Group policy for Silent Java updates

Similar Messages

• Configuring group policy for user profiles in Windows Server 2012 R2 Domain

  Requesting some experts advise on configuring group policy for user profiles.
  We will be building new Windows Server 2012 R2 Domain Controllers (Domain of 400 users).
  The settings which I am concerned:
  1. Folder Redirection: Desktop, Documents, Favorites.
  2. Quota for Folder Redirection - 1 GB per user.
  3. Map a networked drive - 1 GB per user.
  4. Roaming profile - (Will ignore if it does not suit our requirement). 
  The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
  FYI, E-mails hosted on MS Office365 and OST file size of few users more than 25GB. So, in case the user moves from one computer to other, the entire mailbox will be downloaded via internet. This consumes high bandwidth if more than 3-4 users shift per day.
  Thanks a lot for your valuable time and efforts.

  Hi,
  >>The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
  This depends on where our outlook data files are stored. If these data files are stored under
  drive:\Users\<username>\AppData\Local, then these files can’t be redirected, for folder redirection can’t redirect appdata local or locallow.
  However, regarding your question, we can refer to the following thread to find the solution.
  Roam outlook profiles without roaming profiles
  http://social.technet.microsoft.com/Forums/office/en-US/3908b8e0-8f44-4a34-8eb5-5a024df3463e/roam-outlook-profiles-without-roaming-profiles
  In addition, regarding how to configure folder redirection, the following article can be referred to for more information.
  Configuring Folder Redirection
  http://technet.microsoft.com/library/cc786749.aspx
  Hope it helps.
  Best regards,
  Frank Shen

• Group Policy for Windows Ten

  http://community.spiceworks.com/topic/1104098-windows-10-gpos

  Does anyone know if you need to have Server 2012 domain controller in order to setup group policy for windows ten?  Currently we are running Server 2008 R2 but I am starting to get devices with windows ten that I will need to control from group policy.  
  @CreativeTechie
  This topic first appeared in the Spiceworks Community

• Group Policy for IE security option

  Hello
  I have a problem with group policy.
  I wanted to add intranet site to IE properties in security tab and I did research and found one link which saying
  go to group policy management -> user configuration -> windows settings -> internet explorer maintenance ->
  security -> right click on security zones and and click on properties and make changes. 
  (I was able to find this option running GPMC in DC. If I add GPMC in MMC in my computer, i was not able to see this option)
  so I clicked on"import the current security zones and privacy settings in security zones and privacy and added the site.
  on my PC, I did gpupdate /force and it seemed working since the site was added and in my computer IE settings, it said "some settings are managed by your system administrator" and I updated the GP on other PC which did not work and
  I realized that the link was for windows 2003 server and I have windows 2008. so I reverted what I did and on my PC, I updated the GP but the settings in IE was not changed back to what it was.
  my questions are
  - how to change the settings on my computer?
  - why the GP was working on my computer but now the other computers?
  - how to add intranet site thru GP for all the users?
  Thanks

  Hi,   
  I agree with Zanderol24, which IE version is installed on the other PCs? The settings of Internet explorer maintenance can’t apply to IE 10 and later version.
  Besides, on the troubled clients, we could use the
  gpresult /h GPReport.html command to generate a Resultant Set of Policy (RSoP) report. We could check if the policy applied from the report.
  Moreover, aside from using IEM to add the sites, we can also use policy setting
  Site to Zone Assignment List or GPP Registry extension to do this.
  For more information, we could refer to the following articles.
  How to configure Internet Explorer security zone sites using group polices
  http://blogs.msdn.com/b/askie/archive/2012/06/05/how-to-configure-internet-explorer-security-zone-sites-using-group-polices.aspx
  How to Add Trust Sites into IE before IE10 through Group Policy
  http://blogs.msdn.com/b/asiatech/archive/2013/01/04/how-to-add-trust-sites-into-ie-before-ie10-through-group-policy.aspx
  Best Regards,
  Erin

• Group Policy for Lockscreen

  Hi All,
  My conundrum is as such:
  We have set-up a Group Policy on the server for a default Lockscreen (Company Image) to be sent to all users on the network on their PC's. It's a new server running 2012 R2. It's fully up to date.
  However the default lock screen is now causing everyone's Lockscreen screen to show a blank blue page. The image is located on a shared drive all PC's have access to. We have tried numerous solutions online but none seem to have worked.
  Any help on this matter would be much appreciated so we can put this niggle to bed!
  Thanks in advance.

