Group Policy Preferences File Copy - Access is Denied on 2003 but not 2008 R2
Hello,
I have created a GPO which copies a file from a network share into a new folder under Program Files. This policy works just fine on a Windows 2008 box, but not on 2003. I've used "psexec -i -s cmd.exe" to verify system account permission to the
share. I am able to successfully browse and copy files from the share as the system account on both boxes.
However, when the GPO attempts to perform the file copy, it does not work, and generates the following error message:
Event Type: Warning
Event Source: Group Policy Files
Event Category: (2)
Event ID: 4098
Date: 8/28/2013
Time: 3:32:12 PM
User: NT AUTHORITY\SYSTEM
Computer: Server01
Description:
The computer 'file.txt' preference item in the 'TXT File Copy {9176122B-1A50-4AB8-91D9-6E8553727E18}' Group Policy object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed.
I am trying to avoid writing a login script, so I am hoping someone will be able to help me figure out why this works fine on Windows 2008 but not Windows 2003. Please note file names and paths are modified here for security reasons, but the principle is
the same.
My GPO is:
Computer Configuration\Preferences\Windows Settings\Files
File (Target Path: c:\Program Files\path\to\file\file.txt)
Source file: \\share\path\to\file\file.txt
Destination File: c:\program files\path\to\file\file.txt
Action: Update
Suppress errors on individual file actions: Disabled
Read-Only: Enabled
Hidden: Disabled
Archive: Enabled
Stop Processing items on this extension if an error occurrs on this item: No
Remove this item when it is no longer applied: No
Apply once and do not reapply: No
Item-level Targeting: None
Thanks
As a user, I am able to browse the share just fine using the alias. It is only when I try to access the share using the system account that I encounter a problem.
experiencing the exact same symptoms. in the tests below, server, client1, and client2 are all are native instances of microsoft windows server.
server: windows server 2008 R2 standard SP1
client1: windows server 2003 standard SP2
client2: windows server 2008 R2 standard SP1
registry setting "DisableLoopbackCheck": unconfigured on server; unconfigured on client1; unconfigured on client2
registry setting "DisableStrictNameChecking": configured as "1" on server; unconfigured on client1; unconfigured on client2
domain user on client1 attempt to access server by name: success
domain user on client1 attempt to access server by alias: success
domain user on client2 attempt to access server by name: success
domain user on client2 attempt to access server by alias: success
local system on client1 attempt to access server by name: success
local system on client1 attempt to access server by alias: failed (system error 5 has occurred. access is denied.)
local system on client2 attempt to access server by name: success
local system on client2 attempt to access server by alias: success
all tests done using "net view \\target", but similar results were seen when using "dir \\target\share" which the domain user and local system account have access to.
the differing behavior between client1 and client 2 suggests that server 2003 requires additional configuration to allow its local system account to access an SMB share by alias.
this problem prevents group policy features (such as software installation) from an aliased file server.
Similar Messages
-
Group Policy client Service Error - Access is denied
I am
at domain admin working on windows 7 roaming profiles, testing with a
staff user. I am in a domain environment. I have changed the
profile path for a user to the folder I created for new windows 7 roaming
profiles. gave it all the permissions noted here and followed these steps
at Microsoft's deploying roaming profiles page for win 7.<o:p></o:p>
once I logged in the user,
it created their profile.v2 but I still couldn't access it. getting
access denied. so I went back and changed the staff roaming profile back
to the original profile path. didn't make any group policy changes.
but now she gets group policy client service failed to logon. access is
denied. I have deleted the .v2 profile that win 7 creates in her old
profile path, moved her profile path back to what is was before testing,
retested her xp profile which does work and she can login and work.
but the win 7 machines no matter where she logs in, will not work. they
all give the same error about group policy client service failed. no
other users are having this problemHi,
Regarding the issue here, have you checked the below thread?
Group
Policy Client Service Failed the logon - Access Denied: Windows 7 Ultimate/Server 2008 R2
Please take a try with the steps mentioned by Nina Liu.
QUOTE here:
At this time, let’s refer to the following steps for troubleshooting:
1. Open registry editor on the problematic Windows 7 machine (please log in as domain admin)
2. Highlight HKEY_USERS, choose File -> Load Hive, browse to the location of one failing roaming profile and open NTUSER.DAT file, click open
3. Under Key Name, enter any name you like, but remember what you have entered, such as enter "test"
4. Expand, HKEY_USERS, you should see new registry hive called "test" or any name you entered earlier
5. Right click on that "test" hive and choose permissions. Confirm that the following users have permissions:
- Administrators: Full Control
- SYSTEM: Full Control
- User (or group) that owns this profile: Full Control
6. If the permissions were wrong, correct them, then click on Advanced tab, on Advanced tab and enable "Replace permission entries on all child objects with entries
shown here that apply to child objects" and click Apply.
