Search Results

Search found 14540 results on 582 pages for 'policy management'.

Page 65/582 | < Previous Page | 61 62 63 64 65 66 67 68 69 70 71 72  | Next Page >

  • Allowing users to install fonts in Windows 7 (through GPO)

    - by djk
    Hi, This is somewhat related to my previous question, http://serverfault.com/questions/48155/why-do-installed-fonts-disappear-after-reboot. Having got the font install issue sorted out under XP just fine, recently we've got a Windows 7 workstation and I've created a special GPO for it. Initially it was UAC that was demanding administrative access to C:\windows\fonts despite the fact the policy dictates that directory is writable (as is the relevant registry entries, on XP anyway). The issue now though is that when I try to copy a font or hit install it claims that the font "does not appear to be a valid font". This happens with every type of font as well. Is there some new and special consideration when allowing these changes on Windows 7? Any input would be appreciated. Many thanks, Doug

    Read the article

  • GPO best practices : Security-Group Filtering Versus OU

    - by Olivier Rochaix
    Good afternoon everyone, I'm quite new to Active Directory stuff. After upgraded Functional level of our AD from 2003 to 2008 R2 (I need it to put fine-grained password policy), I then start to reorganized my OUs. I keep in mind that a good OU organization facilitate application of GPO (and maybe GPP).But in the end, it feels more natural for me to use Security-group filtering (from Scope tab) to apply my policies, instead of direct OU. Do you think it is a good practice or should I stick to OU ? We are a small organisation with 20 users and 30-35 computers. So, we got a simple OU tree, but more subtle split with security-groups. The OU tree doesn't contain any objects except at the bottom level. Each bottom level OU contains Computers,Users, and of course security groups. These security groups contains Users & Computers of the same OU. Thanks for your advices, Olivier

    Read the article

  • Windows 2008 terminal server - How to restrict access to DVD/floppy?

    - by test1839
    I has a very simple task. I need to block access to removable media (CD, DVD, floppy, USB drives etc.) on a Windows 2008 R2 Terminal Server for users and allow it for admins. I tried to enable the following policy in GPO: User Configuration/Administrative Templates/System/Removable Storage Access All Removable Storage classes: Deny all access = Enabled But it did not work. I tried different physical and virtual 2008 servers with the same result. It works on Windows 7 but not on Windows 2008. Has anyone had success with this parameter on Windows 2008? Thank you

    Read the article

  • Can't assign software to non-admin account

    - by labyrinth
    I'm trying to deploy software on our domain using group policy, but I am only able to do so if the user is a member of a group with administrative privileges. We do not want to allow users to install programs generally, but do want to be able to assign/publish. The test program I'm using is originally a .msi file, and it installs fine for users in the administrators group. How can we assign/publish to normal users without opening up the ability to install whatever? Also, from what I've read, I believe I have correct permissions on the folder/share where the .msi files are stored. This is on Win2008R2 with Win7Pro clients.

    Read the article

  • Complete Active Directory redesign and GPO application

    - by Wolfgang Kuehne
    after much testing and hundreds of tries and hours invested I decided to consult you experts here. Overview: I want to apply some GPO to our users which will add some specific site to the Trusted Sites in Internet Explorer settings for all users. However, the more I try the more confusing the results become. The GPO is either applied to one group of users, or to another one. Finally, I came to the conclusion that this weird behavior is cause rather by the poor organization in Users and Groups in Active Directory. As such I want to kick the problem from the root: Redesign the Active Directory Users and Groups. Scenario: There is one Domain Controller, and we use Terminal Services (so there is a Terminal Server as well). Users usually log on to the Terminal Server using Remote Desktop to perform their daily tasks. I would classify the users in the following way: IT: Admins, Software Development Business: Administration, Management The current structure of the Active Directory Users and Groups is a result of the previous IT management. The company has used Small Business Server which has created multiple default user groups and containers. Unfortunately, the guys working before me have do no documentation at all. Now, as I inherit this structure I am in the no mans land. No idea which direction to head first. As you can see, the Active Directory User and Groups have become a bit confusing. There is no SBS anymore, but when migrating from SBS to the current Windows Server 2008 R2 environment the guys before me have simply copied the same structure. The real question: Where should I start cleaning from, ensuring that I won't break totally the current infrastructure? What is a nice organization for the scenario that I have explained above? Possible useful info for the current structure: Computers folder contains Terminal Services Computers user group Members: TerminalServer computer located at Server -> Terminalserver OU Member of: NONE Foreign Security Principals : EMPTY Managed Service Accounts : EMPTY Microsoft Exchange Security Groups : not sure if needed, our emails are administered by external service provider Distribution Groups : not sure if needed Security Groups : there are couple of groups which are needed SBS users : contains all the users Terminalserver : contains only the TerminalServer machine

    Read the article

  • How to execute everything in the Local Area Network

    - by matnagel
    We have a very small LAN here, but some peolpe here think we need Active Directory, though nobody knows how to maintain it. I am not in the position to change this. How can I get full access (on Linux it would be "execute" rights) also for files on network drives (the files are just on another machine next room) My account is in the group Administrators on a windows 2003 server Domain Controller. I cannot open simple MS Access 2000 Databases or CHM Files from network drives in the lan How to do that? Some policy setting? I want to change that once. It is useless. We have no distinction between local or network files here. I would have to copy everything to a local drive and then do what I want.

    Read the article

  • How do I apply WinHTTP proxy settings domain-wide?

    - by Oliver Salzburg
    We're already configuring Internet Explorer proxy settings through group policy and it works great. Sadly, I've recently run into multiple issues where those settings are ignored by certain services. I realized that these service have one thing in common. They use WinHTTP, which has its own proxy settings. Now I'm asking myself how to apply those across the whole domain. I realize that I could create a logon script and simply run netsh winhttp import proxy source=ie, but, from experience I know that these settings require a reboot to take effect. So this wouldn't help me at all in a logon script. So, how can I do it?

    Read the article

  • updating drive mapping GPO programmatically using powershell

    - by Kristoffer
    I have a Group Policy in a domain that have lots of drive mapping settings. I would like to change the path for a lot of these servers in this gpo with powershell if possible. I know i could do this via the GPMC, but would prefer to do it programtically. I have looked at the grouppolicy powershell module from microsoft (get-gpo and friends) but i only seem to be able to change registry entrys and permissions on the policys, not the actual path for the drivemapping. any ideas? Thanks!

    Read the article

  • Using Active Directory Security Groups as Hierarchical Tags

    - by Nathan Hartley
    Because active directory security groups can... hold objects regardless of OU. be used for reporting, documentation, inventory, etc. be referenced by automated processes (Get-QADGroupMember). be used to apply policy be used by WSUS I would like to use security groups as hierarchical tags, representing various attributes of a computer or user. I am thinking of (computer centric) tags something like these: /tag/vendor/vendorName /tag/system/overallSystemName /tag/application/vendorsApplicationName /tag/dependantOn/computerName /tag/department/departmentName /tag/updates/Group1 Before fumbling through implementing this, I thought I would seek comments from the community. Specifically in the areas: Does this make sense? Would it work? Has anyone else attempted this? Is there a good reference on the matter I should read? How best to implement the hierarchy? Tag_OU\Type_OU\GroupName (limits quantity in OU, uniqueness not guaranteed) Tag_OU\Type_OU\Tag-Type-GroupName (limits quantity in OU, uniqueness guaranteed, verbose) etc ... Thanks in advance!

    Read the article

  • How to execute files on LAN drives in a Windows Domain

    - by matnagel
    We have a very small LAN here, but some peolpe here think we need Active Directory, though nobody knows how to maintain it. I am not in the position to change this. How can I get full access (on Linux it would be "execute" rights) also for files on network drives (the files are just on another machine next room) My account is in the group Administrators on a windows 2003 server Domain Controller. I cannot open simple MS Access 2000 Databases or CHM Files from network drives in the lan How to do that? Some policy setting? I want to change that once. It is useless. We have no distinction between local or network files here. I would have to copy everything to a local drive and then do what I want.

    Read the article

  • Prevent registry changes by users

    - by graf_ignotiev
    Background: I run a small computer lab of 10 computers using Windows 7 x64 Enterprise. Our users are set up as limited users. For additional restrictions, I set up local group policy for non-administrators using the microsoft management console. Problem: Recently, I found out that some of these restrictions had been removed. Reviewing the settings MMC and in ntuser.pol showed that the settings should still be in place. However, the related registry settings were missing in ntuser.dat. I already have registry editing disabled in the GPO (though not in silent mode). Question: What is the best way to deal with this situation? Should I look into preventing registry setting changes? Should I set up registry auditing to found out how these keys are getting changed in the first place? Or should I give up the ghost and write some kind of logon script that enforces registry values if they've been change? Any other ideas?

