Group policy remains in effect
I have a workstation (windows xp) that I am trying to log into. I have a ZCM 10 group policy bundle that is assigned to the limited user on the workstation. The workstation for some reason has picked up wrong DHCP information and is trying to connect to a 192.168 network (which does not exist). Since it is not connected to my network, it cannot connect to the ZCM server, so no matter what user I log into on the workstation (including administrator), the group policy is in effect and it restricts everything. I cannot get into network connections to correct the DHCP error.
How can I get the ZCM agent on the workstation to stop enforcing the group policy? Remember, this policy prevents me from accessing the control panel, command prompt, anything in the system try (no Zenworks Z), everything.
matt beckstrom
Originally Posted by mbeckstrom
I have a workstation (windows xp) that I am trying to log into. I have a ZCM 10 group policy bundle that is assigned to the limited user on the workstation. The workstation for some reason has picked up wrong DHCP information and is trying to connect to a 192.168 network (which does not exist). Since it is not connected to my network, it cannot connect to the ZCM server, so no matter what user I log into on the workstation (including administrator), the group policy is in effect and it restricts everything. I cannot get into network connections to correct the DHCP error.
How can I get the ZCM agent on the workstation to stop enforcing the group policy? Remember, this policy prevents me from accessing the control panel, command prompt, anything in the system try (no Zenworks Z), everything.
matt beckstrom
There is no easy way to manually remove an effective group policy on a workstation... other than logging in on the domain/source that has set the policy. If PC is set to a wrong ip, but has done that via DHCP... Good thing to check if there is not some device, application or server handing out DHCP for the 192.168 network.
This is a physical machine I presume? Might be an option to swap out or place an extra nic in the PC and see if it will get a correct address on that one.. as the one installed is primarily returning to the given 192.168.x.x address.
Cheers,
Willem
Similar Messages
-
Group Policy - User Rights Assignments not taking effect on workstation`
Novell 5.1 SP7. ZenWorks 3.2 sp3. Windows XP Pro workstations.
In Group Policy, (Computer Configuration/Windows Settings/Security
Settings/Local Policies/User Rights Assignment), I have added Power Users to
the "Load and Unload device drivers" policy. However this setting is not
taking effect on my Windows XP workstations. My DLU policy for users is
configured to have the users members of the "Users" and "Power Users" groups
on the local PC.
Other parts of Group Policy (Computer Policy/Administrative Templates) are
taking effect on the workstation, so I'm wondering if the problem I am
having is related to Security Settings only.
I enabled Group Policy logging on the Windows XP workstation and include it
below:
WMHelperInitialization (Mar 4 2004) called! Flags: 0x8001002. Event:
0x1000. Impersonation: 0x2
Created Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x204
WMHelperSystemEntryEx called!
Entered GPCleanupEntry
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Reading Persist Workstation settings from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Persist
Workstation settings not found. Assuming 0
Error 2 reading Persist Workstation settings
Entered RestoreOriginalGP.
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Entered GPDel
Deleting C:\WINDOWS\System32\GroupPolicy\User
Deleting C:\WINDOWS\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring backup GP from C:\WINDOWS\System32\GroupPolicy.WMOriginal
Entered GPCopy(C:\WINDOWS\System32\GroupPolicy.WMOriginal,
C:\WINDOWS\System32\GroupPolicy, 0, handle, 0x80000070)
Warning: C:\WINDOWS\System32\GroupPolicy.WMOriginal\GPT.ini does not exist
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Writing Group Policy Machine Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x4000 to Group Policy Machine Status in key
Software\Novell\Workstation Manager\Group Policies
Exiting RestoreOriginalGP 0x0
Entered AppendSecuritySettings
Inf path: C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
Restoring GP settings
Loading Account Policies...
Loading Audit Policies...
Loading user rights...
Restoring security options...
No data
No data
No data
No data
No data
No data
No data
No data
Renamed Administrator account: Administrator
Local Administrator's user name = Administrator
Administrator account names match, skipping.
Renamed Guest account: Guest
Local Guest's user name = Guest
Guest account names match, skipping.
LoadXPSecuritySettings returning 0
LoadHive entered
LoadHive exit : 0
Exiting AppendSecuritySettings 0x0
GPCleanupEntry releasing mutex.
Exiting GPCleanupEntry: 0
Exiting WMHelperSystemEntryEx ccode: 0x0
Closing log file.
WMHelperInitialization (Mar 4 2004) called! Flags: 0x0. Event: 0x0.
Impersonation: 0x0
Created Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x11
Entering WMHelperInteractiveUserEntry!
szFullDN = CN=wintest3.OU=Users.OU=Newcastle.O=OSG
DN is Typed convert it to TYPELESS
g_szUserDN = wintest3.Users.Newcastle.OSG
GinaGetUsersSIDInTextualForm ENTERED
Textual SID : S-1-5-21-1214440339-507921405-1708537768-1019
GinaGetUsersSIDInTextualForm EXIT : 0
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Entered CheckForObsoleteWksCache .
No workstation. Exiting CheckForObsoleteWksCache
Applying user policies
Reading Don't reparse from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value Don't reparse: 0x0 in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Entering ApplyPolicies
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Flags: 0x80000070
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Impersonating logged on user.
