Search Results

Search found 12645 results on 506 pages for 'group policy'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 62/506 | < Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >

  • Windows 7 blocks network access to network-installed apps

    - by VokinLoksar
    Windows 2008 R2 domain. Users, running Windows 7 Enterprise, are trying to run some software from a network share. Specifically, I've tested this with MATLAB and PuTTY. When starting, MATLAB has to contact a licensing server to get its license. This action fails for regular users when they start MATLAB from the network share. However, if they copy the installation directory to a local disk everything works fine. Running MATLAB as an admin user from the network share also works. Same story with PuTTY. If the executable is launched from the share, regular users cannot connect to any servers. Something is blocking network communications for programs that are launched from a network drive. Here's the only other mention I could find of the same problem: https://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/4504b192-0bc0-4402-8e00-a936ea7e6dff It's not the Windows firewall or the IE security settings. Does anyone have any clue as to what this is?

    Read the article

  • task scheduler - run interactively as any user with admin credentials

    - by Force Flow
    I'm trying to deploy a scheduled task with a GPO. The task is set to run at login and executes a batch file, which then executes an EXE file. However, I also need it to be interactive and run with admin privledges to bypass the UAC prompt for a username and password when the exe file runs. I created the task for "Vista and later". I've tried running the task as mydoman\administrator and as NT AUTHORITY\Authenticated users with "run only when user is logged in" and "run with highest privledges" selected. If I log in as anyone but administrator, the task does run in the background, as I can see the cmd.exe process running in task manager as mydomain\administrator. Only if I log in as administrator do I then see the cmd window with the batch script running. How can I get the cmd window to display no matter which user logs in?

    Read the article

  • how to change the default open-with program to a program on the second disk

    - by Scott????
    I have a 250GB HDD for my system and a 60GB SSD using a SATA port. I installed most of my applications on the SSD. There's a strange thing though. I can not change the default open-with program to a program which is on the SSD. I think it may be caused by permission so I gave my user a 'full control' permission on the security tab in disk properties. But changing permissions is not work. After I choose an application (I've tried Notepad++, Sublime, 7Zip, etc.), nothing is added in the below window: Also, if I install 7Zip on my machine, the right click menu items can not be added.

    Read the article

  • GPO Startup Script can't modify HKU Registry?

    - by pepoluan
    I've been scratching my head with my current problem. You see, I have this Startup Script that I pushed via GPO. Problem is, although the script starts alright (I see the event it created when starting in the event log), it always fails when trying to enumerate and/or modify registry settings under HKU. If I login as administrator and execute the script manually, it works! If I startup a Command Prompt as SYSTEM (using the "at" workaround) and execute the script manually, it also works! If I reboot... the script always fails. Can anyone shed a light on my problem? Additional information: This script injects some registry values for the Local Administrator (i.e., S-1-5-21-etc etc etc-500), so I'm not sure that it's doable via GPP, not to mention that since nearly all the workstations in my domain are still using XP, so no guarantee of GPP support.

    Read the article

  • How to stop domain users from installing any software?

    - by Chris
    Hi everyone, I was wondering which policies, etc I could setup to stop any installations from occurring in a server 2003 domain environment? I have 2003 RC2 and XP Pro clients. I guess the quick easy way is to make everyone guests, but this also blocks them from other things that they might need to do/access. I've seen a lot of ideas but they do not fully block everything. I know there probably isn't a fix all but would like to get as close as possible. Thank you all,

    Read the article

  • Can a GPO Startup Script starts a background process and exit immediately?

    - by pepoluan
    I have Googled, and not yet found an answer. Scenario: One of my GPOs have a Startup Script that takes a long time to finish. For some reasons, we have to run the scripts synchronously. Naturally, this causes slow startup time (sometimes as long as 15 minutes!) before the Logon screen appears. After profiling and analyzing the perpetrator script, I conclusively determined that the step where it's taking a long time to finish will not affect the result of the succesive GPOs. In other words, that particular step (and all steps afterwards) can run in the background. My Question: Is it possible for the Startup Script to just 'trigger' another script/program that will run to completion even when the Startup Script exits? That is, the "child processes" of the Startup Script continues to live even when the Startup Script's process ends? Additional Info: The Domain Controllers are 2008 and 2008 R2's. The workstations are Windows XP.

