Search Results

Search found 10683 results on 428 pages for 'the rowland group'.

Page 50/428 | < Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >

  • Cross-forest GPO between 2003 and 2008 Denied Beacuse it's "Inaccessible"

    - by j.rightly
    I have a two-way, non-transitive trust between two forests and domains, "W2003" and "W2008". In W2008 I have a GPO with user settings linked to a machine OU containing machine "Server". The GPO applies to Authenticated Users. Cross-forest loopback processing is enabled in merge mode. When I log onto Server as User (whose account exists in the W2003 domain), the GPO does not apply. I run RSoP and see that the GPO is "Denied" for the reason "Inaccessible." The GPO name is not listed, but the GUID is. I have checked the file-level permissions on the DC to ensure that User has access to read the GPO's folder and all its contents. What is going on?

    Read the article

  • Auto Log-Off Windows users - Windows 2003 domain

    - by thehatter
    Hi! I am trying to make windows clients automatically log off after some time, I have been trying to use the winexit.scr which I have seen working else where in a similar environment. After working though these instructions (I did read the comments and notice the original ADM provided is buggy) I've had no joy what so ever! Winexit.scr refuses to read any settings in the registry, even while using a test account I can access the required reg key(s); edit, add, and remove values. Essentially winexit.scr always uses it's default values: 30 second timeout, no forced log-out. What I really want is a 30 minute timeout with a forced log-out, closing all the users apps etc. I've tried removing and re-adding the ADM template, creating the GPO from scratch several times, giving various registry permissions - including full control to "Everybody" just for fun! Oh, clients are all win XP SP3, DC is win 2003 R2 SP2. So, can anybody suggest something? Cheers!

    Read the article

  • IE9 GPO Setting "Configure Tracking Protection Lists"

    - by Daniel B
    I've just installed IE9 on my workstations and Server in our network. According to technet article http://technet.microsoft.com/en-us/library/gg699401.aspx There is a GPO setting for IE9 called "Configure Tracking Protection Lists" located at Windows Components\Internet Explorer\Privacy in the admistrative templates. I can find all the other IE9 settings in the GPO, but I cannot find this one. Does anyone know if there is an updated template, or if this setting was removed from the RC version of IE9? Thanks, Daniel

    Read the article

  • Which GPO is making my Domain Controller my clients' DNS server?

    - by Harry Muscle
    I maintain a small domain (about 20 clients) and we need to make some changes to the DNS server that's being used by the clients. All the clients have been hard coded to use the domain controller as their DNS. Since these are new machines, and I never changed their DNS settings, I'm guessing there must be a GPO that's causing them to use the domain controller as their DNS. Since we don't have any GPO other than the default one yet, it's got to be the default GPO, however, I have looked through all the GPO settings and none of them refer to anything related to DNS. So I'm wondering if there's anything else that might be causing this. Any help or advice is highly appreciated. Thanks, Harry

    Read the article

  • Auto Log-Off Windows users - Windows 2003 domain

    - by thehatter
    I am trying to make windows clients automatically log off after some time, I have been trying to use the winexit.scr which I have seen working else where in a similar environment. After working though these instructions (I did read the comments and notice the original ADM provided is buggy) I've had no joy what so ever! Winexit.scr refuses to read any settings in the registry, even while using a test account I can access the required reg key(s); edit, add, and remove values. Essentially winexit.scr always uses it's default values: 30 second timeout, no forced log-out. What I really want is a 30 minute timeout with a forced log-out, closing all the users apps etc. I've tried removing and re-adding the ADM template, creating the GPO from scratch several times, giving various registry permissions - including full control to "Everybody" just for fun! Oh, clients are all win XP SP3, DC is win 2003 R2 SP2. So, can anybody suggest something? Cheers!

