Group policy changed/device drivers

  I admit, I should not have used slimdrivers to undtae my drivers but, I did.  I only used it once and decided I wanted to use my pcs tools to updated rivers. I restored all drivers from slimdrivers and then went to device manager to update
my drivers.  Ok, so far, im trying to get to my problem bare with me.  After I did all this, I had been having troubles with my browser so I changed to comodo dragon.  I was having problems with my point device (synaptics) and though maybe the
driver didn't install correctly or at all so when I went to device manager to update from there again, an error report came up saying that I have installed another ps/2 pointing device driver please uninstall the synaptics driver by clicking yes then you need
to reinstall your pointing device driver for your external device again. first off, I didn't change drivers for an external device.  unless its referring to my laptop which is a HP G60-635Dx notebook, windows 7 (2009) It asked me if I wanted to uninstall
and I said no.  My cursor was moving erratically while pointing to my game icons on zoo world 1 game on Facebook. it doesn't do this anywhere else when im on my laptop. just on the game. and only in  comodo dragon.  I switched back to IE 10
for now. chrome isn't an option as I deleted my user profile upon uninstalling it and deleting the browser history during uninstall. (I read later you cant so that or chrome wont reinstall)  Unless you go to registry and reset the values to zero and im
to chicken to try it. I got the insturctions but, not the confidence.  Ok so back to my problem.  when slimdrivers was installed, from what I researched, did I give them permission as an administrator to update drivers?  and did that take away
my advantages as an admin ?  Im only asking this because when I was going thru the motions to control panel to figure things out, a lot of errors arose. one being that I changed my group policies and I know I didn't do it manually.  Thru my research,
all I came up with is that group policies can be changed when you do something Like I did getting another website to download and install drivers. if I am right about this, how can I change the policy? should I e-mail slimdrivers?  or is there an easy
way I can do it from my pc?  another issue that arose was my error report says that my fire wall failed to load recommended setting for the firewall error code )x 80070422. I researched that on MS community by the error code but didn't get a fix. 
another error code when I tried to go to advanced setting to change firewall settings was )x609. I couldn't have 2 firewalls set to on so I turned off windows defend FW because everytime Kaspersky updates the software, they turn theirs back on but windows
wont during their updates.  I got all these problems because os slimdrivers. I didn't have nay of them before.  restore points didn't work for me either. Do you think a tecj from here can help me solve these issues one at a time. I am a middle of
the road Pc user but unstand directions as long as abrv. aren't always used when helping me.  thank you so very much.  J.R.

Hi Sablecat60,
According to your description, there are several errors: a lot of errors arose in control panel, group policies relating drivers and firewll failed to load recommended settings. Please give more detailed information about the issue to help us understand
correctly.
Since this is a forum about Group Policy and this issue is more than taht, and as you said you got all these problems
because os slimdrivers. We would try our best to help you. For your information, you can also connect
http://www.driverupdate.net/support.php
to get more help.
Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Regards,
Lany Zhang

Similar Messages

  • Domain Group Policy changes causes clients to be unable to connect to WSUS for Windows Updates

    Domain Controller is Windows Server 2008 R2 64-bit, Group Policy Management version 6.0.0.1. WSUS server is Windows Server 2008 Enterprise 32-bit, Update Services version 3.2.7600.226. Client machines are Windows 7, some are 64-bit and some are 32-bit.
    Every time we make any changes to any of our Group Policies most of our clients stop getting their Windows Updates from the WSUS server within 2-3 days. This occurs when we add a new policy for a group of users, temporarily disable a policy or edit a policy.
    Check of the WindowsUpdate.log on affected client machines shows:
    2014-06-25 13:40:44:976  760 1610 PT WARNING: GetAuthorizationCookie failure, error = 0x80072EE2, soap client error = 5, soap error code = 0, HTTP status code = 200
    2014-06-25 13:40:44:977  760 1610 PT WARNING: Failed to initialize Simple Targeting Cookie: 0x80072ee2
    2014-06-25 13:40:44:977  760 1610 PT WARNING: PopulateAuthCookies failed: 0x80072ee2
    2014-06-25 13:40:44:977  760 1610 PT WARNING: RefreshCookie failed: 0x80072ee2
    2014-06-25 13:40:44:977  760 1610 PT WARNING: RefreshPTState failed: 0x80072ee2
    2014-06-25 13:40:44:977  760 1610 PT WARNING: PTError: 0x80072ee2
    2014-06-25 13:40:44:977  760 1610 Report WARNING: Reporter failed to upload events with hr = 80072ee2.
    A further check of the log files shows:
    2014-06-21 19:36:06:995  156 1b0c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <proxy server name:8080> Bypass List used : <(null)> Auth Schemes used : <>
    We do not use a proxy except for Internet connections. We configure IE with a pac file. This is set through Group Policy since we restrict user accounts from being able to set it. 
    The clients that are connecting to the WSUS server have these entries instead:
    2014-06-24 09:12:16:779  992 270 Agent Setting download properties on call A20329BC-3467-4B7E-B9F4-6AC6ACBA23E1: priority=3, interactive=1, owner is system=0, proxy settings=1, proxy session id=2
    I have a routine that will fix the problem but it is time-consuming and pulls me away from other things I should be doing:
    Run registry files on client machine (WindowsUpdate and AU) This is not always necessary and is already set by Group Policy and the affected clients already have the registry settings. No idea why it is necessary to do but it the steps below don't always
    work unless it is.
    netstop bits and netstop wuauserv
    ipconfig /flushdns
    Delete qmgr*.* files from Downloader folder
    Delete Software Distribution folder
    Run from command prompt:
    sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
    sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
    netstart bits and netstart wuauserv
    wuauclt /resetauthorization /detectnow
    Run Windows Updates again from Control Panel
    This routine always fixes the problem but I've found that I must do each step to guarantee success.
    How or where is the proxy setting being changed for WSUS that we see in the WindowsUpdate logs and how do I prevent this from happening? It is also curious that it happens to most but not all of the client machines. When it does happen it's not always the
    same client machines.

