Group Policy application frequency even if policy hasnt changed - Server 2012 R2
Hi,
I'm aware of the group policy refresh intervals which apply only if the policy has changed. If I remember correctly, Server 2003 applied policies every 16 hours even if they hadnt changed. A sort of "to be sure, to be sure" setting. Does
this exist on Server 2012 R2 and is there a link with some doco that states this please?
Thanks
David Z
> the policy has changed. If I remember correctly, Server 2003 applied
> policies every 16 hours even if they hadnt changed. A sort of "to be
> sure, to be sure" setting. Does this exist on Server 2012 R2 and is
> there a link with some doco that states this please?
This is still true, but it applies only to "Security Settings" within
all GPOs. I'm unaware of current docs on that.
Greetings/Grüße,
Martin
Mal ein
gutes Buch über GPOs lesen?
Good or bad GPOs? - my blog…
And if IT bothers me -
coke bottle design refreshment (-:
Similar Messages
-
How do I setup Active Directory and Group Policy on Windows Server 2012?
I work for a school district that uses a Windows 2012 server with about 400 Windows 7 PCs and 150 Mac PCs. We are set up with Roaming Profiles on the PCs and would like to be able to setup Active Directory, Group Policy, and Roaming Profiles on our macs. (We also have a mac server that they are using as a file server only) As we are a school, our funds are very low. Now for the questions...
Is there a software that allow us to accomplish this?
Is there a free solution or a very reduced price option to do this?
I heard that http://www.centrify.com/products/mac-edition.asp may accomplish this and I read something about it on here but didn't know if this is what I was really trying to do becuase it was marked as "The Golden Triangle" and did not mention Raoming Profiles. This is the link though: https://discussions.apple.com/message/17200059#17200059
Any help would be greatly appreciated.The above reply does not take into account that I am trying to use GROUP POLICY EDITOR to make it the default browser.
-
Unable to edit the "Default Domain Controllers Policy" from a Server 2012 machine
I am unable to edit the "Default Domain Controllers Policy" from a Server 2012 machine. The error message i recieve is:
"Failed to open the group policy object. You might not have the appropriate rights. Details: The volume for a file has been externally altered so that the open file is no longer valid."
The domain controllers are running Windows 2012 R2 upgraded from Windows 2008 R2, the domain functional level is Server 2012.
I am able to edit the policy from both a Windows 7 and Server 2008 R2 machine.
The following post is identical however the fix for them does not work for me:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/2d968a05-2cff-4dd0-9c5d-dd810d1fa66f/cant-edit-default-domain-controllers-policy-on-windows-8-or-server-2012
Any ideas?MuhammadUmar
Yes, the Unique ID is available on 2012 server
Lany Zhang
This only affects the default domain controllers policy object
Another user added to amins and tested has no effect
It is the same on another server
DCDiag passes all tests
Thanks for all your help so far -
Windows 8 and IE10 and 11 not accepting Proxy Settings via Group Policy from windows server 2003
Hi
We are still running Windows Server 2003 with a Win7 and Win8 desktop environment. I can control Win7 IE9 settings,
But Win8 systems are running IE10. We have an internal proxy server.
Is there any way to force the proxy settings to the Win8/IE10 or 11 systems .
i have tried with The IE 10 .adm template and applied gpo,but does not have any proxy settings for ie10 and no changes were applies
please can anyone help me regarding this
i want to apply GPO from windows server 2003 to windows 8 ie10/11
Thanks
KNCHi,
I agree with Zanderol24, we can install RSAT on a windows8 client, and then we can use Group Policy Management to manage group policy from the client.
For more information about RSAT, we can refer to the following link:
Remote Server Administration Tools (RSAT) for Windows Client and Windows Server (dsforum2wiki)
http://social.technet.microsoft.com/wiki/contents/articles/2202.remote-server-administration-tools-rsat-for-windows-client-and-windows-server-dsforum2wiki.aspx
For more detailed information about how to use GPP to configure the proxy setting for ie10 and ie11, we can refer to the following link:
How to configure Group Policy Preference settings for Internet Explorer 11 in Windows 8.1 or Windows Server 2012 R2
http://support.microsoft.com/kb/2898604
When we use GPPs you need to be aware of the F5-F8 keys:
Red / Green: GP Preferences doesn’t work even though the policy applied and after gpupdate \force
http://blogs.technet.com/b/grouppolicy/archive/2008/10/13/red-green-gp-preferences-doesn-t-work-even-though-the-policy-applied-and-after-gpupdate-force.aspx
Besides, aside from using group policy to manage IE, IEAK can also be used to do this.
