Cases in which Domain Group Policy settings would be reverted to default settings on a Win7 client

Similar Messages

• Preventing Domain Group Policy from being applied

  How can a user prevent the domain group policy from being applied to his machine? And How can I stop users from doing that?

  Hi,
  No, group policy is processed by order, that is,  local GPO is processed first, and then domain policy is processed by order, which would overwrite settings in the earlier GPOs if there are conflict.
  If you don’t want to apply the domain policy, apply a higher precedence policy or disjoin the domain.
  Group Policy processing and precedence
  http://technet.microsoft.com/en-us/library/cc785665(v=ws.10).aspx
  Alex Zhao
  TechNet Community Support

• Group Policy - Computer Startup Scripts - Add/Set Default printer

  Good Morning.
  Let's say we have 2 offices, A and B, and only 1 user.  The user is using Roaming Profiles.  Each office has its own printer.
  What I am trying to do, is make a Startup script that is specific to the COMPUTER being logged into so when any user logs into that computer, they get the printer in that office defined and set as default.
  I am able to do this successfully with my script but ONLY if i have the script be on the USER side of GP (i.e. in the Logon script section)
  That is great that that is working however, when my user goes to Office B, they still get mapped to Office A's printer if I use that method.
  So I figured I could just modify my GP and run the same script from the STARTUP section of the computer, rather than the LOGON section of the user.  It does not work.
  Here is my script:
  Set WRFCUNetwork = CreateObject("Wscript.Network")
  PrinterPath = "\\fileserver\MAINTELLER"
  PrinterDriver = "PrinterDriver"
  WRFCUNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
  WRFCUNetwork.SetDefaultPrinter "\\fileserver\MAINTELLER"
  This is where I Have the script placed:
       Computer Configuration -> Windows Settings -> Scripts(Startup/Shutdown)
  Once i'm in there, I double click Startup, click Add, and select my script which is named:
       MainPrinterSetup.vbs
  I have this GP applied to ONE OU, and that OU has ONE computer in it (my test computer)
  I login with a brand new user called "testuser" (creative, huh?) and basically nothing happens
  except they log in and have some Microsoft Document Image Writer printer set as default (which by the way sure does slow the PC down to the point of it almost being broke if anyone actually tries to print to that by accident)
  No Main Teller Printer, no anything.
  The strangest part about this is, if i apply this script to the user LOGON scripts, it works fine, the printer is there, and is set as default. (but see above why that wont work for my situation)
  So obviously the script works fine, but I guess i'm missing something when it comes to applying GP's to Computers rather than Users.
  Can anyone shed some light as to why the script is not running (i'm guessing the script isn't even attempting to run, rather than failing, but i have no way to know that)
  Thank you in advance!!
  Derek Conlon
  Network Administrator
  WRFCU
  EDIT:  Here are the PC's info that i'm working on:
       Server:  Windows Server 2003 Standard Edition (where my GP's are created and managed with AD)
       Target PC:  Windows XP Professional SP3
  EDIT #2:  I manually navigated to the Script file after logging in and "opened" it and it added and set the default printer no problem.  the issue is definately with the script running at startup.

  I wanted to clarify a few things:
  1. While it is true that printer connections are usually per user, it is definitely possible to create "global printers".  There are a number of ways to do this, but two methods that come to mind are using:
  a. "Rundll32 printui.dll,PrintUIEntry" option with the "/ga" switch.  The "/ga" switch is the key here since it allows you to deploy printers "per machine" instead of "per user".  More information
  about this is available at:
  http://members.shaw.ca/bsanders/NetPrinterAllUsers.htm
  http://technet.microsoft.com/en-us/library/ee624057%28WS.10%29.aspx
  http://www.computerperformance.co.uk/Logon/logon_printer_computer.htm
  http://www.robvanderwoude.com/2kprintcontrol.php
  b. The Print Management console that is available in Windows 2003 R2 and higher can help you deploy printers "per machine" in addition to "per user".  More information about this is available at:
  http://www.czsolution.com/print-management/print-management/print-management-console.htm#DeployingPrintersByGroupPolicy
  http://technet.microsoft.com/en-us/library/cc753109%28WS.10%29.aspx
  2. As Guy mentioned, Group Policy Preferences can help set the default printer.  But there is another way to accomplish this.  The problem with the computer startup portion is that it runs before the user logs in.  And applying this script
  in the login script section would not work per computer unless you used loopback processing.  So another way to do this is to place a script that sets the default printer into the "All Users" startup folder.  Items in the "All Users"
  startup folder run for any user that logs into the computer, but it runs in the user's context.  So, this script would effectively set the default printer on a "per machine" basis.  The script method is a cruder way to approach the problem,
  but it will help get the job done.  Here are some resources on setting the default printer via script:
  http://www.intelliadmin.com/index.php/2007/08/set-default-printer-from-a-script
  http://www.computerperformance.co.uk/ezine/ezine17.htm

• When I close CS6 changes in settings are not saved.  Reverts to default settings on reopen.  Why?

  When I close CS6 changes in settings are not saved.  Reverts to default settings on reopen.  Why?

  Sorry Photoshop --  Problems solved -- I read the details -- turns out you need to make changes with no files open for the preferences to apply to all files.
  Thanks,  Al

• Default domain Group Policy

  Hello,
  In my new company, I noticed that the default domain controllers policy has been (largely) modified.
  I thought it was a best practice to keep it clean (In case of restore).
  So I would like to create a new GPOs for my DCs to move some of those settings out of the default domain policy.
  For example, "Add workstations to domain". If I want to create a new policy for this particular setting, what kind of rules am I supposed to follow to make sure that my new setting will be applied before the default DC policy ?
  Is the GPO Link order enough ?
  Thank you

  Hi,
  Just a confirmation, did you mean that want to overwrite some settings in the
  Default Domain Controllers Policy?
  Within each domain, site, and OU, the
  Link Order controls the order in which GPOs are applied. If several GPOs are linked to an organizational unit, their processing is in the order that is specified by the administrator, on the
  Linked Group Policy Objects tab for the organizational unit in GPMC. The GPO with the lowest
  Link Order is processed last, and therefore has the highest precedence. Since Default Domain Controllers Policy is linked to the Domain Controllers organizational unit, you can create a new GPO and link it to this Domain Controllers organizational
  unit, then control thier order of them via Link Order.
  If anything I misunderstand or any update, please feel free to let us know.
  Hope this helps.
  Best regards,
  Justin Gu

• Domain Group Policy changes causes clients to be unable to connect to WSUS for Windows Updates

  Domain Controller is Windows Server 2008 R2 64-bit, Group Policy Management version 6.0.0.1. WSUS server is Windows Server 2008 Enterprise 32-bit, Update Services version 3.2.7600.226. Client machines are Windows 7, some are 64-bit and some are 32-bit.
  Every time we make any changes to any of our Group Policies most of our clients stop getting their Windows Updates from the WSUS server within 2-3 days. This occurs when we add a new policy for a group of users, temporarily disable a policy or edit a policy.
  Check of the WindowsUpdate.log on affected client machines shows:
  2014-06-25 13:40:44:976  760 1610 PT WARNING: GetAuthorizationCookie failure, error = 0x80072EE2, soap client error = 5, soap error code = 0, HTTP status code = 200
  2014-06-25 13:40:44:977  760 1610 PT WARNING: Failed to initialize Simple Targeting Cookie: 0x80072ee2
  2014-06-25 13:40:44:977  760 1610 PT WARNING: PopulateAuthCookies failed: 0x80072ee2
  2014-06-25 13:40:44:977  760 1610 PT WARNING: RefreshCookie failed: 0x80072ee2
  2014-06-25 13:40:44:977  760 1610 PT WARNING: RefreshPTState failed: 0x80072ee2
  2014-06-25 13:40:44:977  760 1610 PT WARNING: PTError: 0x80072ee2
  2014-06-25 13:40:44:977  760 1610 Report WARNING: Reporter failed to upload events with hr = 80072ee2.
  A further check of the log files shows:
  2014-06-21 19:36:06:995  156 1b0c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <proxy server name:8080> Bypass List used : <(null)> Auth Schemes used : <>
  We do not use a proxy except for Internet connections. We configure IE with a pac file. This is set through Group Policy since we restrict user accounts from being able to set it. 
  The clients that are connecting to the WSUS server have these entries instead:
  2014-06-24 09:12:16:779  992 270 Agent Setting download properties on call A20329BC-3467-4B7E-B9F4-6AC6ACBA23E1: priority=3, interactive=1, owner is system=0, proxy settings=1, proxy session id=2
  I have a routine that will fix the problem but it is time-consuming and pulls me away from other things I should be doing:
  Run registry files on client machine (WindowsUpdate and AU) This is not always necessary and is already set by Group Policy and the affected clients already have the registry settings. No idea why it is necessary to do but it the steps below don't always
  work unless it is.
  netstop bits and netstop wuauserv
  ipconfig /flushdns
  Delete qmgr*.* files from Downloader folder
  Delete Software Distribution folder
  Run from command prompt:
  sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
  sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
  netstart bits and netstart wuauserv
  wuauclt /resetauthorization /detectnow
  Run Windows Updates again from Control Panel
  This routine always fixes the problem but I've found that I must do each step to guarantee success.
  How or where is the proxy setting being changed for WSUS that we see in the WindowsUpdate logs and how do I prevent this from happening? It is also curious that it happens to most but not all of the client machines. When it does happen it's not always the
  same client machines.