    You're right - the WSUS server is on the inside and does not need a proxy server. Tried running the netsh winhttp reset proxy command but was still not able to connect to the WSUS server. After running the netsh winhttp reset proxy command received response:
    Current WinHTTP proxy setting: Direct access <no proxy server>.
    Ran the command at 13:49 and then tried Windows Updates again. Here's snippet from the log file:
    2014-06-27 13:49:56:889  548 f6c AU Triggering AU detection through DetectNow API
    2014-06-27 13:49:56:890  548 f6c AU Triggering Online detection (interactive)
    2014-06-27 13:49:56:890  548 4b8 AU #############
    2014-06-27 13:49:56:890  548 4b8 AU ## START ##  AU: Search for updates
    2014-06-27 13:49:56:890  548 4b8 AU #########
    2014-06-27 13:49:56:893  548 4b8 AU <<## SUBMITTED ## AU: Search for updates [CallId = {9CE06AB2-E859-4B4D-8D1A-193AD89623C5}]
    2014-06-27 13:49:56:893  548 1260 Agent *************
    2014-06-27 13:49:56:893  548 1260 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2014-06-27 13:49:56:893  548 1260 Agent *********
    2014-06-27 13:49:56:893  548 1260 Agent   * Online = Yes; Ignore download priority = No
    2014-06-27 13:49:56:893  548 1260 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1
    or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2014-06-27 13:49:56:893  548 1260 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2014-06-27 13:49:56:893  548 1260 Agent   * Search Scope = {Machine}
    2014-06-27 13:49:56:893  548 1260 Setup Checking for agent SelfUpdate
    2014-06-27 13:49:56:893  548 1260 Setup Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
    2014-06-27 13:49:56:894  548 1260 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
    2014-06-27 13:49:56:901  548 1260 Misc  Microsoft signed: Yes
    2014-06-27 13:49:56:927  548 1260 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
    2014-06-27 13:49:56:934  548 1260 Misc  Microsoft signed: Yes
    2014-06-27 13:49:56:936  548 1260 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
    2014-06-27 13:49:56:943  548 1260 Misc  Microsoft signed: Yes
    2014-06-27 13:49:56:956  548 1260 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
    2014-06-27 13:49:56:962  548 1260 Misc  Microsoft signed: Yes
    2014-06-27 13:49:56:974  548 1260 Setup Determining whether a new setup handler needs to be downloaded
    2014-06-27 13:49:56:974  548 1260 Setup SelfUpdate handler is not found.  It will be downloaded
    2014-06-27 13:49:56:974  548 1260 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
    2014-06-27 13:49:56:976  548 1260 Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
    2014-06-27 13:49:56:976  548 1260 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
    2014-06-27 13:49:56:989  548 1260 Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
    2014-06-27 13:49:56:989  548 1260 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
    2014-06-27 13:49:57:007  548 1260 Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
    2014-06-27 13:49:57:007  548 1260 Setup SelfUpdate check completed.  SelfUpdate is NOT required.
    2014-06-27 13:49:57:165  548 1260 PT +++++++++++  PT: Synchronizing server updates  +++++++++++
    2014-06-27 13:49:57:165  548 1260 PT   + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
    http://(FQDN of WSUS server)/ClientWebService/client.asmx
    2014-06-27 13:49:57:175  548 1260 PT WARNING: Cached cookie has expired or new PID is available
    2014-06-27 13:49:57:175  548 1260 PT Initializing simple targeting cookie, clientId = 6be4a1ae-3313-4855-bdb1-57e3312f03ec, target group = AGENCIES, DNS name = dpk2.clear-rcic.rcc.org
    2014-06-27 13:49:57:175  548 1260 PT   Server URL =
    http://(FQDN of WSUS server)/SimpleAuthWebService/SimpleAuth.asmx
    2014-06-27 13:50:57:280  548 1260 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(proxy server):8080> Bypass List used : <(null)> Auth Schemes used : <>
    2014-06-27 13:50:57:281  548 1260 PT   + Last proxy send request failed with hr = 0x80072EE2, HTTP status code = 0
    2014-06-27 13:50:57:281  548 1260 PT   + Caller provided proxy = No
    2014-06-27 13:50:57:281  548 1260 PT   + Proxy list used = webgate.rcc.org:8080
    2014-06-27 13:50:57:281  548 1260 PT   + Bypass list used = <NULL>
    2014-06-27 13:50:57:281  548 1260 PT   + Caller provided credentials = No
    2014-06-27 13:50:57:281  548 1260 PT   + Impersonate flags = 0
    2014-06-27 13:50:57:281  548 1260 PT   + Possible authorization schemes used =
    2014-06-27 13:50:57:281  548 1260 PT WARNING: GetAuthorizationCookie failure, error = 0x80072EE2, soap client error = 5, soap error code = 0, HTTP status code = 200
    2014-06-27 13:50:57:281  548 1260 PT WARNING: Failed to initialize Simple Targeting Cookie: 0x80072ee2
    2014-06-27 13:50:57:281  548 1260 PT WARNING: PopulateAuthCookies failed: 0x80072ee2
    2014-06-27 13:50:57:281  548 1260 PT WARNING: RefreshCookie failed: 0x80072ee2
    2014-06-27 13:50:57:281  548 1260 PT WARNING: RefreshPTState failed: 0x80072ee2
    2014-06-27 13:50:57:281  548 1260 PT WARNING: Sync of Updates: 0x80072ee2
    2014-06-27 13:50:57:281  548 1260 PT WARNING: SyncServerUpdatesInternal failed: 0x80072ee2
    2014-06-27 13:50:57:281  548 1260 Agent   * WARNING: Failed to synchronize, error = 0x80072EE2
    2014-06-27 13:50:57:282  548 1260 Agent   * WARNING: Exit code = 0x80072EE2
    2014-06-27 13:50:57:282  548 1260 Agent *********
    2014-06-27 13:50:57:282  548 1260 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2014-06-27 13:50:57:282  548 1260 Agent *************
    2014-06-27 13:50:57:282  548 1260 Agent WARNING: WU client failed Searching for update with error 0x80072ee2
    2014-06-27 13:50:57:302  548 e04 AU >>##  RESUMED  ## AU: Search for updates [CallId = {9CE06AB2-E859-4B4D-8D1A-193AD89623C5}]
    2014-06-27 13:50:57:302  548 e04 AU   # WARNING: Search callback failed, result = 0x80072EE2
    2014-06-27 13:50:57:302  548 e04 AU   # WARNING: Failed to find updates with error code 80072EE2
    2014-06-27 13:50:57:302  548 e04 AU #########
    2014-06-27 13:50:57:302  548 e04 AU ##  END  ##  AU: Search for updates [CallId = {9CE06AB2-E859-4B4D-8D1A-193AD89623C5}]
    2014-06-27 13:50:57:302  548 e04 AU #############
    2014-06-27 13:50:57:303  548 e04 AU Successfully wrote event for AU health state:0
    2014-06-27 13:50:57:303  548 e04 AU AU setting next detection timeout to 2014-06-27 22:50:57
    2014-06-27 13:50:57:304  548 e04 AU Setting AU scheduled install time to 2014-06-28 05:00:00
    2014-06-27 13:50:57:304  548 e04 AU Successfully wrote event for AU health state:0
    2014-06-27 13:50:57:305  548 e04 AU Successfully wrote event for AU health state:0
    2014-06-27 13:51:02:285  548 1260 Report REPORT EVENT: {BD25B39C-6570-454C-A046-AF3AF2DEBDD4} 2014-06-27 13:50:57:282-0400 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80072ee2 AutomaticUpdates Failure Software
    Synchronization Windows Update Client failed to detect with error 0x80072ee2.
    2014-06-27 13:51:02:295  548 1260 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
    2014-06-27 13:51:02:295  548 1260 Report WER Report sent: 7.6.7600.256 0x80072ee2 00000000-0000-0000-0000-000000000000 Scan 101 Managed
    2014-06-27 13:51:02:295  548 1260 Report CWERReporter finishing event handling. (00000000)
    2014-06-27 13:51:48:184  548 4b8 AU ###########  AU: Uninitializing Automatic Updates  ###########
    2014-06-27 13:51:48:187  548 4b8 DnldMgr FATAL: DM:CBitsJob::SetCallbackHandler: SetNotifyInterface failed with 0x80080008.
    2014-06-27 13:51:48:187  548 4b8 DnldMgr FATAL: DM:CBitsJob::SetCallbackHandler: SetNotifyInterface failed with 0x80080008.
    2014-06-27 13:51:48:187  548 4b8 DnldMgr FATAL: DM:CBitsJob::SetCallbackHandler: SetNotifyInterface failed with 0x80080008.
    2014-06-27 13:51:48:187  548 4b8 DnldMgr FATAL: DM:CBitsJob::SetCallbackHandler: SetNotifyInterface failed with 0x80080008.
    2014-06-27 13:51:48:187  548 4b8 Report CWERReporter finishing event handling. (00000000)
    2014-06-27 13:51:48:252  548 4b8 Service *********
    2014-06-27 13:51:48:252  548 4b8 Service **  END  **  Service: Service exit [Exit code = 0x240001]
    2014-06-27 13:51:48:252  548 4b8 Service *************
    2014-06-27 13:51:53:002  548 160c Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0400)  ===========
    2014-06-27 13:51:53:002  548 160c Misc   = Process: C:\Windows\system32\svchost.exe
    2014-06-27 13:51:53:002  548 160c Misc   = Module: c:\windows\system32\wuaueng.dll
    Ran a batch file which resets the AU and WindowsUpdate registry keys and then runs the steps listed above:
    regedit /s C:\WindowsUpdate.reg
    regedit /s C:\AU.reg
    net stop bits
    net stop wuauserv
    Ipconfig /flushdns
    del C:\ProgramData\Microsoft\Network\Downloader\qmgr*.*
    del  /F /Q C:\Windows\SoftwareDistribution\*.*
    sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
    sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    After this runs, am able to connect to WSUS server for updates. I mentioned Group Policy changes because this only breaks after the Group Policy changes. It doesn't affect every client machine but most of them. Was wondering how the proxy gets reset from
    none to the proxy server for Windows Updates?

  • Group Policy changes cause Access Denied error for Domain Admin account

    Hi All,
    I am battling to get WSUS to work, and I think the route cause is problems editing the domain and domain controller group policy objects.
    We have 1 DC, approx 20 clients. 1 GPO for DC, 1 GPO for clients. Ther e is a link to the default domain GPO in our staff (users) OU, I don't know if it should be there or not.
    I log in as domain administrator, right-click the domain GPO in GPMC, click Edit.
    Find the setting I want to edit (specify intranet microsoft update service location), double click.
    Change something, click OK.
    I get error:
    Unhandled exception has occurred in a component in your application. If you click Continue, the application will ignore this error and attempt to continute.
    Access is denied. (Exception from HRESULT: 0x80070005
    (E_ACCESSDENIED)).
    I have followed the steps in the links posted by Brent in another post called: "restricting-domain-admin-account-to-edit-group-policies" (no links allowed for my account yet sorry) and the user does have edit settings, delete, modify security delecation.
    PLEASE NOTE: the solution may very well be something very simple/basic. I am reasonably computer savvy, but have just upgraded the whole network for an NGO on a voluntary basis. Never seen a sever before I came here, but I'm the best they have. Please bare
    that in mind when offering advice :)
    Any help appreciated!
    James

    More diagnostic info:
    Inside GPMC, there's Group Policy Results.
    If I right-click, Result Wizard, choose this computer, it works fine showing default domain controllers policy with alert that it's enforced.
    If I browse for another PC (it comes up as Domain\PC name), click Next, I get error:
    Failed to connect to DOMAIN\PCNAME due to the error listed below. Ensure that the Windows Management Instrumentation (WMI) service is enabled on the target computer, and consult the event log of the target computer for further details.
    Details: the RPC server is unavailable.
    If you need the recent related events, I will post them. I also checked that service on the client - it's automatic and started.
    PPS Clients are all Win 7, PCs are 32bit, laptops are 64. Server is Windows Server 2012 Datacenter. WSUS when clicking Help -> About from the snap-in/GUI: 6.2.9200.16384.
    PPPS Directory browsing for the whole WSUS object in IIS is enabled, thanks to SorinAlbu over at Spiceworks post WSUS and IIS.
    PPPPS Launching IE and loading http://servername:8530/iuident.cab fails 404 error from both clients and server. That file in C:\Program Files\Update Services\WebServices\Root\iuident.cab doesn't exist. Maybe because we recently removed the WSUS role and reinstalled
    it, to check if something went wrong the first time? It's all been configured using the snapin/GUI, but the new installation of the role hasn't yet connected to the Microsoft Update servers.
    PPPPPS Added the Application Server role with default settings as recommended by the step by step guide to WSUS at Technet. Still no dice.

  • Group Policy client Service Error - Access is denied

    I am
    at domain admin working on windows 7 roaming profiles, testing with a
    staff user.  I am in a domain environment.  I have changed the
    profile path for a user to the folder I created for new windows 7 roaming
    profiles.  gave it all the permissions noted here and followed these steps
    at Microsoft's deploying roaming profiles page for win 7.<o:p></o:p>
    once I logged in the user,
    it created their profile.v2 but I still couldn't access it.  getting
    access denied.  so I went back and changed the staff roaming profile back
    to the original profile path.  didn't make any group policy changes. 
    but now she gets group policy client service failed to logon. access is
    denied.  I have deleted the .v2 profile that win 7 creates in her old
    profile path, moved her profile path back to what is was before testing,
    retested her xp profile which does work and she can login and work. 
    but the win 7 machines no matter where she logs in, will not work.  they
    all give the same error about group policy client service failed.  no
    other users are having this problem