For IEAK, the following article can be referred to for more information.
Internet Explorer Administration Kit (IEAK) Information and Downloads
http://technet.microsoft.com/en-in/ie/bb219517.aspx
Best Regards,
Erin -
Group Policy Error on WS 2012 Standard R2
Hi,
Is there anybody experiencing below given error messages ? Its coming to some of the terminal users and is not consistent. At that point of time they cant open mapped drives from the RDWEB session.
There are no known DNS issues, UAC is disabled.
The user 'P:' preference item in the 'Drive Maps Policy {94C23C7F-2EF8-4CA1-B3DF-C0CAF937EDE2}' Group Policy Object did not apply because it failed with error code '0x800704b8 An extended error has occurred.' This error was suppressed.
Log Name: Application
Source: Group Policy Drive maps
Event ID: 4098
Level: Warning
--------ANOTHER ERROR MESSAGE ------------
The user 'X:' preference item in the 'Drive Maps Policy {94C23C7F-2EF8-4CA1-B3DF-C0CAF937EDE2}' Group Policy Object did not apply because it failed with error code '0x80070008 Not enough storage is available to process this command.' This error was suppressed.
Log Name: Application
Source: Group Policy Drive maps
Event ID: 4098
Level: Warning
I can't find any error message related to DNS in event viewer, all records look good to me.Hi,
As I go through the .xml logs, nothing special was detected.
Would you please let me the file server's hardware configuration and how is the server's performance?
Besides that, could you please ask user to try on another pc and check if the problem still occurs.
Then we may able to narrow down the scope for troubleshooting.
Thanks and regards,
Elaine
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Renamed Domain - Clients Still "joined" to old domain, can't open Group Policy Management on Server
Performed a Domain Rename as per the following instructions:
http://www.bauer-power.net/2011/05/renaming-windows-domain-with-rendom.html#.U4OZRPmSyTM
and then after these issues I have gone through the related technet articles starting here:
http://technet.microsoft.com/en-us/library/cc794793(v=ws.10).aspx
specifically the Fix Group Policy Objects and Links.
But still I have the following issues:
At least for group policy clients believe they are on the old domain - despite even having renamed the computers with the new domain name.
When I perform a gpresult the output file shows as being connected to the old Domain - despite manually going into computer properties and renaming the computer with the new domain name...
CN=Allister Wade,OU=Users,OU=Home,DC=NEWDOMAIN,DC=local
Last time Group Policy was applied: 27/05/2014 at 5:36:31 AM
Group Policy was applied from: finch.newdomain.local
Group Policy slow link threshold: 500 kbps
Domain Name: OLDDOMAIN
Domain Type: WindowsNT 4
On the server I cannot open Group Policy Management on the single Domain Controller as it is looking for a DC on the old Domain:
Even though it has listed the new domain in the root of the management console when I attempt to expand it out I am prompted:
"The specified domain controller could not be contacted. This affects the following domain in the console.
Domain: olddomain.local
The error was:
The specified domain either does not exist or could not be contacted."
I can select to remove the domain from the console but this does nothing - as said it already shows the new domain in the console.
Far as I am aware the clients should not even of needing renaming or changing the domain, but were having authentication issues before I did this. Not sure what I have done wrong here..?Client's NSLookup shows "UnKnown" as DNS Server so thought to check DNS out.
This is result of dcdiag /test:DNS.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = finch
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FINCH
Starting test: Connectivity
......................... FINCH passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FINCH
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... FINCH passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : NEWDOMAIN
Running enterprise tests on : NEWDOMAIN.local
Starting test: DNS
Test results for domain controllers:
DC: finch.NEWDOMAIN.local
Domain: NEWDOMAIN.local
TEST: Delegations (Del)
Error: DNS server: finch.olddomain.local. IP:<Unavailable>
[Missing glue A record]
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 203.12.160.35 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 203.12.160.35
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: NEWDOMAIN.local
finch PASS PASS PASS FAIL PASS PASS n/a
......................... NEWDOMAIN.local failed test DNS -
Group policy for changing binding order of network adapters
Hi,
We have enabled Wifi and Wired (LAN) connections at the same time for users using group policy. Both connections works properly on laptops. Now some applications are not working due to routing issues as same connections are working at the same time.
