Deploying Files with Group Policy - Help Needed

Similar Messages

• Cannot Copy File with Group Policy Preferences

  Hi,
  I am trying to use a Group Policy Preference to copy a simple text file from a network share to a folder at the root of 'C:\' on the clients. It is not happening. I created the preference in the computer section of the GPO. It is set to create, as the file
  does not already exist on the client, with the archive bit on.
  Source: \\server.domain.com\folder\fileshare\file.txt
  Destination: C:\folder
  GPResult shows the clients are getting the GPO, but it seems as if that one setting and another is not being applied. I have no idea why this isn't working when other parts of the GPO are being applied. I read
  the documentation on the Technet page, but I must have missed something.
  Any ideas why this might not be working?
  Thanks
  Jason Watkins MCSE, MCSA, MCDBA, CCNA

  > Computers" has read access. Listing the actual file name in the
  > destination is something I would have never though to do.
  ...unless the path ends with an "\", it IS a file name, so if you had
  "C:\Folder" as the target, check your C:\ drive for a file called
  "Folder" :)
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Demoting a DC and Group policy, help needed.

  Hi all,
  so we have 3 domain controllers, lets say dc1,dc2 and dc3. We have the 3rd line assistance from another company, they have advised the following.... 
  SO the stages will be
  1) Can you please go through all the GPO's in DC3 and consolidate what you need and what you do not need, you need to extensively cross reference this with DC1 and DC2, this is something you have to do. As I will not know what you need and what you do
  not. You can do this by logging into each domain controller and opening up the settings of each GPO and cross referencing.
  2) Once the above is done, we will consolidate the GPO's to a central repository in your domain
  3) Backup Sysvol directory and Netlogon folder in DC3
  3) Proceed to dcpromo DC3 out of the domain
  4) Test connectivity if clients to the AD
  5) Add the additional Server options
  6) All of the above can be done during office hours.
  it was my understanding (perhaps wrongly) that the group policies were not on the individual Domain Controllers but in Sysvol and as such replicated anyway?
  any advice would be very much appreciated.

  > I am being told that our Group policies are different across different
  > Domain Controllers and to my knowledge that's impossible as we have
  > discussed it should be in the replicated Sysvol.
  Ok, that's a common problem. Fix it and you will be fine:
  http//support.microsoft.com/kb/2218556 (for DFS-R Replication of Sysvol)
  http://support.microsoft.com/kb/315457 (for NTFRS replication)
  > I'm a bit lost on the central repository aspect but prior to saying it
  > makes no sense I just wanted to check my understanding, especially with
  > an MVP!
  I agree. Talking of a "central repository" fro group policy doesn't make
  sense, because group policy from the very beginning lives in AD and
  sysvol, which both are kind of "central repository". Seems they don't
  really know what they're talking about :)
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Deploying Printers With Group Policy Preferences

  Ok so I know this is an old topic but I need to clarify my position a bit here to best decide how to deploy printers to our organization.
  We currently have about 600 printers on a Server 2012 R2 print server and we have 25 buildings. For several years we have deployed printers in GPO the old-fashioned way - user Deployed Printers. There have always been problems with this stemming
  from issues with multiple print driver installs on the client computers. That aside, the philosophy works out pretty well. We have NTFS permissions on the print queues that handle who can print to what. GPOs are linked to the staff OUs for each building that
  actually deploy the printers. This means that you have to have the GPO for a building and also have to have permission to the printer in order for it to actually install. When a user is removed from a particular building group then at next policy refresh the
  printers granted to that group go away. This is good.
  Based on the way that preferences work I think that they could solve our problems with occasional failed driver installs, but I can't find a way to reproduce the behavior I described above. If I use create, a user can be deployed a printer but if permission
  to that printer is removed then the printer stays behind and they get an access denied error when they attempt to print to it. Same with Update. Replace sort of mimics the desired behavior but deletes and recreates the printer every time policy refreshes.
  This wouldn't be a deal-breaker at logon, but it even happens while a user is logged in and policy updates in the background. They could potentially be attempting to print something and the printer will just disappear momentarily.
  Is there something else I am missing here that I can configure in order to take advantage of GPP printer deployments in our environment? Thanks!