    Read the article

  • Can't add HKCU entries via GroupPolicy Preferences

    - by Lou H
    2008 R2, XP and W7 64 bit workstations. Trying to add/modify two registry entries for Lync2010 for each user. Created using GP Management, User Configuration, Preferences, Registry. If the two registry entries already exist, then the policy works correctly. If they don't exist, nothing changes. GPReults reports it was successful. If I import the .reg file manually, it also works, so I don't believe it is a rights issue. I have tried the Update, Create, and Replace as the Action. I am not familiar with ADM templates, is that the only way to do it?

    Read the article

  • How can I create a windows shutdown script from powershell/command-line?

    - by David Rubin
    I've read the TechNet pages that describe using computer/user startup/shutdown scripts, and that's great, but I'd like to create those scripts via the command-line (and not have to click around in gpedit.msc). It looks like scripts.ini and psscripts.ini in %SYSTEMROOT%\System32\GroupPolicy\Machine\Scripts specifies the scripts to run, but those don't exist until running gpedit.msc for the first time. Is it safe to create and edit those directly? Or do I need to muck around with Set-GPO or something similar? Thanks!

    Read the article

  • Possible to disable smart card PIN change in Windows 7?

    - by bobmagoo
    I'm looking for a way to disable the smart card PIN change ability provided with Windows 7's native minidriver. It doesn't allow us to enforce any PIN complexity requirements such that users could change their PIN to 000000 or blank without any issues so we'd like to disable that ability. I've been googling around and haven't found any way to do this, but perhaps someone has encountered a similar issue and found a resolution? A third party minidriver is the next step, but if we could do it without additional tools I'm all for it.

    Read the article

  • Password Authentication Fails - NTLMv2

    - by JMeterX
    Environment: Windows 2000 sp4 EDIT: Domain Controller with no trust setup with the Win2008 Server Windows XP machines Windows 2008 Server Netapp NAS Problem: We have a shared folder that resides on a NAS using a Windows 2008 AD for the authentication with the proper permissions setup. When the Windows 2000 machine tries to open the share residing on the Win2008 machine, it is prompted for a username and password. Upon entering the credentials it continuously re-asks for credentials. Important Details: The Windows 2000 machine can ping both the XP machines and the Windows 2008 Server The Windows 2008 machine is mandated to only use NTLMv2 The Windows 2000 machine was originally set to NTLM but was recently switched to NTLMv2 if negotiated for the purpose of trying to connect to the share. As I am sure it will come up, we are using Windows 2000 because of contractual obligations Questions: Why is password Authentication failing in this case? After setting a GPO for the Win2000 machine for it to use NTLMv2, do we need to reboot the machine for the changes to take affect? We used SECEDIT to update the GPOs without rebooting. UPDATE We checked both of the 2008 Domain Controllers to find an error code. We received: Microsoft_Auth_Package_V1_0 0xc000006a Event ID: 4776 I know this to be an authentication error via THIS article "The value provided as the current password is not correct" We know this password to be correct, but since these two domains (Win2000 & Win2008) do not have a trust setup what authentication account needs to be used? One that resides on the Win2000 hosted domain?

    Read the article

  • I want Lotus Domino to only send one email to users that are both recipients and members of a cc'ed lotus group.

    - by Marcus
    Lotus Domino 7 and now Lotus Domino 8.5 The scenario: A@mycompany writes an email to b@internet and cc's it to group@mycompany. A@mycompany is a member of group@mycompany. With the initial email Domino is intelligent enough to not send the email which a@mycompany just wrote to a@mycompany again. But when b@internet answers to all (a@mycompany + group@mycompany) then a@mycompany gets this email twice, because he is not only the author but also a member of group@mycompany. During the smtp session the email is sent once with the recipients set to a@mycompany and group@mycompany and a single esmtp id. So Domino should well be able to see that the mail should only be sent to a@mycompany once. Can I make Lotus Domino behave in this sane fashion?