We want to change connections priority in such a way that Wired (LAN) should always take priority over WiFi connections.
http://support.microsoft.com/kb/894564 describes method for changing same on single computer.
Can this be achieved using group policy.
Mukesh S MCITP Exchange 2007Hi,
There is no corresponding group policy settings which can change binding order of NIC. However, in the article you provided, it says that we can create a fixed metric by changing
the InterfaceMetric registry value or set the interface metric by using a script. In this way, we can choose to use Group Policy Preferences Registry extension to deploy the registry change to clients, or we can use group policy to deploy the script to clients.
Regarding GPP registry extension, the following article can be referred to for more information.
Registry Extension
http://technet.microsoft.com/en-us/library/cc771589.aspx
If we choose to deploy script via group policy, we can assign computer startup script or user logon script.
Regarding this point, the following article can be referred to for more information.
Assign computer startup scripts
http://technet.microsoft.com/en-us/library/cc779329(v=WS.10).aspx
Assign user logon scripts
http://technet.microsoft.com/en-us/library/cc781361(v=WS.10).aspx
Best regards,
Frank Shen -
IE10 Group Policy Preferences on Server 2008R2
Hi
I am trying to manage IE10 via Group Policy Preferences in a Windows 2008R2 Domain. I only see options for Internet Explorer 5, 6, 7 & 8. How do i make it display IE10? I have tried installing IE10 to a server with the Group Policy
Management Console and even tried adding the ADMX & ADML intres files from the Server 2012 ADMX download available from Microsoft. Currently we do not have a central ADMX Store but i created one to see if it would make a difference and it did not.
We do not have any Server 2012 or Windows 8 machines available so i can not configure it thorough there. I really want to get it added to the GP Preferences in Server 2008R2. Any help appreciated.
Thanks> 2008R2 Domain. I only see options for Internet Explorer 5, 6, 7 & 8.
Edit the XML.
http://blogs.technet.com/b/asiasupp/archive/2011/03/30/internet-explorer-9-ie9-group-policy-preferences-gpp.aspx
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
How to set up Group Policy without any server installed
How to set up Group Policy on Win8 without any server installed?
I have set up 50 users on LAN and want to push softwares via one common point. From google I found to deploy Software using Group Policy. But then Group Policy occurs in Servers and I don't have any server set up.Hello,
a Domain requires at least one Windows server OS machine which has Active Directory installed.
As previous already mentioned from SenneVL this also requires that computers are added to the domain and that you create user accounts in Active Directory users and computers which stores the account information in the Active directory database.
In your case with single computers each machine has its own database(SAM) which stores passwords etc. this is different in a domain.
Each computer has a local policy which will be overwritten from centrally managed policies from the domain.
"The common point would be my PC (Admin PC) ."
This machine can not be used for your needs with software installation for 50 computers.
"How To Use the Group Policy Editor to Manage Local Computer Policy."
This is about the local machine and you cannot manage them for other computers from your Admin PC.
"DOMAIN part: By default Microsoft takes everyone on Workgroup. Is that not a default DOMAIN? or should I make one lets say "ABC" on every PC ?"
NO, this is NOT a domain.
http://windows.microsoft.com/en-us/windows7/what-is-the-difference-between-a-domain-a-workgroup-and-a-homegroup
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
Hi Everyone,
I have a question related to RDweb service.
I have successfully installed RD web role on windows server 2012 R2.
All went ok. I also installed a valid third party certificate.
I can connect from outside to the server and run applications using any devices: Ipad’s, mobiles and laptops.
The problem is that: Any Computer/Laptop that is joined on the domain can connect to RDWEB from outside the company BUT CAN'T RUN ANY APPLICATIONS. The RD session is taking long time it failes.
Note that from inside the network is working.
What it can be?
Thank you in advance,
CrissHi,
The internet connection from where I’m doing the tests is quite good. I think the error with the latency is not relevant because probably the computerRD gateway it doesn’t allow it and that way it fails with this error. For a computer that never been joined
on the domain is working perfect no delay at all..
