DLU policy not applying - Console One won't OK
I've created a DLU policy that has administrator group rights. When I try
to associate it to a user I click OK and the the screen stays (doesn't
close). The button isn't greyed out and an hour glass appears but it does
nothing. I've tried the reverse - associating the policy from the user -
with the same results. Tried deleting and recreating both the user and
policy in different containers.
Dsrepair shows everything is clean and the tree is synced.
Single server tree, netware 5.2 sp7, zen 3.2, console one 3.5
I have other trees exactly the same and do not have this issue....
Don't really want to apply anymore patches. We did on one install and it
messed up all our configurations. This is at a school and with the
students now back I can't afford any down time.
> Hi
> Could you try with Zen SP3 on the current 1.3.6c Consoleone if you see
> the same problem ?
>
> --
> Regards, Kai Reichert
> Novell Support Forum Sysop
>
> People who claim that computers will make life easier for us have
> obviously never used one.
Similar Messages
-
ZCM DLU Policy Not Applying To Win7 Computer
I am running ZCM v10.3 and am preparing to migrate over to Active Directory. When I first setup ZCM, I created a DLU policy for my Windows 7 computers and its been working fine. However, its time to join my Windows 7 computers (running ZCM v10.3) to the AD Domain and I need to disable the DLU for the machines prior to joining the domain.
To do this I tried to exclude my test workstations from the DLU by adding the workstations to the exclusion list for the DLU Policy. My DLU policy is assigned to my Users so I used the "Excluded Workstation List" to attempt to prevent the DLU from applying to the workstation. This didn't work. I also tried the reverse by applying the DLU to the test workstation and adding users to the Exclusion list, but that didn't work either. I updated the version, ran "zac cc" and ran "zac ref bypasscache" but it didnt work.
I reassigned the DLU to all my Users and tried to use the registry to check for the existence and value of hklm\software\novell\zcm\zenlgn\domainlogin=1, but that didnt work either. I updated the version, ran "zac cc" and ran "zac ref bypasscache" but it didnt work.
Actually, the registry keys (DomainLogin and eDIRLogin) didn't exist so i had to manually add it using an AD GPO. I added DomainLogin and eDIRLogin and assign hexadecimal value of 1 to each DWORD via GPO (FYI). At this point I'm not even sure if the values of these keys are supposed to be set automatically upon login or if the admins manually control the values. Its not clear to me from the documentation on the Novell site. (http://www.novell.com/documentation/...stem_admin.pdf, pg 274)
(DLU Policy Filters not working)
I turned on debug by issuing the command: "zac log level debug", and would've attached the log here, but I don't know how. If anyone needs to see the log, please send me a link on how to attach a log and I'll do so.
I've tried so many different settings and combinations but i'm still unable to get consistent results. At some point I was able to get the DLU Policy to show up in the ZCM Agent properties with the status of "Not Applied" or "Not Effective" or something to that effect. That was the first time I was able to log in without the DLU applying. However it wasn't consistent among other machines so i kept testing. As it stands now, I have removed any filters and exclusions and now my test machine is not receiving any DLU policy and it should because I assigned the DLU Policy to my entire user base. I am totally lost.
Any help is appreciated.wanman,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
Customer site has been using ZEN for years. User package with DLU has always been associated at the OU levels and has been working for the users just fine.
Now we're into a new project that requires the user packages to be associated to the individual users, and a non-DLU package associated to the OUs. What we're seeing is roughly 25% of the users are getting the non-DLU policy, even though their associated and effective policy is supposed to be the DLU one.
Has anyone seen this? Can you tell me why it's happening?
Thanks in advance,
A.zeffan,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Workstation Policy not applying completely
I have created a Workstation Policy for my WinXP SP2 machines. In testing
this policy I associated it with a few workstations. I noticed that the
policy seems to work partially. An example being, I have the policy set to
remove "My Network Places" from the desktop but it does not remove it, but
most of the other restrictions that are set by this policy seem to apply
normally.
I have a user policy set the same way and it works fine. Any ideas?Rolf,
Thank you for responding. I believe you are correct about this. One problem
I see at this point is, I did have my Workstation Package set to run at user
login. I changed this to run when desktop is active, but when I check the
the Workstation scheduler on the workstation, it does list my workstation
policy package as having ran but it still shows that it is scheduled to run
at user login. I remove the workstation association to the the workstation
package, reversed the policies on the workstation using another policy
package we have setup to reverse the settings. I then reassociated the
workstation with my worstation policy package which is set to run when the
desktop is active. But in the scheduler it showed that the workstation
policy still ran at user login. If I look at the policy package in Console
One it does show that it is set to run when the desktop is active and not at
user login. So I am not sure why this is. I hope that I won't have to delete
this package and recreate to resolve this. Any suggestions are greatly
appreciated.
Steve
"Rolf Lidvall" <[email protected]> wrote in message
news:[email protected]...
> Maybe this issue?
>
>
http://www.novell.com/documentation/...2.html#aesgb5w
>
> "HINT: Because the Windows desktop files finish loading before group
policy
> settings are loaded, some group policies in the ZfD 4 workstation package
> might exhibit odd behavior if they are scheduled to run at user login.
> Specifically, any changes to desktop settings (for example, hide My
Network
> Place, hide all icons on desktop, etc.) will not occur, neither will any
> programs that you have scheduled to run at user login through use of a
login
> script. If the user logs off and back on, the settings display correctly.
>
> To prevent this behavior, do not configure group policies in the
Workstation
> package to run at user login. Instead, configure them to run at system
> startup, on a daily basis, or on some other regular schedule."
>
> Regards
> Rolf Lidvall
> Swedish Radio (Ltd)
>
> -
Group Policy Pref - Mapped Drives Not Applying to One User
Hi All,
I’m new to this list, so please excuse any etiquette slip ups.
I have three users at a site. All their machines are running Windows XP Service Pack 3 and have client side extensions installed. I created a group policy to map their default drives using GP User Preferences.
Each of the drives is set to "update".
As an example of the policy created XML is as follows:
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="H:" status="H:"
image="2" changed="2009-11-25 05:13:58"
uid="{8A44D2F4-AAE5-4F43-AEEC-D36F08EA619C}" desc="Maps the users H drive to
ServerName\users$\%username%" bypassErrors="1"><Properties action="U"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\users$\%username%" label="Home (ServerName)"
persistent="1" useLetter="1" letter="H"/></Drive>
and
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="J:" status="J:"
image="0" changed="2009-11-30 03:52:58"
uid="{535CD462-A45D-4363-ADA1-2316D5ECC703}" desc="Maps J drive for users to
\\ServerName\apps" bypassErrors="1"><Properties action="C"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\Apps" label="Apps (ServerName)" persistent="1"
useLetter="1" letter="J"/></Drive>
The group policy is applied to an OU for that site.
All three users are in the same OU.
All three users are also in the same “xxsitecode Users” group.
2 of the users log into their pc and get the mapped drives with no issue, but one user doesn’t.
There are no other login scripts and the user has no manually mapped drives.
He does have a H drive mapped using the profile field in his AD object as a temp measure. But every 90 mins any other manually mapped drives are removed by the policy.
We don’t use roaming profiles
To trouble shoot I have tried
- Reinstalling client side extensions
- Re-joining the pc to the domain
- Running gpupdate from the command prompt to see if any event logs are generated (none are)
- Manually mapping the drives to make sure there is network access etc – I can manually map them/he can access them.
- Creating the user a new account, when he logs in using that account he gets his mapped drives on all PC’s
- Getting the user to log into a different pc, when he does this he doesn’t get his drives – so it’s not his machine or profile
- Manually checking the security on the user object in AD against one of the users who gets their drives mapped
I'm sure the GP is fine because it works for two other users and the testing isolates his user account as the issue.
The Policy I’m having issues with is xxxx Mapped Drives/ Printers
I have posted this issue on the tech net GP discussion groups page, but haven’t had any replies.
Any suggestions would be appreciated.
SimoneWhat's interesting is that I applied a new GP to users - it has one policy setting and one preferences setting. He only gets the policy setting.. aka he gets the wallpaper but not the homepage.
Also, Jorke asked me to post the gpresult /z .
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 10/02/2010 at 2:19:34 PM
RSOP results for DOMAIN\USER on MACHINENAME : Logging Mode
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: SITECODE
Roaming Profile:
Local Profile: C:\Documents and Settings\USER.DOMAIN
Connected over a slow link?: No
COMPUTER SETTINGS
CN=MACHINENAME,OU=Laptops,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:06:38 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
au-mdwsus
Default Domain Policy
Legal Notice
Proxy Settings
Logon as service, operating system
AU-WSUS
Desktop Background & Home Page
Reg Permissions for default desktop
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
SITECODE Mapped Drives/ Printers
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The computer is a part of the following security groups:
BUILTIN\Administrators
Everyone
Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
MACHINENAME$
Domain Computers
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for Computer:
Software Installations
N/A
Startup Scripts
GPO: Desktop Background & Home Page
Name: image.bat
Parameters:
LastExecuted: 7:55:34 PM
Name: swiftdesktop.vbs
Parameters:
LastExecuted: 7:55:35 PM
Shutdown Scripts
N/A
Account Policies
Audit Policy
User Rights
Security Options
Event Log Settings
Restricted Groups
System Services
Registry Settings
File System Settings
Public Key Policies
N/A
Administrative Templates
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\CurrentVersion\Winlogon
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Desktop Background & Home Page
Setting: Software\Policies\Microsoft\Internet Explorer\Security
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
USER SETTINGS
CN=Matthew Luhrs,OU=Users,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:54:53 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
**** SITECODE Mapped Drives/ Printers - has Gp Pref's that should apply
Default Domain Policy
Proxy Settings
**** Desktop Background & Home Page - has Gp Pref's that should apply
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
AU-WSUS
Filtering: Not Applied (Empty)
Legal Notice
Filtering: Disabled (GPO)
Reg Permissions for default desktop
Filtering: Not Applied (Empty)
Logon as service, operating system
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
au-mdwsus
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The user is a part of the following security groups:
Domain Users
Everyone
Offer Remote Assistance Helpers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Computer Account Operators
Internet Users
SITECODE Users
DOMAIN-Public Folders Administrators
All Email Users
DOMAINSWIFTEMAIL
Domain Admins
Offer Remote Assistance Helpers
WSUS Administrators
DHCP Administrators
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for User:
Software Installations
N/A
Public Key Policies
N/A
Administrative Templates
N/A
Folder Redirection
N/A
Internet Explorer Browser User Interface
GPO: Proxy Settings
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
HTTP Proxy Server: Proxy:port
Secure Proxy Server: Proxy:port
FTP Proxy Server: Proxy:port
Gopher Proxy Server: Proxy:port
Socks Proxy Server: Proxy:port
Auto Config Enable: Yes
Enable Proxy: Yes
Use same Proxy: Yes
Internet Explorer URLs
GPO: Proxy Settings
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: Proxy Settings
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
GPO: Proxy Settings
Import the current Program Settings: No -
Group Policy not applying after logoff \ logon
We've noticed during testing an issue around Local Group Policy applied via ZCM...
- user A logs in, policy applies correctly (folder redirection, taskbar settings etc)
- user A logs off
- user B logs in, policy applies correctly
- user B logs off
- user A logs in again, policy does not apply
The only way to get policy to apply again for user A is to either reboot or delete the local profile for the user manually
A few other details...
- Windows 7 SP1 Enterprise x86
- DLU Policy applied (non volatile user)
- user does not have admin rights (in the Users+ group)gshaw0,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
Win7 Computer Config group policy not applying
Hi all: I am having a bit of trouble getting a Computer Configuration group policy to apply in Windows 7 using ZCM 11.2.3. I have two group policies, one for User Configuration settings and the other for Computer Configuration settings. User Config GP is associated with users and Computer Config GP is associated with Workstations. ZCM shows both policies as being successfully applied. Yet, if I run rsop.msc to generate a resultant GP set, all Computer Config settings show up as undefined.
I have used this same technique in XP for many years without issue. I suspect the User Config GP is overwriting all GP settings as it is the last to be applied, but since that policy is ONLY for User Config settings I do not see how. Can someone show me the "errors of my ways"?
Thanks a bunch, Chris.I have an identical policy setup - a policy wherein "Computer configuration" is checked and configured (I don't even touch the User related settings) and is applied to workstations as well as a second policy with "User configuration" checked and configured (as with the computer policy, I don't touch the Computer related policy in this User policy) and applied to users. I set it up that way because I want general settings specific to our environment to exist and be effective for all users including IT staff in the Computer policy. I then want to restrict users within the User Policy. I have no Active Directory.
The computer settings apply intermittently with no rhyme or reason, which makes it difficult to troubleshoot. I have Internet Zone Assignments configured in the Computer policy, so specific users have problems when this policy is not effective which is how I became aware of the problem. I found that I can run "gpudate /force" as the user and the computer policy becomes effective, which is what I do most of the time since it's a quick fix and I can move on to other things. I've tried changing the order the policies are applied. I am considering creating a single policy with both computer and user settings and associating it with users in hopes that it will always apply, but thought I'd check out the forum before doing so. ZCM 11.2.3 and Windows 7. -
Currently we are running ZfD 7 and Netware 6.5 and have recently upgraded all our workstations to Windows XP Service Pack 2. Our tree structure consists of an OU for each school level, elementary, middle, and high, and an OU for each school in that respective level. Example:
Elementary
West Main
South Main
Middle
Brown Middle
The current contents in each School OU have users, groups, policies, ect. Previously policy was applied by a workstation policy package that distributed all policies: user, machine, and security which were associated with the School OU. Now we split the policy into workstation packages and a user packages. The goal was to have the workstation apply the machine and security policy and the user policy to apply user settings and create dynamic the local user account.
The workstation policy remains persistent on the workstation while the user policy creates a local user (non-volatile) and applies the user policy from a server path depending on group membership. We have four different user policy packages: Student, Teacher, Specialist and Technology. Each with there own group policy user configuration. Everyone in our Tree has the appropriate permissions to access the policies. We configure the user policy package as follows:
Policies Windows XP
Enabled Dynamic Local User
Enabled Windows Group Policy
Workstation Manager
Network Location
\\serverpath
Checked User Configuration
Policy Schedule
User Desktop is active
Advanced Schedule
Impersonation
Interactive User
Associations
Groups (Teachers, Students)
I can get the workstation policy to apply with no problem. The problem comes when a users logs on. It doesnt matter if a new user is being created or if they are simply just switching users. User group policy doesnt apply randomly. The strange thing is it does copy down to the machine. If I connect to the admin share on a newly imaged workstation (with no policy applied) and open c:\windows\system32\ you see the creation of GroupPolicy.Usercache Folder and it copies to the GroupPolicy Folder which is were it applies policy from. Also you can see policy dynamically changing if different users logs on. The Registry.pol updates in the c:\windows\system32\ GroupPolicy.Usercache\User folder and c:\windows\system32\ GroupPolicy \User Sometimes group policy applies and sometimes it does not. When a user logs on you see the policy that was copied down apply. For example the run option is taken away from the start menu. During the log on process this remains in effect but when the process completes its almost like policy is take away. When this occurs I can run WMSCHED.Exe and reapply the user policy and it will apply sometimes. I tried applying group policy through both groups and organizational units. Both with the same results. I was wondering if anyone has had issues with applying group policy with ZEN or if I am doing this incorrectly. Any help would be much appreciated. Thanks.rscurr,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Default Domain Policy Not Applying Settings to Servers or Clients
I have 2008 R2 DC's with a functioning level of 2003. Our domain servers are a mix of 2003, 2008, 2008 R2, and 2012 and our clients are a mix of Windows 7 Pro and Windows 8.1 Pro.
I recently made a change to the Default Domain Policy located at Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options
For the Security Policy setting called: Network security: Configure encryption types allowed for Kerberos
The change was to enable DES because of a specific need that I have with an application that I work with but enabling DES and leaving the other options such AES unselected caused other applications to not work right. I decided to revert the changes
back to "Not Defined" but those changes did not reflect on the servers even after running the gpupdate /force command.
In order to keep the application working that broke, we enabled all of the encryption levels such as DES, AES, etc. on the server that's running the application via it's Local Security Policy as a temporary fix.
Now, I want to make sure all servers receive the settings from the Default Domain Policy and have their Local Security Policies reflect the "Not Defined" setting but it's not applying. It seems like they worked when I first applied them but
when I try to remove them it does not work.
If I change the setting directly on the Local Security Policy on the server or clients it shows "No minimum" instead of "Not Defined" which I've heard can be fixed by identifying the registry entry for that setting and deleting it...so
help with the location and how to identify that key would also be helpful.
My goal is not to manually have to change servers and clients to revert back to their default settings...I want the Domain policy to apply and override the servers and client's Local Security Policy.
Any help with this would be greatly appreciated and thank you in advance.I have 2008 R2 DC's with a functioning level of 2003. Our domain servers are a mix of 2003, 2008, 2008 R2, and 2012 and our clients are a mix of Windows 7 Pro and Windows 8.1 Pro.
I recently made a change to the Default Domain Policy located at Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options
For the Security Policy setting called: Network security: Configure encryption types allowed for Kerberos
refer:
http://technet.microsoft.com/en-us/library/jj852180(v=ws.10).aspx
We needed to implement a similar scenario a few years ago (when we introduced Windows7 into our estate).
We had an SAP/NetWeaver implementation which always worked on WinXP, but failed on Win7.
We had to enable the DES ciphers, since those were disabled by default in Win7. We discovered that we also needed to enable all the other ciphers (those which are enabled by default[not configured]).
i.e., when we changed the setting from "Not Configured", enabled DES, and left the RC4/AES stuff untouched by us, the RC4/AES stuff attracted a status of disabled.
So, we had to set the DES ciphers to Enabled, and, also set the RC4/AES ciphers to Enabled - this gave us the "resultant" enablement of the default stuff and the needed change/addition of DES.
When you set a GP setting "back to Not Configured", depending upon the setting *AND* the individual Windows feature itself - one of two things will happen:
a) the feature will "revert" to default behaviour
b) the feature will retain the current configured behaviour but becomes un-managed
In classic Group Policy terms, condition (b) above is often referred to as "tattooing", i.e., the last GP setting remains in effect even though GPMC/RSOP/etc does not reveal that to be the case.
(This is also a really good example of not doing this sort of stuff in the DDP. It could have borked your whole domain :)
What I'd suggest, is that you re-enable your ciphers for KRB settings again - this time, enable all the ciphers that would normally be "default", let that replicate around, and allow time for domain members to action it.
Then, set the setting back to Not Configured. This way, the "last" settings issued by GP will be those you want to remain as the "legacy".
Note: the GP settings reference s/sheet, has this to say:
Network security: Configure encryption types allowed for Kerberos
This policy setting allows you to set the encryption types that Kerberos is allowed to use.
If not selected, the encryption type will not be allowed. This setting may affect compatibility with client computers or services and applications. Multiple selections are permitted.
This policy is supported on at least Windows 7 or Windows Server 2008 R2.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Windows 2008 R2 group policy not applied to windows 8 Workstations, but applied to XP and Win 7
I have a Windows 2008 R2 Domain Controllers and have a Policy to put a specify wallpaper, eventuality i have to change the Wallpaper, this setting applied sucesfully in Windows xp and Windows 7 workstations, but not applied in Windows 8 workstations even
if i run gpupdate /forcé,
Best Regards,
Thank youHi,
Thanks for posting in the forum.
Before going further, would you please let me know how did you configure the Group Policy setting to deploy the wallpaper? Have you configured some settings to limit the scope the GPO applying?
If all Windows 8 machines failed to receive the GPO settings? In order to narrow down the cause of the issue, I suggest we could try to collect the following information for troubleshooting.
GPMC.log
==================
a. On domain controller, click Start ->Run, type GPMC.MSC, it will load the GPMC console.
b. Right click on "Group Policy Result" and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select the proper
user in the wizard)
c. Right click
the resulting group policy result and click the "Save Report…" => save report to save the report to a HTML file.
Once we get the report, please check if the settings have been applied to the target correctly.
In addition, would you please let me know whether you have imported the latest Windows 8 Administrative Templates to the Windows Server 2008 DC? If not, please try to download and import it.
Then try to configure the wallpaper GPO settings again to see if it could help.
For details, please refer to the following articles.
Administrative Templates (.admx) for Windows 8 and Windows Server 2012
http://www.microsoft.com/en-us/download/details.aspx?id=36991
Set Desktop Background via Group Policy in Windows 7, Windows 8 in a Server 2008 or Server 2012 Domain
http://dizzyit.com/2013/04/14/set-desktop-background-group-policy-windows-7-windows-8-server-2008-server-2012-domain/
Hope this helps.
Best Regards,
Andy Qi
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.
Andy Qi
TechNet Community Support -
Windows WiFi Import Policy not applying
Quoting from the following TechNet article:
https://technet.microsoft.com/en-us/library/dn818903.aspx?f=255&MSPPError=-2147217396
Additionally, for devices that run Windows 8.1 and later, you can import a Wi-Fi configuration profile that was previously exported
to a file.
It is not quite clear to me what "devices that run Windows 8.1" are supposed to include. I took it to include Windows 8.1 (Enterprise)
clients with the Intune Agent installed. However when I create an Windows WiFi Import policy and apply this to a group which contains a windows 8.1 notebook the policy is not applied.
It does not seem to be that the policy
failed, it does not seem to be applied at all. When checking the policy log it states that 4 policies have been found an applied, which are the default set: Hardware inventory, Software inventory, Intune Center Policy and Intune Agent policy.
So is this supposed to work?
On a related note: The article linked above states you can export the Wlan policy to include in a Windows WiFi import policy with the following command:
netsh wlan export profile MyConnection
Is this not supposed to have an added key=clear argument? I understood that the password encryption used in the export (without key=clear) is only decryptable by the machine on which the export was made. But I may misremember..Hello Andre,
>>
It is not quite clear to me what "devices that run Windows 8.1" are supposed to include. I took
it to include Windows 8.1 (Enterprise) clients with the Intune Agent installed. However when I create an Windows WiFi Import policy and apply this to a group which contains a windows 8.1 notebook the policy is not applied.
It does not seem to be that the policy failed, it does not seem to be applied at all. When checking the policy log it
states that 4 policies have been found an applied, which are the default set: Hardware inventory,
Software inventory, Intune Center Policy and Intune Agent policy.<<
This works when you manage devices with Win 8.1 via OMA-DM agent. This policy won't work for Win 8.1 devices with Intune
("fat") client.
Примечание:Сообщения предоставляются "КАК ЕСТЬ" без каких-либо гарантий,выраженных или подразумеваемых | Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied -
11.2.3 security policy not applying
This was in another post felt it need its on post and subject.
11.2.3 has help, but now on device that have 11.2.3 the security policy is
not applying. I have 4 device I'm testing on one was a clean instill of
11.2.3 the other 3 were upgraded, out of all 4 only one the security policy
is applying right. Where would the security policy be store when it is
applied to a device. Is their a better way to apply security policy.
I found that the gpttmpl.inf file is not being copy to the
[C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
folder and did confirm that it is in the zcm meachine cache folder
[C:\Program Files
(x86)\Novell\ZENworks\bin\handlers\CacheFiles\Work stationCache\GroupPolicy\M
achine\Microsoft\Windows NT\SecEdit]. I manual copy it to the SecEdit
folder
logged off back on and then did get the Security Options Settings set
properly.
So why is it not copying it over, the Registry.pol file is and all other
group policy are working (so far). And on the one computer that Security
Options is working right on and running 11.2.3 the gpttmpl.inf is not in
the
[C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
folder ether and I have checked computers that are still on 11.2.0 and the
Security Settings are applied but the gpttmpl.inf file in not in the
[C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]. Is
ZEN suppose to copy gpttmpl.inf to the system32 group policy folder and if
so can this be fix? I really need Security Settings to apply.
Hope this makes sense.
And I have this problem on both 32 & 64 bit windows 7
I don't know if this affects Windows XP because I don't have any Security
Settings for XP set.
Thanks
ScottWell I found this in the ZCM troubleshooting guide with the help of google
[When more than one Windows Group policy is applied to a device, the
security settings of the last applied policy are effective on the device.].
I have all ways had device first user last sense 10.3.3 - 11.2.0 and the
security policy did apply, at lease with WIN7. So on my test machines I
change it to user fist device last and now the security policy now works
with 11.2.3, but I still have to have a bundle to run gpupdate /force at
user login. If I done have the bundle to run the device group policy does
not apply sometime, I don't mine to have the bundle to run just why with
win7 is does not apply with out it and XP does with out it.
Also why does it not copy the gpttmpl.inf to
[C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
directory?
>>> On Friday, March 15, 2013 at 12:34 PM, in message
<[email protected]>, Scott Malugin<[email protected]> wrote:
> This was in another post felt it need its on post and subject.
>
>
> 11.2.3 has help, but now on device that have 11.2.3 the security policy
> is
> not applying. I have 4 device I'm testing on one was a clean instill of
> 11.2.3 the other 3 were upgraded, out of all 4 only one the security
> policy
> is applying right. Where would the security policy be store when it is
> applied to a device. Is their a better way to apply security policy.
>
>
> I found that the gpttmpl.inf file is not being copy to the
> [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
> folder and did confirm that it is in the zcm meachine cache folder
> [C:\Program Files
> (x86)\Novell\ZENworks\bin\handlers\CacheFiles\Work stationCache\GroupPoli
> cy\M
>
> achine\Microsoft\Windows NT\SecEdit]. I manual copy it to the SecEdit
> folder
> logged off back on and then did get the Security Options Settings set
> properly.
>
> So why is it not copying it over, the Registry.pol file is and all other
> group policy are working (so far). And on the one computer that Security
> Options is working right on and running 11.2.3 the gpttmpl.inf is not in
> the
> [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
> folder ether and I have checked computers that are still on 11.2.0 and
> the
> Security Settings are applied but the gpttmpl.inf file in not in the
> [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit].
> Is
> ZEN suppose to copy gpttmpl.inf to the system32 group policy folder and
> if
> so can this be fix? I really need Security Settings to apply.
>
> Hope this makes sense.
>
> And I have this problem on both 32 & 64 bit windows 7
> I don't know if this affects Windows XP because I don't have any
> Security
> Settings for XP set.
>
>
> Thanks
> Scott -
Power Manager - no new profiles, group policy not applying
Hi there!
Having an issue with power manager (latest version, downloaded today) on Vista on a T61. The first problem is that I cannot create a power profile. If I hit New on the advanced page and fill all the stuff out, the named power plan does not show up. It's like I never did it.
The second issue is that group policy doesn't seem to apply, either. I tried to create a new power policy through AD using the GPO available for download. All the settings are filled out, it's named, and it doesn't show up.
For those concerned that the group policy is mucking up the ability to create a new one through the UI, that was the behavior before the group policy was set up.
rsop.msc shows definitively that the policy is applying to this machine.
Does anyone have any hints?
Thank you!rscurr,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Why is the background color not applied in one case?
Hi,
I'm using RH 7 and WebHelp.
I apply a TableHeading style to the first row of my tables. The TableHeading style is supposed to fill the cells of the first row with a background color of blue, and the text is in white. It works fine except for one table. I think TableHeading style was not applied in the Word document when I imported this topic. I tried to apply the TableHeading style to the first row, and it says it is applied in the HTML. But, the background blue does not fill the cells.
Here is what I am trying to achieve:
Here is my problem table:
I can see in the HTML that the background color is not present in the code. Here is the code for the example that is correct:
<p class=TableHeading>Chapter</td>
<td style="border-left: none; border-right: solid #000000 1.0px; border-top: solid #000000 1.0px; border-bottom: solid #000000 1.0px;
width: 279.4pt; padding: 0in 5.4pt 0in 5.4pt; background-color: #003399;"
bgcolor=#003399 width=279.4pt>
<p class=TableHeading>Description</td></tr>
<tr><td style="x-cell-content-align: top; border-left: solid #000000 1.0px; border-right: solid #000000 1.0px; border-top: none;
border-bottom: solid #000000 1.0px; width: 182.85pt; padding: 0in 5.4pt 0in 5.4pt;
padding-left: 0px; padding-top: 0px; padding-right: 0px;
padding-bottom: 0px;" valign=top width=182.9pt>
Here is the code for my problem table:
<p class=TableHeading>Activity</td>
<td style="border-left: none; border-right: solid #000000 1.0px; border-top: solid #000000 1.0px; border-bottom: solid #000000 1.0px;
width: 168.0pt; padding: 0in 5.4pt 0in 5.4pt;" width=168pt>
<p class=TableHeading>Keyboard Shortcut</td></tr>
<tr style="x-cell-content-align: center;" valign=middle>
<td style="width: 374px; x-cell-content-align: top; border-left: solid #000000 1.0px; border-right: solid #000000 1.0px;
border-top: none; border-bottom: solid #000000 1.0px; padding: 0in 5.4pt 0in 5.4pt;
padding-left: 0px; padding-top: 0px; padding-right: 0px;
padding-bottom: 0px;" valign=top width=374px>
Here is the code from the CSS:
p.TableHeading {
background-color: #003399;
punctuation-wrap: simple;
text-autospace: none;
font-size: 10.0pt;
font-weight: bold;
color: #ffffff;
font-family: Verdana, sans-serif;
margin-left: 3pt;
margin-right: 3.0pt;
line-height: 120%;
margin-top: 0pt;
margin-bottom: 0pt;
LI.p-TableHeading {
punctuation-wrap: simple;
text-autospace: none;
font-size: 10.0pt;
font-weight: bold;
color: #ffffff;
font-family: Verdana, sans-serif;
line-height: 120%;
Any suggestions?
Thanks,
Julie
I don't understand why the TableHeading style is not applying the background color for the one table. I'm guessing I could just add it to the code using the HTML editor. However, I wasn't sure if that was the best way to fix this problem or if I would create another problem.Hi Willam,
Thanks for your answer, and I will go ahead and add the background color to the problem table.
However, I am still puzzled as to why the background color is applied to the cells in the other tables and not the problem table. I'm not sure what I did to cause the problem - how I applied the TableHeading to the table cell in one case and not the other. Any ideas how I can avoid this problem?
I will not use the Word documents going forward and will only make changes with the RH editor.
Thanks again,
Julie -
Exchange2010 - archiving policy not applying
Hi there!
We have started using archiving/retention polices in our environment. This are the steps we have done:
1. Created new database on Exchange and named it Mailbox Archives.
2. Deleted all the Retenetion Policy Tags and put:
* Default 2 year move to archive (all other folders in the mailbox)
* Leave contacts alone (retention enabled: false)
* Leave drafts alone (retention enabled: false)
* Leave notes alone (retention enabled: false)
3. Under Retention polices Default Archive and Retention Policy added those 4 policy tags.
4. Enabled Archive on a USER1 and selected that his mailbox is created in new DB: Mailbox Archives.
5. Observed if Personal Archive will be visible on OWA2010 or OUTLOOK2010 and yes it appears but there is only deleted items and noone
messages were moved from "primary mailbox" to archive.
6. Ran: Start-ManagedFolderAssistant -Identity "[email protected]" -verbose
7. Personal Archive still empty.
Any suggestions why archiving polices are not being applied or where to look for the "progress bar" of this job.
bostjancNoup.
Cleared tha Application/System logs but none System Attendant Error appeared.
Meanwhile an IT friend of mine gave me some explanation regarding Exchange Archiving/retention polices. I don't know if information he gave me are right, but he said that 1st 24hours (1st cycle) Exchange is doing tagging, and the next workflow is
moving to archive.
It looks like that today everything moved to archive and we can close this case.
Before closing this case I have one question regarding Archiving Quota.
We have created a new database for archive mailboxes where we have changed:
Storage limits from default to
Issue warning at 15GB
Prohibit send at 16 GB
Prohibit send and recieve at 17GB.
But if we look on the client's mailbox/Mailbox settings/Archiving quota there's:
Archive quota: 51200 MB, soo I guess that tooks precidence right?
So changing default settings on the new database was not necessary, right?
With best regards
bostjanc
Maybe you are looking for
-
Browse and Purchase iTMS over EDGE - Download over WiFi
I posted this request on http://www.apple.com/feedback/iphone.html copy and paste it as well. I would like the ability to browse the iTunes store on the iPhone when on the EDGE network and add them to a "download queue" that downloads only when WiFi
-
Itunes 10.6.1.7 keeps saying there app updates but they dont show up on the download screen
itunes 10.6.1.7 keeps showing app updates available on the sidebar but when i click to get updates, the update screen says there are no updates available
-
Framemaker uses <$filename> for short file name, can we edit this to change appearance? We do not want the short file name of long filename to include the .fm extension can this be removed or modified to make this happen? In compiling our books it wo
-
Report - Alert Message when Link with value 0 is clicked
Hi, I have a report with many fields eg. Year , Count of High Priority Project , Count of Medium Priority Project , Count of Low Priority Project. I have used Column Attributes to link the report data to page 22. Now , some of the cells in the report
-
Materialized Views - DIRLOAD_LIMITEDDML
Hello, I'm currently using Oracle 11g. Creating a fast refreshable MVIEW with max function on select causes the fast refreshable limitation to DIRLOAD_LIMITEDDML. However, even with an empty materialized view log on the source table, the materialized