Windows 8.1 Group Policy based Wireless Profiles do not appear to be working
I'm wondering if anyone else out there has run into the same issue as I am seeing. The environment is all Server 2012(not R2), with Windows 8.1 clients.
I configure a GPO that is linked to the entire domain/authenticated users and contains a Windows Vista and Later wireless network profile. Let's call it "GPO_Wireless. It is configured to automatically connect it to a specific SSID, the
encryption settings are unimportant, as I've tried numerous approaches. In our case, we're trying to do EAP-TLS with the NPS role. We have the CA rolled out, NPS has a proper cert, and the clients are auto-enrolling for both Computer and User certs.
This is all verified as working. We've also tried straight password authentication.
I refresh group policy on a Windows 8.1 client and see that Computer Policy "GPO_Wireless" is being applied to the client. I restart the computer, but it does not connect to the wireless network.
I run "netsh wlan show profiles" and under "Group Policy Profiles(read only)" it is blank.
I run gpresult /r /scope computer again, and it shows "GPO_Wireless" is being applied.
The last note is that Windows 7 clients can connect to the wireless just fine.
Hi,
For the client side, I would like to know if the windows 7 as you mentioned used the same Group Police like Windows 8.1.
Meanwhile, I suggest you try using script as a workaround.
Regards,
Kelvin hsu
TechNet Community Support
Similar Messages
-
Configuring group policy for user profiles in Windows Server 2012 R2 Domain
Requesting some experts advise on configuring group policy for user profiles.
We will be building new Windows Server 2012 R2 Domain Controllers (Domain of 400 users).
The settings which I am concerned:
1. Folder Redirection: Desktop, Documents, Favorites.
2. Quota for Folder Redirection - 1 GB per user.
3. Map a networked drive - 1 GB per user.
4. Roaming profile - (Will ignore if it does not suit our requirement).
The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
FYI, E-mails hosted on MS Office365 and OST file size of few users more than 25GB. So, in case the user moves from one computer to other, the entire mailbox will be downloaded via internet. This consumes high bandwidth if more than 3-4 users shift per day.
Thanks a lot for your valuable time and efforts.Hi,
>>The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
This depends on where our outlook data files are stored. If these data files are stored under
drive:\Users\<username>\AppData\Local, then these files can’t be redirected, for folder redirection can’t redirect appdata local or locallow.
However, regarding your question, we can refer to the following thread to find the solution.
Roam outlook profiles without roaming profiles
http://social.technet.microsoft.com/Forums/office/en-US/3908b8e0-8f44-4a34-8eb5-5a024df3463e/roam-outlook-profiles-without-roaming-profiles
In addition, regarding how to configure folder redirection, the following article can be referred to for more information.
Configuring Folder Redirection
http://technet.microsoft.com/library/cc786749.aspx
Hope it helps.
Best regards,
Frank Shen -
File and Printer sharing on Windows 7 Through Group Policy
Hi,
I was wondering how to enable File and Printer sharing on Windows 7 Through Group Policy. I have enabled the policy called: Allow inbound file and printer sharing exception.
But when I go to advanced sharing settings, it's still turned off.
Windows Server 2003 AD Domain, and I'm using the Group Policy Manager from my Windows 7 machine to edit the policy.
Any ideas?Hi,
Based on my knowledge, there is no Group Policy setting for enabling and disabling File and Printer sharing. To do this, you may need to write a script and you can go to our Scripting Forum for help.
In addition, I would like to share the following with you:
Enable or Disable File Sharing for a User or Group by Using Group Policy
Network and Sharing Center Group Policy Settings
Hope this helps. Thanks.
Nicholas Li - MSFT -
Greetings all,
I am needing assistance in how to lockdown access to Local Computer Management and Windows Backup via Group Policy for users that access RDS service. I have followed this awesome guide - h t t p://w w w.it.ltsoy.com/windows/lock-down-remote-desktop-services-server-2012/
- but it is missing two important resources that I would like to lock down.Currently, I have successfully locked down Control Panel for users via Group Policy, but I cannot find any group policy or guide on how to restrict user access
to Computer Management (different to Server Manager). When using Win-X shortcut to open the 'Administrator's shortcuts' near the windows icon, I have locked down everything except Computer Management. Computer Management gives direct access to Disk Management,
Shares etc, which are locked down for users. But Windows Server Backup is still accessible. Can someone please guide me on how to restrict access to both Computer Management and Windows Server Backup.
Thanks in advance.
