Group policy Query
Someone please help me to disable the Group policy for only one machine.(atleast wsus Group policy)
Please share the step by step details.
<![LOG[Its a WSUS Update Source type ({508E7B21-0DA1-4AED-B1FA-03AD7D9A49DD}), adding it.]LOG]!><time="20:13:20.083-330"
date="04-09-2014" component="WUAHandler" context="" type="1" thread="2508" file="sourcemanager.cpp:1232">
<![LOG[Unable to read existing resultant WUA policy. Error = 0x80070002.]LOG]!><time="20:13:20.083-330"
date="04-09-2014" component="WUAHandler" context="" type="2" thread="2508" file="sourcemanager.cpp:920">
<![LOG[Enabling WUA Managed server policy to use server: http://SCCM.ABC.in:8530]LOG]!><time="20:13:20.083-330"
date="04-09-2014" component="WUAHandler" context="" type="1" thread="2508" file="sourcemanager.cpp:948">
<![LOG[Waiting for 2 mins for Group Policy to notify of WUA policy change...]LOG]!><time="20:13:20.108-330"
date="04-09-2014" component="WUAHandler" context="" type="1" thread="2508" file="sourcemanager.cpp:954">
<![LOG[Timed out waiting for Group Policy notification.]LOG]!><time="20:15:20.109-330" date="04-09-2014"
component="WUAHandler" context="" type="1" thread="2508" file="sourcemanager.cpp:95">
<![LOG[Unable to read existing WUA resultant policy. Error = 0x80070002.]LOG]!><time="20:15:20.109-330"
date="04-09-2014" component="WUAHandler" context="" type="2" thread="2508" file="sourcemanager.cpp:958">
<![LOG[Group policy settings were overwritten by a higher authority (Domain Controller) to: Server and
Policy NOT CONFIGURED]LOG]!><time="20:15:20.112-330" date="04-09-2014" component="WUAHandler" context="" type="3" thread="2508" file="sourcemanager.cpp:1013">
<![LOG[Failed to Add Update Source for WUAgent of type (2) and id ({508E7B21-0DA1-4AED-B1FA-03AD7D9A49DD}).
Error = 0x87d00692.]LOG]!><time="20:15:20.113-330" date="04-09-2014" component="WUAHandler" context="" type="3" thread="2508" file="cwuahandler.cpp:2325">
WSUS settings will be assigned by SCCM Server basically, but in above the error the settigns has been overridden by GPO it seems.
I have created new OU and moved the test machine to that OU and disabled all Group policy.
Still the issue persist.
Note: Some GPO issue is already there in my environment (Computer policy will not refresh for any clients)
Similar Messages
-
Group Policy Item level targeting LDAP Query for specific AD Sites
Hi Everyone,
I'm looking to try and take advantage of Group Policy Preference Item Level Targeting to publish user Proxy settings based on what AD Site a user is located in.
The company I work for has multiple proxies (for multiple regions). We have hundreds of AD Sites listed within our AD S and S setup. I know that I could potentially list every AD Site that requires a particular proxy, but this would generate additional admin
overhead each time a new site is commissioned, as well as each time a site is decommissioned (this is a construction company, so may "sites" can fluctuate rapidly).
Due to this, I would like to know if it is possible to filter by LDAP query, and filter for each proxy, based on a portion of the text/name of the AD Sites (as we use a specific naming convention for our sites, this could be dynamic enough for us to not
have to add or remove additional AD sites).
Is this possible, and, if so, how would I write the LDAP Filter/Query??
Right now I would assume I would do it in the following manner:
(&(objectCategory=site)(objectClass=site)(cn=AU-*)
Any assistance would be greatly appreciated.
Cheers,
Simon> Right now I would assume I would do it in the following manner:
>
> (&(objectCategory=site)(objectClass=site)(cn=AU-*)
Sites do NOT reside in the domain partition, but in the configuration
partition... You can verify your LDAP filter with
dsquery * -filter "(your filter here)"
This query will return all matching objects' distinguished names (DN).