    Hi,
    Regarding the issue here, have you checked the below thread?
    Group
    Policy Client Service Failed the logon - Access Denied: Windows 7 Ultimate/Server 2008 R2
    Please take a try with the steps mentioned by Nina Liu.
    QUOTE here:
    At this time, let’s refer to the following steps for troubleshooting:
    1. Open registry editor on the problematic Windows 7 machine (please log in as domain admin)
    2. Highlight HKEY_USERS, choose File -> Load Hive, browse to the location of one failing roaming profile and open NTUSER.DAT file, click open
    3. Under Key Name, enter any name you like, but remember what you have entered, such as enter "test"
    4. Expand, HKEY_USERS, you should see new registry hive called "test" or any name you entered earlier
    5. Right click on that "test" hive and choose permissions. Confirm that the following users have permissions:
    - Administrators: Full Control
    - SYSTEM: Full Control
    - User (or group) that owns this profile: Full Control
    6. If the permissions were wrong, correct them, then click on Advanced tab, on Advanced tab and enable "Replace permission entries on all child objects with entries
    shown here that apply to child objects" and click Apply.
    7. Highlight "test" registry hive, then click on File -> Unload Hive to release handle on NTUSER.DAT file.
    8. Log off and log on with the failing roaming profile you have just modified.
    Any process, please feel free to contact us.
    Best regards
    Michael Shao
    TechNet Community Support

  • Adobe Reader & Acrobat 6~9 Group Policy ADM file (only applied once?)

    Hi folks. I created the below ADM template last month based on some of the ones I have seen elsewhere. I import the ADM file to use with Group Policy and make the necessary settings (need to uncheck "Only show policy settings that can be fully managed" to see it in GPO Editor).
    Anyway, when the user logs on it stamps them with the desired registry setting (bEnableJS value 0). Yay! But I notice that if a user re-enables JavaScript in Adobe Reader/Acrobat and then logs off and back on again (reboot or logoff/on) the registry setting does not get re-applied. All other pre-existing Group Policies get applied and doing a gpresult or rsop.msc has everything looking as though it did get applied.
    I notice that if I manually do a "gpupdate /force" to a logged on system the setting appears to be reapplied (need to reconfirm this though). Has anyone expierienced similar with their ADM templates for this? Perhaps I am missing something? Appreciate any help/advice.
    ; Administrative Template to enable/disable Javascript of Adobe Acrobat/Reader 6.x~9.x
    ; Version 1.0
    ; 2010/1/22
    CLASS USER
    CATEGORY !!Adobe_Acrobat_Reader_6-9
        POLICY !!JavaScript_Reader_9.x
        EXPLAIN !!JavaScript_Reader_9.x_help   
            KEYNAME "Software\Adobe\Acrobat Reader\9.0\JSPrefs"
            PART "Enable/Disable JavaScript:" DROPDOWNLIST
                VALUENAME "bEnableJS"
            ITEMLIST
                NAME !!JavaScript_Enabled VALUE NUMERIC 1
                NAME !!JavaScript_Disabled VALUE NUMERIC 0 DEFAULT
            END ITEMLIST
            REQUIRED
            END PART
        END POLICY
        POLICY !!JavaScript_Acrobat_9.x
        EXPLAIN !!JavaScript_Acrobat_9.x_help
            KEYNAME "Software\Adobe\Adobe Acrobat\9.0\JSPrefs"
            PART "Enable/Disable JavaScript:" DROPDOWNLIST
                VALUENAME "bEnableJS"
            ITEMLIST
                NAME !!JavaScript_Enabled VALUE NUMERIC 1
                NAME !!JavaScript_Disabled VALUE NUMERIC 0 DEFAULT
            END ITEMLIST
            REQUIRED
            END PART
        END POLICY
        POLICY !!JavaScript_Reader_8.x
        EXPLAIN !!JavaScript_Reader_8.x_help
            KEYNAME "Software\Adobe\Acrobat Reader\8.0\JSPrefs"
            PART "Enable/Disable JavaScript:" DROPDOWNLIST
                VALUENAME "bEnableJS"
            ITEMLIST
                NAME !!JavaScript_Enabled VALUE NUMERIC 1
                NAME !!JavaScript_Disabled VALUE NUMERIC 0 DEFAULT
            END ITEMLIST
            REQUIRED
            END PART
        END POLICY
        POLICY !!JavaScript_Acrobat_8.x
        EXPLAIN !!JavaScript_Acrobat_8.x_help
            KEYNAME "Software\Adobe\Adobe Acrobat\8.0\JSPrefs"
            PART "Enable/Disable JavaScript:" DROPDOWNLIST
                VALUENAME "bEnableJS"
            ITEMLIST
                NAME !!JavaScript_Enabled VALUE NUMERIC 1
                NAME !!JavaScript_Disabled VALUE NUMERIC 0 DEFAULT
            END ITEMLIST
            REQUIRED
            END PART
        END POLICY
        POLICY !!JavaScript_Reader_7.x
        EXPLAIN !!JavaScript_Reader_7.x_help
            KEYNAME "Software\Adobe\Acrobat Reader\7.0\JSPrefs"
            PART "Enable/Disable JavaScript:" DROPDOWNLIST
                VALUENAME "bEnableJS"
            ITEMLIST
                NAME !!JavaScript_Enabled VALUE NUMERIC 1
                NAME !!JavaScript_Disabled VALUE NUMERIC 0 DEFAULT
            END ITEMLIST
            REQUIRED
            END PART
        END POLICY
        POLICY !!JavaScript_Acrobat_7.x
        EXPLAIN !!JavaScript_Acrobat_7.x_help
            KEYNAME "Software\Adobe\Adobe Acrobat\7.0\JSPrefs"
            PART "Enable/Disable JavaScript:" DROPDOWNLIST
                VALUENAME "bEnableJS"
            ITEMLIST
                NAME !!JavaScript_Enabled VALUE NUMERIC 1
                NAME !!JavaScript_Disabled VALUE NUMERIC 0 DEFAULT
            END ITEMLIST
            REQUIRED
            END PART
        END POLICY
        POLICY !!JavaScript_Reader_6.x
        EXPLAIN !!JavaScript_Reader_6.x_help
            KEYNAME "Software\Adobe\Acrobat Reader\6.0\JSPrefs"
            PART "Enable/Disable JavaScript:" DROPDOWNLIST
                VALUENAME "bEnableJS"
            ITEMLIST
                NAME !!JavaScript_Enabled VALUE NUMERIC 1
                NAME !!JavaScript_Disabled VALUE NUMERIC 0 DEFAULT
            END ITEMLIST
            REQUIRED
            END PART
        END POLICY
        POLICY !!JavaScript_Acrobat_6.x
        EXPLAIN !!JavaScript_Acrobat_6.x_help
            KEYNAME "Software\Adobe\Adobe Acrobat\6.0\JSPrefs"
            PART "Enable/Disable JavaScript:" DROPDOWNLIST
                VALUENAME "bEnableJS"
            ITEMLIST
                NAME !!JavaScript_Enabled VALUE NUMERIC 1
                NAME !!JavaScript_Disabled VALUE NUMERIC 0 DEFAULT
            END ITEMLIST
            REQUIRED
            END PART
        END POLICY
    END CATEGORY
    [strings]
    Adobe_Acrobat_Reader_6-9="Adobe Acrobat and Reader 6 to 9"
    JavaScript_Reader_9.x="JavaScript Adobe Reader 9.x"
    JavaScript_Reader_9.x_help="Enable/Disable JavaScript in Adobe Reader 9.x"
    JavaScript_Acrobat_9.x="JavaScript Adobe Acrobat 9.x"
    JavaScript_Acrobat_9.x_help="Enable/Disable JavaScript in Acrobat Acrobat 9.x"
    JavaScript_Reader_8.x="JavaScript Adobe Reader 8.x"
    JavaScript_Reader_8.x_help="Enable/Disable JavaScript in Adobe Reader 8.x"
    JavaScript_Acrobat_8.x="JavaScript Adobe Acrobat 8.x"
    JavaScript_Acrobat_8.x_help="Enable/Disable JavaScript in Acrobat Acrobat 8.x"
    JavaScript_Reader_7.x="JavaScript Adobe Reader 7.x"
    JavaScript_Reader_7.x_help="Enable/Disable JavaScript in Adobe Reader 7.x"
    JavaScript_Acrobat_7.x="JavaScript Adobe Acrobat 7.x"
    JavaScript_Acrobat_7.x_help="Enable/Disable JavaScript in Acrobat Acrobat 7.x"
    JavaScript_Reader_6.x="JavaScript Adobe Reader 6.x"
    JavaScript_Reader_6.x_help="Enable/Disable JavaScript in Adobe Reader 6.x"
    JavaScript_Acrobat_6.x="JavaScript Adobe Acrobat 6.x"
    JavaScript_Acrobat_6.x_help="Enable/Disable JavaScript in Acrobat Acrobat 6.x"
    JavaScript_Enabled="JavaScript Enabled"
    JavaScript_Disabled="JavaScript Disabled"

    Hey, what you have described is normal behaviour for the way you have written your Custom ADM file.
    Because you are not using Proper Windows Policies, i.e. Setting them in the policy location in the registry, then once you apply a setting, it will not get over written again ever unless you made a group policy change or do a gpupdate.
    Normal group policies will get re-applied depending on the time frame set in the policy its self.

  • 2012 RDS Group Policy - Adobe Reader and Acrobat to Co-exist

    I have a 2012 RDS session host that 20 users terminal in to.We have always had Adobe Reader installed for users to open PDF files.10 of the users required Adobe Acrobat Pro, so we obtained a license for 10 users to access Acrobat Pro.We installed Acrobat Pro on the RDS session host, which also has Reader installed.The problem is, when a user opens a PDF file, it is opening with Acrobat Pro.I need to set the the default PDF program to Adobe Reader. I tried configuring a GPO per the article below:http://www.grouppolicy.biz/2011/09/how-to-use-group-policy-to-change-open-with-file-associations/However, the default is still Acrobat Pro.What is the best way to accomplish this task at hand?
    This topic first appeared in the Spiceworks Community

    Hey, what you have described is normal behaviour for the way you have written your Custom ADM file.
    Because you are not using Proper Windows Policies, i.e. Setting them in the policy location in the registry, then once you apply a setting, it will not get over written again ever unless you made a group policy change or do a gpupdate.
    Normal group policies will get re-applied depending on the time frame set in the policy its self.

  • Audit group policy deletion

    Is is possible to retrospectively find which user may have accidentally deleted a group policy object? 
    We need to find out if we had a security breach and possibly close that issue.
    darren hitchen

    As said above, without auditing enabled, its very hard to catch, which person has what changed.
    Here is how to enable auditing for Group Policy, and how to interpret the results :
    http://blogs.msdn.com/b/ericfitz/archive/2005/08/04/447951.aspx
    You may also walk through this another informative resource that covers all the required aspects to enable auditing and track the changes :
    http://blogs.msdn.com/b/canberrapfe/archive/2012/05/02/auditing-group-policy-changes.aspx
    Moreover, if you wish to audit such critical changes automatically, you may also consider on LepideAuditor suite (http://www.lepide.com/lepideauditor/group-policy.html) that could be a good
    alternative solution for you. It will let you track every critical changes into real time and alerts instantly by sending customized email notification.
    Lepide - Simplifying IT Management

  • Making a change in Group Policy in Safe Mode or rather trying...

    I need to make a change in the domain controller group policy in the following:
    We are trying to emulate using smart cards on our system. So I got a set of instructions which basically said to access the Local Group Policy editor under  Computer Configuration>Windows Settings>Security Settings>Local Policies>Security
    Options and change 'Interactive logon: Require smart card' to 'enabled'.
    Then go to the registry: 'HKLM\Software\Mocrosoft\Windows\CurrentVersion\Policies\System' and change the DWORD value of 'scforceoption' from '1' to '0'. So if you don't want to use a smart card, you can hit Esc and logon with userid/password.
    Well, since I want this to happen on all our servers and workstations, I set it in the domain group policy instead of locally.
    Under 'Computer Configuration>Policies>Windows Settings>Local Policies>Security Options>Interactive Logon: Require smart cards - enable'
    Now it wants a smart card only. Of course we don't have them. Yes, I am mightily embarrassed.
    I am in Safe Mode with Networking, but it doesn't let me get into the Group Policy. Is there a way to get in?
    Win 2008 R2 with all the nasty STIGs of course.
    Stef<with my fingers crossed>

    oh dear :(
    the policy setting, and the registry key/value, you have mentioned, are exactly one and the same thing.
    it doesn't quite make sense, that you would enable this setting via GPedit and then also disable in the registry editor - you are setting the value to be=1, then setting the exact same value to be=0.
    when wishing to use smartcards, but, not enforce the use of smartcards, you don't need to do any of this at all.
    when the smartcard drivers are installed, the credentialsUI automatically changes (it detects the SC provider) and offers SClogin methods. This has been my experience over quite a few years since Win2000, and includes Win7.
    I'm not sure about Win8 + smartcards, I haven't spent time with that combination yet.
    It *might* be possible for you to try:
    on a workstation (a domain member),login with a local account. (that part may not work).
    when logged on to the workstation, open regedit, and navigate to the regkey for scforceoption. edit the ACL on that regkey to revoke/deny all permissions to all security principals *EXCEPT* for your local account.
    (this should stop the GP CSE from applying the domain GP setting to the regkey).
    then, reboot the workstation, logon with a domain admin account, and edit your Domain GP to remove the scforceoption setting. allow Domain GP to replicate. then try another member workstation or server to see how it goes.
    I haven't ever tried this, but if you can logon and edit that setting, you'll be ok.
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • Windows Server 2012 Group Policy Block USB Storage devices @ User Level Not getting applied on a Domain Client machine with Windows Server 2008 R2. Why?

    Hello,
    I have a Windows Server 2012 R2.
    I have configured the Group Policy on it to block the usage of USB - Storage Devices @ user level on the client machines. It works properly for my Windows 7 client machines but it's not working on one of the machine having Windows Server 2008 R2 installed
    on it (this machine is also a domain client in the same domain).
    I will really be thankful if anyone can suggest some solution to this issue.
    Please feel free to write back in-case I have missed anything obvious to be shared.
    Thanks!
    -Vinay Pugalia
    If a post answers your question, please click "Mark As Answer" on that post or
    "Vote as Helpful".
    Web : Inkey Solutions
    Blog : My Blog
    Email : Vinay Pugalia

    Hi,
    Any update?
    Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
    Best Regards,
    Andy Qi
    TechNet
    Subscriber Support
    If you are TechNet
    Subscription user and have any feedback on our support quality, please send your feedbackhere.
    Andy Qi
    TechNet Community Support

  • PDF icon changed after deploying Reader 9.4.0 though Group Policy

    I extracted the .msi from the Reader 9.4.0 .exe, and deployed the software through group policy. Everthing works fine except now all .pdf icons show as a different Adobe icon, as opposed to the usual white icon with the red cursive "A" and the little red "pdf" box along the top left. However, if manually install the program using the .msi, the icon issue does not happen. There is nothing in the custimization Wizard for this, and I am hesitant to use Orca to try and change the .msi. The file association in windows is correct, just the icon has changed. Please help

    I did the same as you.
    // Open the field to allow user entries
    NumericField1.access = "open";
    // Allow override, means you will not get an error message when the calculated value is changed
    NumericField1.calculate.override = "disabled";
    NumericField1.value.float.value = "0";
    Restore original state of the field.
    NumericField1.access = "readOnly"
    NumericField1.calculate.override = "error"
    NumericField1.rawValue = null
    NumericField1.execCalculate()
    But you're right, the restore does not work.
    I tested execEvent("calculate") and execCalculate() with no avail.
    Very odd!

  • Unable to make changes to LAN Settings in IE after Group Policy Preference is applied

    Hi all,
    I have an IE10 group policy preference on a Server 2008 R2 domain that is pushed out to Windows 7 SP1 x64 clients. This IE10 GPP is used to push out proxy settings etc. The GPP is applied fine, however when I go into LAN Settings in IE and make any
    changes such as unchecking "Use a proxy server..." these changes are not saved. As soon as I click OK and go back into LAN Settings it reverts back to the GPP settings. Are IE10 GPP's meant to allow a user to amend settings in IE? The users have
    permissions to write to the Connections key under Internet Settings in the registry. If I delete the Connections key (Which includes DefaultConnectionSettings and SavedLegacySettings) I can then make changes to the proxy (Although without the original settings).
    I know their are other, and better, methods of controlling proxy settings for users but unfortunately this is the way the customer has it implemented. All defaults for GP is applied such as refresh rate etc. I've tested IE10 on a Server 2012 R2 / Win8 environment
    with the exact same GPP settings and I can make changes to the LAN Settings. Is this possibly a bug? Any help would be appreciated.
    Thanks.

    Hi,
    So by now we could make it work by deleting the Connections key, in order to change the proxy settings of IE 10-Windows 7 in the Windows Server 2008 R2 environment?
    Besides, could it be convenient for us to perform some more tests here? How IE 10 of Windows 7 behaves in Server 2012 R2 environment? And Windows 8 in Server 2008 R2?
    Best regards
    Michael
    Michael Shao
    TechNet Community Support

  • Script to override Group policy (Disable Addins and change default file type)

    Hi there,
    I am developing a solution for our customer that requires Office 2010 64-bit, which I have.
    However my company's group policy, (I believe), keeps adding in a template manager for corporate documents, this template is 32-bit and is incompatible with my version of office. This means that everytime I open or close excel I get a warning of incompatibility.
    This is irritating, as is the fact that the default new file type keeps switching back of xls, which causes me problems since my macro's need to create xlsx files, for the customer.
    Now I believe that both of these are set by the group policy and while they a fine for most people, due to my unusual roll, it causes me irritations I would would rather avoid.
    Since I know it will not be possible to change the group policy for the handful of people who are effected like this, I am looking for some help to, e.g. automatically run a script to adjust these settings on my local machine to make my life easier.
    Thanks for your help,
    Vincent.

    Try using
    Process Monitor for looking the key.
    For example, you may set the required value through the group policy and see what windows registry keys are changed.

  • How to Enable USB Internet Dongles and only Block USB storage device from Group Policy

    Hi ,
    I have a very urgent requirement , Is there a way to disable the USB and only enable to Internet Dongle using Group policy.
    Regards,
    Schan.

    Hi,
    Checkout the below link for restricting the access for USB devices using Group Policy,
    http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Control-USB-Devices-Group-Policy.html
    Checkout the below thread on similar discussion,
    http://social.technet.microsoft.com/Forums/en-US/89c8a8f0-da98-4cc9-8044-1e457e26840e/how-to-disable-usb-internet-dongle-datacard-from-group-policy-server-2008-r2?forum=winserverGP
    Regards,
    Gopi
    www.jijitechnologies.com

  • Group Policy question about setting Start menu items using devices and not users

    I am using Windows Server 2003 and Windows Server 2008 R2 servers set up for use as Active Directory Servers.
    What I am trying to do is lock down thin clients start menu options and I have been able to get this to work down to the user level.  However, what I want to do is have it locked down on the machine level.
    We have multiple users that use both "Thin Clients" with Windows 7 Embedded and we also have them using other PC's with using the same log in.
    So, for example when you create an OU for "Thin Clients", I want thin client devices in there and when people log in to these thin clients then the start menu will be locked down.  I want this to be user independent and thus I don't want Users
    in the OU, but I want to lock down the start menu.
    How can I do this with Group Policy Objects on a domain level?

    Hi,
    you could achieve this using GPO loopback processing. It was designed for the purpose of applying settings from user GPO to a certain group of computers.
    http://technet.microsoft.com/en-us/library/cc978513.aspx
    MCP/MCSA/MCTS/MCITP

  • Group Policy application frequency even if policy hasnt changed - Server 2012 R2

    Hi,
      I'm aware of the group policy refresh intervals which apply only if the policy has changed. If I remember correctly, Server 2003 applied policies every 16 hours even if they hadnt changed. A sort of "to be sure, to be sure" setting. Does
    this exist on Server 2012 R2 and is there a link with some doco that states this please?
    Thanks
    David Z

    > the policy has changed. If I remember correctly, Server 2003 applied
    > policies every 16 hours even if they hadnt changed. A sort of "to be
    > sure, to be sure" setting. Does this exist on Server 2012 R2 and is
    > there a link with some doco that states this please?
    This is still true, but it applies only to "Security Settings" within
    all GPOs. I'm unaware of current docs on that.
    Greetings/Grüße,
    Martin
    Mal ein
    gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me -
    coke bottle design refreshment (-:

Maybe you are looking for