Deploying Java Certificates with Group Policy

Similar Messages

• Deploying Office 2013 with Group Policy

  I would like to deploy Office 2013 using group policy. I am new to group policy so am looking for some advice and guidance on the best way to deploy. I would like to deploy with no interaction with the user but yet display a message so that they
  know not to open Office. I would also like to create a custom registry setting so that if I need to re-install, all I have to do is delete the registry setting. I have tried a group policy for installing with OCT  settings (Basic, Suppress
  Model checked, No Cancel checked, Completion Notice checked) and modifying the Config.xml (<Display Level="Basic" CompletionNotice="yes" SuppressModal="yes" AcceptEula="yes" />) but I can not get it to display
  the installer screen so that users know it is installing. It does display the screen when running the setup.exe manually. I have a setting in the OCT that creates the registry setting and that is working correctly. My group policy is set to run the
  below bat file at startup in the Computer Configuration.
  setlocal
  REM *********************************************************************
  REM Environment customization begins here. Modify variables below.
  REM *********************************************************************
  REM Get ProductName from the Office product's core Setup.xml file, and then add "office15." as a prefix.
  set ProductName=Office15.Standard
  REM Set DeployServer to a network-accessible location containing the Office source files.
  set DeployServer="\\xxxxxx\setup.exe"
  REM Set LogLocation to a central directory to collect log files.
  set LogLocation=\\xxxxx\Logfiles
  REM *********************************************************************
  REM Deployment code begins here. Do not modify anything below this line.
  REM *********************************************************************
  IF NOT "%ProgramFiles(x86)%"=="" (goto ARP64) else (goto ARP86)
  REM Operating system is X64. Check for 32 bit Office in emulated Wow6432 uninstall key
  :ARP64
  reg query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%
  if NOT %errorlevel%==1 (goto End)
  REM Check for 32 and 64 bit versions of Office 2013 in regular uninstall key.(Office 64bit would also appear here on a 64bit OS)
  :ARP86
  reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%
  if %errorlevel%==1 (goto Office) else (goto End)
  REM If 1 returned, the product was not found. Run setup here.
  :Office
  %DeployServer%
  echo %date% %time% Setup ended with error code %errorlevel%. &gt;&gt; %LogLocation%\%computername%.txt
  REM If 0 or other was returned, the product was found or another error occurred. Do nothing.
  :End
  Endlocal
  Any advice or guidance would be greatly appreciate on how to get a pop up message while software is installing or if there is a better way to deploy.

  > but I can not get it to display the installer screen so that users know
  > it is installing. It does display the screen when running the setup.exe
  > manually. I have a setting in the OCT that creates the registry setting
  > and that is working correctly. My group policy is set to run the
  > below bat file at startup in the Computer Configuration.
  Check http://gpsearch.azurewebsites.net/#2308 - if this is enabled, you
  will not be able to show "anything" in startup scripts...
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• How to edit Printer Connections in GPO created through Print Management's "Deploy with Group Policy"

  Hi there,
  I have used the right-click "Deploy with Group Policy" in Print Management on Windows Server 2012 to deploy a printer connection to a GPO.   
  When you look at the GPO Settings, the Printer Connection is visible under User Configuration -> Policies -> Windows Settings -> Printer Connections -> Path: \ \ printserver\PrinterName.
  However, I cannot edit or delete that Printer Connection Path, which would be necessary if I had to rename or delete the printer referenced.  If you Edit the GPO, "Printer Connections" is not available under Windows
  Settings, only Scripts, Security Settings, Folder Redirection, and Policy-based QoS.
  Is there a way to edit the GPO's Printer Connections that are created with "Deploy with Group Policy"?
  Thanks for your help.

  Hi,   
  How do you want to edit the printer connection? Do you want to edit the path of printer connection?
  Based on my test, we can’t edit the printer connection directly in GPO. We can edit the path of printer connection in printer management.
  For detail steps, we can refer to the method Miles Zhang provided in the following link:
  Where is "Printer Connections set"?
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/77e2b4be-7372-4cb2-9d21-bca83f472fc3/where-is-printer-connections-set?forum=winserverGP
  Best Regards,
  Erin

• Deploying Files with Group Policy - Help Needed

  Hi,
  I am trying to use group policy to deploy files and folders to our server estate. The policy I have created first creates a folder on each server's C drive and then coppies a set of files to this folder from a network share. The folder creation works fine
  but the files copy fails. In the Application logs on the servers it displays the following error:
  The computer 'ILMT' preference item in the 'GPO - Servers_Production_ALL {CC026B58-FA3B-4399-AA00-AE8E844B2B47}' Group Policy object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed.
  Can anyone advise what exactly does not have access here? I don't know what I need to enable to get this to work.
  Can anyone help?
  Many thanks
  James

  The copy is on a file server share. presumably if I just give everybody read access to the share that would suffice?
  No it won't.
  "Sharing" requires several actions:
  a) create the folder
  b) share the folder
  c) grant NTFS permissions on the folder
  I think you've neglected action (c).
  For your scenario, you need to grant the "server computers" read permissions to the folder.
  You can add individual computer accounts, or a group, or "domain computers".
  (In a similar way, you could grant access to a user, a group, or "domain users")
  [if you need everybody (users) *AND* everything (computers), you could grant permissions to "authenticated users" since that principal includes *BOTH* users and also computers]
  Note that "domain computers" and "authenticated users" include all types of domain member computers, i.e. servers, workstations, etc.
  Also, note that granting a "computer account" access to a folder or share, does *NOT* mean that a user account on that computer can access the remote share, i.e. permission is granted to the computer account, and a logged-in user account on
  that computer does not inherit any kind of access to the remote share by virtue of being logged in.
  This means that the computer can access the share but the user cannot access the share. Because the computer account is an identity/principal of it's own accord.
  [None of which really has anything to do with Group Policy at all - it's how Windows does file sharing and ACLs... ;)
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Deploy reader 10.1.3 with group policy

  I would like to install 10.1.3 with group policy.  I can download the .exe file but extracting it to be an .msi is a struggle.  These are Enterprise Windows 7 machines that already have adobe reader 10.1.1 on them.  Please help.  Thanks.

  Moving this discussion to the Adobe Reader forum.

• Deploy Office 2013 using Group Policy

  Below are a list of questions I have regarding setting up Office 2013 deployment automation. We are looking to deploy Office 2013 Business Click-to-Run using a group policy. We have already setup the deployment using the Office Deployment Tool and have
  the configuration file all setup. The more automation we can provide the better to give the end users to best/fastest experience with this upgrade.
  How do we automate the deployment process using a group policy?
  Is there a way to have the Office 2013 deployment auto activate using the users credentials? We will be using the same password for all the user accounts for the deployment then having them change it later once everything is up and running. Would like to
  avoid having to go around and help each user activate the software as well.
  We would like to uninstall all previous versions of Office from the workstations that we're deploying Office 2013 to?
  Thank you!

  Below are a list of questions I have regarding setting up Office 2013 deployment automation. We are looking to deploy Office 2013 Business Click-to-Run using a group policy. We have already setup the deployment using the Office Deployment Tool and
  have the configuration file all setup. The more automation we can provide the better to give the end users to best/fastest experience with this upgrade.
  How do we automate the deployment process using a group policy?
  Is there a way to have the Office 2013 deployment auto activate using the users credentials? We will be using the same password for all the user accounts for the deployment then having them change it later once everything is up and running. Would like to
  avoid having to go around and help each user activate the software as well.
  We would like to uninstall all previous versions of Office from the workstations that we're deploying Office 2013 to?
  1. Because Office (in all forms) requires setup.exe to orchestrate the installations, classic Group Policy Software Installation (which requires an MSI file) is not suitable. This has been the case since Office2007. If you are constrained to use GP, you
  will need to use GP Startup Scripts. There is guidance for this, in the Office resource kit library on TechNet.
  http://technet.microsoft.com/en-us/library/ff602181(v=office.15).aspx
  2. Retail editions of Office, typically require you to login to the Microsoft Account where the license is associated, to validate the Office license. If you are using a product key method instead, you can use the PIDKEY element in your configuration.xml
  http://technet.microsoft.com/en-US/library/jj219426(v=office.15).aspx
  3. You'll need to tackle this yourself (there is no way to do this via C2R configuration). You could include the relevant uninstall-previous-version logic within your GP Startup Script (as a step prior to installing Office C2R). You'll need to cater for
  whatever previous-versions might exist in your environment, and whatever the relevant uninstallation methods are for each previous-version.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Deployment of software through Group policy does not work