We are using RD Gateway … installed everything on the same machine Windows server 2012 R2.
When I click RemoteApp I see the remote the prompt of RD gateway, I click ok, then nothing happened for 2-3 min. after this time it brings the error with the delay.. OR “couldn’t connect on the remote computer because an error occurred on the remote
computer that you want to connect to.”
Again, the connection is failing ONLY when we try to connect from outside the company and it happened ONLY with the Computers that are joined on the Domain.
EX: An user (with Office Laptop - joined on domain) can connect to RD Gateway and lunch the RemoteApp’s from inside LAN but when is leaving Home can’t run the Remote App;s. In the meantime he can connect and run RemoteApp’s with his private computer.
What it can be different between the Office and his home private computer?
For Outside users we’ve have open only port 443 on firewall. Why need to open UPD 3391?
I’ve notice that if I take a laptop that is working and join it on the domain it will have the same issue. If will dis-join it will still have the same issue after all.
Thank You -
ServerManager.exe - This application could not be started. - Windows Server 2012 R2
Hello All,
We have a Dell Precision M4800 installed with Windows Server 2012 R2, and we are unable to get the Server Manager working. When we click on ServerManager, the below error occurs,
Error Message: ServerManager.exe - This application could not be started.
Action Taken:
1. Windows Updates, and Windows Security Updates are up-to-date, rebooted
2. Display Drivers are updated, rebooted
3. .NET Framework 4.5.2 is updated, rebooted
Still the same error. Please assist.
Thank you, Anand
Anand FranklinHi,
Thanks for your post.
Usually, ServerManager.exe error may be caused by:
The registry key of ServerManager.exe is invalid or damaged.
Computer malware has injected malicious code and modified ServerManager.exe file.
The ServerManager.exe file was uninstalled by other software.
The ServerManager.exe file was intentionally or mistakenly deleted by other software.
The required version of ServerManager.exe file is overwritten by other software.
There is a hardware failure, such as a bad hard disk.
You can use the following solutions as the article mentioned to fix ServerManager.exe error:
http://www.fixerrorhelps.com/fix-pc-error/how-to-fix-ServerManager.exe-error.html
If all the suggestions did not work, i think we need to reinstall the Operating System.
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Adding a Registry Key via Group Policy on Windows server 2008 R2
Hi all;
I need to add the following Registry Key and values to several PCs across the network, I tried doing so via a logon script and via Registry Preferences through GP but it didn't work!
Method 1: Logon script:
regedit.exe /S \\bbk-files\BBK Templates\slxbasic.reg
The slxbasic.reg contains the following:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\SalesLogix\ADOLogin\Connection1]
"Alias"="BBKSLX_PRODUCTION"
"Provider"="SLXOLEDB.1"
"Initial Catalog"="BBKSLX_PRODUCTION"
"Data Source"="BBK-SLX1"
"DBUser"=""
"Extended Properties"="PORT=1706;LOG=ON"
Method 2: GP Preference:
I add the above mentioned values via the GP Preference for the Registry and still didn't work, I also tried the Registry wizard and imported the required Registry info from another PC and still didn't work.
When I check the GP result for the required PCs, I see that the GP is applied, but when I check the registry, I don't find the required values their!
Please help.Hi,
>>When I'm processing a GP results report, I'm processing it for a certain PC and a certain user, and I look at the User's applied policies and I can find the policy
there.
How is the issue going? Are we still unable to see the value in the Registry?
>>Users have permissions on the shred drive and can navigate to the location and run the .reg file manually.
After we ran the script manually, did we check the Registry to see if the value had been changed?
Best regards,
Frank Shen -
Mobile AnyConnect group policy proxy settings
For Android or iPhone anyconnect client is it possible to have the group policy proxy settings take effect?
When connecting via desktop client these settings set the OS proxy settings. However for mobile platforms proxy settings are usually set on a WIFI connection profile.
Thanks
Sent from Cisco Technical Support Android AppHi,
As stated in this
article:
"this is a BIG, BIG, BIG development in the world of GP. Finally, Microsoft has made a clear and bold statement–don’t use IE Maintenance Policy anymore." (Windows Server 2012 and Windows 8)
So, please use Group Golicy Preference:
Computer or User Configuration\Preferences\Control Panel Settings\Internet Settings
The problem has been discussed in:
Missing Proxy Group Policy Setting - Windows Server 2012
http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/5c03a102-7d06-462a-b821-f2d69df7ab0a
Regards,
Cicely -
The setting can be found in the following location:
From the “Charm” bar, Settings>Change PC Settings>Users>Sign-in Options> click the “Change” button next to “Any user who has a password must enter it when waking this PC”.