  Hi Matt,
  As far as I know, if we choose to use GPP Printer extension to deploy printers, the printers will leave behind even if the policy is out of scope, unless we select the above mentioned option or delete the printers.
  >>There have always been problems with this stemming from issues with multiple print driver installs on the client computers.
  To tackle this issue, had we disabled the following policy setting?
  Computer Configuration\Policies\Administrative Templates\Printers : Point and Print Restrictions
  If not, we can disable this setting, which will disable driver installation warning messages and elevation prompts on computers.
  Regarding this policy setting, the following article can be referred to for more information.
  Control Printer Driver Installation Security
  http://technet.microsoft.com/en-us/library/cc753269.aspx
  TechNet Subscriber Support
  If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here
  Best regards,
  Frank Shen
  Frank,
  Sorry for the delay, I recently had another issue take precedence over this one so didn't have much time to mull this over or test.
  We currently have policy set to enable Point and Print restrictions, but allow driver installation from our print server. This should effectively be the same as what you have recommended.
  I believe our driver installation issues have more to do with the large number of different printer models and sometimes the sheer number of printers that can be installed for each user. These are things that we have culturally always been there and probably
  won't change. What happens is that when a printer deployment fails no other printers will be installed after that one. The reason is that starting with Windows 7 the printer deployment policy will only be re-evaluated if changes to the policy are detected.
  So if a user is deployed 50 printers and one in the middle of the deployments fails, everything after that alphabetically fails and it doesn't retry until the GPO changes.
  So far from my limited testing GPP printers gets around this since each printer is essentially a separate object and installation of one does not seem to affect the others. However, I don't like the idea that there is no way to replicate the behavior we
  currently have which is to remove printers when the GPO is no longer applied. I may convince the powers that be that we need to change our philosophy about this and train our users to remove printers after they have changed buildings or positions, but for
  now I think we will stick with traditional printer GPOs rather than using GPP.
  Thanks for your help!

• How to edit Printer Connections in GPO created through Print Management's "Deploy with Group Policy"

  Hi there,
  I have used the right-click "Deploy with Group Policy" in Print Management on Windows Server 2012 to deploy a printer connection to a GPO.   
  When you look at the GPO Settings, the Printer Connection is visible under User Configuration -> Policies -> Windows Settings -> Printer Connections -> Path: \ \ printserver\PrinterName.
  However, I cannot edit or delete that Printer Connection Path, which would be necessary if I had to rename or delete the printer referenced.  If you Edit the GPO, "Printer Connections" is not available under Windows
  Settings, only Scripts, Security Settings, Folder Redirection, and Policy-based QoS.
  Is there a way to edit the GPO's Printer Connections that are created with "Deploy with Group Policy"?
  Thanks for your help.

  Hi,   
  How do you want to edit the printer connection? Do you want to edit the path of printer connection?
  Based on my test, we can’t edit the printer connection directly in GPO. We can edit the path of printer connection in printer management.
  For detail steps, we can refer to the method Miles Zhang provided in the following link:
  Where is "Printer Connections set"?
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/77e2b4be-7372-4cb2-9d21-bca83f472fc3/where-is-printer-connections-set?forum=winserverGP
  Best Regards,
  Erin

• Deploy reader 10.1.3 with group policy

  I would like to install 10.1.3 with group policy.  I can download the .exe file but extracting it to be an .msi is a struggle.  These are Enterprise Windows 7 machines that already have adobe reader 10.1.1 on them.  Please help.  Thanks.

  Moving this discussion to the Adobe Reader forum.

• Group policy helper and Folder Redirection

  I've installed windows7/32 bit to use the Group policy helper. Now I can use this tool.
  I want to use the Group policy helper to redirect folders as descripted in Managing Roaming User Data Deployment Guide.
  In this documentation a folder redirection management snap.in is used. Can I somehow include this in the grouppolicy helper in ZCC11?
  I want to redirect the user folders to their homedirectory. We have about 500 Students and I can't configure every login so I hope to solve the problem using the group policies.
  (with zen7 and XP we configure the default local user to move desktop and user files to NetWare Home directory.)

  This still works..........
  http://www.novell.com/coolsolutions/tools/14324.html
  On 7/27/2011 7:56 AM, Alix wrote:
  >
  > I've installed windows7/32 bit to use the Group policy helper. Now I can
  > use this tool.
  >
  > I want to use the Group policy helper to redirect folders as descripted
  > in 'Managing Roaming User Data Deployment Guide'
  > (http://technet.microsoft.com/de-de/l...9(WS.10).aspx).
  >
  > In this documentation a folder redirection management snap.in is used.
  > Can I somehow include this in the grouppolicy helper in ZCC11?
  >
  > I want to redirect the user folders to their homedirectory. We have
  > about 500 Students and I can't configure every login so I hope to solve
  > the problem using the group policies.
  >
  > (with zen7 and XP we configure the default local user to move desktop
  > and user files to NetWare Home directory.)
  >
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.

• How can I deploy EFS using Group Policy and automatically encrypt computers for ALL users who login?

  How can I deploy EFS using Group Policy and Active Directory with a goal to automatically encrypt computers for ALL users who login? (NOT an option for me to use BitLocker)
  I was asked to deploy EFS to encrypt the user my documents folder and profile on all of the users laptops. The laptops are in common areas (board meeting rooms, etc) and security of files is a must.
  I successfully created a recovery certificate in AD. I created an OU and setup an EFS policy and users can now login and select to encrypt their own files. The issue is that management would like to have automaticy Encrypt ALL users my documents AUTOMATICALLY
  when a user login.
  Can this be done?
  Please help

  Hi,
  Any update?
  Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
  Best Regards,
  Andy Qi
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Andy Qi
  TechNet Community Support

• Group Policy Helper tool not working properly

  Hello,
  I`m using IE 9 on a x64 Win 7 enterprise PC with ZCM 10.3.4.
  When Im logging into ZCC and start to configure a "windows group policy" the group policy helper tool starts and begins to download the policy.
  Then the gpedit.msc appears i get the popup "group policy settings imported successfully" immediately. This popup should certainly come up, when i close the gpedit.msc to import the changed policy setting.
  But so i always get an empty policy for upload.
  Any hints what`s wrong with it?!

  Originally Posted by andreas_karl
  Hello,
  I`m using IE 9 on a x64 Win 7 enterprise PC with ZCM 10.3.4.
  When Im logging into ZCC and start to configure a "windows group policy" the group policy helper tool starts and begins to download the policy.
  Then the gpedit.msc appears i get the popup "group policy settings imported successfully" immediately. This popup should certainly come up, when i close the gpedit.msc to import the changed policy setting.
  But so i always get an empty policy for upload.
  Any hints what`s wrong with it?!
  IE 9 is not supported, you need to stay on IE8 until 11.2 is released (15 march).
  Thomas

• How to Managing Firefox Settings with Group Policy?

  Hi
  Is there any way to manage Firefox Settings through Windows group policy?
  I want to replace Firefox with IE in the network but don't know how to customize the settings with GPO.

  There are some third party solutions that have worked for others in the past:
  You would need a user.js file and a lock file with a list a preferences please see the instructions on how to do this:
  *[kb.mozillazine.org/Locking_preferences]
  *[https://mike.kaply.com/2014/12/16/managing-firefox-with-group-policy-and-policypak/]

• Deploying office through group policy

  Hi people,
  English is not my mother language so i'll hope you'll understand me.
  I have a school project. Deploying office through group policy worked. But now my teacher has given me a command to give all OU's a different OFFICE packet when they logged in. So.. it will change the current installation when a different user from a different
  OU logged in. I'm out of options. Please can anybody help me:(:(

  No you don't misunderstand :p  My teacher first did it wit Office 2003 and know i must do it in office2010.. and i also thought it was a stupid idea.. But who am i... i have not much knowledge in IT.. i'm still learning.
  But i have 2 options
  To confince him that this is not a good idea... (and i dont know with wich argument)
  or find a way to do this... 
  Hmm, so, I think that kind of crazy was possible with very old versions of Office, which could be "advertised" via GPO to achieve per-user scenarios, but Office2007 and later versions, don't provide such different per-user options as part of setup.
  Office2007 and later, uses the MSPfile etc for customization, and that is per-machine (common to all users of that machine).
  You might be able to achieve something similar, by using AppLocker (e.g. AppLocker rules which deny excel.exe to be executed by GRP_Students).
  But this doesn't address the matter nicely, because the Students can see the Excel shortcut/icon/program, but are forbidden to execute it.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Disable Virtual Memory/Page File/Paging File Via Group Policy

