Automatic Windows Update via Group Policy in Windows 8

Hi,
I have created a new GPO to place some settings on the Automatic Update to all my client pcs. The settings applied as the image i uploaded below. The problem is that this GPO were successfully applied to all my Windows 7 machine but not Windows 8.1 machines.
Is there anything that i missed or i should know about Windows 8.1 automatic update configuration via Group Policy?. I've tried to google but cant find any guidance that relates. I'm not using WSUS. Appreciates any advise. Thanks.
Cheers, Sparcx [MCTS,MCITP-EA]

Hi Leon, yes i have read the blog that you gave, It says that Windows 8 requires a KB update to roll the changes that will solve this issue. However its also said that the update is included in Windows 8.1 and there's no need to update to solve the Automatic
Update behaviour via Group Policy as mentioned. Also tried to apply the KB update suggested, but failed. It is not for Windows 8.1 platform. Is there any other suggestion? I kinda stuck here..
Cheers, Sparcx [MCTS,MCITP-EA]

Similar Messages

  • Disabling windows update via group policy

    hi,
    i would like to disable automatic windows upate via group policy on windows server 2008. is it possible?
    thanks.
    sundeep

    hi,
    disabling the automatic update is not a recommended practice, but here are the steps,
    Click Start, and then click
    Run.
    Type gpedit.msc, and then click
    OK.
    Expand Computer Configuration.
    Right-click Administrative Templates, and then click
    Add/Remove Templates.
    Click Add, click
    Wuau.admin the Windows\Inf folder, and then click Open.
    Click Close.
    Under Computer Configuration, expand
    Administrative Templates, expand Windows Components, and then expand Windows Update.
    The Configure Automatic Updatespolicy appears. This policy specifies whether the computer receives security updates and other important downloads through the Windows Automatic Updates feature. The settings for this policy let you specify if
    automatic updates are enabled on the computer. If the service is enabled, you must select one of the three configuration options.
    To view the policy settings, double-click the
    Configure Automatic Updatespolicy.
    To turn on Automatic Updates, click
    Enabled or to turn off select
    Disabled
    hope this helps
    thanks

  • Block Patch KB3002657 from installing/being available via Windows Update via Group Policy

    Hi Everyone,
    Been hearing a lot of issues around with KB3002657 causing Authentication issues. We've recently appeared to have similar issues. I'm currently getting out SCCM guru's to run
    an inventory on our environment to review if we have had this deployed to our environment, either by Windows Update (manual), SCCM/Wsus etc. If we do we're looking to have this removed and not deployed via our normal mechanisms to stop any production outages.
    I would like to see if it is possible to block/hide this update from being visible from Windows Update, possibly by Group Policy.
    From memory Microsoft created specifc ADM templates for blocking updated for Internet Explorer version to assist with the same type of issues (i.e. to stop IE from being updated
    via Automatic Updates). Would there by anything like this available for this update, or does anyone know of another way (specifc Registry settings or ADM files that could be edited) to achieve this?
    Thanks in advance.
    Simon

    Please, see solution:
    The V2 release of MS15-027 / KB 3002657 that resolves NTLM v2
    authentication failures by Windows Server 2003 DCs is available: 
    The X86 version is at http://www.microsoft.com/en-us/download/details.aspx?id=46147
    The ia64 version is at: http://www.microsoft.com/en-us/download/details.aspx?id=46204
    The amd64 is at: http://www.microsoft.com/en-us/download/details.aspx?id=46054
    Best Regards, Andrei ...
    Microsoft Certified Professional

  • RDS 2012 R2 - How do I lockdown access to Local Computer Management and Windows Backup via Group Policy

    Greetings all,
    I am needing assistance in how to lockdown access to Local Computer Management and Windows Backup via Group Policy for users that access RDS service. I have followed this awesome guide - h t t p://w w w.it.ltsoy.com/windows/lock-down-remote-desktop-services-server-2012/
      - but it is missing two important resources that I would like to lock down.Currently, I have successfully locked down Control Panel for users via Group Policy, but I cannot find any group policy or guide on how to restrict user access
    to Computer Management (different to Server Manager). When using Win-X shortcut to open the 'Administrator's shortcuts' near the windows icon, I have locked down everything except Computer Management. Computer Management gives direct access to Disk Management,
    Shares etc, which are locked down for users. But Windows Server Backup is still accessible. Can someone please guide me on how to restrict access to both Computer Management and Windows Server Backup.
    Thanks in advance.
    Terry.

    Prevent running of Windows Server Backup
    Computer Configuration\Policies\Windows Settings\Security Settings\File System
    Right click on File System - Add File - Drill down to \System32\wbadmin.msc
    On the Database Security ACL that pops up - Remove Creator Owner, Remove Users and check Adminstrators have Full Access.
    On the Object window - choose Propagate inheritable permissions to all... (Default)

  • Updating Existing Install and adding extensions via Group Policy

    We have recently installed StarOffice 8 due a full planned move away from Microsoft Office 2003, we have deployed the CD install via group policy to test the functionality of StarOffice in a school environment. Due to a problem cropping images in Writer (cropooo 0.2.1 extension needed) we are having to update to the latest patch ver10 (300+pc's). Is there a way to automate this via GPO? We only have the standard version of staroffice 8 and not the enterprise CD so we can not make a custom transform file. Also can extensions be deployed via Group Policy? We are runnning a Windows 2k3 server with XP clients.

    Network Deployment of Adobe Flash Player
    I found this link http://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.html
    It is a good idea to extract the msi the deployment data point using msiexec /a {filename} (this creates an administrative installer)
    Use the extracted MSI to deploy flash. (either assigned or published)
    Please make sure that the user can read from the data point you place the files.

  • Enable auto update while deploying Reader 11 via group policy

    I would like to push the latest adobe reader 11 out via group policy. I have tried using the adobe customization wizard but I am unable to set the installs to auto update. They default to download the update and prompt the user. I do'nt want the user to be prompted at all. I just want it to automatically update. Is there an easy way to deploy this?
    I would like it to be like flash. You can deploy the mms.cfg file and it configured flash to auto update.
    Thanks,
    Justin

    I would like to push the latest adobe reader 11 out via group policy. I have tried using the adobe customization wizard but I am unable to set the installs to auto update. They default to download the update and prompt the user. I do'nt want the user to be prompted at all. I just want it to automatically update. Is there an easy way to deploy this?
    I would like it to be like flash. You can deploy the mms.cfg file and it configured flash to auto update.
    Thanks,
    Justin

  • How to control IE10's "Compatibility View settings" via Group Policy

    First
    of all thanks for taking the time to read this.  I must let you know that I have limited experience with Group Policy so here it goes...
    Domain Controllers are 2008 R2 Datacenter and client computers are Win7 Pro with IE10
    I need to add several sites to the "Compatibility View settings" in IE10 and have these pushed out via Group Policy.
    I followed this to enable the "Use Policy List of Internet Explorer 7 sites:"
    Use
    Policy List of Internet Explorer 7 sites
    I even added the settings to both User Configuration as well as Computer Configuration.  However the computers on the domain wouldn't show these sites in
    IE even after forcing a GP update (gpupdate /force)
    Yes I did use top level domain names.
    Next I installed the Administrative Templates for Windows Internet Explorer 10 on the DC:
    Administrative Templates for Windows Internet Explorer 10
    this gave me an Inetres.adm file while I put in the same location as my other .adm files that Group Policy Manager sees (located at C:\Windows\SYSVOL\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Adm)
    I do see a bunch of .ADMX files located at C:\Windows\PolicyDefinitions
    on the DC.  I also see a lot of .ADML files located at C:\Windows\PolicyDefinitions\en-US.
    Where is my Central Store located that my Group Policy references?  How do I know what location GP is reading from?
    Now I installed the Administrative Templates (ADMX) for Windows Server 2008 R2 and Windows 7 from here:
    Administrative Templates (ADMX) for Windows Server 2008 R2 and
    Windows 7
    This gave me a "Win7-2008R2-admx.msi" package that I installed.  I took the defaults and extracted contents to:
    C:\Windows\PolicyDefinitions\Server 2008 Win7\PolicyDefinitions
    Are all of these .ADMX files supposed to be placed into my Central Store?
    If I mouse-over "Administrative Templates" in Group Policy Manager is says that the policy definitions are retrieved from the local machine.
    I then right-clicked on top of "Administrative
    Templates" in Group Policy Manager and highlighted Inetres and selected Delete.
    While in Add/Remove Templates I click on Add and it defaults to looking for "Policy Templates" and will not let me select and .ADM/.ADML/.ADMX files.
    What am I doing wrong here?
    How do I know that I'm using the most recent Inetres file?
    How do I know which file Group Policy Manager is using to manage the IE settings that are in:
    User Configuration->Administrative Templates->Windows Components->Internet Explorer->Compatibility View->Use Policy List of Internet
    Explorer 7 sites
    or
    Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Compatibility View->Use Policy List of
    Internet Explorer 7 sites.
    Is there anything else you can suggest?
    Many, many thanks in advance for any response