Context : OU=Users.OU=Newcastle.O=OSG
Full Object DN CN=wintest3.OU=Users.OU=Newcastle.O=OSG
Calling WMGetAllAssociatedObjects(FALSE, MARITIME, 1,
CN=wintest3.OU=Users.OU=Newcastle.O=OSG, WINNT Workstation Package,
zenwmGroupPolicy, 512, pBuffer)
Reverting to system impersonation.
Found DN CN=XP User Package:WinNT-2000-XP:Windows Group Policy.OU=Policy
Packages.OU=Newcastle.O=OSG
WMCheckIfGroupPolicyObjectsChanged entered
Impersonating logged on user.
Reverting to system impersonation.
Group Policy object has NOT changed!
Exiting WMCheckIfGroupPolicyObjectsChanged 0x0
Entered ScheduleCleanup.
Loaded wmschapi.dll
Calling WMScheduleAction
Finished Calling WMScheduleAction. Returned 0x0
Exiting ScheduleCleanup 0x0
Entered BackupOriginalGP.
No backup exists. Creating one: C:\WINDOWS\System32\GroupPolicy.WMOriginal
Backing up original GP to C:\WINDOWS\System32\GroupPolicy.WMOriginal
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\admfiles.ini to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\adm files.ini
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\conf.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\con f.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\inetres.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\ine tres.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\system.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\sys tem.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\wmplayer.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\wmp layer.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\wuau.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\wua u.adm
Copied file C:\WINDOWS\System32\GroupPolicy\GPT.ini to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\GPT.ini
Copied file C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\IPS1.dat
Copied file C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\XPSec.dat
Entered SaveSecuritySettings
Inf path:
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\
Saving XP security settings
Saving Account Policies...
Saving Audit Policies...
Saving user rights...
Name: Administrator
Comment: Built-in account for administering the computer/domain
Full Name:
No rights.
Name: Guest
Comment: Built-in account for guest access to the computer/domain
Full Name:
Right: SeInteractiveLogonRight
Right: SeDenyInteractiveLogonRight
Right: SeDenyNetworkLogonRight
Name: HelpAssistant
Comment: Account for Providing Remote Assistance
Full Name: Remote Desktop Help Assistant Account
No rights.
Name: SUPPORT_388945a0
Comment: This is a vendor's account for the Help and Support Service
Full Name: CN=Microsoft Corporation,L=Redmond,S=Washington,C=US
Right: SeBatchLogonRight
Right: SeDenyInteractiveLogonRight
Right: SeDenyNetworkLogonRight
Name: vector
Comment: Account created by Novell's Workstation Manager
Full Name:
No rights.
Name: wintest3
Comment: Account created by Novell's Workstation Manager
Full Name:
No rights.
Name: None
Comment: Ordinary users
No rights.
Name: Administrators
Right: SeSecurityPrivilege
Right: SeBackupPrivilege
Right: SeRestorePrivilege
Right: SeSystemtimePrivilege
Right: SeShutdownPrivilege
Right: SeRemoteShutdownPrivilege
Right: SeTakeOwnershipPrivilege
Right: SeDebugPrivilege
Right: SeSystemEnvironmentPrivilege
Right: SeSystemProfilePrivilege
Right: SeProfileSingleProcessPrivilege
Right: SeIncreaseBasePriorityPrivilege
Right: SeLoadDriverPrivilege
Right: SeCreatePagefilePrivilege
Right: SeIncreaseQuotaPrivilege
Right: SeChangeNotifyPrivilege
Right: SeUndockPrivilege
Right: SeManageVolumePrivilege
Right: SeImpersonatePrivilege
Right: SeCreateGlobalPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Right: SeRemoteInteractiveLogonRight
Name: Users
Right: SeShutdownPrivilege
Right: SeChangeNotifyPrivilege
Right: SeUndockPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Name: Guests
No rights.
Name: Power Users
Right: SeSystemtimePrivilege
Right: SeShutdownPrivilege
Right: SeProfileSingleProcessPrivilege
Right: SeChangeNotifyPrivilege
Right: SeUndockPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Name: Account operators
No rights.
Name: System operators
No rights.
Name: Printer operators
No rights.
Name: Backup operators
Right: SeBackupPrivilege
Right: SeRestorePrivilege
Right: SeShutdownPrivilege
Right: SeChangeNotifyPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Name: Replicators
No rights.
Name: RAS servers
No rights.
Name: Pre2000 compatible access
No rights.
Exiting SaveUserRights (0)
Saving Security Options
Found: MACHINE/Software/Microsoft/Driver Signing/Policy
Data type is 3
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Setup/RecoveryConsole/SecurityLevel
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Setup/RecoveryConsole/SetCommand
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/AllocateCDRoms
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/AllocateDASD
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/AllocateFloppies
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/CachedLogonsCount
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/ForceUnlockLogon
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/PasswordExpiryWarning
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/ScRemoveOption
Data type is 1
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DisableCAD
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLastUserName
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeCaption
Data type is 1
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeText
Data type is 7
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ScForceOption
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ShutdownWithoutLogon
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/UndockWithoutLogon
Data type is 4
Found: MACHINE/SOFTWARE/policies/Microsoft/windows
NT/DCOM/MachineAccessRestriction
Data type is 1
Found: MACHINE/SOFTWARE/policies/Microsoft/windows
NT/DCOM/MachineLaunchRestriction
Data type is 1
Found: MACHINE/System/CurrentControlSet/Control/Lsa/AuditBaseObjects
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/CrashOnAuditFail
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/DisableDomainCreds
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Control/Lsa/EveryoneIncludesAnonymous
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/ForceGuest
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/FullPrivilegeAuditing
Data type is 3
Found: MACHINE/System/CurrentControlSet/Control/Lsa/LimitBlankPasswordUse
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/LmCompatibilityLevel
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/MSV1_0/NTLMMinClientSec
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/MSV1_0/NTLMMinServerSec
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/NoDefaultAdminOwner
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/NoLMHash
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymous
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymousSAM
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/SubmitControl
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print
Services/Servers/AddPrinterDrivers
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Control/SecurePipeServers/Winreg/AllowedPaths/Machine
Data type is 7
Found: MACHINE/System/CurrentControlSet/Control/Session
Manager/Kernel/ObCaseInsensitive
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Session Manager/Memory
Management/ClearPageFileAtShutdown
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Session
Manager/ProtectionMode
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/AutoDisconnect
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/EnableForcedLogOff
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/EnableSecuritySignature
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionPipes
Data type is 7
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionShares
Data type is 7
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/RequireSecuritySignature
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/EnablePlainTextPassword
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/EnableSecuritySignature
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/RequireSecuritySignature
Data type is 4
Found: MACHINE/System/CurrentControlSet/Services/LDAP/LDAPClientIntegrity
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/DisablePasswordChange
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/MaximumPasswordAge
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RefusePasswordChange
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireSignOrSeal
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireStrongKey
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SealSecureChannel
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SignSecureChannel
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/NTDS/Parameters/LDAPServerIntegrity
Data type is 4
Administrator's user name = Administrator
Guest's user name = Guest
SaveHive entered
SaveHive exit : 0
Exiting SaveSecuritySettings 0x0
Backup path: C:\WINDOWS\System32\GroupPolicy.WMOriginal
Exiting BackupOriginalGP 0x0
Entered RestoreCachedGP.
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
No gpt.ini detected, aborting RestoreCachedGP.
Checking whether OriginalGP exists
Entered GPDel
Deleting C:\WINDOWS\System32\GroupPolicy\User
Deleting C:\WINDOWS\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring original GP.
Entered RestoreOriginalGP.
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Entered GPDel
Deleting C:\WINDOWS\System32\GroupPolicy\User
Deleting C:\WINDOWS\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring backup GP from C:\WINDOWS\System32\GroupPolicy.WMOriginal
Entered GPCopy(C:\WINDOWS\System32\GroupPolicy.WMOriginal,
C:\WINDOWS\System32\GroupPolicy, 0, handle, 0x80000070)
Copied C:\WINDOWS\System32\GroupPolicy.WMOriginal\GPT.ini to
C:\WINDOWS\System32\GroupPolicy\GPT.ini
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x4000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Exiting RestoreOriginalGP 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x4000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Entered GPCopy(C:\WINDOWS\System32\GroupPolicy.UserCache,
C:\WINDOWS\System32\GroupPolicy, 0, handle, 0x80000070)
Copied C:\WINDOWS\System32\GroupPolicy.UserCache\GPT.ini to
C:\WINDOWS\System32\GroupPolicy\GPT.ini
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\User\MIC ROSOFT\IEAK\install.ins to
C:\WINDOWS\System32\GroupPolicy\User\MICROSOFT\IEA K\install.ins
Copied file C:\WINDOWS\System32\GroupPolicy.UserCache\User\Reg istry.pol to
C:\WINDOWS\System32\GroupPolicy\User\Registry.pol
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\IPS2.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS2.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\IPS3.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS3.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
Copied file C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Registry.pol
to C:\WINDOWS\System32\GroupPolicy\Machine\Registry.p ol
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x3000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Entered MergeGptFile(C:\WINDOWS\System32\GroupPolicy.UserC ache, 0x80000070)
g_dwVersion: 0x0.
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0x70007 in key Software\Novell\Workstation
Manager\Group Policies
Found machine extensions...
Found user extensions...
Exiting MergeGptFile 0x0
Reading user's user settings.