  Hi,
  Before going further, what are the operating systems of our clients? The group policy setting
  Force a specific default lock screen image should be supported on Windows 8 or above. Besides, for Windows 8, to apply this policy setting, please make sure that the following update has been installed.
  Windows 8 and Windows Server 2012 update rollup: November 2012
  http://support.microsoft.com/kb/2770917/EN-US
  Regarding managing the lock screen image on Windows 8, the following article can be referred to for more information.
  Win8: How to Manage the Lock Screen Image on Windows 8 and Windows Server 2012
  http://support.microsoft.com/kb/2787100/en-us
  Best regards,
  Frank Shen

• Group Policy for IE 9, 10, 11

  We have a mix of IE 9, 10, 11. When we deployed IE 10, 11 we updated ADM;s to coonfigure IE 10, 11 group policy.
  Now we have separate policies for IE 9, and IE10,11 as some settings change. However I have few questions:-
  1. If i want to change IE9 GPO settings, how can i do? As on all the machines when i open GPMC, it shows IE10, 11 settings and not IE maintenance thing.
  2. What is the significance of Require server verifications for all sites in this zone in the IE trusted sites? Also, it is checked by default and how can we change it using group policy?
  Please share your expert views on either or both questions. Appreciate any help!!

  Hi,
  1. If i want to change IE9 GPO settings, how can i do? As on all the machines when i open GPMC, it shows IE10, 11 settings and not IE maintenance thing.
  IEM will no longer work on computers where Internet Explorer 10 or newer is installed, regardless of the Windows version it’s been installed on. You must update your settings using Group Policy Preferences, Administrative Templates (.admx), or the Internet
  Explorer Administration Kit (IEAK).
  http://blogs.msdn.com/b/asiatech/archive/2014/05/12/how-to-apply-the-content-of-ie-settings-in-gpo-which-used-iem-ie-maintenance-before-ie10-to-ie10-version-since-iem-has-been-deprecated-begin-from-ie10.aspx
  2. What is the significance of Require server verifications for all sites in this zone in the IE trusted sites? Also, it is checked by default and how can we change it using group policy?
  Only sites with https:// prefix can be added to the Zone, it assures a secure connection
  This option is not avilable via GPP, but we can control it via registry, the related keys are stored under
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  or
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  you can find detailed information in the following link
  http://support.microsoft.com/kb/182569/en-us
  Then we can deploy the registry setting to all via GPO.
  Yolanda Zhu
  TechNet Community Support

• How to create a group policy for a group not to logout from rdp

  there is already a global policy for all users in OU which will disconnect a rdp session after 15 min of inactivity and log user out in another 15 min, (logout 30minutes)
  how do I create another policy  for a group in that OU so that group user will not be logged out ( executives are asking for this)?

  Hi,
  In addition to Martin’s suggestions, we can also choose to change the scope of the existing GPO with Security Filtering.
  Regarding Security Filtering, the following article can be referred to for more information.
  Security filtering using GPMC
  http://technet.microsoft.com/en-us/library/cc781988(v=WS.10).aspx
  Filter Using Security Groups
  http://technet.microsoft.com/en-us/library/cc752992.aspx
  Best regards,
  Frank Shen

• Need help in setting up Group Policy for same user in local system and Terminal server

  Hi All,
  Currently our remote users are using our network using VPN client over internet.
  They are generally at their home computer and doing VPN as they have to work only in one RDP server for application.
  We actually have a OU created for these RDP users and assign then some strict policy like they can not use any other .exe,they can not user any explorer ,they can not even use windows explorer when they are on RDP they just use one exe of their application.
  Now what my management want is they want their home computers in Domain and want them to login via their same credentials they are using for RDP but they don't want them to restrict in their home computers with any strict policy.
  Now my confusion is how can I configure different policies for same users or same OU.
  Can any one guide me please...