    Hi,
    Regarding your question, usually we create a Central Store for Administrative Templates (Both .admx and .adml files), and create a folder that is named PolicyDefinitions in the following location:
    \\FQDN\SYSVOL\FQDN\policies. The .adml files on the Windows computer
    are stored in a language-specific folder. For example, English (United States) .adml files are stored in a folder that is named "en-US." When you have copied all .admx and .adml files, the PolicyDefinitions folder on the domain controller should contain the
    .admx files and one or more folders that contain language-specific .adml files.
    Please refer to the following articles. You will get more helpful details about the Central Store for Group Policy Administrative Template files.
    How to create the Central Store for Group Policy Administrative Template files in Windows Vista
    http://support.microsoft.com/kb/929841
    Windows 7, Windows Server 2008 R2 and the Group Policy Central Store
    http://blogs.technet.com/b/askds/archive/2009/12/09/windows-7-windows-server-2008-r2-and-the-group-policy-central-store.aspx
    Based on your description, I understand you enable the setting “Use Policy List of Internet Explorer 7 sites”. However, didn’t show any sites in IE in client even after forcing a GP update
    (gpupdate /force). Please use command “gpresult” in clients to collect the GPOs, and then check whether the GPO contain the setting “Use Policy List of Internet Explorer 7 sites” was applied to clients or wasn’t.
    In addition, you also can change the related setting by using registry directly.
    Follow the path of the registry:
    HKEY_CURRENT_USER->Software->Policies->Microsoft->Internet Explorer->BrowserEmulation->PolicyList. (Create registry folders
    manually if not present)
    Right Click
    PolicyList ->New->String Value->Enter the name of the website. (Both under ‘Name’ and ‘Data’. For example,
    Value name: example.com Value data: example.com)
    There is a similar question, please read as a reference.
    Add manually URL on Compatibility View List in IE10
    http://social.msdn.microsoft.com/Forums/ie/en-US/5a15e861-d106-471e-a968-fdea15e31c45/add-manually-url-on-compatibility-view-list-in-ie10
    Hope this helps.
    Best regards,
    Justin Gu

  • Change settings to "Always Allow" via Group Policy

    We upgraded our Flash Players from v6 to v8 (I know v9 is out
    we haven't go there yet) a couple months ago, and we've just
    noticed that we can not access some of our local stored Flash
    content. Then error we get is "Macromedia Flash Player has stopped
    a potentially unsafe operation. The following local application on
    your computer your computer or network:
    H:\some\network\file.swf: localhost"
    I found on Adobe's website how I could add the site/file as a
    trusted location via the Settings Manager Global Security Settings
    panel. Problem is that I can't seem to figure how to accecss the
    Security panel, unless I do it from a computer which has internet
    access, which my network does not. Also once I make these changes I
    don't know how I can push out this change to all the computers on
    my network. I thought I could do it via windows group policy, but I
    don't see any documentation from adobe showing what registry
    keys/files need to be updated/changed to make these certain
    settings via group policy. Can anyone help?

    I found that if I copy the settings.sol to a users profile,
    but I have over 1000+ users on our network......surely there's got
    to be an easier way?!?!?!?

  • Installing Flash Player V 10.2.153.1 Via Group Policy

    Recently i tried to upgrade our existing flash player V10.2.152.32, to V 10.2.153.1 Via Group Policy.
    But the group policy keep failing, during the investigation phase i have enabled logging to try to troubleshoot the installation steps, and possibly find a solution, but so far am clueless on a solution. I have included the installation log please help.
    === Logging started: 11/04/2011  15:29:46 ===
    Action start 15:29:46: INSTALL.
    Action start 15:29:46: ISSetAllUsers.
    InstallShield 15:29:46: Begin SetAllUsers()
    InstallShield 15:29:46: Getting records from Upgrade table
    InstallShield 15:29:46: UpgradeCode: {42463807-970B-4257-BC95-5C348D61DF1C}    MinVersion: 6.0.0.0    MaxVersion: 10.2.153.1    Language:     Attributes: 769
    InstallShield 15:29:46: Checking related product {148D9D03-5D23-4D4F-B5D0-BA6030C45DCF}
    InstallShield 15:29:46:     Adobe Flash Player 10 ActiveX    {148D9D03-5D23-4D4F-B5D0-BA6030C45DCF}    1033         ***Related***
    InstallShield 15:29:46: ALLUSERS of related product {148D9D03-5D23-4D4F-B5D0-BA6030C45DCF} is = 1
    InstallShield 15:29:46: End SetAllUsers()
    Action ended 15:29:46: ISSetAllUsers. Return value 1.
    Action start 15:29:46: AppSearch.
    Action ended 15:29:46: AppSearch. Return value 0.
    Action start 15:29:46: LaunchConditions.
    Action ended 15:29:46: LaunchConditions. Return value 1.
    Action start 15:29:46: SetupInitialization.
    Info 2898.For Tahoma8 textstyle, the system created a 'Tahoma' font, in 0 character set.
    Info 2898.For TahomaBold10 textstyle, the system created a 'Tahoma' font, in 0 character set.
    Action ended 15:29:46: SetupInitialization. Return value 1.
    Action start 15:29:46: FindRelatedProducts.
    Action ended 15:29:46: FindRelatedProducts. Return value 1.
    Action start 15:29:46: ValidateProductID.
    Action ended 15:29:46: ValidateProductID. Return value 1.
    Action start 15:29:46: CostInitialize.
    Action ended 15:29:46: CostInitialize. Return value 1.
    Action start 15:29:46: FileCost.
    Action ended 15:29:46: FileCost. Return value 1.
    Action start 15:29:46: IsolateComponents.
    Action ended 15:29:46: IsolateComponents. Return value 0.
    Action start 15:29:46: setUserProfileNT.
    Action ended 15:29:46: setUserProfileNT. Return value 1.
    Action start 15:29:46: setAllUsersProfile2K.
    Action ended 15:29:46: setAllUsersProfile2K. Return value 1.
    Action start 15:29:46: ResolveSource.
    Action ended 15:29:46: ResolveSource. Return value 1.
    Action start 15:29:46: CostFinalize.
    Action ended 15:29:46: CostFinalize. Return value 1.
    Action start 15:29:46: MigrateFeatureStates.
    Action ended 15:29:46: MigrateFeatureStates. Return value 1.
    Action start 15:29:46: InstallWelcome.
    Action ended 15:29:48: InstallWelcome. Return value 1.
    Action start 15:29:48: SetupProgress.
    Info 2898.For MSSansBold8 textstyle, the system created a 'Tahoma' font, in 0 character set.
    Info 2898.For MSSWhiteSerif8 textstyle, the system created a 'Tahoma' font, in 0 character set.
    Action ended 15:29:48: SetupProgress. Return value 1.
    Action start 15:29:48: ExecuteAction.
    Action start 15:29:49: INSTALL.
    Action start 15:29:49: ISSetAllUsers.
    Action ended 15:29:49: ISSetAllUsers. Return value 0.
    Action start 15:29:49: AppSearch.
    Action ended 15:29:49: AppSearch. Return value 0.
    Action start 15:29:49: LaunchConditions.
    Action ended 15:29:49: LaunchConditions. Return value 1.
    Action start 15:29:49: FindRelatedProducts.
    Action ended 15:29:49: FindRelatedProducts. Return value 0.