    Read the article

  • User permission settings on DNS with windows 2003 server R2 standard edition

    - by Ghost Answer
    I have windows server 2003 r2 standard edition and some XP OS clients systems. I have created the DNS and profiles for all user. Now I want to authorized some users to installation of softwares, remove softwares and other such kind of things. How to I make such kind of policies for all different users on DNS. Please help me. May be this question can be same for another but I didn't get the solutions.

    Read the article

  • Deleting sender from Outlook Safe Senders using GPO?

    - by Hutch
    We're having an external company do a mailshot to our users. The message contains images that are linked rather than embedded in the image (bandwidth isn't an issue). So of course on recent versions of Outlook you're prompted to download the images, not the end of the world, but it would be nice if that didn't happen. There's a bug in the Office/Outlook ADM/ADMX templates that means that a custom list of Safe Senders won't import unless you follow this: http://support.microsoft.com/kb/2252421 Thing is, if I remove an entry from the Safe Senders file, it doesn't seem to remove it from Outlook, which seems odd?

    Read the article

  • What should I do about this user?

    - by Tim Brigham
    What should I do about this user? The user is: Downloading pornography Attempting unauthorized access Running hacking software Sending unsolicited email Installing software / tampering with the system etc This is intended as a generic answer for employee behavioral problems, a la Can you help me with my software licensing question? I could see where acceptable use issues are a touch out of scope for SF, however it is one of those things most sysadmins will run into. I don't want to keep rewriting similar answers.

    Read the article

  • Upgrade manually-installed msi by assigning software through gpo

    - by Mr Happy
    In the past I rolled out software by manually installing it on a "golden" workstation, creating an (ghost)image from that and rolling that out to the other workstations. I try not to do that any more for simple/small software, and when possible (if it's an .msi) I assign the software through gpo. I'm having a problem with one of those. The software was manually installed on the image, which was rolled out, and now I have an update for that software (new msi) and I'd like to assign it through gpo. Don't know if it's relevant but it's user assigned. The new version gets installed alongside with the old version (this is possible since the program folder is different between those versions). When I install the same msi by hand, it properly removes/upgrades the old version though. Is what I am trying to do possible?

    Read the article

  • Add site to trusted sites through GPO

    - by Matt Bear
    I need to add a site to trusted sites on all computers in my domain. I can do it with the "site to zone assignment list", however when I do, it locks trusted sites on the client computer "this setting is managed by your administrator". What I need is a way to add the site, make it persistant, and not affects the users ability to add trusted sites of thier own. (It's a development enviroment, sites are created and tested regularly, they need that ability.)

    Read the article

  • Lockdown users on Windows Server 2012

    - by el.severo
    I set up a Active Directory on a server machine with Windows Server 2012 and I'd like to create some users with limitations like Windows Steady State does in Windows XP (locally). Seen already the Windows SteadyState Handbook (with Windows Server 2008), but I'd like to know if anyone has tried this before, the limitations are the following: 1. Prevent locked or roaming user profiles that cannot be found on the computer from logging on 2. Do not cache copies of locked or roaming user profiles for users who have previously logged on to this computer 3. Do not allow Windows to compute and store passwords using LAN Manager Hash values 4. Do not store usernames or passwords used to log on to the Windows Live ID or the domain 5. Prevent users from creating folders and files on drive C:\ 6. Lock profile to prevent the user from making permanent changes 7. Remove the Control Panel, Printer and Network Settings from the Classic Start menu 8. Remove the Favorites icon 9. Remove the My Network Places icon 10. Remove the Frequently Used Program list 11. Remove the Shared documents folder from My Computer 12. Remove control Panel icon 13. Remove the Set Program Access and Defaults icon 14. Remove the Network Connection(Connect To)icon 15. Remove the Printers and Faxes icon 16. Remove the Run icon 17. Prevent access to Windows Explorer features: Folder Options, Customize Toolbar, and the Notification Area 18. Prevent access to the taskbar 19. Prevent access to the command prompt 20. Prevent access to the registry editor 21. Prevent access to the Task Manager 22. Prevent access to Microsoft Management Console utilities 23. Prevent users from adding or removing printers 24. Prevent users from locking the computer 25. Prevent password changes (also requires the Control Panel icon to be removed) 26. Disable System Tools and other management programs 27. Prevent users from saving files to the desktop 28. Hide A Drive 29. Hide B Drive 30. Hide C Drive 31. Prevent changes to Internet Explorer registry settings 32. Empty the Temporary Internet Files folder when Internet Explorer is closed 33. Remove Internet Options 34. Remove General tab in Internet Options 35. Remove Security tab in Internet Options 36. Remove Privacy tab in Internet Options 37. Remove Content tab in Internet Options 38. Remove Connections tab in Internet Options 39. Remove Programs tab in Internet Options 40. Remove Advanced tab in Internet Options 41. Set a home page (Internet Explorer) 42. Restrict the possibility to change desktop image 43. Restrict the possibility to change wallpaper 44. Restrict usb flash drives Any suggestions for this? UPDATE: As @Dan suggested me I'd like to specify that would be applied to a educational scenario where students can login from a computer and want to add some restrictions to them.