Entered AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\User\Reg istry.pol
Entered parseRegFile
Val: 'BlockExeAttachments'
Added: Software\Microsoft\Outlook Express\BlockExeAttachments
Val: 'NoHTMLWallPaper'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop\NoHTMLWallPaper
Val: '**del.NoChangingWallPaper'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop, val:
NoChangingWallPaper
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop\**del.NoChangingWallPaper
Val: 'ForceClassicControlPanel'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ForceClassicControlPanel
Val: 'NoSMMyPictures'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSMMyPictures
Val: 'NoStartMenuMyMusic'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoStartMenuMyMusic
Val: 'NoDesktopCleanupWizard'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoDesktopCleanupWizard
Val: 'NoWelcomeScreen'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoWelcomeScreen
Val: 'NoActiveDesktop'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoActiveDesktop
Val: '**del.NoInternetIcon'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoInternetIcon
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoInternetIcon
Val: '**del.NoNetHood'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val: NoNetHood
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoNetHood
Val: 'NoAutoUpdate'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoAutoUpdate
Val: 'NoSMBalloonTip'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSMBalloonTip
Val: 'NoSMConfigurePrograms'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSMConfigurePrograms
Val: 'NoComputersNearMe'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoComputersNearMe
Val: 'MaxRecentDocs'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\MaxRecentDocs
Val: 'NoSharedDocuments'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSharedDocuments
Val: '**del.NoStartMenuEjectPC'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoStartMenuEjectPC
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoStartMenuEjectPC
Val: 'NoActiveDesktopChanges'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoActiveDesktopChanges
Val: '**del.NoAddPrinter'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoAddPrinter
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoAddPrinter
Val: '**del.NoDeletePrinter'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoDeletePrinter
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoDeletePrinter
Val: '**del.NoToolbarsOnTaskbar'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoToolbarsOnTaskbar
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoToolbarsOnTaskbar
Val: '**del.NoSetTaskbar'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoSetTaskbar
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoSetTaskbar
Val: 'ForceStartMenuLogOff'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ForceStartMenuLogOff
Val: '{20D04FE0-3AEA-1069-A2D8-08002B30309D}'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Val: '**del.{450D8FBA-AD25-11D0-98A8-0800361B1103}'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum, val:
{450D8FBA-AD25-11D0-98A8-0800361B1103}
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum\**del.{450D8FBA-AD25-11D0-98A8-0800361B1103}
Val: '**del.{645FF040-5081-101B-9F08-00AA002F954E}'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum, val:
{645FF040-5081-101B-9F08-00AA002F954E}
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum\**del.{645FF040-5081-101B-9F08-00AA002F954E}
Val: '**del.Wallpaper'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \System, val: Wallpaper
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\**del.Wallpaper
Val: '**del.WallpaperStyle'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \System, val:
WallpaperStyle
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\**del.WallpaperStyle
Val: 'NoDispScrSavPage'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\NoDispScrSavPage
Val: 'NoAddFromNetwork'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromNetwork
Val: '**del.NoAddRemovePrograms'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall, val:
NoAddRemovePrograms
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\**del.NoAddRemovePrograms
Val: 'ListBox_Support_Allow'
Added: Software\Policies\Microsoft\Internet Explorer\New
Windows\ListBox_Support_Allow
Val: '*.fleetviewonline.com'
Added: Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow\*.fleetviewonline.com
Val: '*.osg.com'
Added: Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow\*.osg.com
Val: 'NoHelpItemTutorial'
Added: Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoHelpItemTutorial
Val: 'NoHelpItemNetscapeHelp'
Added: Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoHelpItemNetscapeHelp
Val: 'NoHelpItemSendFeedback'
Added: Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoHelpItemSendFeedback
Val: 'PreventAutoRun'
Added: Software\Policies\Microsoft\Messenger\Client\Preve ntAutoRun
Val: ''
Added: Software\Policies\Microsoft\SystemCertificates\Tru st\Certificates\
Val: ''
Added: Software\Policies\Microsoft\SystemCertificates\Tru st\CRLs\
Val: ''
Added: Software\Policies\Microsoft\SystemCertificates\Tru st\CTLs\
Val: 'ScreenSaverIsSecure'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaverIsSecure
Val: 'ScreenSaveActive'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaveActive
Val: 'ScreenSaveTimeOut'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaveTimeOut
Val: 'SCRNSAVE.EXE'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\SCRNSAVE.EXE
Val: 'ListBox_Support_ZoneMapKey'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\ListBox_Support_ZoneMapKey
Val: '*.osg.com'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\ZoneMapKey\*.osg.com
Val: 'osgintranet'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\ZoneMapKey\osgintranet
Val: '1A00'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\Zones\1\1A00
Val: '1809'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\Zones\1\1809
Val: '1803'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\Zones\1\1803
Val: 'DontPromptForWindowsUpdate'
Added:
Software\Policies\Microsoft\Windows\DriverSearchin g\DontPromptForWindowsUpdate
Val: 'NC_RenameLanConnection'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RenameLanConnection
Val: 'PromptPasswordOnResume'
Added:
Software\Policies\Microsoft\Windows\System\Power\P romptPasswordOnResume
Val: 'NoAUAsDefaultShutdownOption'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAUAsDefaultShutdownOption
Val: 'NoAUShutdownOption'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAUShutdownOption
Val: 'BehaviorOnFailedVerify'
Added: Software\Policies\Microsoft\Windows NT\Driver
Signing\BehaviorOnFailedVerify
Val: 'MovieMaker'
Added: Software\Policies\Microsoft\WindowsMovieMaker\Movi eMaker
Exiting parseRegFile
Exiting AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\User\Reg istry.pol 0x0
Reading user's computer settings.
Entered AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Registry.pol
Entered parseRegFile
Val: 'NoUpdateCheck'
Added: Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoUpdateCheck
Val: 'NoSplash'
Added: Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoSplash
Val: 'PreventAutoRun'
Added: Software\Policies\Microsoft\Messenger\Client\Preve ntAutoRun
Val: 'NV PrimaryDnsSuffix'
Added: Software\Policies\Microsoft\System\DNSClient\NV PrimaryDnsSuffix
Val: ''
Added: Software\Policies\Microsoft\Windows\Safer\
Val: 'WUServer'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ WUServer
Val: 'WUStatusServer'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ WUStatusServer
Val: 'NoAutoRebootWithLoggedOnUsers'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAutoRebootWithLoggedOnUsers
Val: 'AutoInstallMinorUpdates'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\AutoInstallMinorUpdates
Val: 'DetectionFrequencyEnabled'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\DetectionFrequencyEnabled
Val: 'DetectionFrequency'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\DetectionFrequency
Val: 'UseWUServer'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\UseWUServer
Val: 'RescheduleWaitTimeEnabled'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\RescheduleWaitTimeEnabled
Val: 'RescheduleWaitTime'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\RescheduleWaitTime
Val: 'NoAutoUpdate'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAutoUpdate
Val: 'AUOptions'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\AUOptions
Val: 'ScheduledInstallDay'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\ScheduledInstallDay
Val: 'ScheduledInstallTime'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\ScheduledInstallTime
Val: 'RegistrationOverwritesInConflict'
Added: Software\Policies\Microsoft\Windows
NT\DNSClient\RegistrationOverwritesInConflict
Val: 'SearchList'
Added: Software\Policies\Microsoft\Windows NT\DNSClient\SearchList
Val: 'PreventIISInstall'
Added: Software\Policies\Microsoft\Windows NT\IIS\PreventIISInstall
Val: 'SecurityCenterInDomain'
Added: Software\Policies\Microsoft\Windows NT\Security
Center\SecurityCenterInDomain
Exiting parseRegFile
Exiting AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Registry.pol 0x0
Entered GenerateGptFile(C:\WINDOWS\System32\GroupPolicy)
g_dwVersion: 0x70007.
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x70007 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting GenerateGptFile 0x0
Exiting RestoreCachedGP 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x3000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Bumping GPT version...
Entered SetGptVersion(0x0, TRUE).
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0x70007 in key Software\Novell\Workstation
Manager\Group Policies
Read file C:\WINDOWS\System32\GroupPolicy\GPT.ini
Found version 0x70007 in gpt.ini
Using version: 0x70007
Saving GPT version: 0x80008
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x80008 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting SetGptVersion 0x0.
Entered AppendSecuritySettings
Inf path: C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
Restoring GP settings
Loading Account Policies...
Loading Audit Policies...
Loading user rights...
Restoring security options...
No data
No data
No data
No data
No data
No data
No data
No data
No data for Administrator account name.
LoadXPSecuritySettings returning 0
LoadHive entered
LoadHive exit : 0
Exiting AppendSecuritySettings 0x0
Signalling OS to refresh policies
RegQueryValueEx returned 2
Policies are set to apply asynchronously
Policies will be processed asynchronously
Entered SetGptVersion(0x0, TRUE).
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0x80008 in key Software\Novell\Workstation
Manager\Group Policies
Read file C:\WINDOWS\System32\GroupPolicy\GPT.ini
Found version 0x80008 in gpt.ini
Using version: 0x80008
Saving GPT version: 0x90009
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x90009 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting SetGptVersion 0x0.
Entering RunGPUpdate
Exiting RunGPUpdate 0
Exiting ApplyPolicies 0x0
Writing Last Run Time High to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1c58076 to Last Run Time High in key
Software\Novell\Workstation Manager\Group Policies
Writing Last Run Time Low to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x34349ce0 to Last Run Time Low in key
Software\Novell\Workstation Manager\Group Policies
Apply user policies releasing mutex.
Exiting WMHelperInteractiveUserEntry ccode: 0x0
Closing log file.
WMHelperInitialization (Mar 4 2004) called! Flags: 0x2001. Event: 0x2000.
Impersonation: 0x1
Opened Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x11
Entering WMHelperInteractiveUserEntry!
szFullDN = CN=wintest3.OU=Users.OU=Newcastle.O=OSG
DN is Typed convert it to TYPELESS
g_szUserDN = wintest3.Users.Newcastle.OSG
GinaGetUsersSIDInTextualForm ENTERED
Textual SID : S-1-5-21-1214440339-507921405-1708537768-1019
GinaGetUsersSIDInTextualForm EXIT : 0
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Current time high: 0x1c58076
Reading Last Run Time High from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Last Run Time High: 0x1c58076 in key
Software\Novell\Workstation Manager\Group Policies
Previous time high: 0x1c58076
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Entered CheckForObsoleteWksCache
CN=LT_VECTOR.OU=Workstations.OU=Newcastle.O=OSG.
Full Object DN
CN=LT_VECTOR.OU=Workstations.OU=Newcastle.O=OSG.OU =Users.OU=Newcastle.O=OSG
Calling WMGetAllAssociatedObjects(FALSE, MARITIME, 1,
CN=LT_VECTOR.OU=Workstations.OU=Newcastle.O=OSG.OU =Users.OU=Newcastle.O=OSG,
WINNT Workstation Package, zenwmGroupPolicy, 512, pBuffer)
WMGetAllAssociatedObject returned 2
No associated workstation policies. Deleting
C:\WINDOWS\System32\GroupPolicy.WksCache.