But why don't you use the "Sites" ILT instead? This ILT supports ? and *
as wildcards, so it might be sufficient.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
I get a Group Policy Disk Quota failure at every system start
This is very long, my apologies
I asked this question about a month ago and then had some medical problems so I'm starting over again.
Whenever I start my system I get a message on the screen that the system is trying to run Group Policy for Disk Quotas. To my knowledge I've never set a disk quota policy and I can't find any indication that one is currently set. I freely admit
that I could be responsible for this. I might have done something in the early days of the system because it wasn't happening for the first month or two.
This time I did more reading and found a procedure on TechNet at:
"http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" which led me step by step through the procedure, although I still can't make sense of the results.
So far I've verified that there are no policies set and that all the hard drives (3) have the Disk Quota bit 'disabled'. I did this as 'Administrator'.
The results from the TechNet procedure turned out to be quite long but I'm listing it here in hope that someone in the community will be familiar with this problem and be able to use the information to figure out the problem.
Here are the results:
From: TechNet Group Policy Testing
( "http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" )
1 - Troubleshooting using the Group Policy operational log
a - Determine the instance of Group Policy processing
(Before you view the Group Policy operational log, you must first determine
the instance of Group Policy processing that failed.)
My ActivityID from the Group Policy operational log = C87E5BC2-FD21-4794-B678-787AB587D8D5
2 - Create a custom view, via a query, of the Group Policy instance
My resultant query:
<QueryList><Query Id="0" Path="Application"><Select Path="Microsoft-Windows-GroupPolicy/Operational">*[System/Correlation/@ActivityID='{C87E5BC2-FD21-4794-B678-787AB587D8D5}']</Select></Query></QueryList>
3 - Results of running the query from step 2 are listed below, in chronological order, including the complete 'detail' sections from each event.
event 4000
Event Description(s) = Computer startup
BEGIN DETAIL SECTION-----------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 4000
Version 1
Level 4
Task 0
Opcode 1
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.598400000Z
EventRecordID 22707
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
PolicyActivityId {C87E5BC2-FD21-4794-B678-787AB587D8D5}
PrincipalSamName WORKGROUP\GROK$
IsMachine 1
IsDomainJoined false
IsBackgroundProcessing false
IsAsyncProcessing false
IsServiceRestart false
ReasonForSyncProcessing 2
END DETAIL SECTION-------------------------------------------------------------------------------
event 5320
Event Description(s) = Checking for Group Policy client extensions that are not part of the system.
Event Description(s) = Service configuration update to standalone is not required and will be skipped.
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 5320
Version 0
Level 4
Task 0
Opcode 0
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.614000000Z
EventRecordID 22711
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
InfoDescription %%4161
END DETAIL SECTION-------------------------------------------------------------------------------
event 5313
Event Description(s) = The following Group Policy objects were not applicable because they were filtered out :
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 5313
Version 0
Level 4
Task 0
Opcode 0
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.614000000Z
EventRecordID 22710
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
DescriptionString None
GPOInfoList
END DETAIL SECTION-------------------------------------------------------------------------------
event 5311
Event Description(s) = The loopback policy processing mode is "No loopback mode".
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 5311
Version 0
Level 4
Task 0
Opcode 0
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.614000000Z
EventRecordID 22708
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
PolicyProcessingMode 0
END DETAIL SECTION-------------------------------------------------------------------------------
event 5312
Event Description(s) = List of applicable Group Policy objects:
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 5312
Version 0
Level 4
Task 0
Opcode 0
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.614000000Z
EventRecordID 22709
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
DescriptionString Local Group Policy
GPOInfoList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name><Version>524296</Version><SOM>Local</SOM><FSPath>C:\Windows\System32\GroupPolicy\Machine</FSPath><Extensions>[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{F3CCC681-B74C-4060-9F26-CD84525DCA2A}{0F3F3735-573D-9804-99E4-AB2A69BA5FD4}]</Extensions></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 4016
Event Description(s) = Starting Microsoft Disk Quota Extension Processing.
Event Description(s) = List of applicable Group Policy objects: (Changes were detected.)
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 4016
Version 0
Level 4
Task 0
Opcode 1
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.614000000Z
EventRecordID 22714
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66}
CSEExtensionName Microsoft Disk Quota
IsExtensionAsyncProcessing false
IsGPOListChanged true
GPOListStatusString %%4102
DescriptionString Local Group Policy
ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 5320
Event Description(s) = Finished checking for non-system extensions.
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 5320
Version 0
Level 4
Task 0
Opcode 0
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:29:33.614000000Z
EventRecordID 22713
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
InfoDescription %%4165
END DETAIL SECTION-------------------------------------------------------------------------------
event 4016
Event Description(s) = Starting Audit Policy Configuration Extension Processing.
Event Description(s) = List of applicable Group Policy objects: (No changes were detected.)
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 4016
Version 0
Level 4
Task 0
Opcode 1
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:31:21.987200000Z
EventRecordID 22718
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A}
CSEExtensionName Audit Policy Configuration
IsExtensionAsyncProcessing true
IsGPOListChanged false
GPOListStatusString %%4101
DescriptionString Local Group Policy
ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 7016
Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
BEGIN DETAIL SECTION-------------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 7016
Version 0
Level 2
Task 0
Opcode 2
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:31:21.987200000Z
EventRecordID 22717
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
CSEElaspedTimeInMilliSeconds 108374
ErrorCode 2147942402
CSEExtensionName Microsoft Disk Quota
CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66}
END DETAIL SECTION-----------------------------------------------------------------------------------------
event 5016
Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 5016
Version 0
Level 4
Task 0
Opcode 2
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:31:22.314800000Z
EventRecordID 22720
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
CSEElaspedTimeInMilliSeconds 312
ErrorCode 2147483658
CSEExtensionName Audit Policy Configuration
CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A}
END DETAIL SECTION-----------------------------------------------------------------------------------------
Event 8000
Event Description(s) = Completed computer boot policy processing for WORKGROUP\GROK$ in 108 seconds.
BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 8000
Version 1
Level 4
Task 0
Opcode 2
Keywords 0x4000000000000000
- TimeCreated
[ SystemTime] 2010-05-15T13:31:22.330400000Z
EventRecordID 22721
- Correlation
[ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
- Execution
[ ProcessID] 1280
[ ThreadID] 1784
Channel Microsoft-Windows-GroupPolicy/Operational
Computer GROK
- Security
[ UserID] S-1-5-18
- EventData
PolicyElaspedTimeInSeconds 108
ErrorCode 0
PrincipalSamName WORKGROUP\GROK$
IsMachine 1
IsConnectivityFailure false
END DETAIL SECTION-----------------------------------------------------------------------------------------
End of results.
Thanks to all,
wegrok
Win7 Ultimate x64, 8 GB ram, AMD Phenom 9950 Quad-proc @2.6Ghz, HD = 1TB ASUS M4N72-E mobo, Video = NVIDIA GeForce 8800 GT w/ Dell 2407 Digital Monitor -------------------------------------------------------------------------------------------------------Did you ever have luck tracking this down? Im getting this error and have no clue where it is coming from. I have not enabled gp disk quotas, but I do have a network share on a domain member server that has quotas attached to each users folder.
I removed the quotas and still get this error when I manually perform a gpupdate. -
Deploying Office 2013 with Group Policy
I would like to deploy Office 2013 using group policy. I am new to group policy so am looking for some advice and guidance on the best way to deploy. I would like to deploy with no interaction with the user but yet display a message so that they
know not to open Office. I would also like to create a custom registry setting so that if I need to re-install, all I have to do is delete the registry setting. I have tried a group policy for installing with OCT settings (Basic, Suppress
Model checked, No Cancel checked, Completion Notice checked) and modifying the Config.xml (<Display Level="Basic" CompletionNotice="yes" SuppressModal="yes" AcceptEula="yes" />) but I can not get it to display
the installer screen so that users know it is installing. It does display the screen when running the setup.exe manually. I have a setting in the OCT that creates the registry setting and that is working correctly. My group policy is set to run the
below bat file at startup in the Computer Configuration.
setlocal
REM *********************************************************************
REM Environment customization begins here. Modify variables below.
REM *********************************************************************
REM Get ProductName from the Office product's core Setup.xml file, and then add "office15." as a prefix.
set ProductName=Office15.Standard
REM Set DeployServer to a network-accessible location containing the Office source files.
set DeployServer="\\xxxxxx\setup.exe"
REM Set LogLocation to a central directory to collect log files.
set LogLocation=\\xxxxx\Logfiles
REM *********************************************************************
REM Deployment code begins here. Do not modify anything below this line.
REM *********************************************************************
IF NOT "%ProgramFiles(x86)%"=="" (goto ARP64) else (goto ARP86)
REM Operating system is X64. Check for 32 bit Office in emulated Wow6432 uninstall key
:ARP64
reg query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%
if NOT %errorlevel%==1 (goto End)
REM Check for 32 and 64 bit versions of Office 2013 in regular uninstall key.(Office 64bit would also appear here on a 64bit OS)
:ARP86
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%
if %errorlevel%==1 (goto Office) else (goto End)
REM If 1 returned, the product was not found. Run setup here.
:Office
%DeployServer%
echo %date% %time% Setup ended with error code %errorlevel%. >> %LogLocation%\%computername%.txt
REM If 0 or other was returned, the product was found or another error occurred. Do nothing.
:End
Endlocal
Any advice or guidance would be greatly appreciate on how to get a pop up message while software is installing or if there is a better way to deploy.> but I can not get it to display the installer screen so that users know
> it is installing. It does display the screen when running the setup.exe
> manually. I have a setting in the OCT that creates the registry setting
> and that is working correctly. My group policy is set to run the
> below bat file at startup in the Computer Configuration.
Check http://gpsearch.azurewebsites.net/#2308 - if this is enabled, you
will not be able to show "anything" in startup scripts...
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Windows Time Server setting not following group policy
I hardly use group policy, except for two settings:
User Configuration\Administrative Templates\System\User Profiles\Exclude directories in roaming profile
Computer Configuration\Administrative Templates\System\Windows Time Service\Configure Windows NTP Client & Enable Windows NTP Client
The first setting has worked perfectly for years, but the second one seems to have stopped working, in that the time on client PCs has become out by several minutes. The client PCs are running Windows 7 and Windows 8.1.
Following is the result under [TimeProviders] when I run W32TM /query /configuration:
On the server:
NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Policy)
ResolvePeerBackoffMaxTimes: 7 (Policy)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 0 (Policy)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Policy)
Type: NTP (Policy)
NtpServer: time.windows.com,0x9 (Policy)
NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)
On the Windows 8.1 client PC:
NtpClient (Local)
DllName: C:\Windows\system32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NT5DS (Local)
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
NtpServer (Local)
DllName: C:\Windows\system32\w32time.DLL (Local)
Enabled: 0 (Local)
InputProvider: 0 (Local)
Can anyone help me to fix this please so that the client PCs sync their time correctly with an NTP server?Hi,
>>but the second one seems to have stopped working, in that the time on client PCs has become out by several minutes. The client PCs are running Windows 7 and Windows 8.1.
Does this happen to all clients in our environment? For group policy, we can run command
gpresult/h gpreport.html with administrative privileges to collect group policy result to have a check. Besides, we can check event logs in Event Viewer to see if some related events were logged.
Here, we can try to resync time with domain by following the steps described in the article below.
Configure a client computer for automatic domain time synchronization
https://technet.microsoft.com/en-us/library/cc758905(v=ws.10).aspx
In addition, regarding time configuration in Active Directory, the following article can be referred to for more information.
“It’s Simple!” – Time Configuration in Active Directory
http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Group policy didnt work (SYSVOL replication)
Hello experts
I need information and help. I have a 4 domain controller in my domain. 1 domian controller runs windows 2003 SP2 other domains are windows 2008 r2. Today i created Group policy for my testing environment then gpupdate /force from my PC. Then error:
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows attempted to read the file \\golo
mtbank.local\SysVol\golomtbank.local\Policies\{DEFBC9A3-F3F4-4598-BF04-ADFF097BC
04F}\gpt.ini from a domain controller and was not successful. Group Policy setti
ngs may not be applied until this event is resolved. This issue may be transient
and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
I checked SYSVOL folders on my DCs. This folder created on primary domain controller but didn't created other 3 servers. Primary domain is Windows 2008 R2. I was moved Policy definitions (ADMX files) retrieved from the local machine to central store about
few months ago.
Please help me how can solve this problem and how can replicate SYSVOL folder. THanks all> This is my production environments. Is it safe to do so?
Yes, mostly. To verify, check NTFRS event logs on all DCs and post the
last error message you find about replication issues.
Resolution Step by step:
Backup Sysvol on each DC in case replication didn't work for a long time.
On all DCs stop and disable the ntfrs service.
On the PDC (netdom query pdc), do the D4 thing and enable/start ntfrs.
On all other DCs, do the D2 thing and enable/start ntfrs.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
How do I set firefox as the default browser in Windows Server 2012 Group Policy Editor?
Hello, I am unable to set firefox as the default browser despite multiple different attempts to do so using group policy.
I have:
- Set a registry command (targeted at 32/64 via a WMI query) to reset the opening command as shown below:
HKEY_CURRENT_USER\Software\Classes\http\shell\open\command
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"
- Set a powershell logon script to run (that does run):
firefox.exe -silent -setDefaultBrowser
Despite setting the above it seems the client computers browsers are not affected by the settings above. When the script runs or if I run the command above a UAC window pops up and requests that I accept the command (for the setDefaultBrowser) but even if I click yes as an administrator it does nothing.
Since GPO in 2012 has changed perhaps there is something that I am missing? Do I need to somehow disable Windows Internet Explorer from achieving default browser status?
Please do not reply if you will suggest that I use Internet Explorer Maintenance (since this function in GPO has been disabled since IE10)
My DC is Server 2012, my client computers are Win7 32/64.The above reply does not take into account that I am trying to use GROUP POLICY EDITOR to make it the default browser.
-
Dear All,
We are having an infrastructure setup of around 500 client computers managed through group policy.
Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
It would be great if you can assist me with the following query.
How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
Can we disable Network Tab on the left hand pane ?
explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.> * explorer.exe is blocked already, but users are able to enter the
> Windows Explorer by clicking on the name which is visible on the
> Start Menu.
You cannot block explorer.exe when you do not replace the shell - the
desktop you see effectively IS explorer.exe...
Your requirement sounds like you need a custom shell:
http://gpsearch.azurewebsites.net/#2812
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Renamed Domain - Clients Still "joined" to old domain, can't open Group Policy Management on Server
Performed a Domain Rename as per the following instructions:
http://www.bauer-power.net/2011/05/renaming-windows-domain-with-rendom.html#.U4OZRPmSyTM
and then after these issues I have gone through the related technet articles starting here:
http://technet.microsoft.com/en-us/library/cc794793(v=ws.10).aspx
specifically the Fix Group Policy Objects and Links.
But still I have the following issues:
At least for group policy clients believe they are on the old domain - despite even having renamed the computers with the new domain name.
When I perform a gpresult the output file shows as being connected to the old Domain - despite manually going into computer properties and renaming the computer with the new domain name...
CN=Allister Wade,OU=Users,OU=Home,DC=NEWDOMAIN,DC=local
Last time Group Policy was applied: 27/05/2014 at 5:36:31 AM
Group Policy was applied from: finch.newdomain.local
Group Policy slow link threshold: 500 kbps
Domain Name: OLDDOMAIN
Domain Type: WindowsNT 4
On the server I cannot open Group Policy Management on the single Domain Controller as it is looking for a DC on the old Domain:
Even though it has listed the new domain in the root of the management console when I attempt to expand it out I am prompted:
"The specified domain controller could not be contacted. This affects the following domain in the console.
Domain: olddomain.local
The error was:
The specified domain either does not exist or could not be contacted."
I can select to remove the domain from the console but this does nothing - as said it already shows the new domain in the console.
Far as I am aware the clients should not even of needing renaming or changing the domain, but were having authentication issues before I did this. Not sure what I have done wrong here..?Client's NSLookup shows "UnKnown" as DNS Server so thought to check DNS out.
This is result of dcdiag /test:DNS.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = finch
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FINCH
Starting test: Connectivity
......................... FINCH passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FINCH
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... FINCH passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : NEWDOMAIN
Running enterprise tests on : NEWDOMAIN.local
Starting test: DNS
Test results for domain controllers:
DC: finch.NEWDOMAIN.local
Domain: NEWDOMAIN.local
TEST: Delegations (Del)
Error: DNS server: finch.olddomain.local. IP:<Unavailable>
[Missing glue A record]
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 203.12.160.35 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 203.12.160.35
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: NEWDOMAIN.local
finch PASS PASS PASS FAIL PASS PASS n/a
......................... NEWDOMAIN.local failed test DNS -
Deployment of software through Group policy does not work
Hi all,
I am trying to deploy a program through Group policy, specifically winrar, any client computer is able to install the program. Please find below the events from the workstation:
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 4/27/2014 10:06:01 PM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: IRCLIENT0001.corp.healthcareinnovation.com
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because
of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 4/27/2014 10:04:49 PM
Event ID: 1085
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: IRCLIENT0001.corp.healthcareinnovation.com
Description:
Windows failed to apply the Software Installation settings. Software Installation settings might have its own log file. Please click on the "More information" link.
Log Name: System
Source: Application Management Group Policy
Date: 4/27/2014 10:04:49 PM
Event ID: 108
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: IRCLIENT0001.corp.healthcareinnovation.com
Description:
Failed to apply changes to software installation settings. Software changes could not be applied. A previous log entry with details should exist. The error was : %%1612
Log Name: System
Source: Application Management Group Policy
Date: 4/27/2014 10:04:48 PM
Event ID: 102
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: IRCLIENT0001.corp.healthcareinnovation.com
Description:
The install of application WinRAR from policy Basic Computers GPO failed. The error was : %%1612
I am using windows server 2008 R2 and all my clients are running Windows 7 Enterprise and they are working over a domain, note that I am using VMware.
Below there are a list of the troubleshooting steps that have been already applied:
*Disable the the firewall both in the server and in the clients
*Grant read access to the folder where the the program is shared for installation, it was added the authenticated users and domain computers.
*Group policy modifications:
-> User Account Control
Policy Setting Winning GPO
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Elevate without prompting Basic Computers GPO
- User Account Control: Detect application installations and prompt for elevation Disabled Basic Computers GPO
- User Account Control: Only elevate UIAccess applications that are installed in secure locations Disabled Basic Computers GPO
- User Account Control: Run all administrators in Admin Approval Mode Disabled Basic Computers GPO
--> System/Group Policy
Policy Setting Winning GPO
- Startup policy processing wait time Enabled Basic Computers GPO
Amount of time to wait (in seconds): 120
--> System/Logon
Policy Setting Winning GPO
- Always wait for the network at computer startup and logon Enabled Basic Computers GPO
Thank you very much for your time.Hi Marco,
Based on your description, we can enable diagnostic logging of Group Policy Software Installation processing to troubleshoot the issue.
Regarding this point, the following article can be referred to for more information.
How to troubleshoot software installations by using Windows application management debug logging
http://support.microsoft.com/kb/249621
Once you get the log, you may upload it to OneDrive and provide us the download link.
In addition, the following article provides a step-to-step guidance for deploying software via group policy and can be referred to for double check.
How to use Group Policy to remotely install software in Windows Server 2008 and in Windows Server 2003
http://support.microsoft.com/kb/816102
Best regards,
Frank Shen -
Windows 7 Policy missing from Group Policy Management
Hey all,
I have 2 SBS 2008 clients that have Windows 7 Policy missing from Group Policy Management. I noticed that they have XP, Vista, and 8, but not 7.
I came across this when I started to deploy some new support software. I deployed my package, the XP, Vista, and 8 policies as well as the "Windows SBS Client Policy" and workstation, but Win 7 workstations do not get the software package
and this is at both sites.
I personally have SBS008 have tested this and same issue, XP, Vista, 8, 8.1, even my 10 get the software, but my Windows 7 does not.
Do you have any ideas? I have attached a screenshot so you can see what I am talking about.Hi,
Similar query answered :
https://social.technet.microsoft.com/Forums/en-US/d6a6e3fa-fb15-4bcc-a5ca-449f69eeee5d/sbs-2008-missing-client-policy-for-windows-7?forum=smallbusinessserver
https://www.microsoft.com/en-us/download/details.aspx?id=25250
I hope that will help.
Binu Kumar - MCP, MCITP, MCTS , MBA - IT , Director Aarbin Technology Pvt Ltd - Please remember to mark the replies as answers if they help and unmark them if they provide no help. -
Hi guys,
we created a custom WIM Image (Windows 8 Enterprise) with MDT 2012.
Sysprept the Image, Deployed via SCCM 2012 SP1.
Computers are Domainjoined. Error with standard Domain User.
On some computers (not every computer) and not with every user on the first logon following error message arises:
The Group Policy Client service failed the sign-in The universal unique identifier (UUID) type is not supported
It works, when you log in a second time but this error isn't very nice.
Is there a solution for that?
Kind Regards
MartinHi,
The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. This issue can be caused by various reasons based on the computer environment.
Can you find any information in event log about this issue?
Here is the related blog in which the steps can solve most of such issues if the issue continuously happen.
http://blogs.msdn.com/b/moiqubal/archive/2012/03/04/how-to-fix-quot-the-group-policy-client-service-failed-the-logon-access-denied-quot-error.aspx
Also, you can refer to the similar thread about this issue:
http://social.technet.microsoft.com/Forums/en-US/4a644219-50ee-494d-b965-e64a8555109e/the-group-policy-client-service-failed-the-signin-the-universal-unique-identifier-uuid-type-is
Since this issue can be related to SCCM, to better help you, please submit a new thread for further help:
https://social.technet.microsoft.com/Forums/en-US/home?category=systemcenter2012configurationmanager
Hope these could be helpful.
Kate Li
TechNet Community Support -
Deploying Creative Cloud for Teams via Group Policy
Good afternoon, we are trying to deploy our Creative Cloud for Teams products. Our ideal situation would be where we are able to deploy the Creative Cloud Software (e.g. including Photoshop, InDesign, Illustrator, etc) using Group Policy, then assign the respective user licenses using the Management Console. This would send out the email to the applicable user for them to create and Adobe ID, and use the software that has been installed. However, we are able to install the software using Group Policy Deployment using the msi created using the Creative Cloud Packager, but any user is able to use the software on the PC, not just the person who has been assigned the licence via the console email. Is anyone else successfully deploying in this way?
Kind regards
MelTeam license links that may help
-team plans https://creative.adobe.com/plans?plan=team
-http://www.adobe.com/creativecloud/buy/business.html
-https://helpx.adobe.com/contact/creative-cloud-teams.html for Team help
-manage your team account http://forums.adobe.com/thread/1460939?tstart=0
-Team Installer http://forums.adobe.com/thread/1363686?tstart=0 -
Outlook 2013 - wrap text group policy applied, not working with or without digital signature
Hello,
I'm adding group policies to apply on our new installations of Windows 8.1 with Office 2013. One of the settings being applied is enforcing plain text emails and wrapping text at a certain number of characters. Policies are being added using the Outlook
2013 admx.
When I check the options inside Outlook 2013 the group policy did apply successfully (File, Options, Mail, scroll down to Message Format) The option to "Automatically wrap text at character:" is set to 132 and not adjustable as it should be.
In the group policy I have it set to wrap at 132 characters, but when I go to a client machine and send a digitally signed email, it wraps at the default 76 characters. This makes for very annoying short blocky emails and multi-line hyperlinks.
If I do not digitally sign the email then the text doesn't wrap at all! (until it meets the end of the window). So under no circumstances is it wrapping at 132 where it's supposed to.
Thanks,
-Nick Hi,
What is your account type in Outlook? Exchange or others?
Please also let me know the email format that you are sending, Plain Text, HTML or Rich Text Format.
You can try sending the same emails in Outlook Safe Mode:
Press Win + R and type “outlook.exe /safe” in the blank box, then press Enter.
If there’s no problem in Safe Mode, disable the suspicious add-ins to verify which add-ins caused this issue.
Thanks,
Melon Chen
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please click
here -
Issue with GPO "WSE Group Policy Password Synchronization"
When I started my migration of SBS2011 to 2012r2 with essentials service I noticed this GPO appear which I assume is for passwords to be synced to the cloud however when I implemented group policy from essentials the dashboard crashed and the typical
GPO's that it creates weren't there and only the folder-redirection was present it was also blank so I deleted it (I didnt delete the GPO "WSE Group Policy Password Synchronization" )
I then re-launched the dashboard and ran through the process again, it worked what a treat! except the GPO for "WSE Group Policy Password Synchronization"
appears to be blank, I remember it pointing to a ps file but I dont know what ps file and how to recreate it, along with to confirm what it does. Sadly I have no GPO backup to go back to.
any help on this would be much appreciated
CheersHi,
à
however when I implemented group policy from essentials the dashboard crashed
Based on your description, I understand that Dashboard crashed when implemented group policies (some WSE Group
Policy).
àthe typical
GPO's that it creates weren't there and only the folder-redirection was present it was also blank so I deleted it (I didnt delete the GPO "WSE Group Policy Password Synchronization")
Did you mean that deleted the ‘WSE Group Policy Folder Redirection’? Would you please let me know whether do
any operation for the ‘WSE Group Policy Password Synchronization’? Meanwhile, please check if other WSE Group Policy also was
No Settings defined in Settings tab (as your ‘WSE Group Policy Password Synchronization’ picture showed).
àSadly I have
no GPO backup to go back to.
Please start a BPA scan and check if find relevant issue. If no GPO backup, it seems that not be able to help
us to restore group policy objects. By the way, did you have a Full server backup?
If anything I misunderstand or any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Maybe you are looking for
-
Hi All, We have a requirement to integrate PLM with AutoCAD. But problem is our client wants to use only SAP connectors for that and does not want any third-party connectors for the same. Do you know any SAP standard connectors are available for that
-
Is there any way to allocate a particular asset to more than one cost centr
Hi all, I would like to know the posting of an asset to more than one cost center, is there any particular setting to configure this, or, please suggest me how to go about, regards, naga suman
-
In the previous version of Firefox, the status bar could be turned on and off. I would like to be able to turn off this feature also.
-
The sound on my Ipod is horrible
I just got a new Ipod mini after my other one took a dump. Apple replaced it for free though. I put the same songs on that I had on the other one and now I get alot of skipping and cracking with every single song.....is this the Ipod or my computer??
-
How to contact the software server
Hi. I have to Reset my iPod Shuffle, but when I try to do it, ITunes tells me it can't contact the software server, that I have to check if my LAN settings are correct. I access Internet by a Proxy, but since I can post this message, I think I have a