  Hi all,
  I am trying to deploy a program through Group policy, specifically winrar, any client computer is able to install the program. Please find below the events from the workstation:
  Log Name:      Application
  Source:        Microsoft-Windows-WMI
  Date:          4/27/2014 10:06:01 PM
  Event ID:      10
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      IRCLIENT0001.corp.healthcareinnovation.com
  Description:
  Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because
  of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
  Log Name:      System
  Source:        Microsoft-Windows-GroupPolicy
  Date:          4/27/2014 10:04:49 PM
  Event ID:      1085
  Task Category: None
  Level:         Warning
  Keywords:      
  User:          SYSTEM
  Computer:      IRCLIENT0001.corp.healthcareinnovation.com
  Description:
  Windows failed to apply the Software Installation settings. Software Installation settings might have its own log file. Please click on the "More information" link.
  Log Name:      System
  Source:        Application Management Group Policy
  Date:          4/27/2014 10:04:49 PM
  Event ID:      108
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          SYSTEM
  Computer:      IRCLIENT0001.corp.healthcareinnovation.com
  Description:
  Failed to apply changes to software installation settings.  Software changes could not be applied.  A previous log entry with details should exist.  The error was : %%1612
  Log Name:      System
  Source:        Application Management Group Policy
  Date:          4/27/2014 10:04:48 PM
  Event ID:      102
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          SYSTEM
  Computer:      IRCLIENT0001.corp.healthcareinnovation.com
  Description:
  The install of application WinRAR from policy Basic Computers GPO failed.  The error was : %%1612
  I am using windows server 2008 R2 and all my clients are running Windows 7 Enterprise and they are working over a domain, note that I am using VMware.
  Below there are a list of the troubleshooting steps that have been already applied:
  *Disable the the firewall both in the server and in the clients 
  *Grant read access to the folder where the the program is shared for installation, it was added the authenticated users and domain computers.
  *Group policy modifications: 
  -> User Account Control
  Policy Setting Winning GPO 
  - User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Elevate without prompting Basic Computers GPO 
  - User Account Control: Detect application installations and prompt for elevation Disabled Basic Computers GPO 
  - User Account Control: Only elevate UIAccess applications that are installed in secure locations Disabled Basic Computers GPO 
  - User Account Control: Run all administrators in Admin Approval Mode Disabled Basic Computers GPO 
  --> System/Group Policy
  Policy Setting Winning GPO 
  - Startup policy processing wait time Enabled Basic Computers GPO 
  Amount of time to wait (in seconds): 120 
  --> System/Logon
  Policy Setting Winning GPO 
  - Always wait for the network at computer startup and logon Enabled Basic Computers GPO 
  Thank you very much for your time.

  Hi Marco,
  Based on your description, we can enable diagnostic logging of Group Policy Software Installation processing to troubleshoot the issue.
  Regarding this point, the following article can be referred to for more information.
  How to troubleshoot software installations by using Windows application management debug logging
  http://support.microsoft.com/kb/249621
  Once you get the log, you may upload it to OneDrive and provide us the download link.
  In addition, the following article provides a step-to-step guidance for deploying software via group policy and can be referred to for double check.
  How to use Group Policy to remotely install software in Windows Server 2008 and in Windows Server 2003
  http://support.microsoft.com/kb/816102
  Best regards,
  Frank Shen

• Excel 2003 problem with group policy

  When I manually install EMET Excel 2003 works. When Emet is installed via Group Policy Excel 2003 fails to open. Excel 2010 works whether EMET is installed locally or with Group Policy. Any ideas?