    Read the article

  • Can't add HKCU entries via GroupPolicy Preferences

    - by Lou H
    2008 R2, XP and W7 64 bit workstations. Trying to add/modify two registry entries for Lync2010 for each user. Created using GP Management, User Configuration, Preferences, Registry. If the two registry entries already exist, then the policy works correctly. If they don't exist, nothing changes. GPReults reports it was successful. If I import the .reg file manually, it also works, so I don't believe it is a rights issue. I have tried the Update, Create, and Replace as the Action. I am not familiar with ADM templates, is that the only way to do it?

    Read the article

  • Can you have a WMI query for GPO Filter based on user's OU?

    - by Jordan Weinstein
    I'm wondering if there is a way to have a WMI query check the OU of the user logging on. I'd like a GPO (linked to Citrix servers OU) to apply only to users if the user is in a certain OU - this is for Citrix so the overly obvious answer of - well just link it to the OU the user is in does not apply. This also cannot be done using security groups because a long time ago those started to get used as Distribution Groups also and now too many are widely inaccurate. Lastly I need to apply this to the entire GPO as there are more than just group policy preferences included so I can't use the item-level targeting feature either. But my OUs are accurate so I'd like to use those if I can. I'd like a WMI query filter to say, apply GPO if user is member of OU 'x' that doable?

    Read the article

  • Spawned Process Terminated in GP Startup Script

    - by Charles Gargent
    I have a Group Policy Startup Script which runs synchronously. I now need this script to run one process asynchronously. So far I have managed to get the spawned process running via the command below, however once the rest of the script finishes and the GP Startup Script "phase" finishes and the logon prompt is shown, my spawned process is terminated. Is there any way to have this process continue beyond the Startup Script phase? cmd /c start spawned.bat I guess the reason why it terminates is because the process was launched by the Startup Script process and when the parent process terminates so do its children. PS I need it to be launched via the exisitng script.

    Read the article

  • MLGPO for Windows Server 2003 R2?

    - by 5graeham5
    Is there something like MLGPO (Multiple Local Group Policy Objects) for Windows Server 2003 R2? I have a 2003 Terminal Server that isn't part of a domain/AD and I'm trying to set local group policies which applies only to certain users and/or groups and the policies differ between those entities. I wanted to avoid using the file permissions trick for on C:\WINDOWS\system32\GroupPolicy as that's an all-or-nothing approach. I can't upgrade this box to Windows Server 2008 as the software used is only supported and only works on 2003. Are there any third-party tools to achieve this?

    Read the article

  • How do I get detailed information about what happens during logon

    - by Funky Si
    Due to my IT department leaving I am now responsible for all our IT systems. I now have several problems to get my head around and fix. I run Active Directory on windows server 2003 and use group policy to apply settings etc. Recently we have had some windows 7 clients added to our network, these are having awful problems with our logon scripts and drive mappings. For the most part my XP clients are working without a problem. What I want to know is what is going on during logon, as running the logon scripts after I have logged on often works. Does anyone know of a way to get detailed log information of what is happening before and during logon. Thanks for your help and any suggestions you have for tracking down the source of these problems.

    Read the article

  • How can I prevent users from installing software?

    - by Cypher
    Our organization is a bit different than most. During certain times of the year, we grow to thousands of employees, and during off-times, less than a hundred. Over the course of a few years, many thousands of people have come and gone in our offices, and left their legacy behind in the form of all sorts of unwanted, unapproved, (and sometimes unlicensed) software installs on our desktops. We are currently installing redundant domain controllers and upgrading current servers, all running Windows Server 2008 Enterprise, and will eventually be able to run a pure 2008 DC network. With that in mind, what are our options in being able to lock down users, such that they cannot install unauthorized software on systems without the assistance (or authorization) of the IT group? We need to support approximately 400 desktops, so automation is key. I've taken note of the Software Restrictions we can implement via Group Policy, but that implies that we already know what users will be installing and attempting to run... not quite so elegant. Any ideas?

    Read the article

  • Disable "Send as XPS Attachment" Word 2007

    - by Tim Alexander
    Is there a way to disable this option either via Group Policy or via some form of registry hack? Normally I would go down the route of telling users not to send as XPS and send as something else but with our recent upgrade to 2007 lots of users are banding these files around. Unfortunately our version of Citrix does not play nicely with XPS documents and we end up having to log them out. Am told the fix for Citrix is not forthcoming so wondered if I could bury my head in the sand and disable the option all together. Regards Tim

    Read the article

  • Server 2008 Active directory file sharing Restriction

    - by Usman
    My network scenario is: Two location connected each other through Wireless towers. 1st network ip address are 10.10.10.1 to 10.10.10.150 2nd network ip address are 10.10.10.200 to 10.10.10.254 Both location using their own ACTIVE DIRECTORY (MS SERVER 2008) and share their data with each other network through file sharing. My Problem is that every single client can explore the whole network. by simply typing \computername. i want to implement some restriction on network regarding file sharing. i want to restrict 1st Network Clients to open 2nd network Computer or server. Is there have any Group Policy or Folder permission scenario that i implement on my both network..

    Read the article

  • What URLs must be in IE's Trusted Sites list to allow Windows Update?

    - by ewall
    Particularly for servers in which IE Enhanced Security Configuration is enabled, you need to have all the Windows Update/Microsoft Update URLs in your "Trusted Sites" list in order to use the site. (Furthermore, for domain member servers where Group Policy enforces Internet Explorer's list of "Trusted Sites", you don't have the option to edit the Trusted Sites yourself... so all the necessary URLs should be listed in the GPO.) So, what is the full list of URLs I'll need in IE's Trusted Sites? So far I have the following: http(s)://*.update.microsoft.com http://download.windowsupdate.com http://windowsupdate.microsoft.com I seem to remember there being several more...

    Read the article

  • How to install remote software NOT on a domain?

    - by Nicros
    I have a situation where some software (that I wrote) is going to be deployed on 60 laptops for an event. The laptops are all running windows 7, but there is no domain controller, and they will all be connected to a 192.168.x.x network using wifi. Is there any convenient way to push the software (consisting of an msi file) can be pushed out to all the laptops and installed? I looked at WMIC, but I think that requires machines be joined to a domain, as does Group Policy. The other alternative is Powershell, but I have literally 4 hours to do this and will have no time to figure out the right script. It's not the end of the world if it has to be done manually (I can find volunteers) but it would be nicer if it could be automated somehow.

    Read the article

  • Windows 2008 startup script will not run?

    - by larsks
    I am trying to get a very simple batch script to run when my Windows 2008 Server (R2) system starts up. I have added the script to the "Startup Scripts" in the local group policy by running gpedit.msc, and I see the script listed under Windows Settings/Scripts (Startup/Shutdown)/Startup when I run rsop.msc, but the script is not being executed. The "Last Executed" column in rsop is empty even after a reboot, and a file that should be created by the script is never created. At the moment, the entire contents of the script are: rem Check if this script is running. date /t > c:\temp\flag The target directory (c:\temp) exists. The script is called c:\scripts\startup.bat, and works fine if I run it by hand.

    Read the article

  • CutePDF in a domain environment

    - by poke
    We've recently migrated from a workstation to domain environment. Since the migration, we've been unable to install CutePDF (CuteWriter.exe) on our Win XP Pro boxes. No error, it just fails silently. We were not having having issue prior to the domain migration. CutePDF is a PDF creator that works by emulating a printer. The installer is supposed to create a regular Windows printer that users can select to print to when they want to make a PDF. We are using Group Policy, but I didn't really see any GPOs that would be affecting this. Does anyone have any thoughts or suggestions on this issue? I've tried installing as a domain admin and also as a local admin.

    Read the article

  • How to recover from locked down XP Home computer

    - by Chris
    We've got a Kiosk machine provided to us by a manufacturer. The video card is flaky, so I want to replace it with another card we have on hand, rather than shipping across the country. The problem is that they have policies in place that locks the system down to a point where only the manufacturers demo works on the computer so I can't install drivers for the newer card. I know pretty much nothing about windows policies or the policy editor. Am I fighting a losing battle trying to replace thi scard?

    Read the article

< Previous Page | 61 62 63 64 65 66 67 68 69 70 71 72  | Next Page >