    Read the article

  • Automate new AD user's home folder creation and permission setup

    - by vn.
    I know if we setup a base folder or a profile path in the Profile tab of an AD user, we can copy it and the folder creation and permission setup will be automated. My problem is that not all my users have a roaming profile and the home folder linking is done thru GPO. When I copy from these users, the home folder isn't created automatically and I have to create it manually and change permission and ownership on that folder, located on the fileserver. What should I do? A script may be nice but it'd have to be run everytime a new user is created and I don't think we can link a script to an AD user creation? I'd like to avoid any manual steps and keep my GPO that way. Using a W2008r2 DC on w7 client boxes. Thanks.

    Read the article

  • How to filter RSOP to show only modified policies?

    - by guest
    Is it possible to view only those elements of GPO that are actually modified/specified? For example, when looking at RSOP for an OU, I have loads of options which are mostly not specified - can I automatically filter it to show only e.g. that it doesn't allow to use control panel or install software, instead of looking through all options? I am using Win2003 and I have only the default tools. Thanks in advance!

    Read the article

  • powershell vs GPO for installation, configuration, maintenance

    - by user52874
    My question is about using powershell scripts to install, configure, update and maintain Windows 7 Pro/Ent workstations in a 2008R2 domain, versus using GPO/ADMX/msi. Here's the situation: Because of a comedy of cumulative corporate bumpfuggery we suddenly found ourselves having to design, configure and deploy a full Windows Server 2008R2 and Windows 7 Pro/Enterprise on very short notice and delivery schedule. Of course, I'm not a windows expert by any means, and we're so understaffed that our buzzword bingo includes 'automate' and 'one-button' and 'it needs to Just Work'. (FWIW, I started with DEC, then on to solaris and cisco, then linux of various flavors with a smattering of BSD nowadays. I use Windows for email and to fill out forms). So we decided to bring in a contractor to do this for us. and they met the deadline. The system is up and mostly usable, and this is good. We would not have been able to do this. But it's the 'mostly' part that is proving to be the PIMA now, and I'm having to learn Microsoft stuff anyway until/if we can get a new contract with these guys for ongoing operations. Here's my question. The contractor used powershell almost exclusively for deployment, configuration and updating. My intensive reading over the last week leads me to think that the generally accepted practices for deployment, configuration and updating microsoft stuff uses elements of GPOs and ADMX templates, along with maybe some third party stuff like PolicyPak. Are there solid reasons that I've not found yet that powershell scripts would be preferred over the GPO methods? I'm going to discuss this with the contractor lead when he gets back from his vacation, and he'll be straight with me (nor do I think they set us up). But I can also see this might be a religious issue, so I would still like some background on this. Thoughts? or weblinks? Thanks!

    Read the article

  • AD password not synchronising properly

    - by Kaczmar
    I have 600+ users in AD, but only one causes me trouble. The problem is I can reset his password from AD, he can then log in to his machine. After that he would like to change his password from Windows 7, and proceeds without errors. Logs out or locks the workstation but cannot access it again using either old or new password. So I have to reset it again and he can only use the one I provide for him. All our machines are in the same physical location in the same subnet. Functional level is 2003. I'm totally out of ideas. I could create him new user account, but I'd possibly like to know what causes this. I can only suspect some sort of synchronisation problems but other accounts work fine, and I don't know how to dig deeper into this. Thanks, Piotr

    Read the article

  • How do I set a service startup type to be 'Automatic (delayed)' using GPO?

    - by growse
    A Windows service has 4 different startup types that can be configured: Automatic, Automatic (delayed), Manual and Disabled. I have a service running on a combination of Windows 7 and Server 2008 R2 Desktops that I need to set as 'Automatic (delayed)' using a GPO setting, but from what I can see in the GPO editor, the delayed option is missing: Have I missed something obvious, or is this a rather basic omission from Microsoft?