  We have several machines running Windows Server 2012 and we wanted to disable the paging file using Group Policy.  It took a while to find the answer but I got it working and I wanted to share with you how this is done.  First of all, to do this
  manually, you would need to follow these steps:
  1)Right-click Computer, select Properties.
  2)Click on Advanced System Properties
  3)Choose the Advanced tab
  4)Under Performance, click the Settings... button
  5)Choose the Advanced tab
  6)Under Virtual Memory, click the Change... button
  7)Choose No paging file
  Obviously this process is cumbersome just for one system let alone a dozen or more.  To take care of this automatically using Group Policy, you will need to do the following:
  1)Create a GPO, then go to the Group Policy Management Editor
  2)Navigate to Computer Configuration>Preferences>Windows Settings>Registry
  3)Create a new registry item using the following settings:
  a: Action: Replace
  b: Hive: HKEY_LOCAL_MACHINE
  c: Key Path: SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
  d: Value Name: PagingFiles (do not check the Default option)
  e: Value type: REG_MULTI_SZ
  f: Value data: 0x10000
  There is no specific setting in group policy to disable the paging file, so you must instead follow these procedures to allow group policy to modify a registry key in Windows.  I tested it out on a Windows 7 computer and a Server 2012 machine. 
  No reboot was required, just a simple gpupdate /force command in CMD.  Good luck, and don't forget to test it first!  Not all systems or environments are created equal.
  tags: page file, paging file, virtual memory, pagefile, pagingfile, virtualmemory, pagingfiles

  > disable the paging file
  Not supported by Microsoft... On all SKUs.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Remove the "Safety" tab from IE 11 tools with group policy

  Is there any way to remove the "Safety" tab or it's contents from the
  tools button in the upper right hand corner of IE 11 with Group Policy 2008 r2. I am using a GPMC on a windows 8.1 computer running IE 11. All of the computers we manage are Windows 7 pro running IE 10 or IE 11. The computers I am trying to remove the "Safety"
  from are used as library catalog computers. We have them pretty well locked down with group policy and a squid server. I just need to remove the "Safety" or the contents in it. I would love to remove the "Tools" all together but haven't
  found a way. 
  I thought maybe I could use the "Force Full Screen" but need a back, forward
  and home button.

  Hi,
  There is no method to remove this button.
  If no, like that thread, firewall and proxy could meet your requirement.
  Creating Rules that Block Unwanted Outbound Network Traffic
  http://technet.microsoft.com/en-us/library/cc732306(v=ws.10).aspx
  For Proxy, you could use this group policy to disable user to change connection setting. Navigate to
  Computer Configuration\Administrative Templates\Windows Components\Internet Explorer
  Find the following entry and enable it.
  disable changing connection settings
  Then don't grant admin permission to other user so that they cannot do any changing on computer.
  Karen Hu
  TechNet Community Support

• Pin Programs on the Windows 7 Taskbar & Start Menu with Group Policy (Windows Server 2008 R2)

  Dear ALL,
  I want to Pin Programs on the Windows 7 Taskbar & Start Menu with Group Policy (Windows Server 2008 R2) as per below description. Can someone please help me how to proceed and achieve this. 
  Pin the following applications to the Taskbar:
  Outlook
  Pin the following applications to the Start Menu:
  Outlook
  Excel
  Word
  Internet Explorer
  Software Center
  Regards,
  Amit Kumar Rao

  https://www.google.de/search?q=windows+7+pin+to+taskbar+vbs
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Excel 2003 problem with group policy

  When I manually install EMET Excel 2003 works. When Emet is installed via Group Policy Excel 2003 fails to open. Excel 2010 works whether EMET is installed locally or with Group Policy. Any ideas?

  I would try exporting the policy on both installs using emet_conf --export and comparing the 2 policies
  GBS Premier Field Engineer Cybersecurity Check out my blog http://blogs.technet.com/kfalde or better yet check out http://technet.com/wiki and start contributing :)