  You're right - the WSUS server is on the inside and does not need a proxy server. Tried running the netsh winhttp reset proxy command but was still not able to connect to the WSUS server. After running the netsh winhttp reset proxy command received response:
  Current WinHTTP proxy setting: Direct access <no proxy server>.
  Ran the command at 13:49 and then tried Windows Updates again. Here's snippet from the log file:
  2014-06-27 13:49:56:889  548 f6c AU Triggering AU detection through DetectNow API
  2014-06-27 13:49:56:890  548 f6c AU Triggering Online detection (interactive)
  2014-06-27 13:49:56:890  548 4b8 AU #############
  2014-06-27 13:49:56:890  548 4b8 AU ## START ##  AU: Search for updates
  2014-06-27 13:49:56:890  548 4b8 AU #########
  2014-06-27 13:49:56:893  548 4b8 AU <<## SUBMITTED ## AU: Search for updates [CallId = {9CE06AB2-E859-4B4D-8D1A-193AD89623C5}]
  2014-06-27 13:49:56:893  548 1260 Agent *************
  2014-06-27 13:49:56:893  548 1260 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
  2014-06-27 13:49:56:893  548 1260 Agent *********
  2014-06-27 13:49:56:893  548 1260 Agent   * Online = Yes; Ignore download priority = No
  2014-06-27 13:49:56:893  548 1260 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1
  or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
  2014-06-27 13:49:56:893  548 1260 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
  2014-06-27 13:49:56:893  548 1260 Agent   * Search Scope = {Machine}
  2014-06-27 13:49:56:893  548 1260 Setup Checking for agent SelfUpdate
  2014-06-27 13:49:56:893  548 1260 Setup Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
  2014-06-27 13:49:56:894  548 1260 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
  2014-06-27 13:49:56:901  548 1260 Misc  Microsoft signed: Yes
  2014-06-27 13:49:56:927  548 1260 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
  2014-06-27 13:49:56:934  548 1260 Misc  Microsoft signed: Yes
  2014-06-27 13:49:56:936  548 1260 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
  2014-06-27 13:49:56:943  548 1260 Misc  Microsoft signed: Yes
  2014-06-27 13:49:56:956  548 1260 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
  2014-06-27 13:49:56:962  548 1260 Misc  Microsoft signed: Yes
  2014-06-27 13:49:56:974  548 1260 Setup Determining whether a new setup handler needs to be downloaded
  2014-06-27 13:49:56:974  548 1260 Setup SelfUpdate handler is not found.  It will be downloaded
  2014-06-27 13:49:56:974  548 1260 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
  2014-06-27 13:49:56:976  548 1260 Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
  2014-06-27 13:49:56:976  548 1260 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
  2014-06-27 13:49:56:989  548 1260 Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
  2014-06-27 13:49:56:989  548 1260 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
  2014-06-27 13:49:57:007  548 1260 Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
  2014-06-27 13:49:57:007  548 1260 Setup SelfUpdate check completed.  SelfUpdate is NOT required.
  2014-06-27 13:49:57:165  548 1260 PT +++++++++++  PT: Synchronizing server updates  +++++++++++
  2014-06-27 13:49:57:165  548 1260 PT   + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
  http://(FQDN of WSUS server)/ClientWebService/client.asmx
  2014-06-27 13:49:57:175  548 1260 PT WARNING: Cached cookie has expired or new PID is available
  2014-06-27 13:49:57:175  548 1260 PT Initializing simple targeting cookie, clientId = 6be4a1ae-3313-4855-bdb1-57e3312f03ec, target group = AGENCIES, DNS name = dpk2.clear-rcic.rcc.org
  2014-06-27 13:49:57:175  548 1260 PT   Server URL =
  http://(FQDN of WSUS server)/SimpleAuthWebService/SimpleAuth.asmx
  2014-06-27 13:50:57:280  548 1260 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(proxy server):8080> Bypass List used : <(null)> Auth Schemes used : <>
  2014-06-27 13:50:57:281  548 1260 PT   + Last proxy send request failed with hr = 0x80072EE2, HTTP status code = 0
  2014-06-27 13:50:57:281  548 1260 PT   + Caller provided proxy = No
  2014-06-27 13:50:57:281  548 1260 PT   + Proxy list used = webgate.rcc.org:8080
  2014-06-27 13:50:57:281  548 1260 PT   + Bypass list used = <NULL>
  2014-06-27 13:50:57:281  548 1260 PT   + Caller provided credentials = No
  2014-06-27 13:50:57:281  548 1260 PT   + Impersonate flags = 0
  2014-06-27 13:50:57:281  548 1260 PT   + Possible authorization schemes used =
  2014-06-27 13:50:57:281  548 1260 PT WARNING: GetAuthorizationCookie failure, error = 0x80072EE2, soap client error = 5, soap error code = 0, HTTP status code = 200
  2014-06-27 13:50:57:281  548 1260 PT WARNING: Failed to initialize Simple Targeting Cookie: 0x80072ee2
  2014-06-27 13:50:57:281  548 1260 PT WARNING: PopulateAuthCookies failed: 0x80072ee2
  2014-06-27 13:50:57:281  548 1260 PT WARNING: RefreshCookie failed: 0x80072ee2
  2014-06-27 13:50:57:281  548 1260 PT WARNING: RefreshPTState failed: 0x80072ee2
  2014-06-27 13:50:57:281  548 1260 PT WARNING: Sync of Updates: 0x80072ee2
  2014-06-27 13:50:57:281  548 1260 PT WARNING: SyncServerUpdatesInternal failed: 0x80072ee2
  2014-06-27 13:50:57:281  548 1260 Agent   * WARNING: Failed to synchronize, error = 0x80072EE2
  2014-06-27 13:50:57:282  548 1260 Agent   * WARNING: Exit code = 0x80072EE2
  2014-06-27 13:50:57:282  548 1260 Agent *********
  2014-06-27 13:50:57:282  548 1260 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
  2014-06-27 13:50:57:282  548 1260 Agent *************
  2014-06-27 13:50:57:282  548 1260 Agent WARNING: WU client failed Searching for update with error 0x80072ee2
  2014-06-27 13:50:57:302  548 e04 AU >>##  RESUMED  ## AU: Search for updates [CallId = {9CE06AB2-E859-4B4D-8D1A-193AD89623C5}]
  2014-06-27 13:50:57:302  548 e04 AU   # WARNING: Search callback failed, result = 0x80072EE2
  2014-06-27 13:50:57:302  548 e04 AU   # WARNING: Failed to find updates with error code 80072EE2
  2014-06-27 13:50:57:302  548 e04 AU #########
  2014-06-27 13:50:57:302  548 e04 AU ##  END  ##  AU: Search for updates [CallId = {9CE06AB2-E859-4B4D-8D1A-193AD89623C5}]
  2014-06-27 13:50:57:302  548 e04 AU #############
  2014-06-27 13:50:57:303  548 e04 AU Successfully wrote event for AU health state:0
  2014-06-27 13:50:57:303  548 e04 AU AU setting next detection timeout to 2014-06-27 22:50:57
  2014-06-27 13:50:57:304  548 e04 AU Setting AU scheduled install time to 2014-06-28 05:00:00
  2014-06-27 13:50:57:304  548 e04 AU Successfully wrote event for AU health state:0
  2014-06-27 13:50:57:305  548 e04 AU Successfully wrote event for AU health state:0
  2014-06-27 13:51:02:285  548 1260 Report REPORT EVENT: {BD25B39C-6570-454C-A046-AF3AF2DEBDD4} 2014-06-27 13:50:57:282-0400 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80072ee2 AutomaticUpdates Failure Software
  Synchronization Windows Update Client failed to detect with error 0x80072ee2.
  2014-06-27 13:51:02:295  548 1260 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
  2014-06-27 13:51:02:295  548 1260 Report WER Report sent: 7.6.7600.256 0x80072ee2 00000000-0000-0000-0000-000000000000 Scan 101 Managed
  2014-06-27 13:51:02:295  548 1260 Report CWERReporter finishing event handling. (00000000)
  2014-06-27 13:51:48:184  548 4b8 AU ###########  AU: Uninitializing Automatic Updates  ###########
  2014-06-27 13:51:48:187  548 4b8 DnldMgr FATAL: DM:CBitsJob::SetCallbackHandler: SetNotifyInterface failed with 0x80080008.
  2014-06-27 13:51:48:187  548 4b8 DnldMgr FATAL: DM:CBitsJob::SetCallbackHandler: SetNotifyInterface failed with 0x80080008.
  2014-06-27 13:51:48:187  548 4b8 DnldMgr FATAL: DM:CBitsJob::SetCallbackHandler: SetNotifyInterface failed with 0x80080008.
  2014-06-27 13:51:48:187  548 4b8 DnldMgr FATAL: DM:CBitsJob::SetCallbackHandler: SetNotifyInterface failed with 0x80080008.
  2014-06-27 13:51:48:187  548 4b8 Report CWERReporter finishing event handling. (00000000)
  2014-06-27 13:51:48:252  548 4b8 Service *********
  2014-06-27 13:51:48:252  548 4b8 Service **  END  **  Service: Service exit [Exit code = 0x240001]
  2014-06-27 13:51:48:252  548 4b8 Service *************
  2014-06-27 13:51:53:002  548 160c Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0400)  ===========
  2014-06-27 13:51:53:002  548 160c Misc   = Process: C:\Windows\system32\svchost.exe
  2014-06-27 13:51:53:002  548 160c Misc   = Module: c:\windows\system32\wuaueng.dll
  Ran a batch file which resets the AU and WindowsUpdate registry keys and then runs the steps listed above:
  regedit /s C:\WindowsUpdate.reg
  regedit /s C:\AU.reg
  net stop bits
  net stop wuauserv
  Ipconfig /flushdns
  del C:\ProgramData\Microsoft\Network\Downloader\qmgr*.*
  del  /F /Q C:\Windows\SoftwareDistribution\*.*
  sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
  sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
  net start bits
  net start wuauserv
  wuauclt /resetauthorization /detectnow
  After this runs, am able to connect to WSUS server for updates. I mentioned Group Policy changes because this only breaks after the Group Policy changes. It doesn't affect every client machine but most of them. Was wondering how the proxy gets reset from
  none to the proxy server for Windows Updates?

