Mandatory Profile via GPO

Similar Messages

• Outlook 2013 set cached mode "Mail to keep offline" to All for existing Outlook profiles via GPO or registry changes

  We recently migrated from Office 2010 to Office 2013.  An annoying change is Outlook's "Use Cached Exchange Mode" setting that changes the previous setting of all email to partial email based on how old emails are.  This is confusing
  for end users because if they have a 1GB mailbox size limit and they look at the properties of their mailbox, it shows the cached amount which is always then less than the full amount.  While they have a 1GB limit, the properties of their mailbox
  might say 700MB because that's all that is cached, but meanwhile they can't send because they are actually over 1GB on the server side.
  I want to set this cache setting to "All" for EXISTING profiles and new profiles.  I think I can do it with GPO for new profiles, but I don't see a way to set it for existing profiles.  I assume I have to do this with a registry setting.

  Hi,
  The cached mode Sync Slider setting is maintained in the Outlook profile settings in the Windows registry. If you want to administer this setting via group policy, you can use the group policy templates, which are available from the Microsoft Web site. The
  group policy template files are Outlk15.admx and Outlk15.adml. If you use group policy to manage this setting, the following registry data is utilized by Outlook.
  Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Outlook\Cached Mode
  DWORD: SyncWindowSetting
  Value: integer value (Decimal) specifying the number of months (use only the following values)
  0 = All (entire mailbox)
  1 = One month of mailbox items
  3 = three months of email items
  6 = six months of email items
  12 = twelve months of email items
  24 = twenty-four months of email items
  Refer from
  http://support.microsoft.com/kb/2733062
  Hope this will be helpful for you.

• Mandatory Profiles - exclude Administrators?

  Hi folks,
  We're recently changed our Terminal Services profiles from "Citrix Profile Mgmt" (similar to Roaming Profiles but with some enhancements) to Mandatory Profiles. The configuration took place using the GPOs in
  Computer Configuration | Policies | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Profiles
  When we log in with the Domain Administrator we get the same mandatory profile as normal users. Is there a way we can exclude the Administrator account from using the mandatory profile?
  Our setup:
  Domain Controllers: Win2k8 R2 Enterprise
  Terminal Servers: Win2k3 R2 Standard
  Thanks in advance!
  Rgs
  Oli

  You can set the mandatory path in the users profile tab in their user account in AD Users and Computers raither than group policy. If set per user this would bypass the Administrators - we set ours to
  \\servername\sharename\mandatory\ the actual manadatory profile has the .V2 on it for 2008 R2 profiles. If they are logging into Desktops as well, set it in the Remote Desktop profile path
  tab instead of the general profile path.

• Mandatory profile: default printer always reverts to last installed printer

  The only constant is: the last installed printer stays as the default printer (user can install it). How is that tracked by the system? I cannot find it anywhere.
  example printer A, then B is installed. Printer B always reverts to being the default on reboot.
  a. not using gpp/gpo to set printers (several thousand pcs, about 800 printers, difference preferences in each department etc)
  b. from what I have read, it is normal for the mandatory profile to revert back on reboot/logoff any changes to the default printer made by the user.
  c. I have tried changing registry keys for .default, the current user, which the current user (mandatory profile autologin) does not pull from .default or anywhere else I can seed.
  d. the mandatory profile itself is clean the common registry keys are empty (changing these keys to your desired printer does not resolve the issue, they revert on reboot to last installed printer)
  ...\Software\Microsoft\Windows NT\CurrentVersion\Devices]
  ....Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts
  ...Software\Microsoft\Windows NT\CurrentVersion\Windows (Device key is blank)
  e. commands do not stick (Tried from powershell, vp, command prompt etc) such as:
  rundll32 printui.dll,PrintUIEntry /dl /n "pritnername" /q
  "ntprint /setdefault name=<printer name>
  ntprint /setdefault name=<printer name>
  Read more :
  http://www.ehow.com/how_7258789_add-default-printer-new-users.html

  Hi,
  Please allow me to clear the current situation:
  1. We are using mandatory profile, and the default printer is not configured into the profile settings;
  2. Every time when installing a new printer, it will change to the default one;
  3. Using command line to set the default printer won't work here;
  If anything misunderstood, please feel free to let me know.
  So how do we install the new printer here? Any settings that we may choose to set the newly installed as the default?
  Might we consider to let the user choose which printer to be set as default using scripts? See if this blog could help:
  How Can I Let Users Choose a Default Printer From a List of Printers?
  If the default printer is not configured into the profile settings, and no GPP configured here, how was the default printer installed?
  Besides, for domain printer issue, we have a better forum to seek help with:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverprint
  Best regards
  Michael Shao
  TechNet Community Support

• Mandatory Profiles, Group Policy Preferences, Synchronous processing

  Hello,
  I'm using Windows 8.1 Update to setup a lab of computers that will use standard user accounts with Mandatory Profiles and Group Policy to lock them down. Everything is working great with the exception of Group Policy Preferences. I am using GPP printers
  to add a shared printer to the computer lab and set the default. Due to asynchronous processing, the GPPs are applied only every other time. Since they are mandatory profiles, the settings are wiped out every time.
  I have enabled the GPO setting "Always wait for network at startup and logon" but it doesn't seem to have any effect. The Mandatory Profile is assigned in the user's AD object.
  From everything I can find on the issue, the problem seems to stem from the synchronous processing/asynchronous processing of group policy preferences, which explains the consistent alternating working. Fast logon optimization is always off when using a
  roaming user profile, which is the case of these standard users, to my understanding. I also configured cached logons to '0', disabling cached logons. The computers (configured to automatically sign in with SysInternals' Autologon) received an error (no logon
  servers available) trying to sign in before the network was ready, showing that they are ignoring the setting. Even with waiting for the network and signing in manually, the GPP printers are only successfully added every other time.
  http://technet.microsoft.com/en-us/library/jj573586.aspx
  2008R2 functional level
  I have created and recreated GPOs to test creating them on the DC and a Windows 8.1 Update computer, with no change in outcome.
  I have also tried setting Startup policy processing wait time, run logon scripts synchronously, and GPP Printers processing behaviors. For the latest testing, I created a new OU with blocked inheritance and created a new GPO with just the key settings to
  wait for network, install the printers, and use the mandatory profile. It still only worked every other time.
  I am currently at a loss for a good way to add the printers to the mandatory profiles. I have hacked them into the HKCU of the mandatory profile but I feel that is a kludge solution and not very sustainable. I have tried a logon PowerShell script but had
  no luck.
  TL;DR: Win8.1Update, Mandatory Profiles, standard user: Every other restart, GPP Printers are added perfectly and the desired outcome is reached. Every other, other restart the printers are not added.

  Hi,
  I'll involve other engineer to this thread for more discussion about your problem. Please wait patient.
  Thank you for your understanding!
  Roger Lu
  TechNet Community Support

• Deploying Adobe Creative Cloud via GPO

  A few months ago my long and lasting journey with Adobe CC started and I was pretty eager to deploy the software in our enterprise. As it comes out, with a little help from Adobe, that just made me crazy and a few pretty pointless and sensless tests I finally managed it somehow to get Adobe CC deployment via GPO. None of our users have local admin rights due to restrictive policy in our enterprise. All testing and configuration was made on Windows 7 Enterprise (x86 and x64) machines.
  As we don't use SCCM in our environment it was critical to use "simple" GPO rollout for software. As there are MSI's with all the packages I started my journey...
  To start it all of:
  As it seems, you cannot buy licenses any more permanent and you can buy them via subscription. OK, that's one way to go and since we need all these products in future we went in evaluating it. Since we cannot buy licenses in a big order like adobe wants us to we were only left to buy the creative cloud for teams and not for enterprise. Still, this was fine to, since adobe offered the cloud packager and a lot of documentation, i thought at least.
  To test and make sure that we can deploy all of the wanted features of creative cloud we bought 2 licenses for the IT-staff. During testing, late semptember/october 2014, with the cloud packager in version 1.6 I was able to deploy the packages and software as we wanted. Just as information, we wanted our users to have Bridge, Photoshop, InDesign, Illustrator, Dreamveawer, Prelude and the most important thing, we did NOT want the creative cloud desktop application due to company restrictions. Well as mentioned before everything worked as charm and I was just happy to start ordering the licenses for all of our users and get things done
  Well, as a lot surely know, the process of ordering the licenses and getting things rolling in a enterprise sometimes takes a little (more) time. After about one or two months later everything was ready and set and I was feeling like this is going to be a piece of cake. Make new packages with the cloud packager, create the gpo's, test the deployment, invite the users and I'm the king of the jungle.
  That was what I thought...
  Adobe was so nice to release the newer and more improved version (I think 1.7 or 1.8) of the cloud packager, that suddenly hasn't been able to deactivate the creative cloud desktop application. Well, not a problem I thought to myself, I'll just uninstall it later on and it's fine. Since there are about 20 users that were getting the software it would be a not so nice job, but once done it's done and it shouldn't happen again.
  Then i was hit by Adobe with a colossal fist right in the face! Why are you asking? Well as I mentioned above, the deployment via GPO worked fine and now? Not anymore, since the exception deployer couldn't install the applications it just broke everything and didn't even try to install the other applications that don't need the exception deployer. After a few e-mails and further testing, run as local admin, run installation after being copied to local, I lost fate that this is ever going to work.
  Adobe gave me the best help they could and I even had a deployment expert in on a web session and he gave me a short commandlet (exception deployer) and said that it has to work this way but surprise, it didn't. As I was getting more and more frustrated by this situation and the exception deployer I started to shrink down the packages as much as possible so that there are no applications that needed to be deployed with the exception deployer. I run tests and guess what? It worked! Man, was I happy that after almost a month things started getting in the right shape. As I couldn't sleep because of this mess I started testing the applications that Adobe techs said needed the exception deployer. I created a new package just for Lightroom 5 (yeah, I know there is a newer version out now, but not at that moment) and saw that it landed in this exception folder that is made during packaging with the cloud packager. I was just curious to test it and made a new GPO for just Lightroom, as a MSI was also within the package I figured, why not give it a try? It worked again!?! I was pretty surprised due to the information that it shouldn't be working, as Adobe techs stated.
  The simpler problem was the creative cloud desktop application. After having the Adobe techs in on a websession they stated, that it should work if I choose enterprise licensing to get rid of this software. But due to Adobe's updating policy of the creative cloud packager, there has been a newer version released (1.9) that opted out this feature to deactivate the installation of the creative cloud desktop application. I thought myself, why? Just please tell us why Adobe do we need this? But OK, there was also a solutions for this problem, the adobe creative cloud cleaning tool. If you create and XML file that is being read from the cleaning tool you can run this and "almost silently" uninstall the software via GPO. I gave it a shot and it works like a charm.
  To be honest I thought, that Adobe due to it's status as THE software company when it comes to creating/editing multimedia content they would know about the problems some of their customers across the globe could be having. As it seems, they don't care enough or haven't ever had somebody with a similar problem(what I cannot believe, but all right) to share some more detailed information about a case like this.
  I know, why have we bought it, if we don't need any cloud space? Well it's simple, Adobe creative products are needed and the CS6 products won't be here forever so it's better to start sooner than later with migration to a newer release. Still I was hoping to get more help from Adobe....
  Just to share the packages with you:
  "Complete 32Bit" package includes: Audition CS6+Updates, Bridge CC, Dreamweaver CC 2014.1, Edge Animate CC 2014, Fireworks CS6, Illustrator CC 2014, Incopy CC 2014, InDesign CC 2014, Photoshop CC 2014, Prelude CS6
  "Complete 64Bit" package includes: Audition CS6+Updates, Bridge CC, Dreamweaver CC 2014.1, Edge Animate CC 2014, Fireworks CS6, Illustrator CC 2014, Incopy CC 2014, InDesign CC 2014, Photoshop CC 2014, Prelude CS6, Premiere Pro CC 2014, SpeedGrade CC 2014
  "InDesign 32Bit" package includes: InDesign CC 2014
  "InDesign 64Bit" package includes: InDesign CC 2014
  "Lightroom 5 32Bit" package: Lightroom 5
  "Lightroom  5 64Bit" package: Lightroom 5
  None of these packages needed the exception deployer to be run. It was all tested on different (also different machine specs) 32bit and 64bit machines. The OS was always Windows 7 Enterprise.
  To uninstall the creative cloud desktop application i wrote a batch file:
  @ECHO OFF
  IF EXIST C:\log_adobe_cc_cleaner\*.* EXIT ## checks if this folder is existent. If not it continues. If there is the folder it stops and won't run again ##
  mkdir C:\temp_adobe_cc_cleaner ## creates a temp folder, as the uinstall tool can only be run locally ##
  xcopy \\your_server\your_share$\adobecc\adobecc-cleaner\*.* C:\temp_adobe_cc_cleaner\*.* /Y ## copies the complete content of the folder to the newly created local folder ##
  call "C:\temp_adobe_cc_cleaner\AdobeCreativeCloudCleanerTool.exe" --cleanupXML=C:\temp_adobe_cc_cleaner\cleanup_desktop_app.xml
  xcopy "%Temp%\Adobe Creative Cloud Cleaner Tool.log" "C:\log_adobe_cc_cleaner\*.*" /Y ## copies the log file to folder, creates the folder itself ##
  rmdir /q /s "C:\temp_adobe_cc_cleaner" ## removes the adobe creative cloud unintaller from local machine, leaves the log file folder for further check if the creative cloud uninstall tool needs to be rerun ##
  The XML file has following written:
  <?xml version="1.0" encoding="UTF-8"?>
  <Products>
  <Properties>
    <Property name="eulaAccepted">1</Property>
    <!--<Property name="removeFlashPlayer">1</Property>-->
  </Properties>
  <CreativeCloud>
    <Product productName="Adobe Creative Cloud" version="2.0"/>
    <!--<Product productName="Adobe ID CC2014 x32 AppBase" version="10.0"/>-->
  </CreativeCloud>
  <AdobeIdCredentials>
    <!--<Product productName="Adobe Id Credentials" version="1.0"/>-->
  </AdobeIdCredentials>
  </Products>
  Updating of the Adobe products is done with Secunia CSI in our enterprise, but there is also the posibility to remotely run the updatemanager.exe or via logon/logoff script.
  What I also found out, was the dependency of vcredist for adobe products. You need the 2010, 2012 of them and most importantly in the x86 and x64 version! In case you get a .DLL missing error.
  I hope this here helps someone who has lost a lot of nerves and a lot of time due to the deployment of Adobe creative cloud applications. I stil hope that there is going to be a better and easier way to deploy this.
  Excuse me for the bad english, good luck with your deployment and maybe we can get Adobe a bit smarter from our all experience to make us a good deployment method.
  Toni

  Slim.nl is an indirect seller of Adobe products whose policies are not known to us. In our server we do not see any purchase from Adobe.com.
  Please try to purchase from https://store2.adobe.com/cfusion/store/html/index.cfm?store=OLS-NL&event=displayProduct&ca tegoryPath=/Applications/AcrobatProX
  You do have an Adobe ID with the Email provided here.
  Regards
  Rajshree

• App-V 5.0 SP2 with Mandatory Profiles

  Hi,
  We are having some issues with App-V 5.0 SP2 with HFX2 and HFX4 on our Windows 7 x64 Clients
  We use mandatory profiles and delete the local profile on logoff,
  HFX2 Issue:
  The AppData\Local\Microsoft\AppV\Client\VFS\<GUID> is only created once, subsequent logins don't have the folder structure created for the package VFS and all folders have read/write access for the user, when they should follow the base OS folder permissions
  We have found that a registry entry is created in HKLM\Software\Microsoft\AppV\MAV\Configuration\Packages\<GUID>\UserConfigEx\<USER-GUID>
  if we manually delete this registry key then appv will re-create the VFS folders in local app data
  AppV seems to be setting key's saying its created those folders and expects them to be there on the next login, is there a way to tell AppV that we are using mandatory profiles and to re-create the folders?
  HFX4 Issue:
  Hotfix 4 is a bigger problem in that a registry entry for <USER-GUID> is created in HKLM\SOFTWARE\Microsoft\AppV\Client\Virtualzation\LocalVFSSecuredUser
  The first time appv is used for that user, it works, all subsequent times appv packages fail to load unless that registry string is manually deleted.
  Is there any way to fix App-V 5 to work with mandatory profiles which are deleted on logoff?
  Thanks!

  Hi Nicke,
  The registry key's are located in HKLM, which causes permission problems as our uses are all standard users
  the HFX2 issue sort of works, the
  UserConfigEx key is created with the logged on user having read/write permissions, so as long as that user successfully runs a logoff script then the key is deleted, if the desktop crashes without running the logoff script and a new user logs in, then they
  don't have the rights to delete the sub keys and all future app-v localappdata VFS permissions are broken on that client,
  The HFX4 issue registry keys are all write protected from standard users,
  I'm not 100% sure these are the only area's which are causing problems (they are just the ones I've found!) and that just deleting the registry entries completely fixes the problem.  I didn't go down the path of deleting HKLM keys as a user as it seemed
  a bit of a brute force hack to me which I was trying to avoid :)
  If I give users rights to delete HKLM\Software\Microsoft\AppV\MAV\Configuration\Packages subkeys
  then I think they could break published applications if the <GUID> folders are somehow deleted?
  I was actually pretty surprised to find out that App-V 5.0 stores permanent information about user's in the HKLM hive, I would have thought all of this should live in the HKCU hive!
  I've not been able to find any documentation on how App-V uses HKLM keys to keep track of processes its already performed on a user and doesn't want to do again,
  Thanks!

• Here we go again...cannot update 10.0.0.1 via GPO

  Per usual, I'm trying to deploy some of the patches released via the Adobe Gods and once again, things aren't working.
  I'm a bit behind in updates just becasue of these issues.  Everytime I try and update, I run into brick walls and it's always such a hassle I avoid it as much as possible anymore.
  My new struggle is updating our existing clients from 10.0.0.1 to 10.0.0.3.  I've downloaded both incremental patches (AcrobatSecUpd1002.msp & AcrobatSecUpd1003.msp) but get errors right away.  When I try to apply the patch to our existing install I get the error message:
  "The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program.  Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch."
  These are the commands I'm using:
  "msiexe c /a AcroRead.msi /p AcrobatSecUpd1002.msp"
  "msiexe c /a AdbeRdr1000_en_US.msi /p AcrobatSecUpd1002.msp"
  I tried both AcroRead.msi & AdbeRdr1000_en_US.msi just in case something changed when I applied the AdbeRdrUpd1001_Tier1.msp update a while ago.
  So again I'm flustered and confused and don't know where to go from here.  I just wish this would be easier and not be such a headache every time I need to push updates down to the clients via GPO.
  Would having a program like installshield or Wise or some other similar program help with stuff like this?  If so then I'm going to definately start pushing my boss to approve the purchase of it!!!
  Heeeeeeeeeeelp!!!

  Ah, okay.  We got an email here at work saying that 10.0.0.1 and 10.0.0.2 were vulnerable and to update to 10.0.03.  So I went to the FTP site to see what was availiable and saw those updates.  I didn't realize it was only for the other versions.  My bad.  Thanks for clerifying!
  EDIT:  Geez...I need to figure out what email is connected to what username and delete one of these things before I drive myself batty!
  Message was edited by: ned4spd8874 (aka RevDrChris)

• Can't open secured documents on windows 7 domain client with mandatory profiles.

  While opening certain PDF files we have the problem that the user is presented with a message that he does not have the rights permissions. This happens twice, after that the users gets an empty page with the message the Adobe version might not be up to date. We use Acrobat Pro 10, but this also happens while using Reader 11.0.8. On our windows 2008 terminal services machine this could be fixed by giving the user rights on c:\ to create and remove a file. :O. On windows 7 this doesn't work probably because of UAC. But we've tried every solution to that available on the internet, disabling uac, changing uac options, changing rights on userprofile folders, changing rights on c:\ but to no avail. When using process explorer we can see it wants to create a temp file p328hkl.tmp or something like that on C but it can't and immediattely after is shows the error on screen.
  Anyone who also has this problem or solved it? There are no problems with simple self made pdf files/scans but only with certain types of pdf files for which it tries to create a tmp file.
  Thanks,
  Peter

  Hi Brogers,
  Thanks for your reaction. We do have AppData redirection in place. We redirect AppData to a share on our data server which works perfectly fine for all other applications. The weird thing is that Reader/Acrobat try to write to C:\ which to my knowledge should not happen, is this maybe a fallback because it can’t write to a different location? Users have full control on their own roaming AppData but not on their local AppData that is made by windows itself while copying the mandatory default profile to C:\.
  I might use the wrong term while saying secured documents. I’m talking about a document created by Raet/Youforce a web application for personal administration. The documents can be opened by other viewers than Acrobat/Reader but then only contain the background and not the text. In Acrobat/Reader they do open normally when Acrobat/Reader can create the .tmp file. Otherwise it will not display the file at all. I would attach such a document to see but since it contains certain info I am not allowed to do so.
  I hope we can work out a solution for this.
  Met vriendelijke groet,
  Peter Gerritsen
  Engineer
  AndoBurg BV
  Voorstraat 31
  3931 HB Woudenberg
  T 033 479 40 80
  F 033 479 40 89
  E [email protected]<mailto:[email protected]>
  I www.andoburg.com<http://www.andoburg.com/>
  Als u niet de geadresseerde van dit bericht bent, verzoeken wij u ons hiervan op de hoogte te brengen en het bericht te verwijderen. AndoBurg BV aanvaardt geen aansprakelijkheid voor schade die voortvloeit uit elektronische verzending van informatie. Aan de inhoud van deze e-mail en eventuele bijlagen kunnen geen rechten worden ontleend, tenzij schriftelijk anders is overeengekomen.
  Van: brogers_1
  Verzonden: vrijdag 19 september 2014 20:10
  Aan: Peter Gerritsen
  Onderwerp:  Can't open secured documents on windows 7 domain client with mandatory profiles.
  Can't open secured documents on windows 7 domain client with mandatory profiles.
  created by brogers_1<https://forums.adobe.com/people/brogers_1> in Enterprise Deployment (Acrobat and Reader) - View the full discussion<https://forums.adobe.com/message/6745441#6745441>

• Indesign CS6 won't install on Windows 7 64bit via GPO

  Good afternoon,
  I created a installation of Indesign CS6 with application manager enterprise 3 to deploy to computers via the active directory.
  It installs correctly without issue to Windows XP x86 machines however won't install to Windows 7 x64 machines.
  When the computers starts it trys to install but fails and proceeds to the login screen.  The following information is left in the Windows event log.
  Has anyone else had this problem and more importantly know how to solve it?
  Log Name:      System
  Source:        Microsoft-Windows-GroupPolicy
  Date:          13/08/2013 9:44:23 AM
  Event ID:      1085
  Task Category: None
  Level:         Warning
  Keywords:     
  User:          SYSTEM
  Computer:      WIN7TEST
  Description:
  Windows failed to apply the Software Installation settings. Software Installation settings might have its own log file. Please click on the "More information" link.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
      <EventID>1085</EventID>
      <Version>0</Version>
      <Level>3</Level>
      <Task>0</Task>
      <Opcode>1</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2013-08-12T23:44:23.375831000Z" />
      <EventRecordID>9482</EventRecordID>
      <Correlation ActivityID="{B74A3709-81F6-4B73-AA1F-9B610874B7EA}" />
      <Execution ProcessID="384" ThreadID="1324" />
      <Channel>System</Channel>
      <Computer>WIN7TEST</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data Name="SupportInfo1">1</Data>
      <Data Name="SupportInfo2">3961</Data>
      <Data Name="ProcessingMode">1</Data>
      <Data Name="ProcessingTimeInMilliseconds">41590</Data>
      <Data Name="ErrorCode">1603</Data>
      <Data Name="ErrorDescription">Fatal error during installation. </Data>
      <Data Name="DCName">\\AYR.burdekin.qld.gov.au</Data>
      <Data Name="ExtensionName">Software Installation</Data>
      <Data Name="ExtensionId">{c6dc5466-785a-11d2-84d0-00c04fb169f7}</Data>
    </EventData>
  </Event>
  Log Name:      System
  Source:        Application Management Group Policy
  Date:          13/08/2013 9:44:23 AM
  Event ID:      108
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          SYSTEM
  Computer:      WIN7TEST
  Description:
  Failed to apply changes to software installation settings.  Software changes could not be applied.  A previous log entry with details should exist.  The error was : %%1603
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Management Group Policy" />
      <EventID Qualifiers="0">108</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-08-12T23:44:23.000000000Z" />
      <EventRecordID>9481</EventRecordID>
      <Channel>System</Channel>
      <Computer>WIN7TEST</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data>Software changes could not be applied.  A previous log entry with details should exist.</Data>
      <Data>1603</Data>
    </EventData>
  </Event>
  Log Name:      System
  Source:        Application Management Group Policy
  Date:          13/08/2013 9:44:23 AM
  Event ID:      102
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          SYSTEM
  Computer:      WIN7TEST
  Description:
  The install of application Adobe InDesign CS6 from policy Global-Application-Adobe InDesign failed.  The error was : %%1603
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Management Group Policy" />
      <EventID Qualifiers="0">102</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-08-12T23:44:23.000000000Z" />
      <EventRecordID>9479</EventRecordID>
      <Channel>System</Channel>
      <Computer>WIN7TEST</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data>Adobe InDesign CS6</Data>
      <Data>Global-Application-Adobe InDesign</Data>
      <Data>1603</Data>
    </EventData>
  </Event>

  Hi Abhijit,
  I am able to install InDesign CS6 manually on the machines from the CD/DVD however when trying to install it via GPO or running the msi using the msi exec commands it doesn't install and leaves the above errors in the event log.
  The installation was made using the same CD/DVD and the installation works on the Windows XP clients and software other than InDesign CS6 will install to the Win 7 64-bit machines via GPO.
  Cheers,

• Local Mandatory Profile breaks Metro Apps

  I'm not sure whether this is the right section of the forum; tell me if i'm wrong. Also I apologize for my English, I'm Italian.
  I want to setup one PC with a "self-resetting" user profile so that every time the user logs out everything he's done is deleted. In Windows XP I used Windows Steady State to achieve something similar.
  I tried with software like Reboot Restore RX (freeware alternative to Deep Freeze), but they're not what i need (they reset all changes to the Hard Drive, which means that antiviruses and Windows itself cannot save upgrades).
  I followed an howto in order to setup a Mandatory Profile on Win 8.1, because that seemed exactly what I need. My steps:
  1. Create a standard user TEST. Log in that user and log out
  2. Go to "Advanced System Properties" -> "User Profiles" and copy "default profile" to
  C:\Users\MandatoryTEST.V2 allowing "\Everyone" to access it (with "Copy to" button)
  3. Open "lusrmgr.msc" and assign C:\Users\MandatoryTEST
  as Profile Path for user TEST
  4. Log in TEST and start customizing things. Up to this point, everything works. Settings and files are preserved between logins, as expected
  5. Rename the file NTUSER.DAT to
  NTUSER.MAN in C:\Users\MandatoryTEST.V2 directory. This should "freeze" the profile
  Those steps works well until i log into TEST
  the second time after "mandatorizing" the profile. Default Metro apps like Weather and News suddenly disappear, and i can't access either Store nor Settings (they crash at launch). Am I doing something wrong? Or maybe there's a better way
  to accomplish what I want?
  Thanks in advance for your replies.

  Hi,
  In my opinion, whether temp file could use Store APP depends on Default Profile. However, default profile doesn't contains Store APP, such as, weather, finace, Bing Map, etc. If you want to use these Store App, you need to customize the default profile firstly,
  make sure these app componments cotained in Default Profile.
  To customize Default Profile, you can refer to the contents of the link below for more details:
  http://technet.microsoft.com/en-us/library/gg241188(v=ws.10).aspx
  Roger Lu
  TechNet Community Support

• Windows 8.1 update 1 - users with domain mandatory profiles cannot open windows 8.1 Store

  Hi,
  After the update 1 on windows 8.1.  All of our domain users get "you cannot access the windows store because you're signed in to this pc using a temporary or guest account......" while opening windows 8.1 store.  All my users use mandatory
  profiles.  Could some one guide me onto:
   -how and what changes should I make on my base image of 8.1?
  -how/where what changes should I make on the domain in Group policy to make my profiles work?
  -I also run sccm 2012 R2 if that makes the things easier I can use it for deploying store apps, but I prefer to make a base windows 8.1 image throw all required apps on it.  I would like to make sure that my domain user can open up windows store after
  that I can capture this image and deploy.
                                Need help thanks
                                Note: Before this update 1 of windows 8.1 things worked great.

  Thanks Kate Li,
  Domain profile is not corrupt.  I have checked the registry settings.  In my question I am mentioning that I am using mandatory profiles for domain users.  Need help.
  I am on update 2 now and the same error for domain users with mandatory profiles.
  Also error 1001 is generated every time the user tries to open the store(the user with mandatory profile)
  Log Name:      Application
  Source:        Windows Error Reporting
  Date:          9/30/2014 8:52:17 AM
  Event ID:      1001
  Task Category: None
  Level:         Information
  Keywords:      Classic
  User:          N/A
  Computer:      TCO-TTTEST.mydomain.com
  Description:
  Fault bucket , type 0
  Event Name: WWAJSE
  Response: Not available
  Cab Id: 0
  Problem signature:
  P1: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy
  P2: Windows.Store
  P3: 3e43
  P4: FFFFFFFE
  P5: (null)
  P6: 0_0
  P7:
  P8:
  P9:
  P10:
  Attached files:
  ErrorInfo.5160.3992.txt
  C:\Windows\WinStore\AppXManifest.xml
  These files may be available here:
  Analysis symbol:
  Rechecking for solution: 0
  Report Id: 9b46f622-48a0-11e4-bec5-6036dd67e10b
  Report Status: 262144
  Hashed bucket:
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Windows Error Reporting" />
      <EventID Qualifiers="0">1001</EventID>
      <Level>4</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-09-30T12:52:17.000000000Z" />
      <EventRecordID>366588</EventRecordID>
      <Channel>Application</Channel>
      <Computer>TCO-TTTEST.mydomain.com</Computer>
      <Security />
    </System>
    <EventData>
      <Data>
      </Data>
      <Data>0</Data>
      <Data>WWAJSE</Data>
      <Data>Not available</Data>
      <Data>0</Data>
      <Data>winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy</Data>
      <Data>Windows.Store</Data>
      <Data>3e43</Data>
      <Data>FFFFFFFE</Data>
      <Data>(null)</Data>
      <Data>0_0</Data>
      <Data>
      </Data>
      <Data>
      </Data>
      <Data>
      </Data>
      <Data>
      </Data>
      <Data>
  ErrorInfo.5160.3992.txt
  C:\Windows\WinStore\AppXManifest.xml</Data>
      <Data>
      </Data>
      <Data>
      </Data>
      <Data>0</Data>
      <Data>9b46f622-48a0-11e4-bec5-6036dd67e10b</Data>
      <Data>262144</Data>
      <Data>
      </Data>
    </EventData>
  </Event>
  Thanks
  Followed :
  http://support2.microsoft.com/kb/2890783  Made a brand new profile.  No luck same error.

• Installing Flash Player 11.8.800.94 via GPO not working properly

  Hello,
  i've installed Flash Player 11.8.800.94 via GPO.
  Installation works fine, but there is no flash player available in Firefox or Internet Explorer.
  Deployed both Flash Players.
  Tried to reinstall Flash Player 11.8.800.94 for Firefox, but it's still not active.
  Windows 7, 64bit
  Greetings,
  Michael

  Hello Comvel.
  RE:
  Hello,
  i haven't fixed it yet.
  I've deployed the last few version of flash player without any problems.
  I haven't found any new things in the admin guide.
  The plugins don't show up in both browsers. I can't enable them.
  On the most importent clients, i've installed flash player manually.
  I know it has been a few months since your post but, I was wonderingif you were able to find a solution for this that didn't involve manual installations. I've recently deployed 11.8.800.175 and am running into the same problems. Some work stations are just fine. But others, (both windows 7 and xp, all IE8) are not working. When navigating to a site like youtube, theres a banner that says update is needed. When you go to manage add-ons there is no shock object/add on.

• How to change maintenance powershell script via GPO?

  Per suggestion reposted from here: http://social.technet.microsoft.com/Forums/windowsserver/en-US/6eece9d6-a524-48aa-8e64-7554f0ec9b31/how-to-change-maintenance-powershell-script-via-gpo?forum=winserverGP
  Posted at http://answers.microsoft.com/en-us/windows/forum/windows_7-desktop/desktop-shortcuts-to-items-on-network-drives/94eddb27-342b-40fc-9ad4-677ff4ee8ebe?page=9&tm=1403700614489 originally.
  There is a very annoying "feature" in Windows 7 called BrokenShortcuts.ps1 which is being called out weekly via maintenance task and if it finds more than 4 "broken" network shortcuts it removes them all. So it means if a user at this
  moment is disconnected from the network he will lose all links to shares, network applications sitting on his desktop. Funny that there was no such script on Vista and i don't see this on Win8. On the post i have attached one user suggested to edit this script
  and change 4 to 500 or whatever high number. That's fine for one time fix. But i need to do this for 200+ users. This file cannot be simply replaced by a script, so i'm wondering is there any way to do it via GPO?
  I have already tried various startup scripts, but i'm not sure which user to put into commands.
  I need to run this on startup:
  takeown /F C:\Windows\diagnostics\scheduled\Maintenance\TS_BrokenShortcuts.ps1
  icacls c:\windows\diagnostics\scheduled\maintenance\TS_BrokenShortcuts.ps1 /grant "some user":F
  copy \\share\folder$\TS_BrokenShortcuts.ps1 C:\Windows\diagnostics\scheduled\Maintenance\ /Y

  You need to take time to study how Windows does these things.  You can control them with GP which is what you asked.  The article shows you how to disable elements of the tasks.  Each task controls a script.  If you disable the task the
  script that deletes shortcuts will be stopped. Other maintenance tasks will continue to run.
  Most of your problem is that you seem to want someone to provide a magical solution.  In technology it is necessary to fully research your issues until you understand all aspects.  After fully studying the issue you should understand the possible
  solutions if they exist.
  You claim to have deployed the patch that Microsoft released to fix the issue.  You claim it didn't work.  If that is the case then you need to call MS and \p[en a support incident.  If  Microsoft determines that you are right about the
  patch not working you will not be charged for the call.
  I know that learning how to support technology is hard and frustrating for newcomers.  In time, by using these incidents to learn, you will become a seasoned technician and all of this will seem trivial.  Until then we can only suggest that you
  do things that most of us are familiar with.  We cannot fix your network for you.
  I think you haven't really posted in the GP forum but posted a question about GP in the server forum.  Try posting in the GP forum.
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverGP
  Here is one answer from the GP forum:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverGP
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/600ca14f-8b1b-400c-b27f-a7f5733407ac/windows-scheduled-maintenance-task?forum=winserverGP
  ¯\_(ツ)_/¯

• 11.0.0.4 Update still promting for update at clock even when disabled via GPO customization wizard

  I have custiomized the Adobe Reader 11.0.0.4 msi to disable any updating feature available . This is the same as the previous versions which have worked faultlessly. This time when i have deployed 11.0.0.4 it does install on the windows machine but still prompts beside the clock with an icon and message saying would you like to install the update? if i click it it then fails as its already installed. i do not want any user to see this message especaily when that version is already running on the machine! Please see below for further informaiton, Appriciate any help resolving this issue.
  Server software:
  Operating system: Windows server 2008 R2
  Client software:
  Operating system: windows 7 64 x pro
  Service Packs: SP1
  Adobe product: Adobe reader 11.0.0.4
  Are the system requirements met? yes
  Problem details:
  Type of problem: update icon and message still showing at clock even when disabled by customized GPO.
  Error message (if any): no erro just popping up!
  Logged on as administrator or user? both but deployed via GPO deployment
  Can you reproduce the problem when you test the problem on the server? yes i can repude on several PC's
  Deployment details
  If you are having deployment problems, also record the following:
  Base version   11.0.0.0
  Any patching/chaining? 11.0.0.1, 11.0.0.2, 11.0.0.3, gpo deployed each version now on 11.0.0.4
  Using MSI or EXE? MSI with MST file (MSI from 11.0.0.0 andmerged with Patch 11.0.0.4)
  Using the Customization Wizard? YES
  Deployment method (AIP, GPO, SCCM, ARD?) GPO
  Installing over other products? YES previous versions of adobe reader
  Did you attempt to install any third-party scripts or application  programming interfaces (APIs) with Acrobat during deployment? If so,  does the problem reside with these elements? (To find out, create a test  package containing only Acrobat.) no
  How did you create the package? customisation wizard Adobe 11.
  Does the problem occur when you install the application from a DVD?  If so, does the problem occur when you copy the contents of the DVD to a  local or network drive? n/a

  fyi
  Some feedback in SR 3-6322025251 ...
  After some on-going discussions with Product Managers, they don't believe this is expected behavior in the 3 questions (q4), (q5) and (q6).
  I have so created 3 new bugs for Development evaluation as no answer or known issue found.
  I have created a spin-off SR for each question/bug as per our policy we handle only one issue/bug per SR.
  You can follow each question/bug progress in the following SRs :
  - (q4) Is it intended behavior to have updated version columns on rows that have not really been updated (as observed in step (sc2-g) and (sc3-g))?
  SR 3-6838483321: Entity attribute with change Indicator and version history gets updated even if row unmodified in UI
  Bug 16381918 - OBJECT VERSION ATTRIBUTE INCREMENTED EVEN IF ROW UNMODIFIED IN UI
  - (q5) How can the NullPointerException (in step (sc2-h)) be explained/avoided?
  SR 3-6838483348: NPE in oracle.adf.model.binding.DCIteratorBinding.executeQueryIfNeeded
  Bug 16382070 - NPE IN ORACLE.ADF.MODEL.BINDING.DCITERATORBINDING.EXECUTEQUERYIFNEEDED
  - (q6) Why does the message in step (sc3-h) mention 'primary key oracle.jbo.Key[10 ]' while the row that really changed has Deptno 20?
  SR 3-6838483413: Incorrect primary key value from oracle.jbo.RowInconsistentException
  Bug 16382246 - INCORRECT PRIMARY KEY VALUE FROM ORACLE.JBO.ROWINCONSISTENTEXCEPTION
  Each bug has been published in MOS and are pending Development triage and evaluation.
  On My Oracle Support, I have been able to find bug 16381918, bug 16382070 and bug 16382246.
  regards
  Jan