I am looking to disable this option via Group Policy on our domain, but am unable to find a default policy related to this setting. I am searching Group Policy on a Server 2012 machine, and in local Group Policy in Windows 8, but have found nothing.
Hoping I'm just missing the location of this and someone can point me to the right place.
Regards,
-BNThere is no specific policy for this item. Please set “Require a password on wakeup” policy instead.
Niki Han
TechNet Community Support
I'm using Windows Server 2012 R2, and I can't find the above quoted policy, and don't know where to anymore where to look. I searched for "Require a password when the computer wakes up", but it took me to the "Define Power Buttons and Turn On
Password Protection" page of System Settings, but there's NOTHING there except the "When I press the power button". I really want to stop having to enter a password every time I wake up the monitor screen.
Capt. Dinosaur -
Group Policy control of ActiveX installation
Our users are on Windows 8.1 and IE 11.
We use SQL reporting services at our company. Our users run reports from the Report Manager, which uses an ActiveX control to enable printing.
I need to allow our normal users to install this ActiveX control. Looking at this page http://technet.microsoft.com/en-us/library/dn454941.aspx I added the CLSID of the control to a GPO under
Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management. I linked
this GPO to an OU.
Even after making sure the policy was applied to the the computer, this ActiveX control still required popped a UAC dialog to allow the installation of this control.
What do I need to do to make this work?Hi,
Please follow these steps:
Step 1: Convert ActiveX exe or cab file to MSI package
===================================
Install visual studio installer to create .msi package of ActiveX Control
Downloaded free Visual Studio installer from
http://msdn.microsoft.com/en-us/vs2005/aa718352.aspx
But this requires Visual Studio 6.0 to be installed
Step 2: Place the package in network share where all the users have access
Step 3: Create an organizational unit (OU) in active directory
Step 4: Add a group policy object (GPO) to the OU
Step 5: Publish the package using this GPO
=============================
1. Open Group Policy editor and go under User Configuration > Software Settings ->"Software Installation"
2. Right-click, select new > package, and browse to the package (make sure it's on a network location that all of his users will be able to access, because this is going to become the distribution point)
3. Once you choose a package, choose "Advanced" from the options list
4. On the Deployment tab, select "Assigned", click the "Advanced" button at the bottom, and make sure that "Include OLE class and product information" is checked, and that "Make this 32bit x86 application available to Win64
machines" Also, on the "Deployment" tab, make sure that "Install this application at logon" is checked.
After that, please be assured that we need to run gpupdate /force command on the client machines after applying the group policy on the server side.
Now log in to client machine using the user login created in the OU to check if it can work properly.
For more information, please refer to this article:
How To Install ActiveX Controls in Internet Explorer Using the Active Directory
http://support.microsoft.com/kb/280579
Karen Hu
TechNet Community Support
Maybe you are looking for
-
Lately my iPod touch 4G has not been receiving photos from my wife through IMessage, when the photo is received I can see it for less than half a second, then it disappears. If I restart my iPod sete it shows up as unknown and a question mark, instea
-
I am using Lightroom 3 and need to access a catalog I created with a trial version of Lightroom 4.
I need to access a catalog I created with a trial version of Lightroom 4. I am currently using Lightroom 3. Can someone help me find a way to get my images from this catalog? I don't want to upgrade at this point as I am running on a mid 2007 iMac
-
Removing fields from function profiles
Hi Some one please help me in removing fields from a function profile. PFA for your reference Regards, Prem
-
Exporting photos and metadat from iPhoto '09 to Lightroom 3
After several years managing 110K+ photos and movies in iPhoto, I am reluctantly considering moving to Adobe Lightroom. I paid $200 for Aperture, but the most recent releases of both Aperture and iPhoto are so buggy that I'm not upgrading. I was very
-
Hi, my pretty new iPod Touch (6 months old) has stopped working. It is completely locked, and the only message I get is "iPod is deactivated. Try again in 22.000.000 minutes." This also happens after reboot. What can be the problem?