    Read the article

  • Windows GPO order - beginner

    - by Andras Sebestyen
    I have some software that required e.g. .NET 4 install before them. I wonder what is the best way to make a GPO order list. I also have some software that needs certain files so I need to prepare them (via batch file). I have done a quick research however I haven't found the answer. Any help, link would be appreciated. Please feel free to down vote it if it is a real dummy one. Thanks for example: batch file cleans some folder install .NET Framework 4 install apps through MSI (commercial software) I can't pack everything in the MSI and I also need to make sure that all the steps succeed

    Read the article

  • Can the users can apply Windows update without local administrator rights?

    - by AAA-Super
    My users are running on windows XP 32bit. normally WSUS automatically download and notify them to select which update want to install in the past they were in local administrator rights,now I reduce them to user rights so now they can't see the yellow notification said updated are available. Is there a way to give users permission to see the yellow notification and they can select updates by hand without local admin rights or power users? Any advice would be appreciated Thanks

    Read the article

  • deploying AV via GPO only to workstations

    - by jeremy
    We have a small (100 machines) Windows domain running Server 2008R2. We use Symantec Endpoint Protection 12.1 I want to have GPO deploy the AV software to client machines automatically, but only to client workstations, not to servers, which run a different software. I've set it up before using a GPO linked to the domain mycompany.local and it works, but it deploys the AV software to ALL machines on the domain, including my servers. I can create an OU in active directory for Servers, and perhaps create one for client machines too, but I'd rather not have to go and move new domain members from the default under Computers into a different folder. How can I use GPO to deploy this AV software only to workstations on our network, and not to servers?

    Read the article

  • Active Directory - Using GPO To Update Multiple Versions Of .NET

    - by Joe Wilson
    OK, I have searched everywhere for this one. I have all the MSI's and packages I need to deploy .Net 3.5 SP1, and 2.0 and 3.0 (which are prerequisites for 3.5). I can't figure out how to install all of them at once via GPO. Basically, the computers on the network do NOT have any version of .Net installed, and I need them to be at 3.5 SP1. I know I can deploy each version via GPO, force reboot the client, then push the next one, force reboot, and so on. Is there a way to streamline install all 3 at once via GPO? Thanks

    Read the article

  • No password is complex enough

    - by Blue Warrior NFB
    I have one user in my AD domain who seems to not be able to self-select a password. I may have another one, but they're on a different enough password-expiration schedule that I can't remember who it is right now. I can set a password via ADU&C just fine, but when he tries it via C-A-D he gets the "doesn't meet complexity" message. Figuring he was just doing something like 'pAssword32', I did some troubleshooting of my own and sure enough it doesn't want to take a password that way. He's one of our users that habitually uses a local account and then maps drives using his AD credentials so he doesn't get the your password will expire in 4 days, maybe you should change it prompts, so he's a frequent "my password expired, can you fix it" flyer. I don't want to keep having him set it via ADU&C over my shoulder every N days. I'm just fine setting temp passwords of 48 characters of keyboard-slamming and letting him change it something memorable. My environment is at the Windows 2008 R2 functional level, and I am using fine-grained password policies. In fact, I have two such policies: For normal users (minimum length, remembered passwords) For special utility accounts The password complexities I've tried match both policies for length and char-set selection. The permissions on the User object themselves look normal, SELF does indeed have the "Change Password" right. Is there some other place I should be looking for things that can affect this?

    Read the article

  • Logon script does not run for all users

    - by Herohtar
    We have a standalone common-use workstation running Windows XP Pro SP3 and have created a script using Javascript (scriptname.js) that is to be run for each user. The file was added as a user logon script via gpedit.msc and tested using a newly created user account as well as an existing user account. The script ran and functioned as intended on both accounts; however, a few existing users have informed us that the script is not running on their accounts. All user accounts are members of the same groups and have identical permissions. We already have an existing script (but in this case, a batch file) that is applied in the same manner and it runs for all accounts without any problems. Furthermore, on the accounts where the new script does not run during logon, it can still be run manually and works fine. So the question is: what would cause this script to not run during logon on certain accounts? Thanks!