  I would try exporting the policy on both installs using emet_conf --export and comparing the 2 policies
  GBS Premier Field Engineer Cybersecurity Check out my blog http://blogs.technet.com/kfalde or better yet check out http://technet.com/wiki and start contributing :)

• Remove the "Safety" tab from IE 11 tools with group policy

  Is there any way to remove the "Safety" tab or it's contents from the
  tools button in the upper right hand corner of IE 11 with Group Policy 2008 r2. I am using a GPMC on a windows 8.1 computer running IE 11. All of the computers we manage are Windows 7 pro running IE 10 or IE 11. The computers I am trying to remove the "Safety"
  from are used as library catalog computers. We have them pretty well locked down with group policy and a squid server. I just need to remove the "Safety" or the contents in it. I would love to remove the "Tools" all together but haven't
  found a way. 
  I thought maybe I could use the "Force Full Screen" but need a back, forward
  and home button.

  Hi,
  There is no method to remove this button.
  If no, like that thread, firewall and proxy could meet your requirement.
  Creating Rules that Block Unwanted Outbound Network Traffic
  http://technet.microsoft.com/en-us/library/cc732306(v=ws.10).aspx
  For Proxy, you could use this group policy to disable user to change connection setting. Navigate to
  Computer Configuration\Administrative Templates\Windows Components\Internet Explorer
  Find the following entry and enable it.
  disable changing connection settings
  Then don't grant admin permission to other user so that they cannot do any changing on computer.
  Karen Hu
  TechNet Community Support

• Pin Programs on the Windows 7 Taskbar & Start Menu with Group Policy (Windows Server 2008 R2)

  Dear ALL,
  I want to Pin Programs on the Windows 7 Taskbar & Start Menu with Group Policy (Windows Server 2008 R2) as per below description. Can someone please help me how to proceed and achieve this. 
  Pin the following applications to the Taskbar:
  Outlook
  Pin the following applications to the Start Menu:
  Outlook
  Excel
  Word
  Internet Explorer
  Software Center
  Regards,
  Amit Kumar Rao

  https://www.google.de/search?q=windows+7+pin+to+taskbar+vbs
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• How to Managing Firefox Settings with Group Policy?

  Hi
  Is there any way to manage Firefox Settings through Windows group policy?
  I want to replace Firefox with IE in the network but don't know how to customize the settings with GPO.

  There are some third party solutions that have worked for others in the past:
  You would need a user.js file and a lock file with a list a preferences please see the instructions on how to do this:
  *[kb.mozillazine.org/Locking_preferences]
  *[https://mike.kaply.com/2014/12/16/managing-firefox-with-group-policy-and-policypak/]

• Manual client deployment not picking up Group Policy provided registry settings

  We are having an issue with some laptops and machines that are turned off overnight not downloading necessary items for the SCCM 2012 client install.  We are going through the upgrade from 2007 to 2012 and are manually installing the client
  through the SCCM console.  Now that we have gotten the majority of our clients up to the 2012 version, we are planning to push the client going forward through WSUS.  Unfortunately, BITS is not allowing the update to come down in the time that some
  machines are on the network. 
  After some digging, we have concerns that the Group Policy setting for the command line properties are being ignored.
  We have the Group policy set as follows:
  /mp:oursccmserver.domain.com / service / forceinstall / BITSPriority:FOREGROUND SMSSITECODE=PRISITE FSP=OURFSP.domain.com
  However, the command line entry in the ccmsetup.log file on machines that have received the client as well as those not installing is showing the following:
  - Ccmsetup command line: "C\Windows\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf
  - Command line parameters for ccmsetup have been specified. No registry lookup for command line parameters is required.
  Can someone tell me why it is not picking up the settings in the registry?  we have verified the settings are hitting the machines from GP, just does not seem to be using them which is why we thing it is allowing BITS to throttle the download of the
  pre-reqs.
  Thanks in advance for any suggesstions/help.

