Group Policy Logon Script to create folder based on username, run as admin

Similar Messages

• How to create a logon script to delete folder, subfolders and contents when a user logs on ?

  I need to create a logon script which will delete a folder, subfolder and contents when a user logs on. I have no experience with scripting so any pointers you can give would be much appreciated.
  Thanks

  depending on how you have thing set up, it might be easier to make a LaunchAgent to handle this.  do this:
  copy the text below into a text editor
  save it as a plain text file in /Library/LaunchAgents with the file name "user.startup.folderDeleter.plist" (the name doesn't matter so much, but the 'plist' extension is required)
  load the plist into launchd by restarting the machine or by opening terminal and running the command launchctl load /Library/LaunchAgents/user.startup.folderDeleter.plist
  This will delete the folder any time any user logs in.  You could also expand this to delete the folder periodically (once a day, for instance) if that would be helpful.
  Note, this file must be saved as plain text. apps like TextEdit sometimes default to making rich text files which will not work.  Either download a programmer's text editor like TextWrangler, or make sure that TextEdit is using plain text (if the window has a formatting toolbar it's using rich text;  select "Make Plain Text" from the Format menu).
  copy the text below:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
            <key>Label</key>
            <string>user.startup.folderDeleter</string>
            <key>RunAtLoad</key>
            <true/>
            <key>ProgramArguments</key>
            <array>
                      <string>osascript</string>
                      <string>-e</string>
                      <string>tell application "Finder" to delete folder "Final Cut Express Data" of folder (path to preferences from user domain)</string>
                      <string>-e</string>
                      <string>tell application "Finder" to empty trash</string>
            </array>
  </dict>
  </plist>

• Group Policy Startup Script Applies My Policy But Does Not Run The Acual Scripts

  I have created a basic batch file with msiexec.exe to uninstall a program on startup and then another separate .bat script to install the same program but the newer version. The software I'm referring to has to be completely uninstalled BEFORE
  I install the "newer" version of the same program, it cannot just be overwritten. If I run a gpupdate /force on the client computer and restart, the scripts run as they are supposed to and everything works but the problem is that I can't get it to
  run on first boot on a computer that has been turned off for months, even after multiple reboots it still doesn't run the scripts. The 3 policies apply to the different computers/users but the scripts don't run. I manage a theme park that is
  only open 4 months of the year so the rest of the time the in park PC's are turned off. I have created my OU as "POS Computers & Users" which has all of the computers and users that will take this policy. I also have 3 Group Policy
  Objects attached to this OU in Group Policy, 1 is the program uninstallation .bat script policy that runs on startup, 2 is the install .bat script policy that runs after the uninstallation script, and 3 is the Default Policy for the OU. I already have the
  "Always wait for the network at computer startup and logon", "Run startup scripts visible"enabled, "Run startup scripts asynchronously" disabled, and "Run Logon Scripts Synchronously" enabled for all 3 of the
  policies. They are all "link enabled" and security filtering is set to only the OU I mentioned earlier so that it doesn't affect anyone else. I have the link order set as the script I want to run first as the last and the one I want to run last first
  because from what I understand inheritance is from bottom to top. The install file is accessible by everyone with full permissions on our "Shared" drive so I know its not a permissions issue because it runs after a gpupdate /force with a restart.
  The scripts are in the proper folder for the policies they are attached to and permissions are fine.
  Here is my uninstall .bat script (msiexec.exe /X{14324A6A-BDD1-4F40-8E77-664C8AEEA251} /forcerestart /qb-! ALLUSERS=1 REMOVE=ALL)
  Here is my install .bat script (msiexec.exe /i {\\kksrvad\shared\Gatemaster\NewGatemaster.msi} /qb ALLUSERS=1)

  Can't be done in a login script.
  This is a Group Policy issue and not a scripting issue.  You do not have a script.  You have a command saved in a batch file and you are using a GPO.  Not a scripting issue.
  ¯\_(ツ)_/¯

• OutLook 2007 Macro to create Folder Based on Received Date

  Dear All,
  Is it possible to create a macro which will automatically create a folder based on Received Date of the mail and then group these mails (in folders) based on the received month….
  Can someone help me with the VBA Coding for Outlook 2007, where I select a folder and the macro creates folder’s and subfolder based on the received month and date-wise folder (based on the received date of the mail).
  Thanks...

  Yes, it is possible, but why would you want to split up your emails like that?
  Note that you can also do a simply search query to find all emails received within a certain month. For instance, when you want to see all emails which you received in July 2013 type the following in the Search Field:
  received:(July 2013)
  For more information about using Search within Outlook see:
  http://www.howto-outlook.com/howto/searchcommands.htm
  Robert Sparnaaij
  [MVP-Outlook]
  Outlook guides and more: HowTo-Outlook.com
  Outlook Quick Tips: MSOutlook.info

• Script to create directory based on current file name and then save the file in that directory

  Hi all,
  I have a need save all my projects in a directory using the name of the main image I am working on.
  Manually these are the steps I used:
  Save As.
  Copy ( press command-c <== the filename is highlighted by default so all I have to do is )
  New Folder ( press the new folder button. Brings up a dialog box)
  Paste ( press command-v. <== Pastes the file name into the "New Folder" dialog box.)
  Save ( press thre save button. Saves the files into the new folder )
  Save As.
  Change format to JPG
  Save
  Change image quality to 12
  I want to assign these actions to a key
  Recording these steps and playing them back does not give me the results I need, snce the original name is hard-coded in the actionlist that was recorded
  What should I be doing instead ?
  Thanks in advance !

  You don’t mention which format the original file is (and figuring that and its current settings out seems too much of a hassle to me) so this would only save the jpgs into the folder (and create one if it does not exist).
  If you want to give it a try, paste the following text into a new file in ExtendScript Toolkit (part of Photoshop’s installation, Applications/Utilities/Adobe Utilities/ExtendScript Toolkit CS4 or /Applications/Utilities/Adobe Utilities-CS5/ExtendScript Toolkit CS5) and save it as a jsx-file into Photoshop’s Presets/Scripts-folder.
  After restarting Photoshop the Script should be available under File > Scripts and can be assigned a Keyboard Shortcut directly, recorded into an Action, (in CS4 and CS5) be used in a Configurator-Panel or started from ExtendScript Toolkit directly.
  // saves jpg into folder of file’s name next to file;
  // be advised: this  overwrites existing jpgs of the same name without prompting;
  // thanks to xbytor;
  // 2012, use it at your own risk;
  #target photoshop;
  if (app.documents.length > 0) {
  var thedoc = app.activeDocument;
  // getting the name and location;
  var docName = thedoc.name;
  if (docName.indexOf(".") != -1) {var basename = docName.match(/(.*)\.[^\.]+$/)[1]}
  else {var basename = docName};
  // getting the location, if unsaved save to desktop;
  try {var docPath = thedoc.path}
  catch (e) {var docPath = "~/Desktop"};
  // create folder if it does not exist;
  var folderString = docPath+"/"+basename;
  if (Folder(folderString).exists == false) {new Folder(folderString).create()};
  // jpg options;
  var jpegOptions = new JPEGSaveOptions();
  jpegOptions.quality = 12;
  jpegOptions.embedColorProfile = true;
  jpegOptions.matte = MatteType.NONE;
  //save jpg as a copy:
  thedoc.saveAs((new File(folderString+"/"+basename+".jpg")),jpegOptions,true);

• Group Policy Startup Script

  Hi,
  We have a requirement to delete some of the files from all the desktops in Domain. We have already created a script to achieve the same. But when we are applying the same as startup script for the PC's it is not deleting the files. If we apply as logon script
  then it can delete some files because user does not have access to delete all the files. For this reason we want to apply it on startup so that it can run with SYSTEM privilege and delete files but it is not happening.
  Please suggest if there is any reason for which the startup script is not able to delete the files. I have already checked by doing RSOP.MSC and GPRESULT and found the script to be present in the startup.
  There is no log in the event viewer related to this.

  Hi Sukhwin08,
  According to your post, the gpresult showed the Startup script has been applied but the script could not run successfully. Right? Please follow the following step to narrow down the issue:
  1. Change the script to the following command:
  add  > %SystemDrive%\Users\test.txt to the script.
  2. Log on to a client with a regular user account, run
  gpupdate/force, and then re-log on to this client.
  3. Check if the test.txt file exists in this location
  %SystemDrive%\Users.
  If the test.txt file exists, Startup script is applied successfully. But the result of running logon script achieves the goal we expect or not which is still not sure.
  Regards,
  Lany Zhang

• Help creating apple script to create folder and set access levels

  I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders.  I want to set both Staff and everyone to Read and Write access.   Secondly I would like to have a function key set on the desktop to create new folders and set that same access level.  The default access is Read and I can not find a way to change that.
  Thanks

  I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders.  I want to set both Staff and everyone to Read and Write access.   Secondly I would like to have a function key set on the desktop to create new folders and set that same access level.  The default access is Read and I can not find a way to change that.
  Thanks

• The group policy client service failed the logon access is denied.

  This one is starting to get on my nerves now. We've had 2 users suffering this problem on our Remote Desktop server.
  We are running two Windows Server 2008 SP2 domain controllers, with two Windows 2008 R2 servers running RD Gateway and Remote Desktop Server.
  The first user I had to recreate because of following instructions I googled because it caused the user to always logon with a temporary profile on the server and I could not resolve this.
  This user I have managed to cleanly delete the local logon profile.
  BOTH of these users are on roaming profiles, as are most of the users that are logging in to this server (for reasons that they move around the office). On the server, the user is listed twice one with a .v2 extension (XP machines at desks)
  The user we are having a problem with at the moment was working perfectly fine a couple of weeks ago when they last logged into the server.
  Could this be down to me setting an over ride on the settings that force people to logout completely after an hour of idle time, resulting in an unclean logoff?
  Some of the messages that are in the event log for when that user attempts to login:
  Event id: 1542
  Windows cannot load classes registry file.
  DETAIL - The system cannot find the file specified.
  Event ID: 6001
  The winlogon notification subscriber <Sens> failed a notification event.
  Event ID: 6004
  The winlogon notification subscriber <GPClient> failed a critical notification event.
  I'm also getting a constant batch of
  Event ID: 510
  Folder redirection policy application has been delayed until the next logon because the group policy logon optimization is in effect
  Any ideas why this should happen? I need a solution as soon as possible please as these users are running our sales department from home, and this user is due to be on the rota to do it this week! :)

  Andy, I have been struggling with this issue on a new 2008R2 server. Can
  you explain the commands you used to load ntuser.dat and usrclass.dat
  into the registry? This is a truly maddening issue.
  Thank you.
  On 1/10/2011 11:01 AM, Andy Murphy wrote:
  > Seems I have managed to over come this.
  >
  > After deleting the profile from within the Advanced System Settings >
  > User Profiles on the RD server I still couldn't logon (as said above
  > about clean deletion of the local profile)
  >
  > So I manually loaded the UsrClass.dat and NTUser.dat into the registry
  > as they were not there. To do this I did the following:
  >
  > Loaded NTUser.dat from the profile on the server as a hive under
  > HKEY_USERS to S-1-5-21-2055973500-2782184047-1828406536-1165
  >
  > Loaded UsrClass.dat from the profile.v2 on the server as a hive under
  > HKEY_USERS to S-1-5-21-2055973500-2782184047-1828406536-1165_Classes
  >
  > Then logged in as the user, and it works perfectly again (it did hang on
  > waiting for the session manager). To be sure I then copied the Default
  > user to that newly created profile on the RD server and logged in again,
  > no hangs. Perfect.
  >
  > Maybe this will solve a few other peoples problems with these related
  > errors.
  >

• WMI Filters Folder NOT Found in Group Policy Management Console.

  We have a Small Business Server 2011 Standard Edition install that is Hosting a Domain that was migrated to it from Windows Server 2003 Standard Edition. All seems to be working. We have a few problems that we are trying to work on one at a time when this
  issue was brought to light.
  We were trying to push the installation of a client software via group policy and in the process to have it pushed by the server, we had to configure several wmi filters in the group policy management in the SBS 2011.  We opened the console and found
  that the WMI Filters Folder is nowhere to be found.
  We would like to find out what can be the cause and resolution of this problem.  I would like to find out how to get the WMI Filters folder back in the Management Console and be able to create the filters that will help us deploy the client software
  we need to provide to our users using the group policies.
  Has anyone experienced this problem.  Can we just go into the group policy management console and create the object and then import the default filters into that object we created.  The filters were exported from another sbs 2011 standard edition
  install that has the wmi filters folder in the GPMC.
  Need help on this situation.  Have very little experience in troubleshooting GPO's and GPMC's issues.
  Thank you
  JFM

  Hi,
  >>I need to find out if there is a way to get the WMI Filters Object Folder back or find a way to recreate it.
  Based on the description, we can use LDP.exe to check if the following object is missing in Active Directory:
  CN=Windows2003Update, CN=DomainUpdates, CN=System, DC=domain, DC=com
  Regarding how to use LDP.exe to view AD object, the following article can be referred to as reference.
  How to Use Ldp.exe to View Entire Directory Tree and Locate the Microsoft Exchange Container
  http://support.microsoft.com/kb/252335
  If the object is missing, we can follow the solutions described in the following article to check if the object was deleted and we need to restore it if this is true.
  Step 2: Restore a Deleted Active Directory Object
  https://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx
  If the object is there, we can check if proper access permissions have been configured for it.
  If the object is missing but not deleted, this may be related to the migration process. If this is true, we can ask for suggestions in the following SBS forum.
  Small Business Server
  https://social.technet.microsoft.com/Forums/en-US/home?forum=smallbusinessserver
  In addition, regarding migrating Active Directory to SBS 2011 Standard, the following articles can be referred to for more information.
  Prepare your Source Server for Windows SBS 2011 Standard migration
  https://technet.microsoft.com/en-us/library/gg615494.aspx
  SBS 2011 Standard Migrations – Keys to Success
  http://blogs.technet.com/b/sbs/archive/2011/07/01/sbs-2011-standard-migrations-keys-to-success.aspx
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Windows 8.1 Group Policy based Wireless Profiles do not appear to be working

  I'm wondering if anyone else out there has run into the same issue as I am seeing.  The environment is all Server 2012(not R2), with Windows 8.1 clients.  
  I configure a GPO that is linked to the entire domain/authenticated users and contains a Windows Vista and Later wireless network profile.  Let's call it "GPO_Wireless.  It is configured to automatically connect it to a specific SSID, the
  encryption settings are unimportant, as I've tried numerous approaches.  In our case, we're trying to do EAP-TLS with the NPS role.  We have the CA rolled out, NPS has a proper cert, and the clients are auto-enrolling for both Computer and User certs.
   This is all verified as working.  We've also tried straight password authentication.
  I refresh group policy on a Windows 8.1 client and see that Computer Policy "GPO_Wireless" is being applied to the client.  I restart the computer, but it does not connect to the wireless network.
  I run "netsh wlan show profiles" and under "Group Policy Profiles(read only)" it is blank.
  I run gpresult /r /scope computer again, and it shows "GPO_Wireless" is being applied.
  The last note is that Windows 7 clients can connect to the wireless just fine.

  Hi，
  For the client side, I would like to know if the windows 7 as you mentioned used the same Group Police like Windows 8.1.
  Meanwhile, I suggest you try using script as a workaround.
  Regards,
  Kelvin hsu
  TechNet Community Support

• (now with script code) droplet not creating folder cs4 photoshop windows 7

  (i also posted this in the windows section but was told i should post here insted so i will try to close that one out)
  so i created a script that creats folder and subfolders inside (  folder1\subfolder1\subfolder2 etc" and i run the script in photoshot cs4  11.01 it creats the foldets no prob.  yet when i creat a droplet it wont  work. the folders dont get made... i have admin rights and am logged in  as admin all the time. when the droplet is run it will either launch  photoshop or bring the running photoshop to the front, the taskbar icon  flashes and after a min or 2 i get the error, " droplet couldnt  communicate with photoshop"
  can anyone help me out on rhis please?
  thank you  and have a great day.
  ok, please dont laugh at me over my poor scripting skills. i have none and have never programed.  ok here is the script i use to make folders
  var myFolder = new Folder('/d/Documents and Settings/testing/Desktop/tiff');
  if(!myFolder.exists) myFolder.create();
  var myFolder = new Folder('/d/Documents and Settings/testing/Desktop/tiff/800med');
  if(!myFolder.exists) myFolder.create();
  var myFolder = new Folder('/d/Documents and Settings/testing/Desktop/tiff/1333med');
  if(!myFolder.exists) myFolder.create();
  var myFolder = new Folder('/d/Documents and Settings/testing/Desktop/tiff/large');
  if(!myFolder.exists) myFolder.create();
  var myFolder = new Folder('/d/Documents and Settings/testing/Desktop/tiff/mls467');
  if(!myFolder.exists) myFolder.create();
  var myFolder = new Folder('/d/Documents and Settings/testing/Desktop/tiff/mls533');
  if(!myFolder.exists) myFolder.create();
  var myFolder = new Folder('/d/Documents and Settings/testing/Desktop/tiff/thumb');
  if(!myFolder.exists) myFolder.create();
  so i hope this helps in the quest to solve my probs.
  hb

  Also the path itself looks strange as Documents and Settings is usually on drive C also the desktop is normally on drive C.
  This path would normally be:
  var myFolder = new Folder("~/Desktop/tiff"');

• Issue with GPO "WSE Group Policy Password Synchronization"

  When I started my migration of SBS2011 to  2012r2 with essentials service I noticed this GPO appear which I assume is for passwords to be synced to the cloud however when I implemented group policy from essentials the dashboard crashed and the typical
  GPO's that it creates weren't there and only the folder-redirection was present it was also blank so I deleted it (I didnt delete the GPO "WSE Group Policy Password Synchronization" )
  I then re-launched the dashboard and ran through the process again, it worked what a treat! except the GPO for "WSE Group Policy Password Synchronization"
  appears to be blank, I remember it pointing to a ps file but I dont know what ps file and how to recreate it, along with to confirm what it does. Sadly I have no GPO backup to go back to.
  any help on this would be much appreciated 
  Cheers 

  Hi,
  à
  however when I implemented group policy from essentials the dashboard crashed
  Based on your description, I understand that Dashboard crashed when implemented group policies (some WSE Group
  Policy).
  àthe typical
  GPO's that it creates weren't there and only the folder-redirection was present it was also blank so I deleted it (I didnt delete the GPO "WSE Group Policy Password Synchronization")
  Did you mean that deleted the ‘WSE Group Policy Folder Redirection’? Would you please let me know whether do
  any operation for the ‘WSE Group Policy Password Synchronization’? Meanwhile, please check if other WSE Group Policy also was
  No Settings defined in Settings tab (as your ‘WSE Group Policy Password Synchronization’ picture showed).
  àSadly I have
  no GPO backup to go back to.
  Please start a BPA scan and check if find relevant issue. If no GPO backup, it seems that not be able to help
  us to restore group policy objects. By the way, did you have a Full server backup?
  If anything I misunderstand or any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• Best practice Terminal Services Group Policy AD

  When I started out with Terminal Services on Windows 2000 I used as a guide a book from Todd Mathers called Windows NT/2000 Thin Client Solutions and have been using his recommendations ever since.  We are not planning to go to Windows 2008 and I thought it might be a good time to review our methodology and have a second pair of eyes/experience look over.  I'm not sure if anybody responding will be familiar with the book but here are the steps recommended in the book that we have implemented:
  1) Create a separate Terminal Services OU in the domain
  2) Under the TS OU create two OU's - Terminal Servers and Terminal Server User Groups
  3) Create 3 GPO's and apply to the Terminal Servers OU
  a) TSServers 
  Enable Block Policy inheritance
  Disable User Configuration Settings
  Permission:            Authenticated Users    System  TS-Admins
  Full Control  
  Read                          Allow                          Allow             Allow
  Write                                                              Allow             Allow
  Create Child Objects                                  Allow            Allow 
  Delete Child Objects                                  Allow             Allow
  Apply Group Policy    Allow
  Loopback Policy - replace mode
  Delete Cached Copies of Roaming Profiles
  b) AllTSUsers Policy (Includes Admin)
  Disable Computer Configuration Settings
  Permission:        Authenticated Users    System    TS-Admins
  Full Control                                                                   Allow 
  Read                          Allow                    Allow            Allow
  Write                                                         Allow           Allow
  Create Child Objects                            Allow           Allow 
  Delete Child Objects                            Allow           Allow
  Apply Group Policy    Allow                                       Allow
  Enable: Do Not Track Shell Shortcuts During Roaming
  Enable: Disable UI to Change Menu Animation Settings
  Enable: Add Logoff to the Start Menu
  Enable: Disable and REmove the Shut Down Command
  Enable: Do Not Use the Search-based Method When Resolving Shell Shortcuts
  Enable: No Screen Saver
  Enable: Group Policy Refresh Interval - 1440 (24 hours)
  c) RegularTSUSERS (not including Admins)
  Disable Computer Configuration Settings
  Permission:        Authenticated Users    System    TS-Admins
  Full Control                                                            
  Read                          Allow                    Allow         Allow
  Write                                                        Allow         Allow
  Create Child Objects                           Allow         Allow 
  Delete Child Objects                           Allow         Allow
  Apply Group Policy    Allow                                    Deny
  Wndows Settings\Folder Redirection - I redirect My Documents and Application Data to a network share  
  Administrative Templates\Windows Components\Windows Explorer 
  Enable: Removes the Folder Options Menu From the Tools Menu
  Enable: Hide Hardware Tab
  Administrative Templates\Start Menu & Taskbar 
  Enable: Disable and Remove Links to Windows Update
  Enable: Remove Network & Dial-up
  Enable: Disable Changes to Taskbar and Start Menu Settings
  Administrative Templates\Desktop 
  Enable: Prohibit User From Changing My Documents Path
  Administrative Templates\Control Panel 
  Enable: Disable Control Panel
  Administrative Templates\Systems
  Enable: Disable Registry Editing Options
  I would appreciate if somebody could critique the above for our present 2000 environment - how we might do things different and better - we are still going to be running 2000 for another year - and also offer some guidance as to how we should modify the above for 2008 R2.

  my favorite is:
  user - admin templates - windows components - windows explorer  -Hide this specified drives in My computer
  user - admin templates - windows components - windows explorer  -Prevent Access to drives from My Computer
  user - admin templates - windows components - windows explorer  - Prevent users from adding files to the root of their User Files Folders (I wnat to keep folder redirection effective)
  Martin

• Group Policy Deployment Acrobat Standard XI Version 11

  I was able to successfully create a Windows 2008 R2 SP1 Group Policy that would be able to distribute the Adobe Reader Application using the Adobe Customization Wizard XI. I tried to use the same procedure from the Adobe Acrobat Standard 11 download from the adobe licensing site and was unable to get the Group Policy to work. The error message that I am getting is...
  The install of application Adobe Acrobat XI Standard 11.0 from policy  Deploy Adobe Acrobat 11 failed. The error was : %%1603
  This is the procedure that I created for deployment of Adobe Acrobat XI using Group Policy.
  How to create a group policy deployment of Adobe Acrobat XI
  Overview:
  This procedure covers the steps needed to create a group policy that will deploy the Adobe Acrobat installation.
  Requirements
  •    Windows 2008 Group Policy
  •    Adobe Acrobat Customization Wizard
       o    ftp://ftp.adobe.com/pub/adobe/acrobat/win/11.x/11.0.00/misc/CustWiz11000_en_US.exe
  •    Adobe Acrobat XI (Version 11)
       o    download from adobe account
  Procedure:
  1.    Download the Adobe Acrobat XI package.
  2.    Extract the contents of the Adobe Acrobat XI package.
  a.    Type msiexec.exe /a AcroStan.msi
  b.    Click Next
  c.    Put in the Network Location Share where everyone can extract the installation.
  d.    Click Install
  e.    The package will then extract to the network location as indicated above.
  f.    Click Finish, once the installation has completed.
  g.    Open the Adobe Customization XI Wizard, and customize the package by selecting the AcroStan.msi file. 
  h.    Customize the AcroStan.MSI installation file   
  i.    Default viewer of PDF files: Make Acrobat the Default PDF Viewer
  ii.    Remove previous versions of Acrobat
  iii.    Run Installation: Silently
  iv.    If reboot is required at the end of installation: Suppress reboot
  i.    Shortcuts: Remove the desktop Shortcut
  j.    Online and Adobe Services: Disable Product Improvement Program: checked.
  k.   Generate Transform File
  i.    Click Transform > Generate Transform File
  ii.   Create an Setup.Ini file in the folder of the Distribution Package.
  iii.  Name the Transform File something useful like “CompanyConfigs”.
  3.    Create a Group Policy to deploy the software package. It is usually best to have a group policy for each software installation package.
  a.    Update the Domain Default Policy with Always install with elevated privileges. This will allow all software deployment packages to install. 
  i.    Computer Configuration > Policies > Windows Settings > Administrative Templates > Windows Components > Windows Installer > Always install with elevated privileges : Enabled.
  b.  Create a Group Policy to enable Windows 7 Verbose Mode
  i.    Computer Configuration > Policies > Administrative Templates > System > Verbose vs normal status messages : Enabled.
  c.    Create a Group Policy for the Software Installation
  i.     Computer Configuration > Policies > Software Settings
  ii.    Right click and select New > Package
  iii.   Click the AcroRead.msi
  iv.   Click Advanced
  v.    Click the Modifications Tab and click Add
  vi.   Optional: Click the Uninstall this application when it falls out of the scope of management.
  Note: This setting can be used to uninstall the application if the group policy ever changes in that the application should be removed.
  vii.    The package is now created …
  4.    Test the Client in a Virtual Machine
  a.    Go to a windows client and run “gpupdate /force”.
  b.    The system will then respond that it needs to restart the computer.
  c.    Type Yes, and allow the computer to reboot.
  d.    If Group Policy is not setup to allow for verbose messages in Windows 7 then the user will just see “Please wait…”, if verbose message is enabled the user will see “Installing Adobe Acrobat…”.
  Can someone please tell me what I am missing to get the group policy deployed? It has the same permissions as the Adobe Reader folder and I have done everything exactly the same, except that Adobe Standard has the license number, and owner information included in the Transform file (.mst).
  Thank you.

  Your case isn't unique. We've heard this a lot. While Acrobat has a small, very small percentage of settings available in the ADMX files,
  in case you don't know, PolicyPak software has a solution to manipulate, basically, near 100% of the settings in Acrobat Reader and Professional.
  You're welcome to check out how it works. These videos are for Acrobat X, but there is also tempaltes in the download for XI.
  Here are links to the pages with full how-to videos:
  http://www.policypak.com/products/manage-acrobat-reader-with-group-policy.html
  and
  http://www.policypak.com/products/manage-acrobat-x-pro-and-acrobat-x-standard-using-group- policy.html
  You can be up and running in 20 minutes, but note, it's NOT a template.. PolicyPak is full application management and lockdown system.

• Request for Sticky #2 - Advanced Group Policy Troubleshooting Help

  GPOMG!
  Group Policy driving you crazy? Here are some advanced troubleshooting tools (beyond RSOP, GPRESULT, etc.) that may be helpful. For first level troubleshooting, check out this link:
  http://technet.microsoft.com/en-us/library/cc787386(v=WS.10).aspx
  EVENT VIEWER (NEW & IMPROVED!)
  Event viewer in Windows 7 has more detail about Group Policy. Start your event viewer (may need to run as an admin. account). Navigate to:
  Applications and Services Logs>Microsoft>Windows>GroupPolicy>Operational
  Here you will find events that are related to Group Policy processing. You can determine how long it takes to run the various pieces of your particular GP as well as diagnostic information that can be very helpful when trying to figure out what is happening
  with GP.
  http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx
  Events 4016 and 5016 show the start and end of processing of groups of policies, including how long it took to apply each one in the end event.
  Event 5312 shows policies that will be applied, and 5317 shows policies that are explicitly filtered out.
  Events 8000 and 8001 respectively show the total processing time for computer boot and user boot GP processing, and 8006 and 8007 show the same for interim/periodic GP processing.
  GPLOGVIEW TOOL
  A similar tool is called GPLOGVIEW. You must run this from the elevated command prompt. It will produce a XML, HTML, or simple text file of the GP events for export and review. You can even do a live monitor while you run GPUPDATE /force.
  http://technet.microsoft.com/en-us/magazine/dd315424.aspx
  GPSVR/GPSVC LOG FILE
  If the normal tricks above don’t provide you with enough information, this should do it! There is a service called
  GPSVR that gives you everything you ever wanted to know about Group Policy running on your workstation. Here is how to get more information from the GPSVR service in Windows 2008/Visa/Win 7. 
  Step 1: Enable logging in the Gpsvc.log file. To enable logging in the Gpsvc.log file, follow these steps:
  Click Start, click Run, type regedit, and then click OK (might want to backup your registry first).
   Make sure that you have the folder %windir%\debug\usermode, if the usermode folder is not there, then manually create it.
  Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
   On the Edit menu, point to New, and then click Key.
   Type Diagnostics, and then press ENTER.
   Right-click the Diagnostics subkey, point to New, and then click DWORD Value.
   Type GPSvcDebugLevel, and then press ENTER.
   Right-click GPSvcDebugLevel, and then click Modify.
   In the Value data box, type 30002 (as hex), and then click OK.
   Exit Registry Editor.
  Reboot machine.
   At a command prompt, type the following command, and then press ENTER: gpupdate /force
   You will find the Gpsvc.log file in the following folder: %windir%\debug\usermode
  Step 2: I use Notepad ++ to analyze this log file. It can help you troubleshoot, step, by step what GP is doing as your workstation/user is getting logged in. Timing, access/permission issues, SID information and more are all included
  in this log file.
  Step 3: When you are done, change the value of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics|GPSvcDebugLevel to 0x00000000 to disable the debug log or else it will continue to grow.
  Charlie Newman

  Hi,
  I have posted an MST file which fixes this and other issues to the following thread here:
  http://forums.adobe.com/message/2697135#2697135
  Please post any feedback to that thread!
  Kind regards,
  Chris Hill