  you can achieve this fairly easily with group policy.
  create an OU and put your remote desktop servers in that OU.
  configure both user and computer policies in a group policy and link it to that ou.
  you need to enable loopback mode - you may want it in merge or replace depending on your other policies you have. Probably replace though I would guess. this is set in the computer configuration > admin templates > system / group policy section.
  now remove the policy you have currently setup for your users on the users OU containing the rdp users. If you want you can move these users back to your main users OU.
  when your users login to the RDP server the settings in the user section of the GPO linked to the RDP Servers OU will apply.
  when the user logs in to their own computer the policies from the user OU and computer OU will apply - but not the more restrictive RDP OU.
  hope that makes sense.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  My Blog
  LinkedIn:

• Group Policy for "let printer determine color" in Adobe Reader X

  I need to make a group policy to activate the "let printer determine color" for a huge group of users/pcs, as the reader prints the wrong colors now.
  It only needs to activate this single thing. The pcs are running Adobe Reader 10.1.0. Can anyone please help me?

  Do you have the Enterprise Deployment documentation for Acrobat/Reader?

• Windows Server 2008 - Group policy for domain client to start/stop services installed on it

  Hello Experts
  I am a newbie to windows server administration , though did a Google  , but ended up with these question with my requirements
  I have created a new domain and 2 client/computer (A & B namely) to domain . Now A & B has tomcat server running with port 8080 , 9090 which i have installed
  domain ADMIN account .
  && now i am want to start/stop/restart services enabled for domain users  !! How do i achieve this !!
  basic question : How can i access A & B tomcat services on DOMAIN CONTROLLER server to create a GPO and that are on (A & B)
  what is the easiest way to achieve the same , (if not using GPO)???
  similarly I am looking for many features : where I want to control the permission to user on (A & B ) like : If the binaries of tomcat is available on machine say : A , if the user can install (now
  it ask for ADMIN credentials) 
  Thanks
  Mike~Ed

  Controlling services with Group Policy is done under Computer Configuration\Policies\Windows Settings\Security Settings\System Services.
  The limitation is that system services can only see the services the computer running the Group Policy management console. To access other services, you will either need to create the services on your computer (install the software the adds the service)
  or install the remote server administration toolkit (RSAT) on the computer with the service already on it.
  If my answer helped you, check out my blog:
  Deploy Happiness

• Allow log on through Remote Desktop Services Group Policy for Domain Controllers

  Hello,
  We want to allow our Helpdesk Operators to be able to connect to Domain Controllers with the Remote Desktop Services. This is by default not allowed but according to many sites, it should be able to configure by using a Group Policy.
  We made a new Group Policy with the setting 'Allow log on through Remote Desktop Services' and 'Allow log on locally' (as an extra for testing) and applied Security Filtering to only use it for a specific Security Group. Our test user is a member of this
  security group and should be able to access the Domain Controllers now. However this isn't working.
  The error message we receive upon trying to connect:
  The connection was denied because the user account is not authorized for remote login.
  For troubleshooting, we also applied the Security Group for that setting in the Default Domain Controllers Policy but that doesn't seem to work either. We want to avoid customization on our Default Domain Controllers Policy but this was just a test case
  for solving our problem.
  What should we do to solve our problem?
  I hope to hear from you soon.
  Thanks in advance.

  Hi, I just found out what the problem was. This site helped me alot:
  http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx
  In my case, I had the group added to the Allow Logon Through Remote Desktop Services but was not added to the Builtin\Remote Desktop Users group. After knowing this I made some changes to our situation and are now using the builtin\Remote Desktop Users group
  rather than a new self made Security Group. I also added the Remote Desktop Users to the Allow Logon Through Remote Desktop Service in the Default Domain Controllers Policy as this is not done by default. By default only the Domain Administrators are able
  to logon through remote desktop services.
  You do not need the 'Log on Locally' permission within the Group Policies.
  In short:
  Add the desired users/groups to the 'Builtin\Remote Desktop Users' security group.
  Add the 'Builtin\Remote Desktop Users' security group to the 'Allow Logon Through Remote Desktop Services' within the 'Default Domain Controllers Policy'.
  Thank you anyway for the fast reply.
  Have a nice day!

• Group Policy For 2008 Terminal Server Users Default Open With Not Working

  I'm trying to change the default open with behavior for jpg files on my terminal server. I created a Group Policy that changed it to MS Paint to Office 2010 Picture Manager. The policy appears to apply correctly but jpg files still open in
  Paint. When a user is logged on, if they look at the properties of a jpg, it shows Photo Gallery as the program to open it but when opened, it opens in Paint.
  Has anyone seen this behavior before?
  Orange County District Attorney

  > did. It would be helpful to know where the changes actually go in the
  > registry to see if they did or now.
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Group Policy for Outlook Option: "Mark Messages as expired after this many days"

  In Outlook, there is a option where you can have Outlook "Mark Messages as expired after this many days".  If you enable this option, you fill in a number of days when Outlook will mark the message as expired.  The default is 180 days.
  The option is located under FILE -> Options -> Mail -> Send Messages.
  Does anyone know how to enable this setting via Group Policy? I can't find it.
  Thanks!

  Hi,
  Do you have the
  Office 2010 Administrative Templates loaded? If so, we can find the GPO setting under:
  Administrative Templates > Microsoft Outlook 2010 > Outlook Options > Preferences > E-mail Options > Advanced E-mail Options
  Double click "When sending a message" setting, select Enable bullet. Now, you can specify the "Messages expire after (days):" option.
  Regards,
  Steve Fan
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Group policy for SNMP configuration

  Experts,
  We have mix of 2003 and 2008 servers. Some of the servers already have SNMP settings configured through registry etc. We want to populate traps information, community name and accepted community name etc on all servers. How can we do this through group policy
  or any other automated way?

  Administrative Templates for Group Policy exist for these settings:
  Computer Configuration / Policies / Administrative Templates / Network / SNMP
   Policy Setting Name 
   Scope 
   Policy Path 
   Specify communities 
   Machine 
   Network\SNMP 
   Specify permitted managers 
   Machine 
   Network\SNMP 
   Specify traps for public community 
   Machine 
   Network\SNMP 
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Auto reboot / Manual reboot : easy way to apply group policy for each group without multiple AD links? Help appreciated

  Good morning,
  I have two policies for WSUS, one that auto-reboots the client and one that allows for manual reboots.  I'm sure this is very obvious, but i'm wanting to make sure I do this correctly.
  What's the easiest way to apply the policy for manual/auto reboots without having to go through my entire active directory tree and link it to each OU containing mixed computers?  
  I hope this makes sense, but I know i can set security groups and then set it for the scope, but if I go that route is there a way to apply it to all Domain Computers, EXCEPT those who are a member of security group "MPS - WSUS Manual" for example?
  Any input here is greatly appreciated
  Thank you

  If all the machines that you want to have the manual option are in a few select OUs then you could apply the auto reboot GPO to the root of the domain, and then link the manual GPO just to those GPOs containing the relevant machines. As explained here
  http://technet.microsoft.com/en-gb/library/cc785665(v=ws.10).aspx a policy applied to an OU overrides a policy applied to the domain as a whole.
  While I'm not sure, from your description I'm guessing that's the case, and they're actually mixed in throughout the domain? In which case, the other option might be to make use of group policies order or precedence. As described here
  http://blogs.msdn.com/b/muaddib/archive/2012/08/22/determine-gpo-precedence-with-gpmc-gpresult.aspx you'll see that the order that the GPOs are listed makes a difference to the order that they are applied, and the last to be applied takes precedence over
  those that come before. Therefore using that, if you applied the reboot policy to everyone, and then applied the manual one with a security filter so it only applied to your "MPS - WSUS Manual" group such that it had a higher precedence, all machines would
  receive the first GPO, but those machines in that group would have that overridden by the second policy.