    Action start 15:29:49: ValidateProductID.
    Action ended 15:29:49: ValidateProductID. Return value 1.
    Action start 15:29:49: CostInitialize.
    Action ended 15:29:49: CostInitialize. Return value 1.
    Action start 15:29:49: FileCost.
    Action ended 15:29:49: FileCost. Return value 1.
    Action start 15:29:49: IsolateComponents.
    Action ended 15:29:49: IsolateComponents. Return value 0.
    Action start 15:29:49: CostFinalize.
    Action ended 15:29:49: CostFinalize. Return value 1.
    Action start 15:29:49: SetARPINSTALLLOCATION.
    Action ended 15:29:49: SetARPINSTALLLOCATION. Return value 1.
    Action start 15:29:49: SetODBCFolders.
    Action ended 15:29:49: SetODBCFolders. Return value 0.
    Action start 15:29:49: MigrateFeatureStates.
    Action ended 15:29:49: MigrateFeatureStates. Return value 0.
    Action start 15:29:49: InstallValidate.
    Action ended 15:29:49: InstallValidate. Return value 1.
    Action start 15:29:49: RemoveExistingProducts.
    Action start 15:29:49: INSTALL.
    Action start 15:29:49: ISSetAllUsers.
    InstallShield 15:29:49: Begin SetAllUsers()
    InstallShield 15:29:49: Getting records from Upgrade table
    InstallShield 15:29:49: UpgradeCode: {42463807-970B-4257-BC95-5C348D61DF1C}    MinVersion: 6.0.0.0    MaxVersion: 10.1.102.64    Language:     Attributes: 769
    InstallShield 15:29:49: Checking related product {148D9D03-5D23-4D4F-B5D0-BA6030C45DCF}
    InstallShield 15:29:49:     Adobe Flash Player 10 ActiveX    {148D9D03-5D23-4D4F-B5D0-BA6030C45DCF}    1033         ***Related***
    InstallShield 15:29:49: ALLUSERS of related product {148D9D03-5D23-4D4F-B5D0-BA6030C45DCF} is = 1
    InstallShield 15:29:49: End SetAllUsers()
    Action ended 15:29:49: ISSetAllUsers. Return value 1.
    Action start 15:29:49: AppSearch.
    Action ended 15:29:49: AppSearch. Return value 0.
    Action start 15:29:49: LaunchConditions.
    Action ended 15:29:49: LaunchConditions. Return value 1.
    Action start 15:29:49: FindRelatedProducts.
    Action ended 15:29:49: FindRelatedProducts. Return value 1.
    Action start 15:29:49: ValidateProductID.
    Action ended 15:29:49: ValidateProductID. Return value 1.
    Action start 15:29:49: CostInitialize.
    Action ended 15:29:49: CostInitialize. Return value 1.
    Action start 15:29:49: FileCost.
    Action ended 15:29:49: FileCost. Return value 1.
    Action start 15:29:49: IsolateComponents.
    Action ended 15:29:49: IsolateComponents. Return value 0.
    Action start 15:29:49: CostFinalize.
    Action ended 15:29:49: CostFinalize. Return value 1.
    Action start 15:29:49: SetARPINSTALLLOCATION.
    Action ended 15:29:49: SetARPINSTALLLOCATION. Return value 1.
    Action start 15:29:49: SetODBCFolders.
    Action ended 15:29:49: SetODBCFolders. Return value 0.
    Action start 15:29:49: MigrateFeatureStates.
    Action ended 15:29:49: MigrateFeatureStates. Return value 0.
    Action start 15:29:49: InstallValidate.
    Action ended 15:29:49: InstallValidate. Return value 1.
    Action start 15:29:49: RemoveExistingProducts.
    Action ended 15:29:49: RemoveExistingProducts. Return value 0.
    Action start 15:29:49: InstallInitialize.
    Action ended 15:29:54: InstallInitialize. Return value 1.
    Action start 15:29:54: CallExeUninstaller.
    Action ended 15:29:54: CallExeUninstaller. Return value 1.
    Action start 15:29:54: MakePropsAvailable.
    Action ended 15:29:54: MakePropsAvailable. Return value 1.
    Action start 15:29:54: AllocateRegistrySpace.
    Action ended 15:29:54: AllocateRegistrySpace. Return value 1.
    Action start 15:29:54: ProcessComponents.
    Action ended 15:29:54: ProcessComponents. Return value 1.
    Action start 15:29:54: UnpublishComponents.