DeleteGPRegVal: Error 0x2 deleting Group Policy Machine Flags
Exiting CheckForObsoleteWksCache 2
Applying user policies
Reading Don't reparse from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value Don't reparse: 0x1 in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Policy applied at predesktop. Skipping reapplication at user login.
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing Last Run Time High to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1c58076 to Last Run Time High in key
Software\Novell\Workstation Manager\Group Policies
Writing Last Run Time Low to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x38844da0 to Last Run Time Low in key
Software\Novell\Workstation Manager\Group Policies
Apply user policies releasing mutex.
Exiting WMHelperInteractiveUserEntry ccode: 0x0
Closing log file.
Thanks in advance
AliDUPLICATE
Answered in
novell.support.zenworks.desktops.3x.workstation-manager
Regards
Rolf Lidvall
Swedish Radio (Ltd)
NSC SysOp -
Can't get Aero theme forced (via Group Policy)
Well I'm at a loss. I have a bunch of users. They're all crazy, and I think I'm getting there too. It all started with this three-armed monkey that got loose in the lab....
Ok seriously. I'm having no luck getting the Aero theme forced to any user. 2008 R2 and Win 7 Pro and Enterprise systems. Any user can easily manually set their own Aero theme and it saves after they log off, but for a user that hasn't
done this I cannot get GPO's to get the job done.
I've been all over the web, some people say use the option to "Load a specific theme" which most people agree only affects a user's login for the first time. After they've logged in once, that setting never applies to them again.
And the other one is that if I want to force the theme each time someone logs on, to set the msstyles file under "force a specific visual style file or force Windows Classic". I don't have a company-specific file to share over a network folder
so I just use the default %windir%\resources\Themes\Aero\aero.msstyles path.
Both of these GPO entries are found under User config > Policies > Admin Templates > Control Panel > Personalization.
Some forum posts say not to enable these two items together, others say you need to. For me it doesn't work in any combination - plenty of machine reboots in between to ensure updated GP's get applied. .
Also the Desktop Window Manager Session Manager service is running and set to automatic, and I've tested on more than one system so I am confident the computers are not the problem (some are brand new installs).
Event logs show no errors at all, and also do show successful applies of "4 group policy objects". I suppose I should count how many are supposed to apply to a computer but let's say for argument's sake that there are no errors on this.
Is there something I'm missing?I've been all over the web, some people say use the option to "Load a specific theme" which most people agree only affects a user's login for the first time. After they've logged in once, that setting never applies to them again.
And the other one is that if I want to force the theme each time someone logs on, to set the msstyles file under "force a specific visual style file or force Windows Classic". I don't have a company-specific file to share over a network folder
so I just use the default %windir%\resources\Themes\Aero\aero.msstyles path.
For the "Load a specific theme" policy, you can find the description of the policy in group policy editor, it is only applied when a new user logs in for the first time and it doesn't prevent user from changing the theme
I made a test in my environment, if I applied "force a specific visual style file or force Windows Classic". it works as I want (I use some default visual style file because I don't have customized file ), after that, I can change the
theme, and the aero.msstyles I set via GP remain take effects.
Regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Currently we are running ZfD 7 and Netware 6.5 and have recently upgraded all our workstations to Windows XP Service Pack 2. Our tree structure consists of an OU for each school level, elementary, middle, and high, and an OU for each school in that respective level. Example:
Elementary
West Main
South Main
Middle
Brown Middle
The current contents in each School OU have users, groups, policies, ect. Previously policy was applied by a workstation policy package that distributed all policies: user, machine, and security which were associated with the School OU. Now we split the policy into workstation packages and a user packages. The goal was to have the workstation apply the machine and security policy and the user policy to apply user settings and create dynamic the local user account.
The workstation policy remains persistent on the workstation while the user policy creates a local user (non-volatile) and applies the user policy from a server path depending on group membership. We have four different user policy packages: Student, Teacher, Specialist and Technology. Each with there own group policy user configuration. Everyone in our Tree has the appropriate permissions to access the policies. We configure the user policy package as follows:
Policies Windows XP
Enabled Dynamic Local User
Enabled Windows Group Policy
Workstation Manager
Network Location
\\serverpath
Checked User Configuration
Policy Schedule
User Desktop is active
Advanced Schedule
Impersonation
Interactive User
Associations
Groups (Teachers, Students)
I can get the workstation policy to apply with no problem. The problem comes when a users logs on. It doesnt matter if a new user is being created or if they are simply just switching users. User group policy doesnt apply randomly. The strange thing is it does copy down to the machine. If I connect to the admin share on a newly imaged workstation (with no policy applied) and open c:\windows\system32\ you see the creation of GroupPolicy.Usercache Folder and it copies to the GroupPolicy Folder which is were it applies policy from. Also you can see policy dynamically changing if different users logs on. The Registry.pol updates in the c:\windows\system32\ GroupPolicy.Usercache\User folder and c:\windows\system32\ GroupPolicy \User Sometimes group policy applies and sometimes it does not. When a user logs on you see the policy that was copied down apply. For example the run option is taken away from the start menu. During the log on process this remains in effect but when the process completes its almost like policy is take away. When this occurs I can run WMSCHED.Exe and reapply the user policy and it will apply sometimes. I tried applying group policy through both groups and organizational units. Both with the same results. I was wondering if anyone has had issues with applying group policy with ZEN or if I am doing this incorrectly. Any help would be much appreciated. Thanks.rscurr,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
We are running Windows 8.1 Pro x86
I am really curious as to why the drive restriction group policy causes the error message to pop up:
"This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."
It does not prevent from actual saving so functionality is not lost but it really annoys our end users and we're getting a lot of complaints. We cannot use the workaround of hiding drives instead of restricting as this still presents security issues. This
is happens when saving (or clicking on a button like "Browse" that opens the 'Open' dialogue box) in all Office 2013 applications, Internet Explorer, Paint, Notepad, and probably most others. I've looked at many forums and no suggestions for workarounds
have succeeded for us to get rid of this error message and in fact, I read a post that stated that someone contacted Microsoft and they said this was by design and there is no workaround. I find this very unfortunate that we either have the choice of compromising
security or annoying our end users. It seems to me like the new dialogue box in Windows 8.1 (and maybe 8?) attempts to access the local drive under the logged in user's account before it actually opens up the dialogue box which conflicts with the group policy
that restricts access to the drive.
Has anyone at all had any luck getting this to go away without removing the restrictions? It seems like the answer is either buried in the Windows code or somewhere in the registry.
Thank you in advance for your time!Thank you for your time and response! Unfortunately, we have the machine locked down pretty tight (they are public use computers that require heavy restriction) and it is set to restrict all drives so access is limited to the local profile. We did try
testing your method, however, by adding the Desktop as an allowed location in the Office policy (which would not solve the issue for the other applications but was good for a test) using the path %userprofile%\desktop. When choosing that location, it does
not throw the error but unfortunately, it does not remember like it did for your with the E: drive so it still always throws the error when first loading the dialogue box no matter what I do. If you're able to confirm that this is simply by design and we're
just expected to inform our users to click through the errors, then I guess that's the accepted answer. Although, do you think that there might be a registry key value that is set after you save to the E: drive for the first time? Maybe we could set that value
to %userprofile%\desktop if it's doing the redirection after the first save through registry. Thanks again! -
Question on a specific Group Policy setting for SCCM Updates
Hello,
This may not exactly be the correct forum for this question but in looking around I didn't come up with an immediate answer and was hoping someone else had this issue.
I have a WSUS server and am moving over to SCCM for updates. I've actually had success in getting 2 sets of patches installed after some very frustrating days thanks to people here.
I've noticed that when I switch workstations to my AD folder that has the SCCM Updates GPO instead of our standard WSUS GPO that we get action center errors "Set up Windows Update", "Windows Update is not set up". When we click
the flag it tells us to "Choose an Update Option".
In my new GPO I do have Configure Automatic Updates Enabled for "Auto Download and notify for install" but we still get this warning. Is there a differnet setting that controls this action that anyone is aware of in their experience? I looked
through the other settings but didn't se anything obvious.
Thanks for any help!Hi Dustin,
I'd read a number of different things trying to solve the problem. That article looked a little familiar but I re-read it carefully.
I do have "specify intranet Microsoft Update service location" set to Not Configured as someone had correctly pointed me to that as the reason I was not getting updates.
I did not have "Allow signed updates from an Intranet Micorsoft update server" enabled so that shoudl help some.
"Configure Automatic Updates" was enabled because I, incorectly, thoguth that's all that might be needed since Ihad to make sure I'd Not Configured the first setting.
I had "Turn on Recommended Updates" Enabled so I put it back to not configured.
I understand that turning things to Not Configured doesn't necessarily change any previous group policy settings so I may be getting some fallout from having a WSUS server on these systems before. I'd just like to aviod having to have everyone go into the
action center and manually click to configure updates.
I'll see if my one setting change has any effect.
UPDATE: I forced a gpupdate and the red flag in the action center has not disappeared. -
Group Policy Client service failed! Help!
A few days ago I was booted out of my account, while watching a DVD. My system restarted itself, but not before flashing some sort of blue screen. Unfortunately I was unable to read the content of it. After restarting, I was presented with a light blue login screen, instead of my normal screen. However, my name and profile picture remained the same. I was able to login with my password, only to be informed that I had been set up with a temporary account. I was unable to access my files, and had no idea how to access my regular account. After logging out, and restarting in hopes that it would go back to normal... my system went into recovery mode, and afterwards presented me with the same temporary account login screen. Only this time, I was unable to login. Instead I received "The Group Policy Client service failed the logon. Access denied" message. I'm the only user (administrative), and my computer has no internet connection. So, I'm not sure if this is a simple error; a result from my low capacity battery needing to be replaced, or a virus. I've checked previous forums, but I've had no luck. I can't login to my computer at all, and it's very frustrating. I've also backed up my files, just in case my system has to be restored to its factory settings (I hope not). Could any one tell me how to resolve this? Please!
- Frustrated (Pavilion dv6-1350us) UserHello @chigi93 ,
Welcome to the HP Forums!
I understand you were booted from your account and can now only log in with a temporary account.