    Read the article

  • domain user disabling screensaver

    - by RASG
    I have the following situation: Due to security reasons the screensaver is activated after 10 minutes, and immediately locks the screen. There are GPOs preventing the user from changing the screensaver parameters and the background image. In order to bypass the background policy, some users are using bginfo The problem is that for some reason now the screensaver doesn't work anymore. The settings are still the same (10 minutes; locked to the user) and comparing snapshots of the registry before and after executing bginfo doesn't show any significant modification. Any hints? EDIT 1: Ok, i figured whats going on, but now i have another question. bginfo refreshes the user settings by reading HKEY_CURRENT_USER\Control Panel\Desktop, which has ScreenSaveActive. If the user set it to 0, disables the screensaver. Why isnt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop, which sets ScreenSaveActive to 1, being enforced? or if it is being enforced, where is bginfo storing the value 0, and how can it bypass the policy? EDIT 2: I also discovered that after setting any value to HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive, it can be deleted and the last value will remain active. For some reason HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive value is not being enforced to the user.

    Read the article

  • How to correctly deploy Adobe Reader 9.1

    - by Ben Gillam
    Hi I have recently tried to deploy Adobe Reader 9.1 onto our network here. (SBS 2003 server and XP Workstations) I followed the instructions for the extraction of the installer and .msi and then creating a .mst transform file to set custom options. (Suppress EULA, dont create desktop icon etc) I then added the package to my deployment GPO applied the relevant .mst file and preceded to deploy accross the network. The software package is computer assigned to be installed prior to logon, to avoid user permissions issues. The package deploys correctly to computers and will run perfectly fine if you run from a shortcut, however when trying to view a pdf from within a web browser it fails with the following message. "The adobe acrobat/reader that is running can not be used to view PDF files in a web browser. Adobe Acrobat/Reader version 8 or 9 is required. Please exit and try again" I have found many pages on google refering to this problem, but none appear to be in relation the problems I have found. http :// kb2.adobe.com/cps/405/kb405461.html These fixes recommend correcting a registry entry (which i should mention is missing after the deployed installation. However this does not work. Switching off display in a browser - Seems to defeat the object of fixing the problem Removing old versions - There arent any. Trying with a different user - This affects all users of all privalige levels on all computers. On my workstation I uninstalled Acrobat Reader 9.1 then reinstalled manually using the same installation source files and it works fine. has anyone sucsessfully deployed AR9.1 on their domain and if so how? For the time being I have downloaded the older 8.1.3 release and deployed this in the same way which works fine, but would like to be using the up to date version. Thanks

    Read the article

  • Deploying Office 2013 via GPO

    - by NickC
    Looking at potential ways to deploy Office 2013 via GPO. First and most obvious way is to run a startup script which calls the Office 2013 setup.exe. Problem here is what happens after it is installed, will that startup script keep re-installing the product every time the machine boots? Another potential way is to install each Office component separately using the multitude of .msi files which are present, would that work and provide the same thing as a full install of Office? There is actually twenty three separate .msi files. What about officemui.msi is that a wrapper which contains calls to all of the other office components.

    Read the article

  • Deleted printers keeps coming back - and multiply

    - by MojoDK
    My users are on 2012 R2 RDS Session Host servers. I've used "Deploy Printers" (from Print Manager) to deploy 4 printers. The last week, I've had a lot of problems where users can't print. If I deleted the printer and added it again, they could print just fine. Now I've removed all printer deploying from GPO - and I have no printers in any login scripts. I did a gpupdate /force, but all the 4 printers are now listed 3 times... If I delete the printers and log off and back on, all the printers are popping up again. Sigh! This is driving me nuts. This script doesn't show any of the "SVFREJA" printers... Set objWMIService = GetObject("winmgmts:\\.\root\cimv2") Set colPrinters = objWMIService.ExecQuery ("Select * From Win32_Printer") If colPrinters.Count <> 0 Then 'If there are some network printers Dim s s = "" For Each objPrinterInstalled In colPrinters ' For each network printer s = s + objPrinterInstalled.Name + chr(13) Next msgbox s End if It gives me this result... (sry for the big picture) My problem is not with the "redirected" printers, my problem is that I have several printers with the same name (on SVFREJA) and I can't get rid of them. Any idea why I can't get rid of the "ophaned" printers??