    Action ended 15:29:54: UnpublishComponents. Return value 0.
    Action start 15:29:54: UnpublishFeatures.
    Action ended 15:29:54: UnpublishFeatures. Return value 1.
    Action start 15:29:54: StopServices.
    Action ended 15:29:54: StopServices. Return value 1.
    Action start 15:29:54: DeleteServices.
    Action ended 15:29:54: DeleteServices. Return value 1.
    Action start 15:29:54: UnregisterComPlus.
    Action ended 15:29:54: SelfUnregModules. Return value 1.
    Action start 15:29:54: SelfUnregModules.
    Action ended 15:29:54: SelfUnregModules. Return value 1.
    Action start 15:29:54: UnregisterTypeLibraries.
    Action ended 15:29:54: UnregisterTypeLibraries. Return value 0.
    Action start 15:29:54: RemoveODBC.
    Action ended 15:29:54: RemoveODBC. Return value 1.
    Action start 15:29:54: UnregisterFonts.
    Action ended 15:29:54: UnregisterFonts. Return value 1.
    Action start 15:29:54: RemoveRegistryValues.
    Action ended 15:29:54: RemoveRegistryValues. Return value 1.
    Action start 15:29:54: UnregisterClassInfo.
    Action ended 15:29:54: UnregisterClassInfo. Return value 0.
    Action start 15:29:54: UnregisterExtensionInfo.
    Action ended 15:29:54: UnregisterExtensionInfo. Return value 0.
    Action start 15:29:54: UnregisterProgIdInfo.
    Action ended 15:29:54: UnregisterProgIdInfo. Return value 0.
    Action start 15:29:54: UnregisterMIMEInfo.
         7 Action ended 15:29:54: RemoveIniValues. Return value 1 Action start 15:29:54: RemoveShortcuts.
    Action ended 15:29:54: RemoveIniValues. Return value 1.
    Action start 15:29:54: RemoveShortcuts.
    Action ended 15:29:54: RemoveShortcuts. Return value 0.
    Action start 15:29:54: RemoveEnvironmentStrings.
    Action ended 15:29:54: RemoveEnvironmentStrings. Return value 1.
    Action start 15:29:54: RemoveDuplicateFiles.
    Action ended 15:29:54: RemoveDuplicateFiles. Return value 1.
    Action start 15:29:54: RemoveFolders.
    Action ended 15:29:54: RemoveFolders. Return value 1.
    Action start 15:29:54: CreateFolders.
    Action ended 15:29:54: CreateFolders. Return value 1.
    Action start 15:29:54: MoveFiles.
       tion ended 15:29:54: MoveFiles. Return value 1.
    Action start 15:29:54: InstallFiles.
    Action ended 15:29:54: InstallFiles. Return value 1.
    Action start 15:29:54: NewCustomAction1.
    Info 2835.The control ErrorIcon was not found on dialog SetupError.
    Error 2753.The File 'InstallAX.exe' is not marked for installation.
    MSI (s) (3C:70) [15:29:56:473]: Product: Adobe Flash Player 10 ActiveX -- Error 2753.The File 'InstallAX.exe' is not marked for installation.
    Action ended 15:29:56: NewCustomAction1. Return value 3.
    Action ended 15:29:56: INSTALL. Return value 3.
    Action ended 15:29:56: RemoveExistingProducts. Return value 3.
    Action ended 15:29:56: INSTALL. Return value 3.
    Action ended 15:29:56: ExecuteAction. Return value 3.
    Action start 15:29:56: SetupCompleteError.
    Action ended 15:29:57: SetupCompleteError. Return value 2.
    Action ended 15:29:57: INSTALL. Return value 3.
    === Logging stopped: 11/04/2011  15:29:57 ===
    MSI (c) (40:60) [15:29:57:692]: Product: Adobe Flash Player 10 ActiveX -- Installation operation failed.
    MSI (c) (40:60) [15:29:57:692]: Windows Installer installed the product. Product Name: Adobe Flash Player 10 ActiveX. Product Version: 10.2.153.1. Product Language: 1033. Installation success or error status: 1603.
    ========================================================================================== ========================
    Please note that i have unloaded the antivirus and conducted the installation with no luck.

