Group Policy Preferences - Internet Settings - Trusted Sites
hi all
I can't set Trusted Zone (Site) with GPO Preferences - Internet Settings because it is grey?
Chris
Hi Chris,
The Trusted Sites cannot be added using Group Policy Preferences. But you can add it by native group policy.
The group policy settings are here:
User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
If you really want to use the GPP, please manually add the registry keys through GPP.
Regards,
Miya
This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer
your question. This can be beneficial to other community members reading the thread.
Similar Messages
-
Group Policy Preferences IE9 settings inconsistently applying on Windows 7 Clients
We have two Windows 2008 R2 Domain Controllers.
We have only Windows 7 SP1 clients.
We have a mix of IE 9, 10 ,11 on the clients.
We moved to using GPP to control IE Proxy settings some considerable time ago.
We recently needed add a site the the proxy exceptions list. This appeared to work. However we discovered that for IE 10+ the setting was not effective. So we spun up a Windows 8.1 VM with RSAT and added a new IE Settings object into GP targeting IE
11. This appeared to have the desired effect.
After a while some (and it appears only some) IE9 machines, found their proxy settings reverting. This could be resolved by closing IE down and issuing a gpupdate /force command. However the issue would re-occur for these users, and they would be required
to close their browser and re-issue update /force again.
Furthermore (this may or may not be linked) we have been seeing JavaScript disabled warnings from OWA from some machines running IE11.
Any thoughts on troubleshooting this would be appreciated.
NickWould you please let me know if the issue only occurred on all Windows 7 with IE 9 installed machines? Or
only some Windows 7 with IE 9 installed machines have this issue?
The issue is affecting about 20-25% of machines. Generally after a logon they are fine, but then after a background gp refresh they pick up 'old' settings for the bypass proxy list.
Would you please let me know how did you configure the GPP settings?
We opened up an existing GPO that contained our previous Internet Explorer GPP settings on our first domain controller (which appears to have IE11 installed) made the changes to the existing
GPP IE Settings.
We then noticed that the settings hadn't taken on IE11 machines, so we used a windows 8.1 RTM VM with RSAT installed to add an additional "Internet Explorer 8: Internet Explorer 11" only
set of preferences. The IE8/9/10 preferences had priority of 1 the IE 11 preferences a priority of 2
I think the original GPP settings were created from a Windows 7 machine with IE9 and the Enterprise Hotfix Rollup installed.
Did you configure it in one GPO and applied to all machines?
Yes.
Have you tried to just configure it separately on Windows 2008 R2 DC and applied it to these Windows 7 with IE 9 installed machines?
Not yet. We currently have a some LOB activities that require one of the sites in the proxy bypass list. I do not want to risk breaking that until later on this week.
How to enable Group Policy Preferences support for IE9
http://www.grouppolicy.biz/2011/03/how-to-enable-group-policy-preferences-support-for-ie9/
We have the enterprise hotfix rollup installed on the Clients. However
it appears it is not installed on the DCs.
Further examination of the output of a gpresult /h shows that legacy settings from the IE Maintenance object within the GPO match the settings we see applying from time to time. Is that possible? How can we remove the IE Maintenence settings from the
GPO to test? -
Group policy Preference - Internet Option setting not applying
Hi,
I’m not very sure if any of you have encounter this strange issue when
configuring GPP -> Internet option setting for window 7 IE9 or IE11.
The following
are spec of OS and IE version used in my environment.
Window Server
2012 R2 (IE 10)
Window 7 (IE9
and IE11)
Recently I
have deployed proxy setting via GPP as I do not have IEM under my GPMC console.
Once the setting is been configured and deployed, I have notice that the GPO do
not apply after the user login. The following scenarios is what we observed.
1) User boot up the machine, Login and proxy setting will not applied
1a) gpupdate /force -> Proxy Settings applied
1b) setting will be removed after the GPO refreshed
2) User boot up the machine, Login and proxy setting will not apply
2a) User logoff and login proxy setting applied.
