Group policy is not appliying as it should be
Hi All,
I am facing very weired problem. I have created Group Policy for WSUS named "WUAU Server Policy". But when I see the RSOP on client machine to check which policy is applied it showing me the "WUAU Server Policy". But surprising part is
that the settings that RSOP is showing is completely different than the policy settings that I have configured.
I have checked there is no other policy conflicting/inheritance as I have created seprate OU for this.
One thing that I have noticed is the GPO settings that I can see in the GPMC.MSC for policy "WUAU Server Policy" is different that I am seeing in the "%systemroot%\SYSVOL\sysvol\ <domain_name>\Policies" with same SID. And
I doubt that the settings in this folder is getting applied not the settings that I have configured in GPMC.MSC.
Do let me know if more information is required.
Thanks in advance
Jay Chavda
> One thing that I have noticed is the GPO settings that I can see in the
> GPMC.MSC for policy "WUAU Server Policy" is different that I am seeing
> in the "%systemroot%\SYSVOL\sysvol\ </domain_name/>\Policies" with same
> SID.
What did you see in sysvol and how did you verify it against gpmc?
> And I doubt that the settings in this folder is getting applied not
> the settings that I have configured in GPMC.MSC.
You have more than one DC? Then check Sysvol replication (FRS or DFSR
event logs).
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))
Similar Messages
-
Outlook 2013 - wrap text group policy applied, not working with or without digital signature
Hello,
I'm adding group policies to apply on our new installations of Windows 8.1 with Office 2013. One of the settings being applied is enforcing plain text emails and wrapping text at a certain number of characters. Policies are being added using the Outlook
2013 admx.
When I check the options inside Outlook 2013 the group policy did apply successfully (File, Options, Mail, scroll down to Message Format) The option to "Automatically wrap text at character:" is set to 132 and not adjustable as it should be.
In the group policy I have it set to wrap at 132 characters, but when I go to a client machine and send a digitally signed email, it wraps at the default 76 characters. This makes for very annoying short blocky emails and multi-line hyperlinks.
If I do not digitally sign the email then the text doesn't wrap at all! (until it meets the end of the window). So under no circumstances is it wrapping at 132 where it's supposed to.
Thanks,
-Nick Hi,
What is your account type in Outlook? Exchange or others?
Please also let me know the email format that you are sending, Plain Text, HTML or Rich Text Format.
You can try sending the same emails in Outlook Safe Mode:
Press Win + R and type “outlook.exe /safe” in the blank box, then press Enter.
If there’s no problem in Safe Mode, disable the suspicious add-ins to verify which add-ins caused this issue.
Thanks,
Melon Chen
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please click
here -
Group Policy Files Not Being Deployed to UNC Paths
When attempting to deploy files via Group Policy Preferences, there is a well-known issue wherein you may receive an error to the effect of: 0x80070003
The system cannot find the path specified. This is due to the local system being the security context used to deploy the file. If the local system does not have rights to the location, as is true with mapped drives, access is denied and the path cannot
be found. The workaround for this is to enable the common option "Run under the logged in user's security context"
However, I have done this and still receive the same error. I have verified the logged-in user can reach both the source and destination. Specifically, the source is a file server and the destination is the user's HOMEPATH,
which resides on another fileserver in this case. More to the point, it's their redirected Documents folder, and it otherwise works fine; I cannot imagine this being a permissions or connectivity issue, especially because I receive the error even if I execute
a gpupdate
/force /target:user while logged in.
I've also installed the hotfix from Microsoft pertaining to this issue: "Error
code 0x80070003 when a Group Policy preference is applied to Windows 7 clients", but this did not change anything. (I only installed it onto the desktop; that seems to be where it belongs for my case.)
I'm at a loss as to why this happens. The domain controllers agree the common option is set, and a gpupdate does otherwise succeed. Also, if I change the target to a location on a local drive of the computer, it works fine. I do not see the common option reflected
in the output of gpresult,
but I'm not sure if I should.Hi Ron,
Before going further, how did we input the source file path and the destination file path? Did we input the paths as follows (t1.txt as an example):
Action: Create
Source file path: \\servername\sharename\username\documents\t1.txt
Destination file path:\\servername\sharename\t1.txt
Best regards,
Frank Shen -
Deployment of software through Group policy does not work
Hi all,
I am trying to deploy a program through Group policy, specifically winrar, any client computer is able to install the program. Please find below the events from the workstation:
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 4/27/2014 10:06:01 PM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: IRCLIENT0001.corp.healthcareinnovation.com
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because
of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 4/27/2014 10:04:49 PM
Event ID: 1085
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: IRCLIENT0001.corp.healthcareinnovation.com
Description:
Windows failed to apply the Software Installation settings. Software Installation settings might have its own log file. Please click on the "More information" link.
Log Name: System
Source: Application Management Group Policy
Date: 4/27/2014 10:04:49 PM
Event ID: 108
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: IRCLIENT0001.corp.healthcareinnovation.com
Description:
Failed to apply changes to software installation settings. Software changes could not be applied. A previous log entry with details should exist. The error was : %%1612
Log Name: System
Source: Application Management Group Policy
Date: 4/27/2014 10:04:48 PM
Event ID: 102
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: IRCLIENT0001.corp.healthcareinnovation.com
Description:
The install of application WinRAR from policy Basic Computers GPO failed. The error was : %%1612
I am using windows server 2008 R2 and all my clients are running Windows 7 Enterprise and they are working over a domain, note that I am using VMware.
Below there are a list of the troubleshooting steps that have been already applied:
*Disable the the firewall both in the server and in the clients
*Grant read access to the folder where the the program is shared for installation, it was added the authenticated users and domain computers.
*Group policy modifications:
-> User Account Control
Policy Setting Winning GPO
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Elevate without prompting Basic Computers GPO
- User Account Control: Detect application installations and prompt for elevation Disabled Basic Computers GPO
- User Account Control: Only elevate UIAccess applications that are installed in secure locations Disabled Basic Computers GPO
- User Account Control: Run all administrators in Admin Approval Mode Disabled Basic Computers GPO
--> System/Group Policy
Policy Setting Winning GPO
- Startup policy processing wait time Enabled Basic Computers GPO
Amount of time to wait (in seconds): 120
--> System/Logon
Policy Setting Winning GPO
- Always wait for the network at computer startup and logon Enabled Basic Computers GPO
Thank you very much for your time.Hi Marco,
Based on your description, we can enable diagnostic logging of Group Policy Software Installation processing to troubleshoot the issue.
Regarding this point, the following article can be referred to for more information.
How to troubleshoot software installations by using Windows application management debug logging
http://support.microsoft.com/kb/249621
Once you get the log, you may upload it to OneDrive and provide us the download link.
In addition, the following article provides a step-to-step guidance for deploying software via group policy and can be referred to for double check.
How to use Group Policy to remotely install software in Windows Server 2008 and in Windows Server 2003
http://support.microsoft.com/kb/816102
Best regards,
Frank Shen -
Urgent Group Policy Issue - not applying despite saying it does
Thank you for this urgent help. Auditors checking this out tomorrow morning.
We have a GPO that sets the eventlog audit settings for success or failure security events. The scope is set to Authenticated Users.
When I run the group policy wizard in GPMC it shows the settings applying to one of our servers in that OU.
When I run gpresult/z from that server it shows the policy applying to that server.
But when I go into gpedit.msc the security audit settings are all set to "not defined" and they are grayed out so I can't edit them manually.
As a test I set the GPO to deny applying to that server. I ran gpudpate/force on the system and then gpresult and it shows the GPO now not applying. But the settings are still set to not defined and still not editable. they are not being set by any other GPO.
In the event logs I only see three GPO errors but they are unrelated. A separate GPO is having issues creating user accounts. No other GPOs apply.
Quick help would be fantastic.
Server runs on Windows Server 2008 R2 (I can edit GPO but not the domain ones and I don't have access to the domain controllers).OK, After several hours I figured it out. Turns out there's bugs and odd functionality.
If someone ever tested the 'advanced audit settings' (which I did in the same GPO at some point) then it sets a registry key to disable the use of the older basic audit settings. But when you stop using those advanced settings in your GPO it doesn't remove
that registry bit. So I used the GPO to undo that setting. This was the first step. This is found Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > "Audit: Force audit policy subcategory
settings (Windows Vista or later) to override audit policy category settings" to DISABLED.
Even though this is done, sometimes the GPO files on the domain controllers don't remove the old audit settings. So in the comments of another thread I found out you may have to go to
\\domain-fqdn\SYSVOL\domain-fqdn\Policies\{your-policy-id-where-this-setting-was-originally-set}\Machine\Microsoft\Windows NT\ and delete the Audit folder which is left behind due to some odd bug. If you don't do this even after doing the next step the
next gpupdate will bring that security setting above back down.
Next you have to reset your audit settings on your PC to the defaults. Unfortunately there is no way to do this. Auditpol /clear does not accomplish this. The only way to do this is to take the audit settings from another working system, export them and
then 'restore' those same settings to the affected server. To do this:
1. On 'working system' run cmd.exe as administrator and export the audit settings to a folder like this:
auditpol /backup /file:c:\working-auditpol-settings.txt
2. Copy that file to the broken system such as the C:\ drive and run this on the broken system:
auditpol /restore /file:c:\working-auditpol-settings.txt
Open GPEDIT.MSC and verify the audit settings are back to normal. Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy
Then run gpupdate/force on the formerly broken system. Close gpedit.msc and reopen and verify the settings were not overwritten. If you skipped the sysvol audit folder deletion step they may come back.
Hope this helps someone. -
User Group Policy Settings not applied to new user profiles at first logon
Good Afternoon,
We have an issue that occurs to a new user when they first log on to their machines. They log on and a new profile creates from the Default User Profile. We can see that a number of our Group Policy Settings applied as "User Configuration" are
not applying.A log off and back on is required before the policies apply.
Any thoughts to this behaviour please?
Regards
LeeB
Lee Bowman MCITP MCTSHi,
How about your problem now? How many system encounter this problem? Is all policy couldn't be applied? Is there any feedback when using gpresult to check policy applied status?
As Group Policy applies after user identity authentication, generally speaking, user logoff and back doesn't helpful with this problem.
When this problem occures, have you checked event log if it identify this problem?
Roger Lu
TechNet Community Support -
Don't have proper privilege to change the date and time. Group Policy does not work
Hello All,
I have configure group policy to change date and time only administrator. The problem is Windows XP machine cannot view the calendar but windows 7 can. So i need to view the calender for windows XP machine.
Error: you do not have proper privilege to change the date and time.
Please suggest.
ThanksHi Parvez,
Before going further:
I applied a VM Windows XP pro. When I logged in as a local admin, I can view the calendar from the right corner of desktop or from control
panel. However, when I logged in as a normal user account, I received the same message as yours.
For now:
I know this is not what you want. However, for normal users to view calendar, we can consider to give
Change System Time permissions to these users.
In addition, regarding this topic, the following article and thread can be referred to for more information.
You cannot set the date, time, or time zone on your computer
http://support.microsoft.com/kb/300022/en-us
Check windows calendar in XP pro without admin rights
http://community.spiceworks.com/topic/100116-check-windows-calendar-in-xp-pro-without-admin-rights
Please Note: Since the second website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best regards,
Frank Shen -
New Folder Redirection Group Policy is not working
Recently installed a new server on an older network:
Old network server: SBS 2003
New network server: Server 2012 STD
The network is working well and all computers are able to communicate with each other. I have already mapped a few network drives to folders that are located on the server. The owner wants to implement the same Folder Redirection of their Documents folder
(Mixture of WIN7 PCs and WINXP) that their old server provided. I used the following Document to create the Folder Redirection:
http://technet.microsoft.com/en-us/library/jj649078.aspx
I then went to each computer and performed a gpupdate /force on each computer than logged off the profile. When I logged off, the sync window (folder redirection?) popped up and still showed that it was trying to transfer/sync with the old server that is
no longer on the network. I also logged into the server and the shared folder that I selected for Folder Redirection does not have any data in it.
Is there something else that I am missing. Is there some sort of configuration on the clients themselves that I need to look for such as some Target Path?
I can provide more information upon request.Hi,
Based on your description, have we redirected the folders back before we removed the older server?
Besides, were there some error events in the Event Viewer?
To configure folder redirection, we need to assign users proper share and NTFS permissions.
Regarding this point, the following article can be referred to as reference.
Security Recommendations for Folder Redirection
http://technet.microsoft.com/library/cc736916.aspx
Besides, regarding how to configure folder redirection, the following article can also be referred to for more information.
Configuring Folder Redirection
http://technet.microsoft.com/library/cc786749.aspx
In addition, for folder redirection to work, we need to log off clients twice, or we can enable the following policy.
Computer Configuration > Policies > Administrative Templates > System/Logon > Always wait for the network at computer startup
and logon
Hope it helps.
Best regards,
Frank Shen -
Group policy is not applying in windows 8
There is different behavior on Windows 7 and Windows 8 on desktop wallpaper. In Windows 7, when we log into the system,
the cached wallpaper file will re-generated automatically.
But in Windows 8, if the wallpaper path didn’t change, the cached wallpaper will not re-generate.
After I deleted below file and log off/log on I can see the desktop wallpaper automatically changed on Windows 8.
%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
So I think you can apply this deletion operation to the domain controller as a log
off and shut downscript, the script which is as below.
(you can also write a .bat file by yourself and the content is :del
%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper)
Any solution on a doamin area pcs is not changing wallpaper by default in windows 8 i do the above but it applies only for a client machine. i want this to all windows 8 pcs in domain...please check this
try this. Run regedit and navigate to the following key in the Registry Editor:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
Right click on Policies > New > KEY > name it as ActiveDesktop.
Next in the right side, right-click > New > DWORD > name it as
NoChangingWallPaper.
The DWORD value 1 will restrict change in desktop wallpaper. To
allow change give it value as 0.
Reboot. -
We want to deploy to all our desktop the pac file to configure proxy. We have a Windows 2008 R2 server, and i've enabled the GPO "Make proxy settings per-machine (rather than per user)", and i've add a registry key AutoConfigURL in "HKLM\Software\Microsoft\Windows\Current
Version\Internet Settings" with the pac file link.
I've tested on my pc, and all was configured without any problem. I've try to login to my computer with another user (without admin rights) and the automatic configuration proxy was compiled and not modificable. It's seems that all works.
But, our users are not local admin, so i've tried to deploy the GPO in a collegue computer. I've forced the update of GPO, checked on registry that all new keys are added, and i've reboot the pc. When i've check on IE settings, autoconfig URL was empty and
grey. I'm disconnected from user and i've login to the pc with a local admin. With my surprise, the IE settings was compiled. When i'm come bac to the user profile the IE settings was compiled and not modificable.
The problem is: i've over 750 users in 3 countries, and i don't want grant them the local admin permissions. How can i configure proxy settings via GPO without login to every machine at least one time?> have a Windows 2008 R2 server, and i've enabled the GPO "Make proxy
> settings per-machine (rather than per user)", and i've add a registry
> key AutoConfigURL in "HKLM\Software\Microsoft\Windows\Current
> Version\Internet Settings" with the pac file link.
In the past, we experienced various issues with machine proxy settings,
so we don't use them anymore. The simple approach:
Block access to the connections page through ADM template settings and
deploy the proxy through GPP Internet Settings.
This is what we do (with a pac file, too), and it works well :)
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Group Policy Pref - Mapped Drives Not Applying to One User
Hi All,
I’m new to this list, so please excuse any etiquette slip ups.
I have three users at a site. All their machines are running Windows XP Service Pack 3 and have client side extensions installed. I created a group policy to map their default drives using GP User Preferences.
Each of the drives is set to "update".
As an example of the policy created XML is as follows:
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="H:" status="H:"
image="2" changed="2009-11-25 05:13:58"
uid="{8A44D2F4-AAE5-4F43-AEEC-D36F08EA619C}" desc="Maps the users H drive to
ServerName\users$\%username%" bypassErrors="1"><Properties action="U"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\users$\%username%" label="Home (ServerName)"
persistent="1" useLetter="1" letter="H"/></Drive>
and
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="J:" status="J:"
image="0" changed="2009-11-30 03:52:58"
uid="{535CD462-A45D-4363-ADA1-2316D5ECC703}" desc="Maps J drive for users to
\\ServerName\apps" bypassErrors="1"><Properties action="C"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\Apps" label="Apps (ServerName)" persistent="1"
useLetter="1" letter="J"/></Drive>
The group policy is applied to an OU for that site.
All three users are in the same OU.
All three users are also in the same “xxsitecode Users” group.
2 of the users log into their pc and get the mapped drives with no issue, but one user doesn’t.
There are no other login scripts and the user has no manually mapped drives.
He does have a H drive mapped using the profile field in his AD object as a temp measure. But every 90 mins any other manually mapped drives are removed by the policy.
We don’t use roaming profiles
To trouble shoot I have tried
- Reinstalling client side extensions
- Re-joining the pc to the domain
- Running gpupdate from the command prompt to see if any event logs are generated (none are)
- Manually mapping the drives to make sure there is network access etc – I can manually map them/he can access them.
- Creating the user a new account, when he logs in using that account he gets his mapped drives on all PC’s
- Getting the user to log into a different pc, when he does this he doesn’t get his drives – so it’s not his machine or profile
- Manually checking the security on the user object in AD against one of the users who gets their drives mapped
I'm sure the GP is fine because it works for two other users and the testing isolates his user account as the issue.
The Policy I’m having issues with is xxxx Mapped Drives/ Printers
I have posted this issue on the tech net GP discussion groups page, but haven’t had any replies.
Any suggestions would be appreciated.
SimoneWhat's interesting is that I applied a new GP to users - it has one policy setting and one preferences setting. He only gets the policy setting.. aka he gets the wallpaper but not the homepage.
Also, Jorke asked me to post the gpresult /z .
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 10/02/2010 at 2:19:34 PM
RSOP results for DOMAIN\USER on MACHINENAME : Logging Mode
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: SITECODE
Roaming Profile:
Local Profile: C:\Documents and Settings\USER.DOMAIN
Connected over a slow link?: No
COMPUTER SETTINGS
CN=MACHINENAME,OU=Laptops,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:06:38 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
au-mdwsus
Default Domain Policy
Legal Notice
Proxy Settings
Logon as service, operating system
AU-WSUS
Desktop Background & Home Page
Reg Permissions for default desktop
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
SITECODE Mapped Drives/ Printers
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The computer is a part of the following security groups:
BUILTIN\Administrators
Everyone
Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
MACHINENAME$
Domain Computers
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for Computer:
Software Installations
N/A
Startup Scripts
GPO: Desktop Background & Home Page
Name: image.bat
Parameters:
LastExecuted: 7:55:34 PM
Name: swiftdesktop.vbs
Parameters:
LastExecuted: 7:55:35 PM
Shutdown Scripts
N/A
Account Policies
Audit Policy
User Rights
Security Options
Event Log Settings
Restricted Groups
System Services
Registry Settings
File System Settings
Public Key Policies
N/A
Administrative Templates
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\CurrentVersion\Winlogon
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Desktop Background & Home Page
Setting: Software\Policies\Microsoft\Internet Explorer\Security
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
USER SETTINGS
CN=Matthew Luhrs,OU=Users,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:54:53 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
**** SITECODE Mapped Drives/ Printers - has Gp Pref's that should apply
Default Domain Policy
Proxy Settings
**** Desktop Background & Home Page - has Gp Pref's that should apply
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
AU-WSUS
Filtering: Not Applied (Empty)
Legal Notice
Filtering: Disabled (GPO)
Reg Permissions for default desktop
Filtering: Not Applied (Empty)
Logon as service, operating system
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
au-mdwsus
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The user is a part of the following security groups:
Domain Users
Everyone
Offer Remote Assistance Helpers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Computer Account Operators
Internet Users
SITECODE Users
DOMAIN-Public Folders Administrators
All Email Users
DOMAINSWIFTEMAIL
Domain Admins
Offer Remote Assistance Helpers
WSUS Administrators
DHCP Administrators
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for User:
Software Installations
N/A
Public Key Policies
N/A
Administrative Templates
N/A
Folder Redirection
N/A
Internet Explorer Browser User Interface
GPO: Proxy Settings
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
HTTP Proxy Server: Proxy:port
Secure Proxy Server: Proxy:port
FTP Proxy Server: Proxy:port
Gopher Proxy Server: Proxy:port
Socks Proxy Server: Proxy:port
Auto Config Enable: Yes
Enable Proxy: Yes
Use same Proxy: Yes
Internet Explorer URLs
GPO: Proxy Settings
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: Proxy Settings
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
GPO: Proxy Settings
Import the current Program Settings: No -
Group Policy Deployment Acrobat Standard XI Version 11
I was able to successfully create a Windows 2008 R2 SP1 Group Policy that would be able to distribute the Adobe Reader Application using the Adobe Customization Wizard XI. I tried to use the same procedure from the Adobe Acrobat Standard 11 download from the adobe licensing site and was unable to get the Group Policy to work. The error message that I am getting is...
The install of application Adobe Acrobat XI Standard 11.0 from policy Deploy Adobe Acrobat 11 failed. The error was : %%1603
This is the procedure that I created for deployment of Adobe Acrobat XI using Group Policy.
How to create a group policy deployment of Adobe Acrobat XI
Overview:
This procedure covers the steps needed to create a group policy that will deploy the Adobe Acrobat installation.
Requirements
• Windows 2008 Group Policy
• Adobe Acrobat Customization Wizard
o ftp://ftp.adobe.com/pub/adobe/acrobat/win/11.x/11.0.00/misc/CustWiz11000_en_US.exe
• Adobe Acrobat XI (Version 11)
o download from adobe account
Procedure:
1. Download the Adobe Acrobat XI package.
2. Extract the contents of the Adobe Acrobat XI package.
a. Type msiexec.exe /a AcroStan.msi
b. Click Next
c. Put in the Network Location Share where everyone can extract the installation.
d. Click Install
e. The package will then extract to the network location as indicated above.
f. Click Finish, once the installation has completed.
g. Open the Adobe Customization XI Wizard, and customize the package by selecting the AcroStan.msi file.
h. Customize the AcroStan.MSI installation file
i. Default viewer of PDF files: Make Acrobat the Default PDF Viewer
ii. Remove previous versions of Acrobat
iii. Run Installation: Silently
iv. If reboot is required at the end of installation: Suppress reboot
i. Shortcuts: Remove the desktop Shortcut
j. Online and Adobe Services: Disable Product Improvement Program: checked.
k. Generate Transform File
i. Click Transform > Generate Transform File
ii. Create an Setup.Ini file in the folder of the Distribution Package.
iii. Name the Transform File something useful like “CompanyConfigs”.
3. Create a Group Policy to deploy the software package. It is usually best to have a group policy for each software installation package.
a. Update the Domain Default Policy with Always install with elevated privileges. This will allow all software deployment packages to install.
i. Computer Configuration > Policies > Windows Settings > Administrative Templates > Windows Components > Windows Installer > Always install with elevated privileges : Enabled.
b. Create a Group Policy to enable Windows 7 Verbose Mode
i. Computer Configuration > Policies > Administrative Templates > System > Verbose vs normal status messages : Enabled.
c. Create a Group Policy for the Software Installation
i. Computer Configuration > Policies > Software Settings
ii. Right click and select New > Package
iii. Click the AcroRead.msi
iv. Click Advanced
v. Click the Modifications Tab and click Add
vi. Optional: Click the Uninstall this application when it falls out of the scope of management.
Note: This setting can be used to uninstall the application if the group policy ever changes in that the application should be removed.
vii. The package is now created …
4. Test the Client in a Virtual Machine
a. Go to a windows client and run “gpupdate /force”.
b. The system will then respond that it needs to restart the computer.
c. Type Yes, and allow the computer to reboot.
d. If Group Policy is not setup to allow for verbose messages in Windows 7 then the user will just see “Please wait…”, if verbose message is enabled the user will see “Installing Adobe Acrobat…”.
Can someone please tell me what I am missing to get the group policy deployed? It has the same permissions as the Adobe Reader folder and I have done everything exactly the same, except that Adobe Standard has the license number, and owner information included in the Transform file (.mst).
Thank you.Your case isn't unique. We've heard this a lot. While Acrobat has a small, very small percentage of settings available in the ADMX files,
in case you don't know, PolicyPak software has a solution to manipulate, basically, near 100% of the settings in Acrobat Reader and Professional.
You're welcome to check out how it works. These videos are for Acrobat X, but there is also tempaltes in the download for XI.
Here are links to the pages with full how-to videos:
http://www.policypak.com/products/manage-acrobat-reader-with-group-policy.html
and
http://www.policypak.com/products/manage-acrobat-x-pro-and-acrobat-x-standard-using-group- policy.html
You can be up and running in 20 minutes, but note, it's NOT a template.. PolicyPak is full application management and lockdown system. -
We recently switched hardware and server software Win SBS 2008 to 2012R2 for a small network roughly 40 clients (Win7 Pro / Win 8.1 Pro) about 16 running concurrently at a given time and one network printer with the printer queue residing on the DC as well.
I read that a single server environment might not be ideal in particular no fail-over but that is an accepted risk in this particular network here.
Errors:
Error 1043: Timeout during name resolution request
Error 1129: Group policy updates could not be processed due to DC not available
Error 5719: Could not establish secure connection to DC, DC not available
Occasionally but disappears after a while
Error 134: As a result of a DNS resolution timeout could not reach time server
Symptoms
On Win 7 Clients
Network shares added through Group Policy will not show sometimes
Network shares disconnect (red X) and when accessed return access authorization error after one or two clicks on the share finally grant access again
When the issue with accessing network shares occurs, it usually also affects Internet access meaning a 'server not responding' error appears in the browser windows when trying to open just any web page
nslookup during the incident returns cannot resolve error
ipconfig on client shows correct default router (VDSL Router) and DHCP / DNS Domain Controller
Also, the Win system log shows the above errors during these incidents, however, the nuimber of incidents vary from 20-30
On Win 8.1 Clients
Same as above with the slight variation for network shares apparently due to Server 2012 and Win 8.1 clients managing drive shares differently. However, network share refresh does not work with this clients. In most cases only a gpupdate /force returns
drive shares but usually only for the active session. After logoff / logon the shares are gone again.
The issue does appear to be load related since it occurs even if there are only one or two workstations active.
Server Configuration
Dell R320 PowerEdge 16GB / 4TB 7200RPM RAID10 / GBitEthernet
Zyxel 1910-48 Port Switch
VDSL 50Mbps Down / 20Mbps Up
Since the DC is the only local DNS and there are no plans to add another one or move DNS to another server, the DNS server is configured with this own address as preferred DNS with three DNS forwarders 1) VDSL Router 2) ISP DNS1 3) ISP DNS2
Currently only one Network card is active for problem determination reasons.
There appears to be no consensus concerning IPV6 enabled or disabled, I tried both with no apparent effect
I have set all network cards server and client to Full Duplex and the same speed, also disabled Offload functions within the adapter settings. Some but no consistent improvements.
Best Practice Analyzer Results
DNS server scavening not enabled
Root hint server XYZ must respond to NS queries for the root zone
More than one forwarding server should be configured (although 3 are configured)
NIC1 should be configured to use both a preferred and alternate DNS (there is only one DNS in this network)
I have found some instructions to apply changes to the clients through a host file but I would rather like to understand whether this DNS response time issue can be resolved on the server for example timing setting perhaps. Currently the DNS forwarders are
set to 3 second.
Since a few people have reported issues with DNS but most are working with multi DNS, DC environment I could not really apply any suggestions made there. perhaps there is anyone like me who is running a single server who has overcome or experience the same
issues. Any help would be appreciatedHello Milos thx for your reply.. my comments below
1. What does it "switched"? You may mean migration or new installation. We do not know...
>> Switched is probably the incorrect term, replaced would be the appropriate wording. Before, there was a HP Proliant Server with SBS 2008 with distinct domain and now there is a Dell Server with MS 2012 R2 with a distinct domain. Client were
removed from one (SBS) domain and added to the new Server 2012 domain. Other components did not change for example same Network Switch or VDSL Router, Workstations and Printer
2. Two DCs are better alternative. Or backup very frequently. There are two groups of administrators. Those who have lost DC and those who will experience this disaster in near future.
>> Correct, and I am aware of that
3. NIC settings in W 7 and W 8.1, namely DNS points to DC (...and NOTHING else. No public IP or that of router DNS.))
>> Correct, this is how it's currently implemented. Clients point to DC for DHCP and DNS and Default Router, no public IP or DNS. The only references to ISP DNS exist on the VDSL Router itself as provided through ISP when establishing VDSL
Link and the list of Forwarders in the DNS Server configuration. However, I have just recently added the ISPs DNS as forwarders for test purposes and will probably learn tomorrow morning whether this had any effect for better or worse.
4. Do nslookup to RR on clients. RR branch is saying client basic info on LDAP parameters of AD.
>> Will post as soon as available
5. I do not use forwarders and the system works
>> Ok, does this mean it works for you in a similar or the same infrastructure setup or are you saying it is not required at all and I can remove any forwarder in a scenario like mine? If not required can you explain a bit more why it is not
required apart from that it does work for you that way?
6. DHCP should sit on DC (DHCP on router is disabled)
>> Correct, no other device is configured to provide DHCP service other than DC and DHCP is currently running on DC
7. NIC settings in DC points to itself (loopback address 127.0.0.1)
>> Are you sure this is still correct and does apply to Server 2012? I am reading articles stating that it should be the servers own IP but local loop or should this be added as alternate DNS in addition to the servers own IP?
8. Use IPCONFIG /FLUSHDNS whenever you change DNS settings.
>> OK, that was not done every time I changed some settings but I can do that next week. Reboot alone would not suffice, correct?
9. Test your system with dcdiag.
>> See result below
10. Share your findings.
Regards
Milos
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = GSERVER2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GSERVER2
Starting test: Connectivity
......................... GSERVER2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GSERVER2
Starting test: Advertising
......................... GSERVER2 passed test Advertising
Starting test: FrsEvent
......................... GSERVER2 passed test FrsEvent
Starting test: DFSREvent
......................... GSERVER2 passed test DFSREvent
Starting test: SysVolCheck
......................... GSERVER2 passed test SysVolCheck
Starting test: KccEvent
......................... GSERVER2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... GSERVER2 passed test
KnowsOfRoleHolders
Starting test: MachineAccount
......................... GSERVER2 passed test MachineAccount
Starting test: NCSecDesc
......................... GSERVER2 passed test NCSecDesc
Starting test: NetLogons
......................... GSERVER2 passed test NetLogons
Starting test: ObjectsReplicated
......................... GSERVER2 passed test
ObjectsReplicated
Starting test: Replications
......................... GSERVER2 passed test Replications
Starting test: RidManager
......................... GSERVER2 passed test RidManager
Starting test: Services
......................... GSERVER2 passed test Services
Starting test: SystemLog
......................... GSERVER2 passed test SystemLog
Starting test: VerifyReferences
......................... GSERVER2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : GS2
Starting test: CheckSDRefDom
......................... GS2 passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... GS2 passed test CrossRefValidation
Running enterprise tests on : GS2.intra
Starting test: LocatorCheck
......................... GS2.intra passed test LocatorCheck
Starting test: Intersite
......................... GS2.intra passed test Intersite
Server: gserver2.g2.intra
Address: 192.168.240.6
*** gserver2.g2.intra can't find g2: Non-existent domain
> gserver2
Server: gserver2.g2.intra
Address: 192.168.240.6
g2.intra
primary name server = gserver2.g2.intra
responsible mail addr = hostmaster.g2.intra
serial = 443
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
> wikipedia.org
Server: gserver2.g2.intra
Address: 192.168.240.6
Non-authoritative answer:
wikipedia.org MX preference = 10, mail exchanger = polonium.wikimedia.org
wikipedia.org MX preference = 50, mail exchanger = lead.wikimedia.org
polonium.wikimedia.org internet address = 208.80.154.90
polonium.wikimedia.org AAAA IPv6 address = 2620:0:861:3:208:80:154:90
lead.wikimedia.org internet address = 208.80.154.89
lead.wikimedia.org AAAA IPv6 address = 2620:0:861:3:208:80:154:89
Final benchmark results, sorted by nameserver performance:
(average cached name retrieval speed, fastest to slowest)
192.168.240. 6 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
+ Cached Name | 0,001 | 0,002 | 0,003 | 0,001 | 100,0 |
+ Uncached Name | 0,027 | 0,076 | 0,298 | 0,069 | 100,0 |
+ DotCom Lookup | 0,041 | 0,048 | 0,079 | 0,009 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
gserver2.g2.intra
Local Network Nameserver
195.186. 4.162 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,022 | 0,023 | 0,025 | 0,000 | 100,0 |
- Uncached Name | 0,025 | 0,071 | 0,274 | 0,065 | 100,0 |
- DotCom Lookup | 0,039 | 0,040 | 0,043 | 0,001 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
cns8.bluewin.ch
BLUEWIN-AS Swisscom (Schweiz) AG,CH
195.186. 1.162 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,022 | 0,023 | 0,026 | 0,001 | 100,0 |
- Uncached Name | 0,025 | 0,072 | 0,299 | 0,066 | 100,0 |
- DotCom Lookup | 0,039 | 0,042 | 0,049 | 0,003 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
cns7.bluewin.ch
BLUEWIN-AS Swisscom (Schweiz) AG,CH
8. 8. 8. 8 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,033 | 0,040 | 0,079 | 0,011 | 100,0 |
- Uncached Name | 0,042 | 0,113 | 0,482 | 0,097 | 100,0 |
- DotCom Lookup | 0,049 | 0,079 | 0,192 | 0,039 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
google-public-dns-a.google.com
GOOGLE - Google Inc.,US
UTC: 2014-11-03, from 14:33:12 to 14:33:29, for 00:17,648
15: 40
192.168.240. 6 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
+ Cached Name | 0,001 | 0,002 | 0,004 | 0,000 | 100,0 |
+ Uncached Name | 0,025 | 0,074 | 0,266 | 0,063 | 100,0 |
+ DotCom Lookup | 0,042 | 0,048 | 0,075 | 0,007 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
gserver2.g2.intra
Local Network Nameserver
195.186. 1.162 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,022 | 0,024 | 0,029 | 0,001 | 100,0 |
- Uncached Name | 0,024 | 0,073 | 0,289 | 0,067 | 100,0 |
- DotCom Lookup | 0,039 | 0,041 | 0,043 | 0,001 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
cns7.bluewin.ch
BLUEWIN-AS Swisscom (Schweiz) AG,CH
195.186. 4.162 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,022 | 0,024 | 0,029 | 0,001 | 100,0 |
- Uncached Name | 0,025 | 0,073 | 0,286 | 0,065 | 100,0 |
- DotCom Lookup | 0,041 | 0,066 | 0,180 | 0,037 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
cns8.bluewin.ch
BLUEWIN-AS Swisscom (Schweiz) AG,CH
8. 8. 8. 8 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,033 | 0,038 | 0,077 | 0,009 | 100,0 |
- Uncached Name | 0,042 | 0,105 | 0,398 | 0,091 | 100,0 |
- DotCom Lookup | 0,049 | 0,066 | 0,141 | 0,025 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
google-public-dns-a.google.com
GOOGLE - Google Inc.,US
UTC: 2014-11-03, from 14:39:59 to 14:40:12, for 00:13,363 -
Can't get Aero theme forced (via Group Policy)
Well I'm at a loss. I have a bunch of users. They're all crazy, and I think I'm getting there too. It all started with this three-armed monkey that got loose in the lab....
Ok seriously. I'm having no luck getting the Aero theme forced to any user. 2008 R2 and Win 7 Pro and Enterprise systems. Any user can easily manually set their own Aero theme and it saves after they log off, but for a user that hasn't
done this I cannot get GPO's to get the job done.
I've been all over the web, some people say use the option to "Load a specific theme" which most people agree only affects a user's login for the first time. After they've logged in once, that setting never applies to them again.
And the other one is that if I want to force the theme each time someone logs on, to set the msstyles file under "force a specific visual style file or force Windows Classic". I don't have a company-specific file to share over a network folder
so I just use the default %windir%\resources\Themes\Aero\aero.msstyles path.
Both of these GPO entries are found under User config > Policies > Admin Templates > Control Panel > Personalization.
Some forum posts say not to enable these two items together, others say you need to. For me it doesn't work in any combination - plenty of machine reboots in between to ensure updated GP's get applied. .
Also the Desktop Window Manager Session Manager service is running and set to automatic, and I've tested on more than one system so I am confident the computers are not the problem (some are brand new installs).
Event logs show no errors at all, and also do show successful applies of "4 group policy objects". I suppose I should count how many are supposed to apply to a computer but let's say for argument's sake that there are no errors on this.
Is there something I'm missing?I've been all over the web, some people say use the option to "Load a specific theme" which most people agree only affects a user's login for the first time. After they've logged in once, that setting never applies to them again.
And the other one is that if I want to force the theme each time someone logs on, to set the msstyles file under "force a specific visual style file or force Windows Classic". I don't have a company-specific file to share over a network folder
so I just use the default %windir%\resources\Themes\Aero\aero.msstyles path.
For the "Load a specific theme" policy, you can find the description of the policy in group policy editor, it is only applied when a new user logs in for the first time and it doesn't prevent user from changing the theme
I made a test in my environment, if I applied "force a specific visual style file or force Windows Classic". it works as I want (I use some default visual style file because I don't have customized file ), after that, I can change the
theme, and the aero.msstyles I set via GP remain take effects.
Regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Server giving group policy error 4098
I have been developing group policies to replace our login script. The policy copies many files over from a shared network drive. On many of the policies I have set it to run in the local user's security context so that the GP will pick up the
drive letters (they are different depending on the office). On one server in a remote office where the Group Policy is not applied I keep getting errors every time I enable the policies in a separate test OU. It does not make any sense to me as
the policies should not apply to this server, the server is not a domain controller, and I did not login to this server under my user account.
Here is an example of the errors (there are hundreds of similar errors):
The user 'Worksharing Monitor for Autodesk Revit 2011.lnk' preference item in the 'New Cadd {184A655E-D801-4589-AAF4-37788F771193}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.'
This error was suppressed.
The user 'AutoCAD 2011 - English.lnk' preference item in the 'New Cadd {184A655E-D801-4589-AAF4-37788F771193}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.
Any ideas?
Thanks!Hi,
You cannot the computer configuration policies to users. Please first of all , provide a new policy in the user configuration - shortcut" , and move the users that applying the shortcut policies to related OU. And gpupdate -- try again.
Thanks.
Alper YAZGAN *
Maybe you are looking for
-
Performance Degradation of new Servers
Hi All, We are experiencing massive performance degradation on production when the system is under heavy use. It seems to be at its worst around month end. The worst effected transactions are the Cost / Profit centre 'line item' reports using RCOPCA0
-
Problem in Third Party Sales (W & W/0 Shipping Notification)
Hi Gurus, When I am doing Third Party Scenario I am facing Problem in Understanding why there is no Outbound Delivery takes place, Only because if I am taking Goods-In from MIGO against Sales Order, It means my Stock is increased & after Goods Issue
-
Sales statistics by sales area report
Hi all, I am trying to understand logic used to develop sales statistics by sales area report developed by some abaper.here to calulate order margin i am using order value and order cost.the problem is with order cost calculation as it's value is com
-
How to get List of all activated Info objects in sap BI production system
Hi Experts, For my requirement I need list of all activated info objects in sap bi production system. Can any body suggest any thing.
-
IPhone 4 sync to more than one computer
I have iPhone 4 that I want to sync iTunes library to more than one computer (1 iMac and 1 PC). PC was previously synced with old device. I want to sync iTunes library currently on iPhone and override data on PC. How do I do this? I do NOT want iTune