    Today i have tried installing flash manually via the web interface that worked fine. im not sure now if the MSI file provided by adobe is faulty. can someone please explain.
    Manuall install is not a solution for me as i have over 300 machine that i need to deploy flash to.

  • Disable Private Browsing via Group policy

    We are a medium sized business using Firefox 27.0.1. I have been looking for a way to control private browsing via group policy for a while but there are no clear answers on how a system administrator can do this without a convoluted process of editing files that can't be found anywhere on a computer.
    Our environment:
    windows 2008 DC
    using group policy
    500 users, all windows
    Do not use any proxy or L7 filtering
    I've looked into using the adm file that is available from the link below. I've sifted through the code and followed instructions for the lockdown process for Computer and User configuration; however, nothing works.
    http://4sysops.com/archives/group-policy-for-firefox-and-chrome/#download-the-adm-files
    If someone can point me to a registry entry or a vbs file that can be used as a start up script, it would be greatly appreciated by myself and all the system administrators of the world that are trying to decrease private browsing in organizations.
    Between the 3 major browsers we are using on our Windows platform (IE, Chrome Firefox); Firefox seems to be a challenge to control. I have been successful in controlling settings via group policy for the other two. I'm working on a cumulative step by step document for this and will share with the world when I am able to configure Firefox.

    Thanks for those suggestions; however, they don't help sysadmins that already have the non-enterprise version in their environment. From what I gather, there really isn't a straightforward way of doing this via group policy in a Windows environment without first removing the app and then deploying it with customizations (using tools suggested).
    I guess I'll go with the answer "No, there isn't a straighforward way of controlling Firefox through Group policy".

  • How to deploy a file on all users C drive via group policy

    I'm trying to deploy a file on all users C drive via group policy but its not working. logon script is already kept in place but nothing is happening. If I run the same command from my pc it's working fine. Does any one have good script to copy & deploy
    the file. Pls help

    Hi,
    You can use Group Policy Preferences to deploy this and Item-level-Targetting to filter by OUs/groups, wmi filters ,etc.
    Computer Configuration / User Configuration - Preferences - Windows Settings - Files
    More on this here.
    http://technet.microsoft.com/en-us/library/cc772536.aspx
    Hope this helps.
    Regards,
    Calin

  • Block USB drive via Group Policy but keyboard, mouse, printers will work

    Hi
    We are using Windows Server 2008 R2 Std Edition and on clinet XP SP2
    We want to block USB Storage via Group Policy and allow Keyboard and mouse to work.
    Any suggestion will appreciate.
    regards
    Arvind
    Arvind

    Hi,
    In 2008 you can use the below GPO.
    User Configuration \ Administrative Templates \ System \ Removable Storage Access \ All Removable Storage classes: Deny all access.
    Force a Restart to Ensure Removable Storage Access Policy is Enforced
    http://technet.microsoft.com/en-us/library/cc771896(v=WS.10).aspx
    Deny All Access to Removable Devices or Media
    http://technet.microsoft.com/en-us/library/cc772540(v=WS.10).aspx
    For "legacy" clients:
    http://support.microsoft.com/kb/555324
    Regards,
    Rafic
    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

  • Force UAC on via Group Policy

               I have looked all around but have not really found a solution to this problem. How do I lock UAC on via Group Policy so that no one can change it except via Group Policy and all the settings
    are greyed out even for administrators? I just want it on the default settings and left alone. If I wanted to do something similar for Windows Firewall or Internet Explorer settings, it seems easy, but UAC seems to be different. Unfortunately I have situations
    at clients where this setup is necessary and unavoidable.

    Hi,
    This can be done via Local Group Policy or via Active Directory-based GPO, which is much more suited for large networks where one would like to disable UAC for many computers at once.
    If using Local Group Policy you'll need to open the Group Policy Editor (Start > Run > gpedit.msc) from your computer.
    If using in AD-based GPO, open Group Policy Management Console (Start > Run > gpmc.msc) from a Vista computer that is a member of the domain. In the GPMC window, browse to the required GPO that is linked to the OU or domain where the Vista computers
    are located, then edit it.
    1.In the Group Policy Editor window, browse to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
    2.In the right pane scroll to find the User Access Control policies (they're down at the bottom of the window). You need to configure the following policies:
    User Account Control: Behavior of the elevation prompt for……
    User Account Control: Detect application installations and……
    User Account Control: Run all administrators in Admin App……
    3.You'll need to reboot your computers.
    There is a detial Microsoft official website on Configuring UAC via Group Policy:
    UAC Group Policy Settings and Registry Key Settings
    http://technet.microsoft.com/en-us/library/dd835564(WS.10).aspx
    Hope it helps.
    Regards,
    Blair Deng
    Blair Deng
    TechNet Community Support

  • Install Flash player via group policy

    How can I install flash player and shockwave via group policy
    on a windows 2003 domain?

    Network Deployment of Adobe Flash Player
    I found this link http://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.html
    It is a good idea to extract the msi the deployment data point using msiexec /a {filename} (this creates an administrative installer)
    Use the extracted MSI to deploy flash. (either assigned or published)
    Please make sure that the user can read from the data point you place the files.

  • Hit with Virus that executed via PowerShell Scripting. Can I disable Powershell on my network via Group Policy and what implications does that have for me.

    Our network was hit recently with virus previously unknown, O97M.Crigent.  It is a nasty Macro virus that targets Microsoft Office Documents & Spreadsheets and uses a combination of Macros and Scripts via Powershell. 
    How do I disable PowerShell scripting via Group Policy?
    Will this raise any issues such as random application or network failures or other issues?
    Can I apply it to the entire domain or should I be selective and only apply it to the workstations?
    Network Summary: Windows 2008 Active Directoy Server, 75% Windows 7, 25% Windows XP workstations.
    DouglasOfSanMarcos

    Disabling Windows PowerShell can be done with GPO:
    Computer Configuration | Administrative Templates | Windows Components | Windows PowerShell
    From GPO Description: "This setting exists under both "Computer Configuration" and "User Configuration" in the group policy editor. The "Computer Configuration" has precedence over "User Configuration."
    By default this option is restricted any way on computers.
    I would be very selective when apply it at all:
    Workstations - I would apply to test group of workstations first, just to see that there are no side effects before applying to all computers. 
    Server - I wouldn't apply it at all. I have seen too many issues when setting this policy on Exchange and other systems.
     If you are using a Group Policy to define a PowerShell logon, logoff or computer script, that script will disregard any execution policy set locally or through a GPO.
    http://4sysops.com/archives/set-powershell-execution-policy-with-group-policy/
    http://technet.microsoft.com/en-us/library/hh849812.aspx
    Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

Maybe you are looking for

  • Another Error 8 - but a test account from Ralph's site works....any Ideas??

    iChat Video or Audio: This has yet to work since buying this iMac on the release date 8/7/2007. Person on the other end is a AIM account. The funny thing is I can connect to a test account that Ralph had turned me onto on this forum. Very strange. I

  • Nw-bpm and ccbpm

    hi, can someone explain to me the difference between nw-bpm ("galaxy") and ccbpm (part of nw-pi): -> what is the usage for both? -> how are they related? -> will ccbpm be replaced by nw-bpm some time in the future? -> for new projects, is it still re

  • BI admin cockpit for process chains

    Hi   Currently we are monitoring process chains(Daily data loads) on a daily basis ,Business users want the statstics of the process chains to be implemented in cockpits via BI admin cockpit( BI 7 version) .can some one tell how to implement BI admin

  • Flashing Question Mark Icon

    Hi All, My iMac will not start up. I am getting a flashing question mark folder icon. What should I try? imac G5 20; 1gig RAM; 160HD; airport; bluetooth keyboard & mouse; bose companion 3 speakers   Mac OS X (10.4.8)  

  • Can I transfer files from a Mac and PC that are both on my wireless LAN?

    I've a number of Macs connected to my Wirelesss LAN and also have a PC (Windows XP) that I want to connect to the network. That isn't going to be a problem but I want to know if I can then move files from the "Mac environment" onto the PC. If it's po