2b) Setting will be removed after the GPO refreshed
Kindy advise
if there is any solution to ensure that the setting apply whenever the user
login and stay intact even after the gpo refreshed by itself.Hi,
>>1a) gpupdate /force -> Proxy Settings applied
>>1b) setting will be removed after the GPO refreshed
Based on the description, we can run command gpresult/h report.html to collect group policy result reports to compare how the settings are being applied.
Besides, have we installed the following hotfix on the computers with IE 9? If not, we can try to install the hotfix.
Internet Explorer Group Policy Preferences do not apply to Internet Explorer 9 in a Windows Server 2008 R2 domain environment
https://support.microsoft.com/en-us/kb/2530309?wa=wsignin1.0
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Unable to make changes to LAN Settings in IE after Group Policy Preference is applied
Hi all,
I have an IE10 group policy preference on a Server 2008 R2 domain that is pushed out to Windows 7 SP1 x64 clients. This IE10 GPP is used to push out proxy settings etc. The GPP is applied fine, however when I go into LAN Settings in IE and make any
changes such as unchecking "Use a proxy server..." these changes are not saved. As soon as I click OK and go back into LAN Settings it reverts back to the GPP settings. Are IE10 GPP's meant to allow a user to amend settings in IE? The users have
permissions to write to the Connections key under Internet Settings in the registry. If I delete the Connections key (Which includes DefaultConnectionSettings and SavedLegacySettings) I can then make changes to the proxy (Although without the original settings).
I know their are other, and better, methods of controlling proxy settings for users but unfortunately this is the way the customer has it implemented. All defaults for GP is applied such as refresh rate etc. I've tested IE10 on a Server 2012 R2 / Win8 environment
with the exact same GPP settings and I can make changes to the LAN Settings. Is this possibly a bug? Any help would be appreciated.
Thanks.Hi,
So by now we could make it work by deleting the Connections key, in order to change the proxy settings of IE 10-Windows 7 in the Windows Server 2008 R2 environment?
Besides, could it be convenient for us to perform some more tests here? How IE 10 of Windows 7 behaves in Server 2012 R2 environment? And Windows 8 in Server 2008 R2?
Best regards
Michael
Michael Shao
TechNet Community Support -
Can I import a list of services into Group Policy Preferences \ Control Panel Settings \ Services?
Hello,
We want to control server services with Group Policy Preferences via the Group Policy Preferences \ Control Panel Settings \ Services. By starting from scratch, I don want to manually add each Service here. Can I import a list of Services
here, then go back and config the properties?
I appreciate the help.
Thanks for your help! SdeDot> with settings, however I don't see a way to import that list.
Usually, there's no need for that. Most people only configure services
that aren't already configured the way they should be after an OOBE
install...
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
User Configuration/Policies/Administrative Templates
- Using Office 2013 group policy template to define Trusted Locations and Template Locations doesn't work
Microsoft Word 2013/Word Options/Security/Trust Center/Trusted Locations
- Allow Trusted Locations on the network:
Enabled
- Trusted Location #1:
Enabled
Path: //server/sharedfoldername [Edit: Path:
\\server\sharedfoldername]
Date: June 10, 2013
Description: Trusted Location
Allow sub folders: Enabled
The policy appears to apply to the client correctly by adding the following registry key and values:
HKEY_CURRENT_USER\Software\Policies\Microsoft\office\15.0\word\security\trusted locations\location1
allowsubfolders: 1
date: June 10, 2013
Description: Trusted Location
Path: //server/sharedfoldername [Edit: Path:
\\server\sharedfoldername]
However, when you open Word Options/Trust Centre/Trust Centre Settings…/Trusted Locations
There are no trusted locations listed under ‘Policy Locations’
I have tried setting similar settings for setting the Shared Templates folder location and just like the trusted locations policy, the registry keys are created properly in HKEY_CURRENT_USER\Software\Policies however word doesn’t
seem to recognize these either.
This used to work flawlessly using the administrative templates for Word 2007 and 2010. Has anyone been able to get these policies to apply successfully, or know why office doesn’t recognize these settings from the Policies registry
Key?This would have been an easy solution to the issue. Unfortunately it isn't the problem. This question was originally posted on another Microsoft site and
was transferred here and when it was transferred the path's changed from the original post:
\\server\sharedfodlername to //server/sharedfoldername. (I will edit the question to show up as it did in the original post) Not sure how that happened. This
is still an issue that I haven't been able to get working correctly.
As it turns out the 'New from Template' interface Word 2013 has developed is very bulky with large thumbnails and is not very customizable nor practical for an office
that has a large number of templates. Because I am unsatisfied with the display and performance of the 'New' template chooser I sought after a solution to change the way word creates a document from a template in another thread:
http://answers.microsoft.com/en-us/office/forum/office_2013_release-word/how-can-you-change-the-display-of-templates-in/d49194b9-a6b4-4768-8502-7d7b50e9dd65 working through this issue with Jay we were able to develop
some VB script with handles a very large number of templates in a list view and it works much faster than the built-in Word interface. The above thread is how I've worked around trying to define a shared template location and I am quite happy with it. -
Proxy details keep deleting from field in Group Policy Preferences for IE 10 on windows 7 and 8
We have a lot of users who on the last update and have seemed to manage to install IE 10 onto their windows 7 machines as now causing all sorts of issues. I know that IEM has been replaced in favour of Group Policy Preferences and I have build a windows
8 machine just to create a group policy preference as you are unable to create the preferences from windows 7, thank you Microsoft!
I have created a test OU and got a win 7 and a win 8 machine both with IE 10 for testing. I have created the preference settings, home page etc and disabled using the F keys the advanced features that we do not require as from reading in other post even
if it is not ticked, if it is green then it will apply it, kinda defeats the using the tick but it is what it is!
When we do a gpupdate it picks up the default homepage as well as other settings but the proxy settings is blank. I then went back into the preferences I created for IE 10 and checked the connections, LAN settings and the proxy server name is missing but
both ticks are showing for the proxy settings and when you click on advanced it shows the proxy server and port details fine. I have been working on this now for 4 days and getting no where to a point were we just roll back any users on IE 10 back to IE 9.
I have also unlinked any other gpo relating to Internet settings on the test OU just in case there are conflicts. Any ideas as where to go from here?In the end to get around the proxy settings I had to create a registry key preference with proxy and port details which seemed to have done the trick and now IE 10 is picking up the proxy details and displaying webpages
-
Vista logon stuck with Group Policy Preferences
After testing some Group Policy Preferences, my Vista SP1 laptop was stuck logging on , it showed (welcome) and then stopped the logon process.
To be sure i did a fresh Vista reinstall but i still couldn't logon to the domain, the GPO Event log showed that it was looping (endless) trough the GPO's, without showing any obvious errors. I removed all the settings from the Preferences GPO, i stayed with GPOP Drive and Printers mappings and they work fine.
After adding these 3 settings it hung again:
Regional Settings
Abort rest of group on error: No
Process in user context: Yes
Remove (if not applied): No
Preference (apply once): No
Filtered directly: No
Filtered by ancestor: No
Disabled directly: No
Disabled by ancestor: No
Internet Settings
Abort rest of group on error: No
Process in user context: No
Remove (if not applied): No
Preference (apply once): No
Filtered directly: No
Filtered by ancestor: No
Disabled directly: No
Disabled by ancestor: NO
Start Menu
Abort rest of group on error: No
Process in user context: Yes
Remove (if not applied): No
Preference (apply once): No
Filtered directly: No
Filtered by ancestor: No
Disabled directly: No
Disabled by ancestor: No
Is this normal behavior, and has someone else seen this unwanted "feature"!?? Or did i make a mistake..Hi tnx for your reply
Florian Frommherz wrote:
So did it actually stop? The blue circle did it stop turning around? How long did you wait for it to complete? Are there only Preferences or policies in place as well?
The blue circle is turning arround, it seems looping, after 20 seconds it stops for half a second and starts a new 20 second loop stops for half a second etc etc. In the GPO Vista event log i can find this loop. (checking link speed, finding applying GPO's....... and starting over again)
I waited for more then an hour, a normal logon takes 30 seconds for the Welcome screen.
Florian Frommherz wrote:
So - you mean to say that it behaves the same way? It just stops processing the policies?
It doesn't stop, it seems to loop...
Florian Frommherz wrote:
I guess not. Could you create a new, seperate policy will all the Preference settings that let the machine "get stuck" and apply it to a test machine so that those Preferences in question are the only ones applied? Maybe you can track down which Preference causes the machine to choke.
I did, i seperated the GPO Parts, i know that the Drive and Printer mappings from the GPOP are working fine.
It's in one of those 3 GPO settings (IE, regional, start menu). Even if i disable those specific GPOP parts the logon still gets stuck, after removing / disabling the complete GPO logon runs normal.
I also think during logoff the GPOP are also conflicting since it's also stuck during logoff.
Other Domain accounts are able to logon and off fine!
Could this be caused by the, running a GPOP in User context???
My Vista version is Enterprise, i didn't check on other Vista versions. -
Group Policy Preferences possible in ZCM11?
Hi,
i created a thread (http://forums.novell.com/novell/nove...esnt-work.html) because some GPOs are not working with ZCM11SP2. Now i figured out, that the Problem is the GPPs (Group Policy Preferences).
THey are available since Windows Server 2008 or 2008R2, i'm not sure.
With this GPPs you can map drives, set printers, change the registry, power management ...
Is it possible to use this GPPs with ZCM Policies?
CheersHere is a bit of a primer:
http://technet.microsoft.com/en-us/m...01.layout.aspx
Note: You will need to use ADM and not ADMX if I recall.
The key will be knowing what registry keys to set.
For PowerSettings, there are some ADM files floating about the internet
already.
On 6/25/2012 12:46 PM, drops wrote:
>
> Hi Steffen,
>
> for folder redirection look here:
> 'Cool Solutions: Local Group Policy Folder Redirection (HKCU User
> Shell)' (http://www.novell.com/coolsolutions/tools/14324.html)
>
> it works with windows 7.
>
> For a lot of configuration settings i prefer bundles. e.g. registry
> changes to HKLM.
>
> Power management: use powercfg.exe -IMPORT
>
> Printer: we use iprint policies. for local printers look at rundll32
> PrintUI.dll, PrintUIEntry /?
>
>
> With software simply use the Bundle - see your foxitreader example and
> recommendation from Shaun.
>
> best regards
>
> Markus
>
>
>
> SteffenMuch;2203349 Wrote:
>> Hi Craig,
>> do you know a good "how to" for this? I didnt create a group policy
>> template until now.
>>
>> Cheers,
>> Steffen
>>
>>
>> @Shaun:
>> Thanks, i will look at this solution.
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human. -
Scenario:
We use one of the following Group Policy Preferences Scheduled Tasks item to deploy a task to clients:
Computer Configuration -> Control Panel Settings -> Scheduled Tasks -> New -> Scheduled Task (At least Windows 7)
Computer Configuration -> Control Panel Settings -> Scheduled Tasks -> New -> Immediate Task (At least Windows 7)
User Configuration -> Control Panel Settings -> Scheduled Tasks -> New -> Scheduled Task (At least Windows 7)
User Configuration -> Control Panel Settings -> Scheduled Tasks -> New -> Immediate Task (At least Windows 7)
(Note that on some platforms, "At least Windows 7" is replaced with "Windows Vista and later.")
After designating a user account to run the task, we select “Run whether user is logged on or not” option, and “The Do not store password…”
check box is automatically grayed out (See Figure 1).
Figure 1
After finishing configuring the task item, on a client, we run command
gpupdate/force to forcefully update group policy. However, on the client, when we check if the task is listed in Task Scheduler snap-in, the task is not displayed, and when we run
gpresult/h report.html to collect group policy result for troubleshooting, we see an error as similar as shown in the following figure (Figure 2).
Figure 2
Cause:
To make the scheduled task run whether the user is logged on or not, we need to store the password of the designated user account. However, for the content of the scheduled
task item is stored in Sysvol where it’s not safe to store passwords, this function has been deprecated.
Workaround:
We can run the task with system account
NT Authority\System, or we can use specific user accounts to run the task when the given user is logged on. (See Figure 3)
Figure 3
Reference:
MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege: May 13, 2014
http://support.microsoft.com/kb/2962486
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.Hello Everyone,
Succeeded !!!!!!!
Even i was struggling with this same Problem to execute a batch via Window scheduler and set the setting to "Run whether the user is logged in or not".
I tried many time but the batch runs with " Run
whether user is logged on" and not with "Run
whether user is logged on or not".
what i discovered is that there was one mapped drive
path in my batch file which was not the complete path like y:/AR.qvw actually what i did i changed that map path to the complete path like \\servnamename\d$\AR.qvw and the batch executed successfully with the setting "Run
whether user is logged on or not"
The
conclusion is that check the dependency of the script on external resources because when you check this option "Run
whether user is logged on or not" It actually conflicts. This my discovery.
If
you have any question write me on [email protected]
Thanks
& Regards,
Arun -
Extreme slow login on Server 2008 R2 TS at Group Policy Preferences - Printers
I see references to this problem everywhere, going back to 2010. However I'm not finding any real answers.
I have Group Policy Preferences installing printers to Terminal Server Users. I have one policy that applies to 4 terminal servers. One of them is a 2008 R2, the others are 2003 x64. Only for the 2008 R2 server, after all of the printers
show (in event viewer) as successfully loaded, there is a long hang. I have many printers applied to me, and that results in my load time being the longest of all at about 3 minutes. I am an administrator on the machine. Others have the exact
same problem, just a bit less pronounced depending on the number of printers.
The policy preference is set to UPDATE, so it's not loading the driver... again, the printer is already successfully applied.
I've tried setting UAC to "Never" on the server. No effect. I've played with the Point and Print policy at both computer and user level, finally just setting both to disabled, but prior to that setting them to Enabled with the "do
not show warning" on both settings. No effect (which makes sense since that is for non-admins and I am having this problem as an admin).
My logging pasted below shows this same thing in all cases.
Is there an answer to this that I am just not finding?
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Filters passed.
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Adding child elements to RSOP.
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Set user security context.
2013-12-06 09:11:44.289 [pid=0x388,tid=0xca0] Set system security context.
2013-12-06 09:14:13.873 [pid=0x388,tid=0xca0] Set user security context.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] Set system security context.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] Properties handled.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] RunOnce value created [SUCCEEDED(S_FALSE)]Hi,
Based on your description, I want to confirm whether we have used Item-level Targeting of GPP for printer deploying.
GP Preferences settings that use Item- Level Targeting (ILT) are not inherently harmful. However, certain kinds of Item Level Targeting queries can
take more time to run.
Regarding this issue, the following article can be referred to for more information and the hotfix in the article can be downloaded to fix the issue.
You experience a long domain logon time in Windows Vista, Windows 7, Windows Server 2008 or Windows Server 2008 R2 after you deploy Group Policy preferences
to the computer
http://support.microsoft.com/kb/2561285/en-us
In addition, regarding group policy and logon impact, the following article can be referred to for more information.
Group Policy and Logon Impact
http://blogs.technet.com/b/grouppolicy/archive/2013/05/23/group-policy-and-logon-impact.aspx
Best regards,
Frank Shen -
Registry Wizard not saving selections in Group Policy Preferences.
Hello,
I am trying to set registry keys for ODBC settings using Group Policy Preferences. All PC's in the domain are Windows 7. In testing, I was able to get this to work. Now that I am trying to create it for production, I am unable to get it to work.
I am using the same PC to create for production that I used when I was testing.
The steps I am taking are as follows:
Create a new GPO. Edit the GPO and navigate to the registry node under Computer Configuration, Preferences where I create a new Collection Item. I then right click the new collection item and choose New - Registry Wizard. Using Local Computer,
I navigate to [HKLM] > Software > Wow6432Node > ODBC > ODBC.ini
Under the ODBC.ini key are all of the keys and data I want to include in my policy. When I check each key and put a check mark beside each data item in the lower window, my selections in the lower window are not being saved. The check mark
shows up at the time but they are gone if I go back to check my work before hitting the finish button. If I go ahead and finish the policy anyway, I only get the keys, not the data items when the GPO is applied.
I have found a work around but it is very cumbersome and isn't a good long term solution. The work around is to go ahead and create the policy, then go back into the collection and expand everything on the left and add each data value to each key one at
a time using the All Tasks > Add - menu item.
Any ideas why this is happening? I should also mention when I was "testing", I was hitting the same domain controller as I am when trying to build this for my "production" policy.
Thanks in advance.Hello,
Thanks for your reply. I am waiting on my account to be verified before I can post a screen shot.
I did discover that if I go through and click on all the data items more than once, it appears to work. Basically, I went through each key and checked the data items, then went back to the top and started over again. All of the checks were gone, so I checked
them again and clicked finish. I don't know if they were still missing but checking them twice seems to have worked.
I can replicate the issue if I only check them once. -
Group Policy "Restricted Groups" (local groups) using group policy preferences
I was recently tasked a solution with creating a group policy to manage RDP user access to a set of Active Directory computer objects.
Part of the solution was to create a policy so that this would only apply a specific security group(users) to a specific set of Active Directory computer objects within the OU to which it was applied so that other machines
and/or user accounts in this OU remain un affected by this policy.
The policy was to be able to include multiple sets of Security groups(users) for the associated machines isolating those security groups(users) to only their sets of Active Directory computer objects.
Reduce the requirement to create multiple group policies to apply different "Local Group"/"Restricted groups" management for computer objects in the domain.
I thouhgt about using System based policies and creating different WMI filters to target sets of AD Computer objects, but came to the conclusion this would not help due to the limited of WMI quries I would be able to create for a standard
Image.
So I then thought about group policy preferences and came up with the solution
I created a new Group policy and created a new item for the local group, in this instance but not limited to "Remote Desktop users (built-in)" and added the security group(users). In my case I did not need to use the "delete
all member users" or "delete all member groups" as I wanted other groups in this local group for the computer objects to remain intact.
Then what I did is set the "item-level-target" setting from "the common tab" on the GPP and set it to the security group which containd the AD computer objects the user accounts required access to. I then did a couple of standard
tests to confirm the local security group(users) appeared only on the machine in the item level target security group and applied to no other machines in the outside of SOM.
So with this in place, if I needed to create any other entries for different groups and access to specific machines all I need to do is create a new GPP item within this policy.
Being mindful that system policies settings if applied to same OU will take preceedence over GPP settings....
Thought I would just share this in-case anyone else has had similar requests/thoughts and or has other methods that they have used that they would like to share.
I am not sure either on the limit of entries that GPP have either so if anyone does know please post and possible links?
I have struggled to find an answer, however it could be that I am not asking the right question!good sharing...
Best,
Howtodo -
Group Policy Preferences Shortcut issues ( event ID 1085 )
I am hoping someone will be able to help me with a problem that is causing our users a headache
We have a Windows 2008 SP2 terminal server farm ( 1 gateway, 2 Terminal servers TS1 and TS2 ), we also use Group Policy Preferences to deliver app shortcuts to different AD user groups.
TS1 and TS2 were built from the same image. On TS1 users logon and get all the icons they are entitled to, on TS2 it is random to whether they get their shortcuts or not.
Both TS are rebooted daily and I have scripted removing any local profiles incase it was something left behind.
Checking the event Logs on TS2 I see several errors that appear to relate to Group Policy and correspond to when users have connected in.
any help with this issue would be appreciated.
Here is the information from the System log:
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 05/12/2014 15:32:26
Event ID: 1085
Task Category: None
Level: Warning
Keywords:
User: Username
Computer: TerminalServer
Description:
Windows failed to apply the Group Policy Shortcuts settings. Group Policy Shortcuts settings might have its own log file. Please click on the "More information" link.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}" />
<EventID>1085</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-12-05T15:32:26.450Z" />
<EventRecordID>478778</EventRecordID>
<Correlation ActivityID="{CCB45268-E6F8-4127-97C8-A8544829F2DE}" />
<Execution ProcessID="344" ThreadID="11212" />
<Channel>System</Channel>
<Computer>TerminalServer</Computer>
<Security UserID="S-1-5-21" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">3892</Data>
<Data Name="ProcessingMode">1</Data>
<Data Name="ProcessingTimeInMilliseconds">6047</Data>
<Data Name="ErrorCode">2147942413</Data>
<Data Name="ErrorDescription">The data is invalid. </Data>
<Data Name="DCName”>\\OurDomain</Data>
<Data Name="ExtensionName">Group Policy Shortcuts</Data>
<Data Name="ExtensionId">{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}</Data>
</EventData>
</Event>> <Data Name="ErrorDescription">The data is invalid. </Data>
Delete the history XML.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Mandatory Profiles, Group Policy Preferences, Synchronous processing
Hello,
I'm using Windows 8.1 Update to setup a lab of computers that will use standard user accounts with Mandatory Profiles and Group Policy to lock them down. Everything is working great with the exception of Group Policy Preferences. I am using GPP printers
to add a shared printer to the computer lab and set the default. Due to asynchronous processing, the GPPs are applied only every other time. Since they are mandatory profiles, the settings are wiped out every time.
I have enabled the GPO setting "Always wait for network at startup and logon" but it doesn't seem to have any effect. The Mandatory Profile is assigned in the user's AD object.
From everything I can find on the issue, the problem seems to stem from the synchronous processing/asynchronous processing of group policy preferences, which explains the consistent alternating working. Fast logon optimization is always off when using a
roaming user profile, which is the case of these standard users, to my understanding. I also configured cached logons to '0', disabling cached logons. The computers (configured to automatically sign in with SysInternals' Autologon) received an error (no logon
servers available) trying to sign in before the network was ready, showing that they are ignoring the setting. Even with waiting for the network and signing in manually, the GPP printers are only successfully added every other time.
http://technet.microsoft.com/en-us/library/jj573586.aspx
2008R2 functional level
I have created and recreated GPOs to test creating them on the DC and a Windows 8.1 Update computer, with no change in outcome.
I have also tried setting Startup policy processing wait time, run logon scripts synchronously, and GPP Printers processing behaviors. For the latest testing, I created a new OU with blocked inheritance and created a new GPO with just the key settings to
wait for network, install the printers, and use the mandatory profile. It still only worked every other time.
I am currently at a loss for a good way to add the printers to the mandatory profiles. I have hacked them into the HKCU of the mandatory profile but I feel that is a kludge solution and not very sustainable. I have tried a logon PowerShell script but had
no luck.
TL;DR: Win8.1Update, Mandatory Profiles, standard user: Every other restart, GPP Printers are added perfectly and the desired outcome is reached. Every other, other restart the printers are not added.Hi,
I'll involve other engineer to this thread for more discussion about your problem. Please wait patient.
Thank you for your understanding!
Roger Lu
TechNet Community Support
Maybe you are looking for
-
Ipod continuously turns on then off and makes clicking sound
Just today, after plugging my ipod into my computer and transferring voice memos, I unplugged my ipod and as soon as I did that, it shut down and began its continuous loop of turning on and off. It never fully boots up. Can anyone help me out with wh
-
Vado HD creates "Explorer Not Responding" error in Windows Vista?
I've tried this on my HP Tablet PC as well as a Lenovo Laptop and it happened with both computers. I plug in the VADO HD and it asks me if I want to run the software, I click "run the software" and then absolutely nothing happens. When I go into My C
-
Hi, hope someone can help me. I created a music file in my current version of Garageband (2.0.2) but when I try to open the file I am told that I must get the current version of Garageband ?! Anyone have any ideas why this is happening ?! Thanks. Pau
-
No Local Files being added or shown in new version (1.0.1.1060.gc75ebdfd)
Hey there, longtime premium user. Searched boards for this issue and havnt found any yet in this new update. The 'local files' playlist/folder/tab section is completely empty. Under preferences all of my usual music folders are selected, and I have r
-
Personal hotspot not showing up
I am trying to tether my iPhone 4 to my iPad, been following instructions, all updates in place (4.3.3) the tethering plan paid for and ready, but when I go to the settings-general-network there is no words saying personal hotspot. I have seen other