    Read the article

  • GPO startup script not copying files

    - by marcwenger
    I created a GPO startup script to execute for computers in a specific AD container. The script takes a file from the AD netlogon share and places it on a directory on the computer. Given the right permissions (ie: myself) can execute the script just fine and the file copies. But it doesn't work on startup - the file does not copy over from the AD server. The startup script should run as localsystem (am I right?). So the question is why do the files not copy on startup? Could it be because of: Is it permissions of the local system user? Reading the registry is problematic on startup? Obtaining files from the AD netlogon folder is problematic on startup? Am I missing it completely? My test machine does have the registry key and local directories as described in the script. I myself have standard user permissions on the test machine. AD server is Windows 2008, test client is Windows XP SP3 (and soon to be Windows 7, which I assume permissions issues will be inevitable) Dim wShell, fso, oraHome, tnsHome, key, srcDir Set wShell = WScript.CreateObject("WScript.Shell") Set fso = CreateObject("Scripting.FileSystemObject") key = "HKLM\Software\Oracle\Oracle_Home" On Error Resume Next orahome = wShell.RegRead(key) If err.Number = 0 Then tnsHome = oraHome + "\" + "network\admin\" srcDir = wShell.ExpandEnvironmentStrings("%logonserver%") + "\netlogon\UpdatedFiles\" fso.CopyFile srcDir + "file1.ext", tnsHome, true End If Side note: To ensure that the script is properly deployed, I purposely put some errors in the script, and on the next startup the error message appeared. So I know the GPO is deployed properly.

    Read the article

  • Users are getting a temporary profile

    - by Serhiy
    A bit about current setup: It is windows 2008 R2 AD servers (all of them are 2008R2) and couple locations which set as Sites. Each location has DFS on AD server. Roaming profiles are not used nor configured. Users have their home folder configured as mapped S: drive to DFS shared folder. For example: in profile tab user has: Home Folder - connect - S: to \\domain.com\dc\users\%username% We also have redirected Desktop, Documents and Downloads folders to \\domain.com\dc\users. Everything was fine. Suddenly (today), users in most locations lost their local profile (both XP and W7 desktops) and got temporary profiles. Also, it looks like local profile was created today (from folder properties). I checked events at couple machines and there is not errors related to profiles or logon process. I do not see issues in event logs at servers as well. Basically, I run out of ideas what is wrong and why machines lost their local profiles. PS: Laptop users do not have their folders redirected, but lost profiles as well.

    Read the article

  • Is it possible, via GPO or other method, to turn Internet Explorer's intranet compatibility mode OFF across a domain?

    - by dunc
    Our school's VLE has a few problems when running in IE8/IE9's Compatibility View. Mainly it causes difficulties with uploading files. This problem is easily remedied by un-ticking the Display intranet sites in Compatibility View option from Internet Explorer's Compatibility View options. However, I'm unable to find a way of doing this en masse. I can't find anything regarding this in GPO - would a registry hack or similar do the trick? Thanks in advance,

    Read the article

  • Temporary user-profiles on Windows Server 2008 TS

    - by sinni800
    Hello, for a publicly accessible terminal server I have created a user profile which only allows running of a few programs (demonstration of applications). This results in many people connecting to the same user name on the server, essentially sharing the same profile. How can I copy the original, empty profile on every logon to a seperate directory and delete it afterwards, so everybody starts with a clean copy of the "Guest"-Account?

    Read the article

< Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >