Access Connections and Group Policy generated network profiles

Similar Messages

• Unable to see Remote App and Desktop Connection in Group Policy Management Editor

  I am unable to see the Remote App and Desktop Connection in Group Policy Management Editor on my 2012 R2 DC. I am therefore not able configure the connection URL in Access RemoteApp and desktops in our Windows 8.1 client environment.
  Within the Group Policy Under User Configuration, Administrative Templates, Windows Components all I see is:-
  RD Gateway
  Remote Desktop Connection Client
  Remote Desktop Session Host
  But NOT
  Remote App and Desktop Connection
  Which I need. Is there anyway of adding this?

  > I am unable to see the Remote App and Desktop Connection in Group Policy
  > Management Editor on my 2012 R2 DC. I am therefore not able configure
  > the connection URL in Access RemoteApp and desktops in our Windows 8.1
  > client environment.
  http://gpsearch.azurewebsites.net/#8113
  Do you use a central store for ADMX? Is this central store out of date?
  (Means "still contains ADMX from W7/2008R2")
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Can I enable "Use default gateway on remote network" on VPN connection using Group Policy?

  Hi,
  First timer here so please bear with me!
  Environment: Domain Windows 2003, Clients: Windows 7 and Windows XP (with Client Side Extensions pushed out)
  When creating a VPN connection on a client machine manually with default settings the "Use default gateway on remote network" found in [Connection Properties - Networking - IPv4 - Advanced] is enabled, which is good as we don't allow split-tunneling.
  I have a test GPO that creates a new VPN Connection [Computer Config - Preferences - Control Panel - Network Options], but the above setting is unticked.
  Am I missing something on the options for the GP preference to set this automtically?
  I can write a script to directly change the C:\Users\All Users\Microsoft\Network\Connections\Pbk\rasphone.pbk file but would prefer if I could sort it all out using Group Policy.
  Any help would be greatly appreciated!
  Thanks a lot!
  David

  Shane,
  There is actually a way to set the "Use default gateway on remote network" through Group Policy Preferences. And this may even be a better way to do it, because you may change this flag without touching any other settings, or other VPN connections.
  (All VPN connections are stored in the same .pbk file.)
  Here's the trick: Opening the .pbk file in notepad, I realized that this is actually an oldstyle ini-structured file. And Group Policy Preferences can update ini files! In the .pbk file the section names are the VPN connections names, like [My VPN],
  and the property IpPrioritizeRemote is the flag "Use default gateway on remote network".
  So, in Group Policy Management Editor, go to Preferences / Windows Settings / Ini Files.
  Create a new object with Action = Update, and File Path =
  C:\ProgramData\Microsoft\Network\Connections\pbk\rasphone.pbk
  (If this is where your file is located, I guess it is in c:\users if the VPN connection is made for a single user.)
  Section Name should be the display name of your VPN connection, without the brackets.
  Property Name = IpPrioritizeRemote
  Property Value = 1
  Peter, www.skov.com, Denmark
  Peter :-)
  This is great, but just one question. I also want to append a list of DNS Sufixes in order (when viewing a VPN properties, this is buried in
  "Networking --> IPv4/6 --> Advanced --> DNS --> Append these DNS Suffixes (in order)". However, for the VPNs I have manually created with this list populated, I can't see any entries in the rasphone.pbk. Does anyone know
  where these are stored?
  Cheers.

• Configuring group policy for user profiles in Windows Server 2012 R2 Domain

  Requesting some experts advise on configuring group policy for user profiles.
  We will be building new Windows Server 2012 R2 Domain Controllers (Domain of 400 users).
  The settings which I am concerned:
  1. Folder Redirection: Desktop, Documents, Favorites.
  2. Quota for Folder Redirection - 1 GB per user.
  3. Map a networked drive - 1 GB per user.
  4. Roaming profile - (Will ignore if it does not suit our requirement). 
  The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
  FYI, E-mails hosted on MS Office365 and OST file size of few users more than 25GB. So, in case the user moves from one computer to other, the entire mailbox will be downloaded via internet. This consumes high bandwidth if more than 3-4 users shift per day.
  Thanks a lot for your valuable time and efforts.

  Hi,
  >>The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
  This depends on where our outlook data files are stored. If these data files are stored under
  drive:\Users\<username>\AppData\Local, then these files can’t be redirected, for folder redirection can’t redirect appdata local or locallow.
  However, regarding your question, we can refer to the following thread to find the solution.
  Roam outlook profiles without roaming profiles
  http://social.technet.microsoft.com/Forums/office/en-US/3908b8e0-8f44-4a34-8eb5-5a024df3463e/roam-outlook-profiles-without-roaming-profiles
  In addition, regarding how to configure folder redirection, the following article can be referred to for more information.
  Configuring Folder Redirection
  http://technet.microsoft.com/library/cc786749.aspx
  Hope it helps.
  Best regards,
  Frank Shen

• Windows 7 DNS and Group Policy Issues

  Hi,
  We have several suites of Windows 7 domain connected PC's.
  In one of the suites I have been called into look at 3 different PC's where the users have not got mapped drives, desktop backgrounds, internet connectivity - because their group policies have not applied.
  When I look at the error logs I find DNS 1014 errors, and Group Policy 1054 errors.
  I have looked at the logs on the switches, and there is nothing on them - Could a pupil pulling the network cable out cause these errors?... Possibly they could have put it back in before I got back in the room.
  The user logs off of the PC and back on again and are fine, as are the users that logon after them.
  We have 2 DC's/DNS servers, which I would have thought would be able to cope with the load here.
  Please let me know what you think the likely cause could be.

  Hello John555444,
  What is your current situation?
  Is this issue resolved?
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• Windows 8.1 cannot connect to group policy client service

  Windows 8.1 laptop under administrator account has this "cannot connect to group policy client service" error.Found the following instructions on internet but I don't see this "Replace owner on subcontainers and objects" box on Permissions/Advanced
  popup windows ???
  Could anyone help ?
  Change the permissions on the relevant keys configuring the Group Policy Client service to allow Full Control to Administrators
  Open regedit (Start > type regedit in the search box) and navigate to:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc
  Right-click the registry key and choose Permissions.
  Click Advanced, then click Owner.
  Choose Administrators and check the Replace owner on subcontainers and objects box.
  Exit the permissions dialog and then open it again.
  Click Advanced, then choose Administrators and click
  Edit…
  Check Replace all child object permissions with inheritable permissions from this object.  
  Click OK and confirm; exit.
  Thank you,

  Hello CarLover,
  Based on my test, the option Replace owner on subcontainers and objects exists in Windows 7, but doesn’t exist in Windows 8.1.
  Please take a look at the screenshot about the option in Windows 7.
  Please take a look at the following thread similar to this issue.
  http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/why-wont-windows-connect-to-the-group-policy/b73107f8-8447-4599-87a5-65ecc6a63aa0
  Best regards,
  Fangzhou CHEN
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Access Connection and CP_SecuRemoteSecureClient_NGX_R60_HFA3

  Hi,
  I am having troubles with the Lenovo Access Connections 5 and the Checkpoint RemoteSecureClient for establishing VPN connections. 
  The VPN tunnel will setup when using LAN or WLAN. I have also installed the Vodafone dashboard wich will allow VPN connections. But when i use the access connection the VPN gate way cant be reached. Anything else works with vpn. I can connect to the ISP and i get an IP assigned. Surfing works.
   I hace noticed the checkpox VPN in the Access Connections. I have enabled it and selected my vpn software. Still not working. Disabaled the firewall. Nothing.
  I have noticed that the vodafone dashboard creates a Dail-Up entry while AC 5 just enabled the adaptor device.
  Maybesome one has experience with this problem.
  System
  X301
  OS Win 7
  Access Connections 5
  CP_SecuRemoteSecureClient_NGX_R60_HFA3

  Hi,
  try to open Access Connection and Edit your profile, that you are using for this VPN connection.
  Go to Additional Settings tab and select the "Settings" , that is next to Override TCP/IP and DNS sufix.
  Make sure, that you configure these settings correctly.
  Once this is done, it should work just fine.
  Cheers

• I have gifted an airport extreme to a neighbor and I assumed she would be able to connect and "create a new network" with a new password on her iPhone. That didn't happen. It keeps asking for my password. What next? Thanks!

  I have gifted an airport extreme to a neighbor and I assumed she would be able to connect and "create a new network" with a new password on her iPhone. That didn't happen. It keeps asking for my password. What next? Thanks!

  Have them perform a complete power recycle of their networking hardware. Please check out the following AirPort User Tip for details. Also, make sure that they perform a "factory default" reset on the AirPort (as described in the tip) to be sure to return the AirPort back to its "out-of-th-box" configuration.

• Windows 8.1 Group Policy based Wireless Profiles do not appear to be working

  I'm wondering if anyone else out there has run into the same issue as I am seeing.  The environment is all Server 2012(not R2), with Windows 8.1 clients.  
  I configure a GPO that is linked to the entire domain/authenticated users and contains a Windows Vista and Later wireless network profile.  Let's call it "GPO_Wireless.  It is configured to automatically connect it to a specific SSID, the
  encryption settings are unimportant, as I've tried numerous approaches.  In our case, we're trying to do EAP-TLS with the NPS role.  We have the CA rolled out, NPS has a proper cert, and the clients are auto-enrolling for both Computer and User certs.
   This is all verified as working.  We've also tried straight password authentication.
  I refresh group policy on a Windows 8.1 client and see that Computer Policy "GPO_Wireless" is being applied to the client.  I restart the computer, but it does not connect to the wireless network.
  I run "netsh wlan show profiles" and under "Group Policy Profiles(read only)" it is blank.
  I run gpresult /r /scope computer again, and it shows "GPO_Wireless" is being applied.
  The last note is that Windows 7 clients can connect to the wireless just fine.

  Hi，
  For the client side, I would like to know if the windows 7 as you mentioned used the same Group Police like Windows 8.1.
  Meanwhile, I suggest you try using script as a workaround.
  Regards,
  Kelvin hsu
  TechNet Community Support

• T500: Access Connections and windows wifi management issue PostPosted: Fri Oct 29, 2010 2:31 pm

  Hello all,
  This is my very first post here so please beare with me.
  My T500:
  Product: ThinkPad T500 2056-AK5
  Operating system: Windows 7 Home Premium x64 (but same problem on Ultimate x64)
  Original description: Based 2056-4RG: T9400(2.53GHz), 3GB RAM, 160GB 7200rpm HD, 15.4in 1680x1050 LCD, 256MB ATI Radeon HD3650, CDRW/DVDRW, Intel 802.11agn wireless, Bluetooth, Modem, 1Gb Ether, UltraNav, Sec Chip, FPR, 9c Li-Ion, WinVista Business 32
  The wifi NIC is Intel 5100 AGN, the gigabit is 82567LM. I bought also an Ericsson F3507g Mobile Broadband modem. All are working as supposed.
  The win7 is freshly installed from recovery dvd's, all updates, both Lenovo and Micro$oft are up to date.
  The problem: Access connections seems to be "behind" the automated wifi management of windows 7. I have two, three profiles saved for may home wifi network, my office wifi network and so on. My home network has settings like 192.168.7.xx, no encryption, only MAC registration, the office network has 192.168.4.xx, encryption WPA, therefore a switch is needed everyday between these.
  The problem is that AC doesn't do that, eventually doesn't even switch between locations at all. In AC->Tools location switching is properly set up
  The T500 connects let say at home, then when I starts in the office it connects to the office network but still using my home IP (192.168.7.xx) even if I saved in the profiles different IP numbers for both location. I have tried stopping the windows wifi connection service but then AC stop either.
  This seems to me like windows try and force reconnect to the new network with the old settings, even before AC could interfere with its settings saved in profiles.
  Only 2 things I can do:
  1. in windows' wireless network and sharing center I choose to start manually these networks, then start them manually from AC;
  2. Stop the network as connected automatically by windows (with wrong IP settings) then restart it from AC;
  Both these are frustrating because my good old T60 running winXP did this automatically, without my inference.
  Could anyone help me out of these, please?

  I had similar problems with my T400.  AC would refuse to even show my access point most of the time.   I finally gave up and uninstalled AC.  The Windows 7 wifi management works just fine, but no profiles
  Others on this forum smarter than me insist that AC works with Windows 7, just not for me.  It worked perfectly when running XP on this T and on my T61.
  If you dump AC, do the basic wifi functions work for you?
  Z.
  The large print: please read the Community Participation Rules before posting. Include as much information as possible: model, machine type, operating system, and a descriptive subject line. Do not include personal information: serial number, telephone number, email address, etc.  The fine print: I do not work for, nor do I speak for Lenovo. Unsolicited private messages will be ignored. ... GeezBlog
  English Community   Deutsche Community   Comunidad en Español   Русскоязычное Сообщество

• Access Connections and 2 users

  I run Access Connections 4.42 as default for configuring network access on a T61with XP SP2. When two users are logged in Access Connections fails with: Access Connections is being used by another user... If I click ok,then I'm unable to set any network settings. When I log out second user it takes some minutes because some programs won't stop: The Message appears LPManager has no reaction and then ACWLIconWnd has no reaction.. If I abort immeadiatly by task manager log out proceeds. Then log in to the first user will crash function of ThinkVantage key and you cant start any Lenovo ThinkVantage Programs (Access Connections too). To get proper function you need to reboot.
  Is there any way to make Access Connections working with two users like windows XP manage network connections when several user are loged (Registry settings...)?
  Otherwise how can I stop running Access Connections temporaly when working with two users?
  Is there any  program with quite similar functions for maniging network profiles....?

  wireman wrote:
  I run Access Connections 4.42 as default for configuring network access on a T61with XP SP2. When two users are logged in Access Connections fails with: Access Connections is being used by another user.
  A lurker reviewed this and sent back this message:
  "Fast User Switching.  Since the first user doesn't actually log off, any attempt to use Access Connections by the second user will result in the alert referenced in the post.  It's working as designed."
  English Community   Deutsche Community   Comunidad en Español   Русскоязычное Сообщество
  Jane
  2015 X1 Carbon, ThinkPad Slate, T410s, X301, X200 Tablet, T60p, HP TouchPad, iPad Air 2, iPhone 5S, IdeaTab A2107A, Yoga Tablet, Yoga 3 Pro
  I am not a Lenovo Employee.
  I AM one of those crazy ThinkPad zealots!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!

• How do I setup Active Directory and Group Policy on Windows Server 2012?

  I work for a school district that uses a Windows 2012 server with about 400 Windows 7 PCs and 150 Mac PCs. We are set up with Roaming Profiles on the PCs and would like to be able to setup Active Directory, Group Policy, and Roaming Profiles on our macs. (We also have a mac server that they are using as a file server only) As we are a school, our funds are very low. Now for the questions...
  Is there a software that allow us to accomplish this?
  Is there a free solution or a very reduced price option to do this?
  I heard that http://www.centrify.com/products/mac-edition.asp may accomplish this and I read something about it on here but didn't know if this is what I was really trying to do becuase it was marked as "The Golden Triangle" and did not mention Raoming Profiles. This is the link though: https://discussions.apple.com/message/17200059#17200059
  Any help would be greatly appreciated.

  The above reply does not take into account that I am trying to use GROUP POLICY EDITOR to make it the default browser.

• Access Connection​s Auto Install With Default Profile?

  Is there a way that when access connection installs using thin installer to auto import the default profile I have created?
  Solved!
  Go to Solution.

  Hi jcav404,
  Chapter 4 and Appendix A might ablr to help.
  ThinkVantage Access Connections Profile Deployment guide - Notebooks
  http://support.lenovo.com/en_US/guides-and-manuals​/detail.page?&LegacyDocID=MIGR-52881
  Fred
  T61 + X201i

• Anyconnect tunnel-group and group-policy from LDAP

  Recently we've changed from LOCAL to LDAP authentication and added additional group-policies for different users to increase security.
  To prevent users from selecting an incorrect group-policy, the LDAP server provides a IETF-Radius-Class value which matches the different group-policy names.
  It is my understanding that the authentication method is provided by the tunnel-group.
  tunnel-group DefaultWEBVPNGroup general-attributes
   authentication-server-group LDAP_AD
  This all works, but for _one_ of the group policies i'd like to enable (external) two factor authentication. Two enable two factor auth a 'secondary-authentication-server-group' needs to be set in the tunnel-group.
  Creating a tunnel-group which maches the name of the group-policy doesn't seem to have any effect.  When listing the connected users via "show vpn-sessiondb anyconnect", it always states the correct Group Policy but also always DefaultWEBVPNGroup.
  When enabling the listing of tunnel-groups for webvpn, thus allowing users to select their own tunnel-group, the two factor auth does work.
  To summarize, is it possible to let LDAP decide which tunnel-group is used or is there another way to have different group policies without users being able to choose ?

  Fabian, 
  Your connection lands on a tunnel group and picks a group policy. 
  A typical way to overcome the problem you're indicating is by using group-url. 
  a URL is bound to a specific tunnel-group and allows you to land directly on the one you desire. 
  vide:
  http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html
  M.

• Demoting a DC and Group policy, help needed.

  Hi all,
  so we have 3 domain controllers, lets say dc1,dc2 and dc3. We have the 3rd line assistance from another company, they have advised the following.... 
  SO the stages will be
  1) Can you please go through all the GPO's in DC3 and consolidate what you need and what you do not need, you need to extensively cross reference this with DC1 and DC2, this is something you have to do. As I will not know what you need and what you do
  not. You can do this by logging into each domain controller and opening up the settings of each GPO and cross referencing.
  2) Once the above is done, we will consolidate the GPO's to a central repository in your domain
  3) Backup Sysvol directory and Netlogon folder in DC3
  3) Proceed to dcpromo DC3 out of the domain
  4) Test connectivity if clients to the AD
  5) Add the additional Server options
  6) All of the above can be done during office hours.
  it was my understanding (perhaps wrongly) that the group policies were not on the individual Domain Controllers but in Sysvol and as such replicated anyway?
  any advice would be very much appreciated.

  > I am being told that our Group policies are different across different
  > Domain Controllers and to my knowledge that's impossible as we have
  > discussed it should be in the replicated Sysvol.
  Ok, that's a common problem. Fix it and you will be fine:
  http//support.microsoft.com/kb/2218556 (for DFS-R Replication of Sysvol)
  http://support.microsoft.com/kb/315457 (for NTFRS replication)
  > I'm a bit lost on the central repository aspect but prior to saying it
  > makes no sense I just wanted to check my understanding, especially with
  > an MVP!
  I agree. Talking of a "central repository" fro group policy doesn't make
  sense, because group policy from the very beginning lives in AD and
  sysvol, which both are kind of "central repository". Seems they don't
  really know what they're talking about :)
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))