS 2008)

- by CandyCo

I've created a GPO in SBS 2008 that deploys and updates software. Unfortunately, one of our VPN users lives out in the sticks and has severe latency, so the start up processes and updates time out and take an awfully long time, if they ever complete at all. I'd like to apply this GPO to all auth'd users except for him, without having to create a new custom user group. Any thoughts?

Read the article
Active Directory theme policies

- by Tuinslak

Hey, I'm currently managing a terminal server in a domain. As the TS-service just got installed, previous users (I logged in with every user once to test it and set up a few things) use the default windows 2008 theme. New users automatically use the fancy Aero theme. Is there a way to push the Aero theme to all current users? I currently have something like this in my policies: However, when logging in with a user, the theme is not changed. Only if I disable "prohibit access to the control panel", the theme can be changed (doesn't seem to change automatically). But this gives them access to every other control panel feature as well. And giving users only access to "desk.cpl" CP-applet, gives them an access error as well when attempting to change the theme. Another question: can I, as admin, take over and/or log in as another user when that user is not logged in? Thanks

Read the article
Windows Installer: System Admin Policies (Vista)

- by Wesley

Hi all, I have a friend with a Toshiba Satellite A200. He's running Vista HP SP2 32-bit. For some reason, when he attempts to uninstall Open Office or some other programs, a dialog box appears, which states, "The system administrator has set policies to prevent this installation." After I click OK, another dialog box entitled "Installed Updates" says that "You do not have sufficient access to uninstall _. Please contact your system administrator." Any ideas? Thanks in advance.

Read the article
Cross-forest GPO between 2003 and 2008 Denied Beacuse it's "Inaccessible"

- by j.rightly

I have a two-way, non-transitive trust between two forests and domains, "W2003" and "W2008". In W2008 I have a GPO with user settings linked to a machine OU containing machine "Server". The GPO applies to Authenticated Users. Cross-forest loopback processing is enabled in merge mode. When I log onto Server as User (whose account exists in the W2003 domain), the GPO does not apply. I run RSoP and see that the GPO is "Denied" for the reason "Inaccessible." The GPO name is not listed, but the GUID is. I have checked the file-level permissions on the DC to ensure that User has access to read the GPO's folder and all its contents. What is going on?

Read the article
Auto Log-Off Windows users - Windows 2003 domain

- by thehatter

Hi! I am trying to make windows clients automatically log off after some time, I have been trying to use the winexit.scr which I have seen working else where in a similar environment. After working though these instructions (I did read the comments and notice the original ADM provided is buggy) I've had no joy what so ever! Winexit.scr refuses to read any settings in the registry, even while using a test account I can access the required reg key(s); edit, add, and remove values. Essentially winexit.scr always uses it's default values: 30 second timeout, no forced log-out. What I really want is a 30 minute timeout with a forced log-out, closing all the users apps etc. I've tried removing and re-adding the ADM template, creating the GPO from scratch several times, giving various registry permissions - including full control to "Everybody" just for fun! Oh, clients are all win XP SP3, DC is win 2003 R2 SP2. So, can anybody suggest something? Cheers!

Read the article
Events 1030 and 1006 in Windows 2003

- by jab

I've got a computer running Windows 2003 R2 Standard Edition Service Pack 2 and periodically (every 5 minutes) the systems generates 2 errors that can be seen in the event viewer. The codes of the events are 1030, 1006 that seems to be related to group policies... I don´t know if these events are realted to the perfomance of the system but anyway i would like to fix them. I've googled around and seems to be a common problem but i haven't found a solution for these events. Do you know how can be fix it? Thanks in advance

Read the article
IE9 GPO Setting "Configure Tracking Protection Lists"

- by Daniel B

I've just installed IE9 on my workstations and Server in our network. According to technet article http://technet.microsoft.com/en-us/library/gg699401.aspx There is a GPO setting for IE9 called "Configure Tracking Protection Lists" located at Windows Components\Internet Explorer\Privacy in the admistrative templates. I can find all the other IE9 settings in the GPO, but I cannot find this one. Does anyone know if there is an updated template, or if this setting was removed from the RC version of IE9? Thanks, Daniel

Read the article
Which GPO is making my Domain Controller my clients' DNS server?

- by Harry Muscle

I maintain a small domain (about 20 clients) and we need to make some changes to the DNS server that's being used by the clients. All the clients have been hard coded to use the domain controller as their DNS. Since these are new machines, and I never changed their DNS settings, I'm guessing there must be a GPO that's causing them to use the domain controller as their DNS. Since we don't have any GPO other than the default one yet, it's got to be the default GPO, however, I have looked through all the GPO settings and none of them refer to anything related to DNS. So I'm wondering if there's anything else that might be causing this. Any help or advice is highly appreciated. Thanks, Harry

Read the article
Remote running program from server

- by Armen Khachatryan

Hello, I have Windows serrver 2008 and more computers in it domain. all i need is to run program from server in all comps , for example install kaspersky for all comps. can i do it? thanks

Read the article

< Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57 | Next Page >