• Mail for exchange and domain group policy removing...

  Hi,
  I currently administer 2 domains,  both server 2003 with exchange 2003.  On the one domain I can configure any of our e series ( e51/e71/e72/e6) via MFE and permanently accept the untrusted SSL certificate. When I configure MFE to our other domain the option to accept the untrusted certificate has vanished..!
  Anyone have any ideas?  I'm sure that it's a group policy setting but I cannot spot it!

  turbominor wrote:
  No certificates have been generated bar the ones that exchange installed by default
  Hmm, I don't recall ever realizing that.  Lol.  In that case, what are you using as a root certificate?  Nothing...which explains why the cert is untrusted?  (As connections to your first Exchange server work normally, apparently you don't need a root cert for a secure connection?)  I used to get mine from http://www.cacert.org/ and installed the root cert either manually or through a device management server.
  I wasn't completely sure where I was going with my question, but just did a few web searches.  Apparently Symbian phones don't like installing self-signed certificates. "Accepting a certificate permanently" does install the cert, although I'm not sure that's quite the same thing.  You might skim http://discussions.nokia.com/t5/Eseries-and-Communicators/E72-Email-Accept-Certificate-Permanently/m... in case any of that is relevant.

• ITunes won't work because of domain group policy

  Hi my work just implemented a really stupid group policy through our domain that dissallows any file named iTunes.exe to run. The good news is I can rename iTunes.exe and get iTunes to work. That bad news is once I rename iTunes.exe the iPod service is unable to start. The iPod service I assume is what automatically launches iTunes when you plug in your iPod. Does anyone know if a way to let the iPod service and any other file that depends on iTunes.exe that I have renamed it?

  I don't have a solution for you, but as a system administrator I feel I must comment.
  I don't know about where you work -- but at my job, deliberate circumvention of policy is "abuse" and is considered grounds for termination. The computer you use at work is not yours; it belongs to the company you work for.
  If you have a problem with the policy you should take it up with the administrators or your management -- not try to circumvent it. Perhaps the policy is based on a misunderstanding that you could clear up! You (your computer, really) might even be granted an exception to the policy.

• How to implement " log on locally" via Domain Group Policy

  Hello,
  Thanks for always being very helpful.
  My Goal:
  I want to restrict one domain user to login to one computer only  (admin/root users to login to every computer).
  I searched and I believe there is no such direct way to implement via the group policy unless I may add one GPO per user to implement"log on locally" from the group policy.
  Do you have some VB script or other good way so I should not login to each computer one by one and edit the policy manually.
  Thanks in advance.
  Muhammad Asif Server Administrator Linux/Windows

  I am sorry if I wasn't cleared, I am managing about 250 users and want accomplish from some centralized locations. I don't want to go to every machine and apply the changes.
  I want to let one domain user to login to one system only.
  I have the list of computer name VS username, and I want to apply from centralized location without login to each computer one by one.
  Thanks a lot for the assistance.
  Muhammad Asif Server Administrator Linux/Windows
  The solution can only be applied once at the DC with ADUC or with Set-ADUSer as I posted.  It only needs to be run once from one DC.
  ¯\_(ツ)_/¯

• Group Policy For 2008 Terminal Server Users Default Open With Not Working

  I'm trying to change the default open with behavior for jpg files on my terminal server. I created a Group Policy that changed it to MS Paint to Office 2010 Picture Manager. The policy appears to apply correctly but jpg files still open in
  Paint. When a user is logged on, if they look at the properties of a jpg, it shows Photo Gallery as the program to open it but when opened, it opens in Paint.
  Has anyone seen this behavior before?
  Orange County District Attorney

  > did. It would be helpful to know where the changes actually go in the
  > registry to see if they did or now.
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Group Policy for Desktop background applied but showing black desktop in the client end

   Trying to set wallpaper in group policy but it's coming up blank.We have windows 2008 and 2012 server.most of the computer is windows 7.

  Hi,
  Does this issue occur to all computers?
   Besides, can the users access the wallpaper?
  If this issue just happens to Windows 7, we can try applying the hotfix in the following article.
  The "Desktop Wallpaper" Group Policy setting is not applied in Windows 7 or in Windows Server 2008 R2
  http://support.microsoft.com/kb/977944/en-us
  If the issue persists, we can refer to the following thread to troubleshoot the problem.
  Black Desktop wall paper after implementing group policy
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0c36d7bf-4694-46e1-b408-d644111c0264/black-desktop-wall-paper-after-implementing-group-policy?forum=winserverGP
  Best regards,
  Frank Shen

• How do I change the default settings in a printer's Default Settings Preset?

  I am running Mavericks, printing to an HP LaserJet 4050N via IP.  [The following behavior takes place whether the printer's internal settings are set to Duplex Printing is On or is Off.]
  I would like to set the default to print duplex, whether I am in an application or 'drag and drop' a file onto the printer icon (which temporarily opens the application, prints the document, and quits).
  I do not seem to be able to modify the "Default Settings" Preset to specify duplex printing.  However, I have been able to create a new "Default Settings-1" Preset that specifies duplex printing.  By selecting the "Default Settings-1" Preset, in any application, I get duplex printing without any problem.
  First -- problem:
  If I drag-and-drop a file -- e.g., .pdf or .docx -- onto the printer icon, it opens the application and uses the "Default Settings" Preset -- not the "Default Settings-1" Preset -- and prints single-sided.  How do I get drag and drop to use the "Default Settings-1" Preset to get duplex printing?
  Second -- issue:
  Bizarrely, if I am in an application, select "Show Presets", select "Default Settings-1" and click on "Layout", it sometimes shows that "Two-Sided" printing is "Off" and sometimes that it is set to "Long-Edge Binding" -- but that seems to have no deleterious effect on duplex printing!
  Any suggestions / explanations for my problem / issue?
  Thanks much,
  Avi

  Other than using the CUPS interface, http://127.0.0.1:631,which it sounds like you've done, I don't think there is a way to edit the Default Settings. The standard approach is to create a preset, the solution you've found.
  For drag and drop printing, you should be able to get to the print dialog and select your preset or turn duplex on by holding the option key down, selecting the file, then doing the drag and drop (either to a printer or to an open printer proxy application).
  I realize this isn't a solution, but I hope it's helpful.

• My Safari settings wont reflect search engine default settings?

  Hi,
  A 'Search Nation' toolbar got downloaded on my Macbook by some mistake, and now it has become my default browser search engine. Even after changing the Preferences for Safari, it wont change back to google. I have removed all 'Search Nation' software, but there is no way to uninstall it. My Search default settings wont go back to normal . please help.

  Try my suggestion here >  How do I uninstall the Nation search tool bar?

• Shutdown workstations inactivity from domain group policy

  I need to find a way to have workstations shut down after the user has walked away or has been inactive
  meaning no keyboard, or mouse activity.  Need to have the machines shut down.    I have Active Directory on Windows 2003 server R2 Standard Edition SP 2.  If I can have this done by active directory I would like to know how. 
  If it is not possible to do so with Active Directory I would like to know of any other suggestions to do this.

  I have some questions:
  1. What research have you done on your own so far? (If you haven't researched it on your own, why haven't you done so, before asking?)
  2. Is this a scripting question? (If so, please post the script and tell what errors, if any, you are getting.)
  -- Bill Stewart [Bill_Stewart]

• Why doesn't deleting my LR plist preference revert to default settings?

  I removed the original file from the Preferences folder and restarted LR. When I have done this in the past LR does not give me a catalog listing and when LR opens, the panels are all in default mode. This time I see my usual catalog list, and all of the panels are as I set them. I checked the Preferences folder, and a new plist file has been created. What am I missing. I am having problems with the program, and wanted to reset the preferences in case the file was corrupted.

  What version of LR are you using, and have you recently upgraded from an earlier version? If so, which version?