Group Policy Confusion

I have a policy package setup that does a number of things. One of these is to set the corporate wallpaper and screensaver. I have the Windows Desktop Prefernces setup to do this and I also have a Windows Group Policy for other things. To enable the screensaver to run I have had to enable the screensaver settings in the GP.
The user is required to enter their password to resume once the screensaver has run. Here-in lies the problem. The screensaver will not accept the novell/edir password to unlock, it will only unlock using the windows credentials.
If I set the GP to handle the screensaver settings this seems to take preference over the desktop policy but the result is the same.
Any ideas why I cant unlock with my edir credentials ?
Thanks

JeffSheehan,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Forums Team
http://forums.novell.com

Similar Messages

  • Need help in setting up Group Policy for same user in local system and Terminal server

    Hi All,
    Currently our remote users are using our network using VPN client over internet.
    They are generally at their home computer and doing VPN as they have to work only in one RDP server for application.
    We actually have a OU created for these RDP users and assign then some strict policy like they can not use any other .exe,they can not user any explorer ,they can not even use windows explorer when they are on RDP they just use one exe of their application.
    Now what my management want is they want their home computers in Domain and want them to login via their same credentials they are using for RDP but they don't want them to restrict in their home computers with any strict policy.
    Now my confusion is how can I configure different policies for same users or same OU.
    Can any one guide me please...

    you can achieve this fairly easily with group policy.
    create an OU and put your remote desktop servers in that OU.
    configure both user and computer policies in a group policy and link it to that ou.
    you need to enable loopback mode - you may want it in merge or replace depending on your other policies you have. Probably replace though I would guess. this is set in the computer configuration > admin templates > system / group policy section.
    now remove the policy you have currently setup for your users on the users OU containing the rdp users. If you want you can move these users back to your main users OU.
    when your users login to the RDP server the settings in the user section of the GPO linked to the RDP Servers OU will apply.
    when the user logs in to their own computer the policies from the user OU and computer OU will apply - but not the more restrictive RDP OU.
    hope that makes sense.
    Regards,
    Denis Cooper
    MCITP EA - MCT
    Help keep the forums tidy, if this has helped please mark it as an answer
    My Blog
    LinkedIn:

  • The user '*' preference item in the 'User - 6th Form Students Policy {E03166E7-A848-48B5-AA93-97B848AA9C13}' Group Policy object did not apply because it failed with error code '0x80070003 The system cannot find the path specified.' This error was suppres

    I am looking at an issue with users not getting specific group policies. 
    After searching a number of client computers I found that the following error
    The user '*' preference item in the 'User - 6th Form Students Policy {E03166E7-A848-48B5-AA93-97B848AA9C13}' Group Policy object did not apply because it failed with error code '0x80070003 The system cannot find the path specified.' This error was suppressed.
    I can find the folder in the Sysvol folder on all of the domain controllers. 
    The issue with end users seems to be that the proxy settings for internet explorer is not being applied. 
    Potential problems?
    one folder in sysvol entry is empty 
    \\<server>\SYSVOL\<domain.name>\Policies\{E03166E7-A848-48B5-AA93-97B848AA9C13}\User\microsoft\IEAK\LOCK
    or is this our issue
    The old method of configuring proxy settings  to Internet Explorer 9 has changed?
    https://support2.microsoft.com/kb/2530309?wa=wsignin1.0 
    http://thommck.wordpress.com/2013/11/08/the-new-way-to-configure-internet-explorer-proxy-settings-with-group-policy/

    Hi all 
    In administering this policy I am a little confused. 
    We have a policy that distributes proxy settings in the internet explorer maintenance settings section - however when opening this policy up in GPO editor the internet explorer maintenance section is not present.
    I plan to apply the settings via User/preferences/control panel settings/ internet settings (or registry settings from article) however I am unable to edit the settings for internet explorer maintenance and these will persist. Ideas????

  • Best Practice: Deploying Group Policy to Users on different OUs

    Greetings, everyone! I am needing some advice on how to deploy some group policy objects to specific users stored on different OUs.
    Let me set the stage: I work for a large school district, and have recently taken over the district's career center. The idea behind the career center is that students from different high schools around the city come in to take classes based on their choice
    of career, such as radio broadcasting or auto mechanic and such. The AD structure is set up so that each school has their own OU.  When a user (staff, student, etc.) is assigned to a school OU, they automatically are added to
    their school's security group (i.e. EASTHIGH-STUDENT), and that when any user moves from one school to another, we have to move their AD account to that school's OU, which will remove the security group from the old school and apply the new school
    security group.
    For the career center, since we have students coming from different buildings every day, rather than trying to find a way to move their AD account from their high school OU to the career center OU, the previous techs created generic accounts (such as tv001,
    tv002, etc.) in AD and stored them in the career center OU.  This way, teachers can assign students that particular generic account so that they can access the drives and printers from the career center, as well as access the career center network
    drives while they are at their home high school.
    Since I have moved to the career center, and apparently I have more knowledge about group policy than most of the techs in the district, the district system engineers want me to remove all of the generic accounts from the career center OU, and have students
    use their own AD accounts.  Obviously I also want to do this since the generic accounts are very confusing to me, but I'm trying to figure out the best way to do this.
    For simplicity sake, I'm just going to start off by figuring out how to set up a group policy for mapping the career center drives.  Now, I obviously know that the best way would be to create security groups for each career area, and that we would need
    to add students to those groups so that only those particular students would get the GPO for the career center, but my question is where would I like the group policies to?  Do I need to link it at the root of the domain so that every OU is hit? 
    Just curious about this.
    Thanks!

    Don't link it to the root.... apply the drive mapping as a policy at the OU or you could apply the drive mapping using Group Policy Preferences using security group targeting... .I would also strongly recommend you check out my articles
    Best Practice: Active Directory Structure Guidelines
    – Part 1
    Best Practice: Group Policy Design Guidelines – Part 2
    Hope it helps...

  • Please Help| group policy site failure

    hey all, i have some big problem in my network.
    i have 3 site named by city. 
    tel aviv-server 2012
    beer sheva-server 2008r2
    netanya-server 2008 r2
    i crete gpo(computer management)  that deny access to mmc.exe
    computer management--->windows settings--->securtiy--->file system
    and add---> %systemroot%/system32/mmc.exe and deny access to user.
    now i go to check the gpo in client side with gpresult /scope computer /r and see that some computers in tel aviv site connected to netanya/beer sheva site.
    what can i do ?
    i have a situation that not matter what i do i cant release mmc.exe to users. 

    Hi eranvak,
    Before going further, would you please let me confirm something more? Would you please descript how you configure
    the group policy summarily? For example, when you create the GPO, where the GPO link to? Did you directly link GPO to the default Domain? Or in GPMC, right click the site and select
    Link an Existing GPO…? Or any other I misunderstand, please feel free to let me know.
    In addition, you descript “enable the inheritance option”, did you mean that just uncheck
    Block Inheritance option?
    Sorry for my confusion. Thanks for your understanding.
    There are two articles for Group Policy Inheritance. Please refer to.
    Group Policy Inheritance
    http://technet.microsoft.com/en-us/library/cc739343(v=ws.10).aspx
    Managing inheritance of Group Policy
    http://technet.microsoft.com/en-us/library/cc757050(v=ws.10).aspx
    Hope this helps.
    Best regards,
    Justin Gu

  • Group Policy Shortcuts Fail: The system cannot find the path specified.

    The executable I'm pointing to is under C:\Foldername\file.exe
    I know it's there, I tested it, I pasted the very same path into the run dialog, it works. The path is correct, so why can't group policy find it?
    I even tried putting the exe in the root of C:\ and pointing the shortcut there, it can't even see it there. Is it blind? I can see it. I'm looking right at it.

    I fixed it myself. Turns out Microsoft's error messages are obnoxiously non-helpful. The error was referring to the icon path not the target file path.  I had to select programs from the drop down list and then set the path.
    It would help if Microsoft would document this a lot better, and perhaps enhance their event log errors so that they don't send people on confusing wild goose chases that drive people insane.

  • Difference between domain controllers and group policy objects in GPMC

    Hello,
    Am in confusion, someone can tel me the difference between
    1.Domain controllers>default domain controller policy  and
    2.Group policy object>default domain controller policy
    In Group policy management console and also i would like know where to define these categories. I normally use second option.
    I have attached screenshot for your information.
     regards,
    Dharanesh,

    This first/upper item is a link to the GPO, the second/lower item is the actual GPO.
    (notice the link, has a shortcut arrow showing)
    by default, when you double-click on a link, a message will display which says "you have clicked on a link....." and the messagbox offers a checkbox for "do not display this message again..."
    Effectively they are equivalent to a shortcut-to-a-file vs. the actual file.
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • How to roll back settings applied by a Group Policy Custom Administrative Template

    Hi,
    I have disabled USB port on a number of workstations using a Group Policy Custom Administrative Template. Now I need to enable it again. Is it possible to do it through Group Policy Custom Administrative Template again? If not how can I enable the USB ports?
    TIA
    Bijan

    What I have exactly done is adding a custom administrative template which through it I can disable the removable medias. Sorry for the mistake, I was working on another issue and that made me confused. Anyway I put the content of adm file here to be inspected.
    Disableportable.adm content:
    CLASS MACHINE
    CATEGORY !!category
     CATEGORY !!categoryname
      POLICY !!policynameusb
       KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
       EXPLAIN !!explaintextusb
         PART !!labeltextusb DROPDOWNLIST REQUIRED
           VALUENAME "Start"
           ITEMLIST
            NAME !!Disabled VALUE NUMERIC 3 DEFAULT
            NAME !!Enabled VALUE NUMERIC 4
           END ITEMLIST
         END PART
       END POLICY
      POLICY !!policynamecd
       KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom"
       EXPLAIN !!explaintextcd
         PART !!labeltextcd DROPDOWNLIST REQUIRED
           VALUENAME "Start"
           ITEMLIST
            NAME !!Disabled VALUE NUMERIC 1 DEFAULT
            NAME !!Enabled VALUE NUMERIC 4
           END ITEMLIST
         END PART
       END POLICY
      POLICY !!policynameflpy
       KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"
       EXPLAIN !!explaintextflpy
         PART !!labeltextflpy DROPDOWNLIST REQUIRED
           VALUENAME "Start"
           ITEMLIST
            NAME !!Disabled VALUE NUMERIC 3 DEFAULT
            NAME !!Enabled VALUE NUMERIC 4
           END ITEMLIST
         END PART
       END POLICY
      POLICY !!policynamels120
       KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy"
       EXPLAIN !!explaintextls120
         PART !!labeltextls120 DROPDOWNLIST REQUIRED
           VALUENAME "Start"
           ITEMLIST
            NAME !!Disabled VALUE NUMERIC 3 DEFAULT
            NAME !!Enabled VALUE NUMERIC 4
           END ITEMLIST
         END PART
       END POLICY
     END CATEGORY
    END CATEGORY
    [strings]
    category="Custom Policy Settings"
    categoryname="Restrict Drives"
    policynameusb="Disable USB"
    policynamecd="Disable CD-ROM"
    policynameflpy="Disable Floppy"
    policynamels120="Disable High Capacity Floppy"
    explaintextusb="Disables the computers USB ports by disabling the usbstor.sys driver"
    explaintextcd="Disables the computers CD-ROM Drive by disabling the cdrom.sys driver"
    explaintextflpy="Disables the computers Floppy Drive by disabling the flpydisk.sys driver"
    explaintextls120="Disables the computers High Capacity Floppy Drive by disabling the sfloppy.sys driver"
    labeltextusb="Disable USB Ports"
    labeltextcd="Disable CD-ROM Drive"
    labeltextflpy="Disable Floppy Drive"
    labeltextls120="Disable High Capacity Floppy Drive"
    Enabled="Enabled"
    Disabled="Disabled"
    Bijan

  • Office 2013 Group Policy Deployment

    Hello,
    I'm trying to deploy Microsoft Office 2013 Professional Plus using Group Policy. I'm trying to use these directions: 
    http://technet.microsoft.com/en-us/library/ff602181(v=office.15).aspx
    Throughout the directions, they give instructions, then follow it up by saying what to do if you're using a Windows Installer-based Office. This is probably a dumb question, but I'm confused on whether or not I'm using a Windows Installed-based Office. The
    setup program is a .exe file, but there are multiple .msi files in the folders.

    The setup program is a .exe file, but there are multiple .msi files in the folders.
    If you have setup.exe and various other .msi files, this confirms that you are using the Windows Installer-based Office fileset.
    (actually, Office2013ProfessionalPlus is *only* available in this .msi form)(other forms are available for other products e.g. Office365ProPlus)
    The documentation draws the distinction, mainly because the documentation is partially shared across different products which can come in different forms)
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • Group policy printer settings

    When using Group policy computer configuration control panel settings \printers you can specifiy both an IP address port and a path to the print server.  Are these connections for local TCP\IP printers or for network print server printers.  I am
    not sure why I would have to specify path to server if they were local TCP\IP printers or vice\versa(specify IP address if they are only network printers).

    The best spot for Group Policy Preferences questions is in the Group Policy forum
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverGP&filter=alltypes&sort=lastpostdesc
    However, since they included this print related setting I do know what you are asking about.
    The share is used to get the print driver installed on the client for adding the local printer.  This will not work if you use type 4 print drivers since the drivers are not downloaded to the clients and the GPP printing scenario falls apart here.
    I totally agree with you that this is confusing, however, as a print server admin, what I would do is create one share for each print driver that you need to install on the clients.  If you have 80 printers that can use the same driver, create one share
    and just update the GPP data with the IP for the specific device.
    I would not use a print server to act as a software distribution point if the number of clients on your network is less than 100.  Setup a Win7 or Win8 machine with the shares. 
    Alan Morris Windows Printing Team

  • Bitlocker and MBAM Group Policy

    I am in the process of setting up Bitlocker on all office computers, use an MBAM server to store the keys and to use group policy to manage it. I have setup a server with MBAM and installed MBAM client software on a test computer. But while configuring
    group policy, I'm a little confused. Under Computer Configuration there are settings for both Bitlocker and MDOP MBAM and they are more or less the same. Which one do I use or do I use both?

    Hi,
    Please check out these links:
    How to Edit MBAM 1.0 GPO Settings
    http://technet.microsoft.com/en-us/library/jj571495.aspx
    Planning for MBAM 1.0 Group Policy Requirements
    http://technet.microsoft.com/en-us/library/jj571500.aspx
    Tracy Cai
    TechNet Community Support

  • No longer see "Internet Explorer Maintenance" in Group Policy Management Console

    I am trying to configure Internet Explorer favorites on a GPO that I have already constructed.  I had already successfully created the GPO many months ago and wanted to go back and check on some things.
    However in the GPMC when I navigate to User Configuration-->Policies-->Windows Settings, I no longer see "Internet Explorer Maintenance" listed.  This is where I had previously configured Internet Explorer favorites.
    I uninstalled and reinstalled GPM using these instructions
    http://www.addictivetips.com/windows-tips/how-to-install-the-group-policy-management-in-windows-7/ but this did not help.
    Previously I had two Windows XP computers in the OU that this GPO was applied to.  I had no problems at all configuring it and getting the rules and favorites to apply to these two computers.  I just recently upgraded one of the computers to Windows
    7 and used the same machine name for the computer.  The computer gets some of the rules applied to it but not all.  In particular the IE favorites are not being applied which led me to check the policy in the GPMC.  However, as stated before
    I cannot even see "Internet Explorer Maintenance" which has me confused on what to do next.  Please help.

    Am 29.03.2013 14:15, schrieb FuFighter:
    > <?xml version="1.0" encoding="utf-8"?>
    > <Shortcut clsid="{4F2F7C55-2790-433e-8127-0739D1CFA327}"
    > userContext="1" name="Google" status="Google" image="0"
    > changed="2013-03-29 13:00:44"
    > uid="{648046B5-4019-4F32-8F0E-E691EA54E125}"><Properties pidl=""
    > targetType="URL" action="C" comment="" shortcutKey="0" startIn=""
    > arguments="" iconIndex="0" targetPath="http://www.google.com"
    > iconPath="" window=""
    > shortcutPath="%CommonFavoritesDir%\Google"/></Shortcut>
    I'm too tired at the moment to check all you already did, so just let me
    ask some further questions on that item:
    This is a user or a computer item? If it is a user item and "run in
    logged on users context" is checked, I believe it will fail, because a
    non administrator cannot add all users favorites.
    I'm unaware whether all users favorites works at all - never used it...
    For further clarification, I'd enable GPP debug logging:
    http://blogs.technet.com/b/askds/archive/2008/07/18/enabling-group-policy-preferences-debug-logging-using-the-rsat.aspx
    NO THEY ARE NOT EVIL, if you know what you are doing:
    Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!

  • The Group Policy Client service failed the sign-in The universal unique identifier (UUID) type is not supported

    Hi guys,
    we created a custom WIM Image (Windows 8 Enterprise) with MDT 2012.
    Sysprept the Image, Deployed via SCCM 2012 SP1.
    Computers are Domainjoined. Error with standard Domain User.
    On some computers (not every computer) and not with every user on the first logon following error message arises:
    The Group Policy Client service failed the sign-in The universal unique identifier (UUID) type is not supported
    It works, when you log in a second time but this error isn't very nice. 
    Is there a solution for that?
    Kind Regards
    Martin

    Hi,
    The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. This issue can be caused by various reasons based on the computer environment.
    Can you find any information in event log about this issue?
    Here is the related blog in which the steps can solve most of such issues if the issue continuously happen.
    http://blogs.msdn.com/b/moiqubal/archive/2012/03/04/how-to-fix-quot-the-group-policy-client-service-failed-the-logon-access-denied-quot-error.aspx
    Also, you can refer to the similar thread about this issue:
    http://social.technet.microsoft.com/Forums/en-US/4a644219-50ee-494d-b965-e64a8555109e/the-group-policy-client-service-failed-the-signin-the-universal-unique-identifier-uuid-type-is
    Since this issue can be related to SCCM, to better help you, please submit a new thread for further help:
    https://social.technet.microsoft.com/Forums/en-US/home?category=systemcenter2012configurationmanager
    Hope these could be helpful.
    Kate Li
    TechNet Community Support

  • Deploying Creative Cloud for Teams via Group Policy

    Good afternoon, we are trying to deploy our Creative Cloud for Teams products.  Our ideal situation would be where we are able to deploy the Creative Cloud Software (e.g. including Photoshop, InDesign, Illustrator, etc) using Group Policy, then assign the respective user licenses using the Management Console.  This would send out the email to the applicable user for them to create and Adobe ID, and use the software that has been installed.  However, we are able to install the software using Group Policy Deployment using the msi created using the Creative Cloud Packager, but any user is able to use the software on the PC, not just the person who has been assigned the licence via the console email.  Is anyone else successfully deploying in this way?
    Kind regards
    Mel

    Team license links that may help
    -team plans https://creative.adobe.com/plans?plan=team
    -http://www.adobe.com/creativecloud/buy/business.html
    -https://helpx.adobe.com/contact/creative-cloud-teams.html for Team help
    -manage your team account http://forums.adobe.com/thread/1460939?tstart=0
    -Team Installer http://forums.adobe.com/thread/1363686?tstart=0

  • Outlook 2013 - wrap text group policy applied, not working with or without digital signature

    Hello,
    I'm adding group policies to apply on our new installations of Windows 8.1 with Office 2013. One of the settings being applied is enforcing plain text emails and wrapping text at a certain number of characters. Policies are being added using the Outlook
    2013 admx.
    When I check the options inside Outlook 2013 the group policy did apply successfully (File, Options, Mail, scroll down to Message Format) The option to "Automatically wrap text at character:" is set to 132 and not adjustable as it should be.
    In the group policy I have it set to wrap at 132 characters, but when I go to a client machine and send a digitally signed email, it wraps at the default 76 characters. This makes for very annoying short blocky emails and multi-line hyperlinks.
    If I do not digitally sign the email then the text doesn't wrap at all! (until it meets the end of the window). So under no circumstances is it wrapping at 132 where it's supposed to.
    Thanks,
    -Nick 

    Hi,
    What is your account type in Outlook? Exchange or others?
    Please also let me know the email format that you are sending, Plain Text, HTML or Rich Text Format.
    You can try sending the same emails in Outlook Safe Mode:
    Press Win + R and type “outlook.exe /safe” in the blank box, then press Enter.
    If there’s no problem in Safe Mode, disable the suspicious add-ins to verify which add-ins caused this issue.
    Thanks,
    Melon Chen
    Forum Support
    Come back and mark the replies as answers if they help and unmark them if they provide no help.
    If you have any feedback on our support, please click
    here

Maybe you are looking for