    Read the article

  • Why would my domain admins turn of UAC?

    - by DanO
    I'm a developer of internal software in our company, I've gotten used to UAC in Win7, I prefer to run with in enabled so that our software works correctly with it enabled. Sysadmins have recently pushed out GPO that turns it off every time we log-in. (So I turn it back on every time I log in.) I can imagine some people are annoyed by it and turn it off, but is that really a good company-wide decision? anyone annoyed by it (local admins) would already have permission to turn it of themselves.. right? On the other hand we don't have to worry creating UAC friendly software if no workstations or servers have it enabled. Is there a good reason for doing this? Other than reducing help-desk calls from recent XP users? I can't see the upside of this decision, help me understand.

    Read the article

  • Server service fails to start, event 7023, error 1079

    - by toffitomek
    Hello, Environment: Windows Server 2008 R2 fully patched, working as Domain Controller in Win 2003 native domain. Users started to report problems with share, it turned out that server service won't start. I've scrambled google but can't find a thing. Any ideas will be appreciated. Thanks in advance :) Service fails to start, then when starting service I get: Windows could not start the Server service on SERVERNAME. Error 1079: The account specified for this service is different from the account specified for other services running in the same process. In System Event Log: Event 7023 The Server service terminated with the following error: The account used is a server trust account. Use your global user account or local user account to access this server.

    Read the article

  • Need to call a script at logon based on hostname. Win 2k3 Domain and XP/7 workstations.

    - by Malocchio
    I have a user logon script. I want to install printers based on hostname. Inside this folder \domain.local\SYSVOL\domain.local\Policies{DF3F608C-8D78-934F-B79F-1965F3C4409B}\User\Scripts\Logon I have cmd files for each host/workstation and the logon.cmd. Terminal Servers are honoring the environment variable %clientname% but the workstations are not. Relevant area of logon.cmd rem Delete all existing printer connections c:\windows\system32\con2prt.exe /f rem Call workstation specific script for connecting to printers %clientname%.cmd Excerpt from clientname.cmdL: rundll32 printui,PrintUIEntry /in /n\\fileserv\PhaserPS rundll32 printui,PrintUIEntry /in /n\\fileserv\CanonIR rundll32 printui,PrintUIEntry /y /n\\fileserv\CanonIR

    Read the article

  • Batch file installing executable only gives SYSTEM permissions

    - by Alex
    So, I have a couple of batch files that install some executables and they work, but when the executables setup shortcuts on the desktop only SYSTEM has access to them. Is there a way I can prevent that or make it so it adds Domain Users access or something like that. I realize that the batch files are ran under the SYSTEM context, but I'd like to find a way to clean up after them. Thanks in advance!

    Read the article

  • Why would my domain admins turn off UAC? [closed]

    - by DanO
    I'm a developer of internal software in our company, I've gotten used to UAC in Win7, I prefer to run with in enabled so that our software works correctly with it enabled. Sysadmins have recently pushed out GPO that turns it off every time we log-in. (So I turn it back on every time I log in.) I can imagine some people are annoyed by it and turn it off, but is that really a good company-wide decision? anyone annoyed by it (local admins) would already have permission to turn it of themselves.. right? On the other hand we don't have to worry creating UAC friendly software if no workstations or servers have it enabled. Is there a good reason for doing this? Other than reducing help-desk calls from users recently upgraded from XP? I can't see the upside of this decision, help me understand.

    Read the article

  • Issue with Administratively Assigned Offline Files

    - by ZnewmaN
    I need to use Administratively Assigned Offline files in conjunction with folder redirection, but user home folders live on 26 different shares. Do I just need to add 52 file paths similar to: \\server\shareA\%username%\Desktop \\server\shareA\%username%\My Documents \\server\shareB\%username%\Desktop \\server\shareB\%username%\My Documents ... and so on? Or do I need to create 26 GPOs, one for each share; or is there an easier way to do it? Edit: The solution provided by @berniewhite in the comments of using %homeshare% has resolved the issue and Administratively Assigned Offline Files is now working well.

    Read the article

  • How to run a logon script but not as the current user

    - by user139951
    I want to create a log of when people login or logout of computers in a computer lab. My first idea was to just create login/logout scripts that contact a server, but the problem is since these scripts would run as the current user, that they would then be able to run this script outside of these two occasions. Is there any way to go about running a login/logout script as the domain computer rather than as the user?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >