Search Results

Search found 252 results on 11 pages for 'gpo'.

Page 8/11 | < Previous Page | 4 5 6 7 8 9 10 11  | Next Page >

  • What are the pros/cons of blocking a program from running in %appdata%, %temp%, etc.?

    - by poke
    While researching ways to prevent CryptoLocker, I saw a forum post that advised using Group Policy Objects (GPO) and/or antivirus software to block run access in the following locations: %appdata% %localappdata% %temp% %UserProfile% Compressed archives Obviously, anything written in a forum should be taken with caution. I do see advantages to do doing this, though, primarily because malware likes to execute out of these locations. Of course, this could impact legitimate programs as well. What are the drawbacks to blocking run access to these locations? What are the advantages?

    Read the article

  • Windows 2008 terminal server - How to restrict access to DVD/floppy?

    - by test1839
    I has a very simple task. I need to block access to removable media (CD, DVD, floppy, USB drives etc.) on a Windows 2008 R2 Terminal Server for users and allow it for admins. I tried to enable the following policy in GPO: User Configuration/Administrative Templates/System/Removable Storage Access All Removable Storage classes: Deny all access = Enabled But it did not work. I tried different physical and virtual 2008 servers with the same result. It works on Windows 7 but not on Windows 2008. Has anyone had success with this parameter on Windows 2008? Thank you

    Read the article

  • Application Compatibility Clients do not show in MSSQL database, but do show in \AppCompat\

    - by rjt
    Application Compatibility Clients are not denied access to the central MSSQL database, but are able to leave their own files in the \AppCompat\ share. The only computer that shows up in the "Microsoft Application Compatibility Manager" database is the the machine i initially created the .MSI installer from. The MSI successfullly pushed out via GPO and like i said there are tons of file in the \AppCompat\ share from many different computers. But only 1 pc shows up in the "Data Collection Manager" database, so i only have data from one machine. i could manually add all these machines (ADNETBIOSNAME\MACHINENAME221$) to the MSSQL AppCompat db permissions list or use an SQL command to do so in batch, but i suspect i must have missed something. Do you manually edit the MSI to set the credentials?

    Read the article

  • Mandatory Profiles on a Server 2003 TS Box

    - by Chloe
    I have a Windows Server 2003 box which will be acting as a terminal server. It will actually be running Citrix, but I don't believe that to be relevant here. There has been a request for every user to use a single mandatory profile. I've used mandatory profiles before, but there have been generally different profiles for different users so I've always used the "Terminal Services Profile" tab to good effect. What I'd like this time is a single setting, such as a Group Policy or similar that simply forces every non-domain admin user logging on to the box into using the mandatory profile. We'll be using Folder Redirection to take care of everything else. I'm aware of the following GPO: Computer Policy\Computer Configuration\Administrative Templates\Windows Components/Terminal Services Set path for TS Roaming Profiles But, as that's a computer policy, will it not apply to all users including administrators? If so, is it possible to exclude admins somehow?

    Read the article

  • Group Policy Task Schedule deployed to User Configuration not working, works when in Computer Configuration?

    - by user80130
    I added a Scheduled Task on my Windows 2008 R2 Domain Controller in the Group Policy Manager: MyDomain Policy User Configuration Preferences Control Panel Settings Scheduled Tasks Basic Task, like starting notepad, when user unlocks his workstation. This should show up in the client workstation's task scheduler, but it dosn't. No errors or anything like that. If I use the "Computer Configuration" instead of "User Configuration" the task appears, and I'm able to run the task. I've tried the gpupdate /force followed by gpresult and checked the report, but it dosn't contain the GPO Scheduled Tasks I created? (again, does show up when using "Computer Configuration".) The issue is that I have to run the application in the current users context, and only on a specific Employee OU, and thereby limit this task only to Employee Workstations and not apply the application when the same employee log on to internal servers and such. Primary domain dontroller is a Windows 2008 R2, workstations Windows 7 Enterprise. What am I doing wrong ?

    Read the article

  • DNS error only in IE

    - by Le_Quack
    Our Intranet page has stopped working on some machines/some user accounts. The error I am getting points to a DNS issue but If I ping the site from the command line the it responds fine. The error I'm gettting on IE is Error: The web filter could not find the address for the requested site Why are you seeing this: The system is unable too determine the IP address of intranet.example.com I'm not quite sure why it mentions the web filter as there is a proxy exception for the intranet page and if I run a trace route it doesn't go via the web proxy (filtering system). Finally it isn't affecting everyone, just random users, also it doesn't affect the random users on all the client machines they use. I have one user where it happens on any client they log onto where most its just certian clients. It's even "fixed" itself for a few peoples. EDIT: hey Mikey thanks for the fast response. Proxies are correct and automatic configuration is off (both via GPO)

    Read the article

  • Regedit as Current User

    - by user1013264
    I'm trying to apply a registry fix for an Outlook/O365 issue on a user's account. The issue is that "regedit" is blocked by a domain GPO. I'm able to run "gpedit" using the local admin account. Question : When I run "regedit as the local admin, am I modifying the registry for the local admin user or the domain user who's actually logged onto the workstation? I'm trying to apply the following fix: http://support.microsoft.com/kb/2843677 Also, the path for the above mentioned registry should end in " \Preferences" which is what I'm unable to locate. I'm able to navigate up until \Outlook. Any suggestions would be appreciated. Thank you. Running Outlook 2010.

    Read the article

  • Windows 7 File Associations .mov

    - by Paul Mung
    I created a new windows 7 SP1 base image. Everything is all fine and dandy with that. So i am now installing standard applications I would like Quicktime to manage .mov files. The only problem is WMP (Windows Media Player) won't give up the association to .mov files. It's driving me crazy... i've been reading threads on how to fix file associations. I would like to do it via registry, powershell or cmdline. I cannot use GPO I've tried the following: assoc .mov=QuickTime.mov ftype QuickTime.mov="%ProgramFiles(x86)\QuickTime\QuickTimePlayer.exe" Reg add HKCU\Software\Microsoft\windows\CurrentVersion\Explorere\FileExts\.mov\UserChoice" /v Progid /d QuickTime.mov /f Reg add HKCU\Software\Microsoft\windows\CurrentVersion\Explorere\FileExts\.mov\OpenWithList" /v a /d QuickTimePlayer.exe /f Reg add "HKCU\Software\Microsoft\windows\CurrentVersion\Explorere\FileExts\.mov\OpenWithList" /v b /d wmplayer.exe /f Reg add HKCU\Software\Microsoft\windows\CurrentVersion\Explorere\FileExts\.mov\OpenWithList" /v MRUList /d ab /f Reg add HKCU\Software\Microsoft\windows\CurrentVersion\Explorere\FileExts\.mov\OpenWithProgids" /v Quicktime.mov /t REG_NONE /d 0000 /f Reg add HKCU\Software\Microsoft\windows\CurrentVersion\Explorere\FileExts\.mov\OpenWithProgids" /v WMP11.AssocFile.MOV /t REG_NONE /d 0000 /f

    Read the article

  • Windows Remote-App Server 2012 Office 2013 User Settings not saved

    - by dave
    I have a Windows Server 2012 with RemoteApps enabled. It's running the latest Patches etc. It has Office 2013 installed and Excel and Word are shared to all users. Now I got the Problem that after each Reboot all User Settings are lost. I have a few users who pin previously opened Documents so they dont need to remember all Paths and those are all gone after Reboot. Also last opened Documents is empty and after a Server reboot it brings the office 2013 Window for First time setup where it asks if you want to connect to skydrive and all that. In the RemoteApps Collection I enabled a Userprofile-Drive 100GB drive E: for Storing User profile data. There is a Domain of course and there is no GPO Preventing the user from Storing settings etc. We also got an older Terminal Server 2003 in the same Domain where this is not happening. Any ideas why this is happening that all the Settings are lost after Reboot?

    Read the article

  • Adding and using a Domain Admin during OSD, in MDT

    - by user195296
    So during my Windows 7 OSD. Going by Company Politics I'm suppose to A: Disabled the standardlized Administrator (Done, can do that in task sequence) B: Create a new Administrator called 'ITadmin' and set a fixed password C: Join a Domain (Done that aswell in the Task Sequence) D: Use a Domain Admin to install programs that would otherwise give problems if attempted to install through Local Admin, like Dynamics AX As written I join the computer to the Domain During the OSD, and as Result have the correct Domain Admins added as Administrators through GPO, but I don't know how to use them. I'm looking at CustomSettings.ini in the MDT pack and thinking its gotta be possible to do it from here? or from the unattend.xml in pseudo here is what I wanna Add: AddLocalAdmin: ITadmin Password: 1234 UseThisAccountToInstallOSD: Domain\Install_User Password: 1234 Any help appreciated, can't seem to google my way out of this one.

    Read the article

  • Deploying in windows 2008 [closed]

    - by Blisk
    Possible Duplicate: How is software deployed via Active Directory? I have trying to deploy a programs, mapped network drives and taks schedule job. I didn't manage to start a script on log on PC until I did it in Default Domain Policy. But when I did that I have installed programs on my server too. And mapped network drives, etc. So I don't know how to manage to do all of that but not to install anything on server over GPO. I still didn't manage to deploy a schedule task job on clients. I manage to put it on server bit not on clients. I need that schedule task because I need to update software on clients every week. I can't manual update flash player, adobe reader, firefox, etc on clients. And People useing client PC even doesn't know how to do it if they have abillity. Clients doesn't have admin rights.

    Read the article

  • New IE windows open in background on restricted computer

    - by Adam Towne
    We have a new computer build that is locked down via GPO. We have locked it down as tight as we can, but now new IE windows that are opened with shortcuts open behind the active window. I can post the whole list of restrictions if it is necessary, but there are a lot of restrictions. The machine has a domain account that automatically logs in, that account is the actual AD object that we have locked down. What restrictions could cause the new windows to not have focus? I apologize for a question like this, but I had 1 day to build this, and now 2 days to iron out bugs our clinical analysts find.

    Read the article

  • Error setting up Data Protection Manager 2010 Agents / Network "Unauthenticated" in network settings

    - by Bowsa
    I'm not sure if the two are connected but i suspect they are. Basically I'm tring to setup Data Protection Manager 2010 on a fresh install of Server 2008 R2 in a SBS 2003 domain. Everything went fine until trying to install agents across the network. Upon clicking add, i get the following error message: Unable to connect to the Active Directory Domain Services Database. Make sure that the DPM server is a member of a domain and that the controller is running. Also verify that there is network connectivity between the DPM server and the domain controller. ID: 7 As usual (worryingly) the MSDN support for 2010 products is nearly non existant, clicking the error ID simply gives a page not found error. So after 2 days of Googling and trying various fixes (DNS settings, adding permissions to GPO objects, rejoining the domain and many more) I thought I'd ask here in the hope that someone out there may have had this issue before. Any help greatly appreciated!

    Read the article

  • Users can't change password trough OWA for Exchange 2010

    - by Rémy Roux
    Here's our problem, users who want to change their password trough OWA get this error "The password you entered doesn't meet the minimum security requirements.", even if users are respecting the minimum security requirements. With these settings, we have the error: Enforced password history 1 passwords remembered Maximum password age 185 days Minimum password age 1 day Minimum password length 7 characters Password must meet complexity requirements enabled With these test settings, we don't have an error: Enforced password history not defined Maximum password age not defined Minimum password age not defined Minimum password length not defined Password must meet complexity requirements not defined People can change their password but there is no more security! Just changing one parameter of the GPO for example "Enforced password history", brings back this error. Here's our server configuration : Windows Server 2008 R2 Exchange Server 2010 Version: 14.00.0722.000 If anybody has a clue it would very helpful !

    Read the article

  • Roaming Profiles, Folder redirection or... both

    - by Adrian Perez
    Hello, i'm developing a remote desktop services in w2008r2. Now, it's going to be a server, but in the future it's possible that another server could be added to the farm. Now, i'm creating roaming profiles and folder redirection to save space. Now, i have some doubts... if i'm redirecting all the folders i can do through gpo (start menu, desktop, appdata, My Documents, Videos, Music...), does it make sense to use roaming profiles? I mean, i'm redirecting almost everything. So, if i don't use roaming profiles, what kind of data is not shared/roamed? Perhaps is not necessary and if i set roaming profiles, i will add more unnecessary complexity to the infraestructure. What do you think about? Some advice or recomendation? Thanks!

    Read the article

  • How do I package this vbscript as a msi for Group Policy

    - by TheCleaner
    I had a developer that is no longer with us create an msi to do this for me, but the package is outdated now and we need to deploy new files. Basically I need to do the following: Take the code at the bottom of this question and deploy it to all users as a software install package in Group Policy. I don't want to use a computer startup script because I don't want this to run at every login...just once to install and be done. How can I take the below and turn it into an msi for deployment through GPO? @echo off delete "C:\Windows\Downloaded Program Files\jdeexpimp.inf" delete "C:\Windows\Downloaded Program Files\jdeexpimpU.ocx" delete "C:\Windows\Downloaded Program Files\jdewebctls.inf" delete "C:\Windows\Downloaded Program Files\jdewebctlsU.ocx" copy "\\tuldc01\EOneActiveXapplets\ActiveX898\jdeexpimpU\*" "C:\Windows\Downloaded Program Files\" copy "\\tuldc01\EOneActiveXapplets\ActiveX898\jdewebctlsU\*" "C:\Windows\Downloaded Program Files\" regsvr32 "C:\Windows\Downloaded Program Files\jdeexpimpU.ocx" regsvr32 "C:\Windows\Downloaded Program Files\jdewebctlsU.ocx"

    Read the article

  • Migrating SBS 2003 to 2012 standard

    - by AryaW
    My company is currently trying to migrate a Windows Small Business Server 2003 to Windows Server 2012. We know the general procedure, but we want to make sure we aren't going to mess anything up tremendously. Here's the steps we were planning on taking: 1. Uninstall exchange 2. Remove legacy GPO's 3. Demote the domain controller 4. Promote the new server to the primary domain controller. We have no mail servers to worry about. My question is, will the above method work or will we need to make a complete new domain? Thanks!

    Read the article

  • SNMP keeps crashing

    - by jldugger
    We're using OpsView/Nagios to monitor our servers. We've added the SNMP service to all our servers and deployed the configuration via GPO, but one win2k3 server seems to have a problem; it crashes pretty regularly. The event log carries messages like: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7034 Date: 6/11/2009 Time: 7:11:49 PM User: N/A Computer: HOSTNNAME Description: The SNMP Service service terminated unexpectedly. It has done this 2 time(s). and also Event Type: Error Event Source: Application Error Event Category: (100) Event ID: 1000 Date: 6/11/2009 Time: 7:11:18 PM User: N/A Computer: HOSTNAME Description: Faulting application snmp.exe, version 5.2.3790.3959, faulting module ntdll.dll, version 5.2.3790.3959, fault address 0x000417af. Now, I could probably set it to simply restart on crash in perpetuity, but I think it's better to fix problems like this. Is this a known problem? If not, what should I do to diagnose it?

    Read the article

  • Prevent registry changes by users

    - by graf_ignotiev
    Background: I run a small computer lab of 10 computers using Windows 7 x64 Enterprise. Our users are set up as limited users. For additional restrictions, I set up local group policy for non-administrators using the microsoft management console. Problem: Recently, I found out that some of these restrictions had been removed. Reviewing the settings MMC and in ntuser.pol showed that the settings should still be in place. However, the related registry settings were missing in ntuser.dat. I already have registry editing disabled in the GPO (though not in silent mode). Question: What is the best way to deal with this situation? Should I look into preventing registry setting changes? Should I set up registry auditing to found out how these keys are getting changed in the first place? Or should I give up the ghost and write some kind of logon script that enforces registry values if they've been change? Any other ideas?

    Read the article

  • Auto Log-Off Windows users - Windows 2003 domain

    - by thehatter
    I am trying to make windows clients automatically log off after some time, I have been trying to use the winexit.scr which I have seen working else where in a similar environment. After working though these instructions (I did read the comments and notice the original ADM provided is buggy) I've had no joy what so ever! Winexit.scr refuses to read any settings in the registry, even while using a test account I can access the required reg key(s); edit, add, and remove values. Essentially winexit.scr always uses it's default values: 30 second timeout, no forced log-out. What I really want is a 30 minute timeout with a forced log-out, closing all the users apps etc. I've tried removing and re-adding the ADM template, creating the GPO from scratch several times, giving various registry permissions - including full control to "Everybody" just for fun! Oh, clients are all win XP SP3, DC is win 2003 R2 SP2. So, can anybody suggest something? Cheers!

    Read the article

  • How can I create a windows shutdown script from powershell/command-line?

    - by David Rubin
    I've read the TechNet pages that describe using computer/user startup/shutdown scripts, and that's great, but I'd like to create those scripts via the command-line (and not have to click around in gpedit.msc). It looks like scripts.ini and psscripts.ini in %SYSTEMROOT%\System32\GroupPolicy\Machine\Scripts specifies the scripts to run, but those don't exist until running gpedit.msc for the first time. Is it safe to create and edit those directly? Or do I need to muck around with Set-GPO or something similar? Thanks!

    Read the article

  • Slow Starting DHCP Client Service - HP Thin Clients

    - by Ryan
    We have recently began adding XPe thin clients to our domain in preperation for a new citrix environment. One thing that has been picked up on in testing is that they appear slow to boot. The issue manifest's it's self as the classic "Applying Computer Settings..." screen we are all used to seeing. After digging into the issue it appears the DHCP Client service is taking some time to load on boot, this varies but I would estimate it can take around 1 minute in some cases. I've eliminated the classic issues, DHCP is responding correctly and in quick time. DNS is not the cause and GPO's are applying promptly. A simple workaround is to assign the client a static IP which work's great so the TCP/IP servies are obviously firing up quickly, just not DHCP Client. Does anyone have any idea's on how I may be able to improve the service start time? Keen to find a better solution before I get my arm twisted into setting up 250 thin clients with static addressing!

    Read the article

  • Setting up a lab with Windows 2003 server and windows 7 clients

    - by Tathagata
    We are overhauling a lab with new machines with Windows 7 (as clients - around 150 of them). In the current infrastructure we have students logging in using a generic student id (as having individual student accounts doesn't really serve any additional purpose). This account, as you would imagine is a locked down one that can run a few (age old) softwares required by students in the class. Currently, the individual machines have XP images created by BartPE. What should be an ideal infrastructure design to cater to such a need with Windows Server 2003 and Windows 7 clients? It would be great if you can give me pointers to what concepts and background I need to have (like GPO), any design guidelines, best practices?

    Read the article

  • How do I automatically add icons to windows 7 task bar?

    - by Nick
    Hi, I use the Microsoft Deployment Toolkit to install images and applications using a Lite-touch installation method. I would like to automatically add the icons to the "superbar" after installation so the users will be more inclined to use the improved task bar, rather than continuing to use desktop icons. I understand that there is no programmatic access to the task bar to prevent applications from adding themselves to the task bar, filling it with unwanted applications. Is there a way to use MDT, or even GPO to add icons to the task bar, or shall I use a VBS to add the Start menu shortcuts to the task bar?

    Read the article

  • AD Stopping A script and Adding a Value to A User's Account Attribute

    - by Steven Maxon
    ‘This will launch the PPT in a GPO Dim ppt Set ppt = CreateObject("PowerPoint.Application") ppt.Visible = True ppt.Presentations.Open "C:\Scripts\Test.pptx" ‘This is the batch file at the end of the PPT that records the date, time, computer name and username echo "Logon Date:%date%,Logon Time:%time%,Computer Name:%computername%,User Name:%username%" \servertest\g$\Tracking\LOGON.TXT ‘This is what I need but can’t find: I need the script to check a value in the Active Directory user’s account in the Web page: attribute that would shut off the script if the user has already competed reading the presentation. Could be as simple as writing XXXX. I need the value XXXX written to the Active Directory user’s account in the Web page: attribute when they finish reading the presentation after they click on the bat file so the script will not run again when they log in. Thanks for any help.

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11  | Next Page >