Terry.Prevent running of Windows Server Backup
Computer Configuration\Policies\Windows Settings\Security Settings\File System
Right click on File System - Add File - Drill down to \System32\wbadmin.msc
On the Database Security ACL that pops up - Remove Creator Owner, Remove Users and check Adminstrators have Full Access.
On the Object window - choose Propagate inheritable permissions to all... (Default) -
Windows 2008 R2 group policy not applied on some of the computers
Dear All,
I have windows 2008 r2 as domain controller and configured group policy. when I am changing existing group policy most of the computers not affecting with update policy.
is there any server or any other method required to configure?
every time i need to update group policy manually on computers.
pls help
SUNIL PATEL SYSTEM ADMINISTRATORYou have an issue with AD DS replication.Ensure all domain controllers are in sync
-
Disabling windows update via group policy
hi,
i would like to disable automatic windows upate via group policy on windows server 2008. is it possible?
thanks.
sundeephi,
disabling the automatic update is not a recommended practice, but here are the steps,
Click Start, and then click
Run.
Type gpedit.msc, and then click
OK.
Expand Computer Configuration.
Right-click Administrative Templates, and then click
Add/Remove Templates.
Click Add, click
Wuau.admin the Windows\Inf folder, and then click Open.
Click Close.
Under Computer Configuration, expand
Administrative Templates, expand Windows Components, and then expand Windows Update.
The Configure Automatic Updatespolicy appears. This policy specifies whether the computer receives security updates and other important downloads through the Windows Automatic Updates feature. The settings for this policy let you specify if
automatic updates are enabled on the computer. If the service is enabled, you must select one of the three configuration options.
To view the policy settings, double-click the
Configure Automatic Updatespolicy.
To turn on Automatic Updates, click
Enabled or to turn off select
Disabled
hope this helps
thanks -
Windows Active directory group policy objects
Like many small to medium businesses, we use Firefox in addition to Internet Explorer. The Windows Active Directory group policy objects we have for IE works nicely in all versions of IE. Firefox on the other hand has stopped playing ball. Any policy files I have found on the Internet simply does not fire when used in Windows Group Policy. We have Windows 2008 R2 servers with Windows 7 clients.
Does Mozilla have official group policy objects that will work with Windows Active Directory group policy and is supported in Firefox versions 27 onwards? A lot of the material on the Internet are simply workarounds to achieve something simple.
I believe this may have been asked several times already, but no definitive answer has been supplied to
resolve the issue to my knowledge.
Thanks and regardsTo my knowledge, Firefox historically has not had integration with group policy, and third party tools have been required to bridge the gap. You may have found templates that work in one of those tools.
These threads have links to third party tools, articles, mailing lists, and other resources:
* [https://support.mozilla.org/questions/980567 i need to include the Firefox Browser Configuration in my Group Policy and Control Proxy and Browsing Settings]
* [https://support.mozilla.org/questions/978874 Is it possible to configure firefox using group policy]
Please report back if you find a solution. Thanks. -
The new Sony DSC-RX10 Lens Profile does not appear in the Enable Lens Profile Develop Module.
The new Sony DSC-RX10 Lens Profile does not appear in the Enable Lens Profile Develop Module.
The wrong lens F3.5/6.3 profile is checkmarked and I can not find the new RX10 Sony 70-200 F2.8 G SMM11 profile. The meta data in the Library module correctly list the Sony RX10 and the Correct lens.
How may I select the correct lens profile for my Sony DSC-RX10?Ask in the PS/ LR/ ACR forums
Mylenium -
Access Connections and Group Policy generated network profiles
Hello,
We are in the middle of rolling out 3500 T400 machines and are having fits with Access Connections 5.02. We have a default in-house Preferred Wireless Network Profile that is created on each machine via Group Policy. This works fine with AC and everything does what is supposed to do when our users are in our buildings. When our users go offsite, we have nothing but fits with AC and trying to set up any other WAN connections.
If users set up a new network connection, we are asking them to set it up thru AC. We have had them try using both the "Use Windows to Configure Wireless Network" as well as "IEEE 802.1X Authentication". Once the network connection is set up, for some, the wireless will work for a short period (a week or so) and then will no longer detect network connections. The user nor the client site has made any changes to the wireless configuration.
Others will have a stable connection wirelessly until they connect over VPN – VPN will drop in a few minutes after connection. They can then sometimes reconnect after a reboot; but the instability is a constant problem.
It seems to me that the problem could all be traced back to GP enforcement, which occurs every 8 hours when connected to our network. If a user is offline for several days, then connects up to check email or transfer time or whatever, then they are kicked off. If a user connects via VPN, they are kicked off within minutes - again potentially traceable to GP enforcement.
Has anyone else dealt with this scenario of Preferred Wireless Network policies and Access Connections?
Thanks!Try going back to AC 4.52, which solved the problems i was having with AC5.02 (freezes, BSOD, loss of wireless connections when coming out of standby, GUI problems) on Vista Home Premium. Scroll down for prevous versions of AC5.02 here:
http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-67283
I do not use a VPN system so AC4.52 may not help your 3500 Thinkpads.
Lenovo (Mark_Lenovo) knows there are problems with AC5.02 for the last three (or more ) months and have stated that AC 5.1 will solve the problems, but it has not been released as far as I know. There are many threads on AC5.02 on this forum and also on thinkpads.com
the Lenovo Blog site also has an update on AC5.02 ;under "Design Matters" on how they selected the graphics for wireless connections - the responses there offer some suggestions to fix the problems.
T60: 6371-CTO, VISTA Home Premium+SP1, 2GB....R51: 1836-Q4U,XP,1GB...600...755CD -
How do I set firefox as the default browser in Windows Server 2012 Group Policy Editor?
Hello, I am unable to set firefox as the default browser despite multiple different attempts to do so using group policy.
I have:
- Set a registry command (targeted at 32/64 via a WMI query) to reset the opening command as shown below:
HKEY_CURRENT_USER\Software\Classes\http\shell\open\command
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"
- Set a powershell logon script to run (that does run):
firefox.exe -silent -setDefaultBrowser
Despite setting the above it seems the client computers browsers are not affected by the settings above. When the script runs or if I run the command above a UAC window pops up and requests that I accept the command (for the setDefaultBrowser) but even if I click yes as an administrator it does nothing.
Since GPO in 2012 has changed perhaps there is something that I am missing? Do I need to somehow disable Windows Internet Explorer from achieving default browser status?
Please do not reply if you will suggest that I use Internet Explorer Maintenance (since this function in GPO has been disabled since IE10)
My DC is Server 2012, my client computers are Win7 32/64.The above reply does not take into account that I am trying to use GROUP POLICY EDITOR to make it the default browser.
-
Hello,
I have a Windows Server 2012 R2.
I have configured the Group Policy on it to block the usage of USB - Storage Devices @ user level on the client machines. It works properly for my Windows 7 client machines but it's not working on one of the machine having Windows Server 2008 R2 installed
on it (this machine is also a domain client in the same domain).
I will really be thankful if anyone can suggest some solution to this issue.
Please feel free to write back in-case I have missed anything obvious to be shared.
Thanks!
-Vinay Pugalia
If a post answers your question, please click "Mark As Answer" on that post or
"Vote as Helpful".
Web : Inkey Solutions
Blog : My Blog
Email : Vinay PugaliaHi,
Any update?
Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
Best Regards,
Andy Qi
TechNet
Subscriber Support
If you are TechNet
Subscription user and have any feedback on our support quality, please send your feedbackhere.
Andy Qi
TechNet Community Support -
We are running ISE 1.3 tied to AD with WLC 7.6.130.0. Our ISE has a GoDaddy (none wildcard) certificate loaded for https and EAP. We are just running PEAP. We have a mix of IOS, Android, and Windows 7/8 devices. IOS and Android devices can self create a wireless profile and after entering credentials can connect without issue. Our Windows 7/8 devices, when auto creating a wireless profile are selecting 802.1x machine authentication instead of User authentication or the best option which is machine or user authentication. This is problematic as we do allow for machine authentication but have an authorization rule limiting machine auth to domain controller and ISE connectivity only. This is to allow domain Windows 7/8 devices to have domain connectivity prior to user sign-in but force user auth to get true network connectivity. The problem is why are the Windows devices not auto setting to user authentication (as I think they did when we ran ISE1.2), or the best option which is to allow both types of authentication? I have limited authentication protocols to just EAP CHAP and moved the machine auth profile to the bottom of the list. Neither have helped. I also notice that the Windows 7/8 endpoints have to say allow connectivity several times even though we are using a global and should be trusted certificate authority (probably a separate issue).
Thank you for any help or ideas,When connecting a windows device to the ISE enabled SSID when there is not a saved wireless profile on that machine, it will connect and auto create the profile. In that profile, 802.1x computer authentication option is chosen by windows. That has to be changed to computer or user for the machine to function correctly on the network.
On 1.2, this behavior was different. The Windows device would auto select user authentication by default. At other customer sites, windows devices auto select user authentication. This of course needs to be changed to user or computer in order to support machine auth, but at least the default behavior of user authentication would allow machines to get on the network and functional easily to begin with. -
Windows 2008 R2 - Group Policy Preference - folder option "Open with" Access denied
Similar to this post:
social.technet.microsoft.com/Forums/en-US/d42a81bc-96de-4af3-bc41-079e88e6ea4a
We have Citrix terminal servers running Windows 2008 R2 and attempting to force PDF files to open with Acrobat versus PDF editing software we have installed for a small subset of users. So I created a Group Policy Preference and added a OpenWith item
to the Folder Options to use Acrobat as the default and linked it to a Users OU. However, if I run gpresult the OpenWith setting fails with error code 0x80070005. You can change it to not run in the user's security context which eliminates the
error but then it won't actually do anything.
The problem seems to be that when a user sets another program as their default via Windows Explorer the permissions on HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice get changed so that the user is specifically
denied the ability to set that key. Remove the special permissions added and the group policy succeeds and changes it back to the default ... until the user changes it back (intentionally or otherwise) and the permissions are changed again.
Any ideas here?> Any ideas here?
We use GPP Registry to achieve this goal, so we do not run into that
issue (we unchecked "run in users context", so privs are not an issue)
But I agree, this really should work as intended...
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Automatic Windows Update via Group Policy in Windows 8
Hi,
I have created a new GPO to place some settings on the Automatic Update to all my client pcs. The settings applied as the image i uploaded below. The problem is that this GPO were successfully applied to all my Windows 7 machine but not Windows 8.1 machines.
Is there anything that i missed or i should know about Windows 8.1 automatic update configuration via Group Policy?. I've tried to google but cant find any guidance that relates. I'm not using WSUS. Appreciates any advise. Thanks.
Cheers, Sparcx [MCTS,MCITP-EA]Hi Leon, yes i have read the blog that you gave, It says that Windows 8 requires a KB update to roll the changes that will solve this issue. However its also said that the update is included in Windows 8.1 and there's no need to update to solve the Automatic
Update behaviour via Group Policy as mentioned. Also tried to apply the KB update suggested, but failed. It is not for Windows 8.1 platform. Is there any other suggestion? I kinda stuck here..
Cheers, Sparcx [MCTS,MCITP-EA] -
Windows Server 2008 - Group policy for domain client to start/stop services installed on it
Hello Experts
I am a newbie to windows server administration , though did a Google , but ended up with these question with my requirements
I have created a new domain and 2 client/computer (A & B namely) to domain . Now A & B has tomcat server running with port 8080 , 9090 which i have installed
domain ADMIN account .
&& now i am want to start/stop/restart services enabled for domain users !! How do i achieve this !!
basic question : How can i access A & B tomcat services on DOMAIN CONTROLLER server to create a GPO and that are on (A & B)
what is the easiest way to achieve the same , (if not using GPO)???
similarly I am looking for many features : where I want to control the permission to user on (A & B ) like : If the binaries of tomcat is available on machine say : A , if the user can install (now
it ask for ADMIN credentials)
Thanks
Mike~EdControlling services with Group Policy is done under Computer Configuration\Policies\Windows Settings\Security Settings\System Services.
The limitation is that system services can only see the services the computer running the Group Policy management console. To access other services, you will either need to create the services on your computer (install the software the adds the service)
or install the remote server administration toolkit (RSAT) on the computer with the service already on it.
If my answer helped you, check out my blog:
Deploy Happiness
Maybe you are looking for
-
Report won't print in Landscape
Post Author: williamk CA Forum: General Hello all, I have a report that was created and published as a Landscape report. However when I go to print it from the Crystal Report ActiveX Viewer it wants to print it as Portrait. This problem seems to be
-
Flash Builder 4.7 refactoring is broken
I'm unable to rename methods or classes in Flash Builder 4.7. Attempting to refactor gives this error: "An unexpected exception occurred while performing the refactoring. See the error log for more details." This happens in all my projects. I've recr
-
all of a sudden over night the bottom part of my screen does not react to touch i have moved the bottom row icons through itunes but this still doesnt allow me to use this section of the screen once im inside an app. such as banking?????????
-
Hi, I am new to HFM.Can any one pls clarify me these... Do we build meta data at HFM or FDM? When New members to be added, what do we do? Do we always manage meta data through FDM? Thanks in advance.
-
I have created a form for my clients to order their photos for different events. They can submit their form via email. My concern is how secure is their personal information, including their credit card? They tell me they are concern because the form