  Sorry for not updating this...
  After digging for days on this and contemplating calling MSFT support, I happened to check the Client Push installation properties and found the Install properties had been removed from each of our sites (1 primary and 2 secondary's).
  Although we do not have Client Push enabled for a variety of reasons, the properties have to be set for the manual push of the client from the console.  Once we re-entered the command line options for the Push install properties, manual installation
  from the console is working as expected.

• Cannot Copy File with Group Policy Preferences

  Hi,
  I am trying to use a Group Policy Preference to copy a simple text file from a network share to a folder at the root of 'C:\' on the clients. It is not happening. I created the preference in the computer section of the GPO. It is set to create, as the file
  does not already exist on the client, with the archive bit on.
  Source: \\server.domain.com\folder\fileshare\file.txt
  Destination: C:\folder
  GPResult shows the clients are getting the GPO, but it seems as if that one setting and another is not being applied. I have no idea why this isn't working when other parts of the GPO are being applied. I read
  the documentation on the Technet page, but I must have missed something.
  Any ideas why this might not be working?
  Thanks
  Jason Watkins MCSE, MCSA, MCDBA, CCNA

  > Computers" has read access. Listing the actual file name in the
  > destination is something I would have never though to do.
  ...unless the path ends with an "\", it IS a file name, so if you had
  "C:\Folder" as the target, check your C:\ drive for a file called
  "Folder" :)
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Help with Group Policy

  Hello all,
  I am new to Group Policy. Server is running Windows 2008 R2. All client on Win 7. I have made a folder redirect by creating it on Default Domain Policy instead of creating gpo. Is there a downfall and if so, how do i redo and have it fix ? 

  What if i just let stay without doing or creating the new gpo? let it be on the DDP. any issue will arise or possibilities that might will mess with the system or client pc connected to domain ? 
  You can let it be, it will not cause harm with anything at all.
  It is fine, in a small and simple network, which does not change often, for these things to remain.
  If you have a complex network, with many different GP configurations required, having such settings in your DDP can then be a problem, to achieve your desired different/granular settings, e.g. different settings for different departments.
  If the DDP (which applies to all departments) contains this setting, then, how do you set it differently for two departments?
  But if your network is small and simple, it's fine to do this.
  If you have no expectation that in the future it will cause constraint for you, it's fine like this.
  You can always change it later, but, it might be more effort then, compared to now?
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Remove "Mark All as Read" button with Group Policy from Outlook 2013

  Under the Folder tab in Outlook 2013, there is a "Mark All as Read" icon. How can I permanently delete this icon? I remember doing so with Outlook 2003 / 2007 through a Group Policy setting. Not sure how to take care of that with Outlook 2013...I
  think I need an ID code? I've tried right-clicking the icon and choosing Customize the Ribbon, but you can't remove the "Mark All as Read" as a single icon, you have to get rid of the entire Folder tab. Thanks!

  Hi,
  Yes, we can disable the “Mark All as Read” button in Outlook 2013 by using control IDs. Please follow the steps below to achieve the goal:
  1. Press Windows key + R, type gpedit.msc in the
  Run command and press Enter.
  2. In the Group Policy Management Editor navigation pane, locate
  User Configuration >
  Administrative Templates > Microsoft Outlook 2013 > Disable Items in User Interface > Custom
  3. In thedetails pane, double click to open
  Disable command bar buttons and menu items.
  4.
  Choose Enabled, and then choose
  Show.
  5. In the Show Contents dialog box, under
  Value, enter the control ID for the command that you want to disable. The control ID to disable
  “Mark All as Read” button is 1906.
  6. When you have finished entering control IDs, choose
  OK, and then choose OK again to exit the
  Disable commands dialog box.
  For more information about control IDs, please refer:
  http://technet.microsoft.com/en-us/library/cc179143(v=office.15).aspx
  Hope this helps.
  Best Regards.
  Steve Fan
  Forum Support
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  If you have any feedback on our support, please click
  here