7. Highlight "test" registry hive, then click on File -> Unload Hive to release handle on NTUSER.DAT file.
8. Log off and log on with the failing roaming profile you have just modified.
Any process, please feel free to contact us.
Best regards
Michael Shao
TechNet Community Support -
Cannot Copy File with Group Policy Preferences
Hi,
I am trying to use a Group Policy Preference to copy a simple text file from a network share to a folder at the root of 'C:\' on the clients. It is not happening. I created the preference in the computer section of the GPO. It is set to create, as the file
does not already exist on the client, with the archive bit on.
Source: \\server.domain.com\folder\fileshare\file.txt
Destination: C:\folder
GPResult shows the clients are getting the GPO, but it seems as if that one setting and another is not being applied. I have no idea why this isn't working when other parts of the GPO are being applied. I read
the documentation on the Technet page, but I must have missed something.
Any ideas why this might not be working?
Thanks
Jason Watkins MCSE, MCSA, MCDBA, CCNA> Computers" has read access. Listing the actual file name in the
> destination is something I would have never though to do.
...unless the path ends with an "\", it IS a file name, so if you had
"C:\Folder" as the target, check your C:\ drive for a file called
"Folder" :)
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Hi,
I'm in a mixed server infra (2008 and 2003) and would like to deploy GPE for rebooting, I've tried to approve KB9433729 but wsus will not approve as its expired, what is the quickest way to get this update out to the 2003 servers.Hi Ror73,
After my testing, please download this KB from the followng link and manually install it:
Group Policy Preference Client Side Extensions for Windows Server 2003 (KB943729)
Group Policy Preference Client Side Extensions for Windows Server 2003 x64 Edition (KB943729)
Regards,
Lany Zhang -
Windows 2008 R2 - Group Policy Preference - folder option "Open with" Access denied
Similar to this post:
social.technet.microsoft.com/Forums/en-US/d42a81bc-96de-4af3-bc41-079e88e6ea4a
We have Citrix terminal servers running Windows 2008 R2 and attempting to force PDF files to open with Acrobat versus PDF editing software we have installed for a small subset of users. So I created a Group Policy Preference and added a OpenWith item
to the Folder Options to use Acrobat as the default and linked it to a Users OU. However, if I run gpresult the OpenWith setting fails with error code 0x80070005. You can change it to not run in the user's security context which eliminates the
error but then it won't actually do anything.
The problem seems to be that when a user sets another program as their default via Windows Explorer the permissions on HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice get changed so that the user is specifically
denied the ability to set that key. Remove the special permissions added and the group policy succeeds and changes it back to the default ... until the user changes it back (intentionally or otherwise) and the permissions are changed again.
Any ideas here?> Any ideas here?
We use GPP Registry to achieve this goal, so we do not run into that
issue (we unchecked "run in users context", so privs are not an issue)
But I agree, this really should work as intended...
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Group Policy Preference: Problem Adding Network Locations
Group Policy Preferences (GPP) do not currently support correctly creating shortcuts in Network Locations/My Network Places the way Windows produces them when you go through the "Add a network location" wizard. Unfortunately, the GPP simply creates a standard shortcut instead of creating a folder that contains target.lnk and desktop.ini (the way the "Add a network location" wizard does).
I was curious to know when the GPP engine will be updated to correctly add Network Locations the way the "Add a network location" wizard does?
Thanks.Talfr77,
I would like to know what environment you tried this under. I made policy like you described on a 2012 domain controller and the resulting shortcut worked fine on windows 8 clients and on the 2012 servers.
However, the 2008 servers and windows 7 clients didn't work. They simply got a folder with two files. It would appear that the format of the target.lnk file may be different between versions of windows. I took a target.lnk from a
working shortcut made on a 2008 server and put in on a 2012 server and the result was it not recognizing the shortcut.
It is also worth noting for anyone who wants to try this method, that in step 2 of Talfr77's directions he says to copy the desktop.ini file using the GPP file copy function to the subfolder with the target.lnk file. He didn't mention how to accomplish
that. You can store the desktop.ini file anywhere on your network as long as the UNC path to it is accessible to the user. I suggest you store it right in a subfolder of the GPO in the sysvol to keep things tidy. So that UNC would be the
source path. (example would be \\domain.local\SYSVOL\domain.LOCAL\Policies\{020DBAF4-2631-4246-8811-DE02F7613959}\desktop.ini) The destination path will be %appdata%\Microsoft\Windows\Network Shortcuts\<Subfolder name>\desktop.ini
The same goes for his step 3 where you edit the folder attributes. The folder you want to edit is %appdata%\Microsoft\Windows\Network Shortcuts\<Subfolder name>
Karl -
How can I setup a scheduled task to run a Powershell Script delivered as a Group Policy Preference
I have a Powershell script I want to run only once when a user logs onto their system. This script would move all the PST files from the Local drive and the Home drive to a folder location within the users profile. I wanted to run this as a Windows 7 Scheduled Task using Group Policy Preferences. How can I get this to happen short of a logon script? I have updated all the machines to WMF 4.0 so could I use a Scheduled Job instead? I wanted to run the script as the logon user but elevated.#Start Outlook and Disconnect attached PST files.
$Outlook = New-Object -ComObject Outlook.Application
$namespace = $outlook.getnamespace("MAPI")
$folder = $namespace.GetDefaultFolder("olFolderInbox")
$explorer = $folder.GetExplorer()
$explorer.Display()
$myArray= @()
$outlook.Session.Stores | where{ ($_.FilePath -like'*.PST') } | foreach{[array]$myArray+= $_.FilePath}
for
($x=0;$x-le$myArray.length-1;$x++)
$PSTPath= $myArray[$x]
$PST= $namespace.Stores | ?{$_.FilePath -like$PSTPath}
$PSTRoot= $PST.GetRootFolder() #Get Root Folder name of PST
$PSTFolder= $Namespace.Folders.Item($PSTRoot.Name) #Bind to PST for disconnection
$Namespace.GetType().InvokeMember('RemoveStore',[System.Reflection.BindingFlags]::InvokeMethod,$null,$Namespace,($PSTFolder)) #Disconnect .PST
#Move All PST files to the default location while deleting the PST files from their original location.
$SourceList = ("$env:SystemDrive", "$env:HOMEDRIVE")
$Destination = ("$env:USERPROFILE\MyOutlookFiles")
(Get-ChildItem -Path $SourceList -Recurse -Filter *.PST) | Move-Item -Destination $Destination
#Attach all PST files from the default location.
Add-type -assembly "Microsoft.Office.Interop.Outlook" | out-null
$outlook = new-object -comobject outlook.application
$namespace = $outlook.GetNameSpace("MAPI")
dir “$env:USERPROFILE\MyOutlookFiles\*.pst” | % { $namespace.AddStore($_.FullName) }Mike,
I do not understand what appears to be a regular expression above. I did add the PowerShell script to the HKCU RunOnce Key as suggested.
Windows Registry Editor Version 5.00
C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -sta -WindowStyle Hidden -ExecutionPolicy RemoteSigned -File "C:\scripts\Windows PowerShell\Move-PST.ps1"
I'm delivering this using Group Policy Preferences. It seems to fail or time out when run because the behavior is different if I run the script from within the PowerShell IDE. I added the parameters to the script and will try it again in the morning. -
Group policy Preferences server 2008 and windows 7
Hi I have been struggling with an issue with group policy preferences for a while now with regard to pushing out printers to windows 7 (32/64 bit) Machines. I have two DC servers one is 2008 and the other is 2008 r2. I have setup the group policies on the
2008 server as it is the only one i am allowed to access regularly to do this.
Basically here is my problem. I have created multiple GPO's to send out printers from out print server to classrooms across the school district I work for, I have a mix of xp and windows 7 machines. I have the server setup with both 32 and 64bit drivers
for all printers on that server, we have a mix of oki and hp and ricoh. I know all the connections work and the drivers work well, however when I push them out using the group policy, the windows 7 machines don't install the printers. The xp machines do this
perfectly well when I install the client side extensions patch, but they just will not pull down on the 7 machines unless i install the printer first manually, then delete it and then run gpupdate. In that instance it will work, but obviously i don't want
to have to go round thousands of computers doing this manually.
Just as a side note, each classroom has its own user account and its own printer.
If anyone has any advice as to how i can go about resolving this issue i would greatly appreciate it, this has been a problem i have been researching and trying to fix since January.......Hi,
>>The xp machines do this perfectly well when I install the client side extensions patch, but they just will not pull down on the 7 machines unless i install the
printer first manually, then delete it and then run gpupdate.
Before going further, we can run command
gpresult/h gpreport.html with admin privileges to collect group policy result on the troubled Windows 7 clients to check the issue. Besides, we can also check event logs in Event Viewer to see if some related error events were logged.
Besides, I want to confirm if we have disabled
Point and Print Restrictions under both User Configuration and Computer Configuration. To have a consistent experience, it’s recommended that we disable the policy setting in both locations if we are dealing with mixed-level clients.
Regarding this point, the following article can be referred to for more information.
Point and Print Restrictions policies are ignored in Windows Vista SP2, Windows Server 2008 SP2, and later Windows operating systems
http://support.microsoft.com/kb/2307161/en-us
Best regards,
Frank Shen -
Scenario:
We use one of the following Group Policy Preferences Scheduled Tasks item to deploy a task to clients:
Computer Configuration -> Control Panel Settings -> Scheduled Tasks -> New -> Scheduled Task (At least Windows 7)
Computer Configuration -> Control Panel Settings -> Scheduled Tasks -> New -> Immediate Task (At least Windows 7)
User Configuration -> Control Panel Settings -> Scheduled Tasks -> New -> Scheduled Task (At least Windows 7)
User Configuration -> Control Panel Settings -> Scheduled Tasks -> New -> Immediate Task (At least Windows 7)
(Note that on some platforms, "At least Windows 7" is replaced with "Windows Vista and later.")
After designating a user account to run the task, we select “Run whether user is logged on or not” option, and “The Do not store password…”
check box is automatically grayed out (See Figure 1).
Figure 1
After finishing configuring the task item, on a client, we run command
gpupdate/force to forcefully update group policy. However, on the client, when we check if the task is listed in Task Scheduler snap-in, the task is not displayed, and when we run
gpresult/h report.html to collect group policy result for troubleshooting, we see an error as similar as shown in the following figure (Figure 2).
Figure 2
Cause:
To make the scheduled task run whether the user is logged on or not, we need to store the password of the designated user account. However, for the content of the scheduled
task item is stored in Sysvol where it’s not safe to store passwords, this function has been deprecated.
Workaround:
We can run the task with system account
NT Authority\System, or we can use specific user accounts to run the task when the given user is logged on. (See Figure 3)
Figure 3
Reference:
MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege: May 13, 2014
http://support.microsoft.com/kb/2962486
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.Hello Everyone,
Succeeded !!!!!!!
Even i was struggling with this same Problem to execute a batch via Window scheduler and set the setting to "Run whether the user is logged in or not".
I tried many time but the batch runs with " Run
whether user is logged on" and not with "Run
whether user is logged on or not".
what i discovered is that there was one mapped drive
path in my batch file which was not the complete path like y:/AR.qvw actually what i did i changed that map path to the complete path like \\servnamename\d$\AR.qvw and the batch executed successfully with the setting "Run
whether user is logged on or not"
The
conclusion is that check the dependency of the script on external resources because when you check this option "Run
whether user is logged on or not" It actually conflicts. This my discovery.
If
you have any question write me on [email protected]
Thanks
& Regards,
Arun -
Group Policy Preference Power Plan "Blocked By Group Policy"
I noticed this error in the application event log of a Windows 7 PC:
Log Name: Application
Source: Group Policy Power Options
Date: 3/21/2013 3:19:42 AM
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: xxx
Description:
The computer 'Power Plan (Windows Vista and later)' preference item in the 'Windows 7 Desktop Power Plan {A078F08F-45CC-4209-A264-FE0CB5635A99}' Group Policy object did not apply because it failed with error code '0x800704ec This program is blocked by group
policy. For more information, contact your system administrator.' This error was suppressed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Group Policy Power Options" />
<EventID Qualifiers="34305">4098</EventID>
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-21T10:19:42.000000000Z" />
<EventRecordID>7687</EventRecordID>
<Channel>Application</Channel>
<Computer>xx</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>computer</Data>
<Data>Power Plan (Windows Vista and later)</Data>
<Data>Windows 7 Desktop Power Plan {A078F08F-45CC-4209-A264-FE0CB5635A99}</Data>
<Data>0x800704ec This program is blocked by group policy. For more information, contact your system administrator.</Data>
</EventData>
</Event>
How can I find out exactly why it is not working? "Blocked by group policy" is not specific enough.Hi,
You can also enable GPP tracing and logging for more information:
Computer Configuration\Policies\Administrative Templates\System\Group Policy\Configure Power Options preference logging and tracing
http://blogs.technet.com/b/askds/archive/2008/07/18/enabling-group-policy-preferences-debug-logging-using-the-rsat.aspx
Regards,
Cicely
There is no such option "Configure Power Options preference logging and tracing" at Computer
Configuration\Policies\Administrative Templates\System\Group Policy\.
It alphabetical order Always use local ADM files ... is followed by Disallow interactive users from generating ... Not -
Group Policy "Restricted Groups" (local groups) using group policy preferences
I was recently tasked a solution with creating a group policy to manage RDP user access to a set of Active Directory computer objects.
Part of the solution was to create a policy so that this would only apply a specific security group(users) to a specific set of Active Directory computer objects within the OU to which it was applied so that other machines
and/or user accounts in this OU remain un affected by this policy.
The policy was to be able to include multiple sets of Security groups(users) for the associated machines isolating those security groups(users) to only their sets of Active Directory computer objects.
Reduce the requirement to create multiple group policies to apply different "Local Group"/"Restricted groups" management for computer objects in the domain.
I thouhgt about using System based policies and creating different WMI filters to target sets of AD Computer objects, but came to the conclusion this would not help due to the limited of WMI quries I would be able to create for a standard
Image.
So I then thought about group policy preferences and came up with the solution
I created a new Group policy and created a new item for the local group, in this instance but not limited to "Remote Desktop users (built-in)" and added the security group(users). In my case I did not need to use the "delete
all member users" or "delete all member groups" as I wanted other groups in this local group for the computer objects to remain intact.
Then what I did is set the "item-level-target" setting from "the common tab" on the GPP and set it to the security group which containd the AD computer objects the user accounts required access to. I then did a couple of standard
tests to confirm the local security group(users) appeared only on the machine in the item level target security group and applied to no other machines in the outside of SOM.
So with this in place, if I needed to create any other entries for different groups and access to specific machines all I need to do is create a new GPP item within this policy.
Being mindful that system policies settings if applied to same OU will take preceedence over GPP settings....
Thought I would just share this in-case anyone else has had similar requests/thoughts and or has other methods that they have used that they would like to share.
I am not sure either on the limit of entries that GPP have either so if anyone does know please post and possible links?
I have struggled to find an answer, however it could be that I am not asking the right question!good sharing...
Best,
Howtodo -
Group Policy Preferences Shortcut issues ( event ID 1085 )
I am hoping someone will be able to help me with a problem that is causing our users a headache
We have a Windows 2008 SP2 terminal server farm ( 1 gateway, 2 Terminal servers TS1 and TS2 ), we also use Group Policy Preferences to deliver app shortcuts to different AD user groups.
TS1 and TS2 were built from the same image. On TS1 users logon and get all the icons they are entitled to, on TS2 it is random to whether they get their shortcuts or not.
Both TS are rebooted daily and I have scripted removing any local profiles incase it was something left behind.
Checking the event Logs on TS2 I see several errors that appear to relate to Group Policy and correspond to when users have connected in.
any help with this issue would be appreciated.
Here is the information from the System log:
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 05/12/2014 15:32:26
Event ID: 1085
Task Category: None
Level: Warning
Keywords:
User: Username
Computer: TerminalServer
Description:
Windows failed to apply the Group Policy Shortcuts settings. Group Policy Shortcuts settings might have its own log file. Please click on the "More information" link.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}" />
<EventID>1085</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-12-05T15:32:26.450Z" />
<EventRecordID>478778</EventRecordID>
<Correlation ActivityID="{CCB45268-E6F8-4127-97C8-A8544829F2DE}" />
<Execution ProcessID="344" ThreadID="11212" />
<Channel>System</Channel>
<Computer>TerminalServer</Computer>
<Security UserID="S-1-5-21" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">3892</Data>
<Data Name="ProcessingMode">1</Data>
<Data Name="ProcessingTimeInMilliseconds">6047</Data>
<Data Name="ErrorCode">2147942413</Data>
<Data Name="ErrorDescription">The data is invalid. </Data>
<Data Name="DCName”>\\OurDomain</Data>
<Data Name="ExtensionName">Group Policy Shortcuts</Data>
<Data Name="ExtensionId">{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}</Data>
</EventData>
</Event>> <Data Name="ErrorDescription">The data is invalid. </Data>
Delete the history XML.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
I have files on my external harddisk and access is denied because 'I am not authorized?
I have files on my external harddisk and access is denied because 'I am not authorized?
Itunes copy protected files? Login into your Intunes account to access Itunes media that is tied to the account that purchased those audio or video files.
-
IE10 Group Policy Preferences on Server 2008R2
Hi
I am trying to manage IE10 via Group Policy Preferences in a Windows 2008R2 Domain. I only see options for Internet Explorer 5, 6, 7 & 8. How do i make it display IE10? I have tried installing IE10 to a server with the Group Policy
Management Console and even tried adding the ADMX & ADML intres files from the Server 2012 ADMX download available from Microsoft. Currently we do not have a central ADMX Store but i created one to see if it would make a difference and it did not.
We do not have any Server 2012 or Windows 8 machines available so i can not configure it thorough there. I really want to get it added to the GP Preferences in Server 2008R2. Any help appreciated.
Thanks> 2008R2 Domain. I only see options for Internet Explorer 5, 6, 7 & 8.
Edit the XML.
http://blogs.technet.com/b/asiasupp/archive/2011/03/30/internet-explorer-9-ie9-group-policy-preferences-gpp.aspx
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Group Policy Preferences possible in ZCM11?
Hi,
i created a thread (http://forums.novell.com/novell/nove...esnt-work.html) because some GPOs are not working with ZCM11SP2. Now i figured out, that the Problem is the GPPs (Group Policy Preferences).
THey are available since Windows Server 2008 or 2008R2, i'm not sure.
With this GPPs you can map drives, set printers, change the registry, power management ...
Is it possible to use this GPPs with ZCM Policies?
CheersHere is a bit of a primer:
http://technet.microsoft.com/en-us/m...01.layout.aspx
Note: You will need to use ADM and not ADMX if I recall.
The key will be knowing what registry keys to set.
For PowerSettings, there are some ADM files floating about the internet
already.
On 6/25/2012 12:46 PM, drops wrote:
>
> Hi Steffen,
>
> for folder redirection look here:
> 'Cool Solutions: Local Group Policy Folder Redirection (HKCU User
> Shell)' (http://www.novell.com/coolsolutions/tools/14324.html)
>
> it works with windows 7.
>
> For a lot of configuration settings i prefer bundles. e.g. registry
> changes to HKLM.
>
> Power management: use powercfg.exe -IMPORT
>
> Printer: we use iprint policies. for local printers look at rundll32
> PrintUI.dll, PrintUIEntry /?
>
>
> With software simply use the Bundle - see your foxitreader example and
> recommendation from Shaun.
>
> best regards
>
> Markus
>
>
>
> SteffenMuch;2203349 Wrote:
>> Hi Craig,
>> do you know a good "how to" for this? I didnt create a group policy
>> template until now.
>>
>> Cheers,
>> Steffen
>>
>>
>> @Shaun:
>> Thanks, i will look at this solution.
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
Maybe you are looking for
-
GDI+ Generic Error, multple frame tiff, multiple image formats
This is a question I posted on stack exchange, but have not gotten any answers. This is occurring on Windows Server 2008 R2 systems. I have seen many issues involving the GDI+ Generic Error, but I have not seen this particular matter raised before.
-
How to change the iterator collection for a table dynamically?
Hi all, I am required to change the table iterator dynamically based on the some logic. Is this possible? Attempted this by trying to set "value" using a bean - value=#{backingBeanScope.chkBean.getCollectionModel} This bean method returns either of t
-
Nano got wet was working tried to upload new songs now wont work?
My nano 6th generation got wet. i put in rice was working after that fine. recently tried to upload new music to it and now it wont work.Have tried several times to restore it. It turns on fine but touch screen dosent seem to work. i start to move it
-
Error message "Acrobat Failed to connect to DDE server"
I encountered the above error message when I try to open any PDF document. I could open in IE, but not using my Acrobat 9 Pro Please advise thanks
-
IPhoto/iMovie won't open - exc_breakpoint (SIGTRAP)
Hi all, iMac G5, running OSX Leopard iPhoto and iMovie have stopped working and won't open. This occurred after an attempt to transfer files from a laptop across the the G5. I have deleted the iLife suite and reloaded iLife08 which is what was on t