Windows does this when the main account is unavailable. The account most likely needs to be repaired.
Please follow this document to fix a corrupted profile: Fix a corrupted user profile.
If that doesn't work please go through this document: You receive a "The User Profile Service failed the logon” error message.
Let me know if that works.
Please click the "Kudos, Thumbs Up" at the bottom of this post if you want to say "Thanks" for helping!
Please click "Accept as Solution" if you feel my post solved your issue, it will help others find the solution.
The Great Deku Tree
I work on behalf of HP. -
The group policy client service failed the logon access is denied.
This one is starting to get on my nerves now. We've had 2 users suffering this problem on our Remote Desktop server.
We are running two Windows Server 2008 SP2 domain controllers, with two Windows 2008 R2 servers running RD Gateway and Remote Desktop Server.
The first user I had to recreate because of following instructions I googled because it caused the user to always logon with a temporary profile on the server and I could not resolve this.
This user I have managed to cleanly delete the local logon profile.
BOTH of these users are on roaming profiles, as are most of the users that are logging in to this server (for reasons that they move around the office). On the server, the user is listed twice one with a .v2 extension (XP machines at desks)
The user we are having a problem with at the moment was working perfectly fine a couple of weeks ago when they last logged into the server.
Could this be down to me setting an over ride on the settings that force people to logout completely after an hour of idle time, resulting in an unclean logoff?
Some of the messages that are in the event log for when that user attempts to login:
Event id: 1542
Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.
Event ID: 6001
The winlogon notification subscriber <Sens> failed a notification event.
Event ID: 6004
The winlogon notification subscriber <GPClient> failed a critical notification event.
I'm also getting a constant batch of
Event ID: 510
Folder redirection policy application has been delayed until the next logon because the group policy logon optimization is in effect
Any ideas why this should happen? I need a solution as soon as possible please as these users are running our sales department from home, and this user is due to be on the rota to do it this week! :)Andy, I have been struggling with this issue on a new 2008R2 server. Can
you explain the commands you used to load ntuser.dat and usrclass.dat
into the registry? This is a truly maddening issue.
Thank you.
On 1/10/2011 11:01 AM, Andy Murphy wrote:
> Seems I have managed to over come this.
>
> After deleting the profile from within the Advanced System Settings >
> User Profiles on the RD server I still couldn't logon (as said above
> about clean deletion of the local profile)
>
> So I manually loaded the UsrClass.dat and NTUser.dat into the registry
> as they were not there. To do this I did the following:
>
> Loaded NTUser.dat from the profile on the server as a hive under
> HKEY_USERS to S-1-5-21-2055973500-2782184047-1828406536-1165
>
> Loaded UsrClass.dat from the profile.v2 on the server as a hive under
> HKEY_USERS to S-1-5-21-2055973500-2782184047-1828406536-1165_Classes
>
> Then logged in as the user, and it works perfectly again (it did hang on
> waiting for the session manager). To be sure I then copied the Default
> user to that newly created profile on the RD server and logged in again,
> no hangs. Perfect.
>
> Maybe this will solve a few other peoples problems with these related
> errors.
> -
Dear All,
We are having an infrastructure setup of around 500 client computers managed through group policy.
Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
It would be great if you can assist me with the following query.
How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
Can we disable Network Tab on the left hand pane ?
explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.> * explorer.exe is blocked already, but users are able to enter the
> Windows Explorer by clicking on the name which is visible on the
> Start Menu.
You cannot block explorer.exe when you do not replace the shell - the
desktop you see effectively IS explorer.exe...
Your requirement sounds like you need a custom shell:
http://gpsearch.azurewebsites.net/#2812
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
We recently switched hardware and server software Win SBS 2008 to 2012R2 for a small network roughly 40 clients (Win7 Pro / Win 8.1 Pro) about 16 running concurrently at a given time and one network printer with the printer queue residing on the DC as well.
I read that a single server environment might not be ideal in particular no fail-over but that is an accepted risk in this particular network here.
Errors:
Error 1043: Timeout during name resolution request
Error 1129: Group policy updates could not be processed due to DC not available
Error 5719: Could not establish secure connection to DC, DC not available
Occasionally but disappears after a while
Error 134: As a result of a DNS resolution timeout could not reach time server
Symptoms
On Win 7 Clients
Network shares added through Group Policy will not show sometimes
Network shares disconnect (red X) and when accessed return access authorization error after one or two clicks on the share finally grant access again
When the issue with accessing network shares occurs, it usually also affects Internet access meaning a 'server not responding' error appears in the browser windows when trying to open just any web page
nslookup during the incident returns cannot resolve error
ipconfig on client shows correct default router (VDSL Router) and DHCP / DNS Domain Controller
Also, the Win system log shows the above errors during these incidents, however, the nuimber of incidents vary from 20-30
On Win 8.1 Clients
Same as above with the slight variation for network shares apparently due to Server 2012 and Win 8.1 clients managing drive shares differently. However, network share refresh does not work with this clients. In most cases only a gpupdate /force returns
drive shares but usually only for the active session. After logoff / logon the shares are gone again.
The issue does appear to be load related since it occurs even if there are only one or two workstations active.
Server Configuration
Dell R320 PowerEdge 16GB / 4TB 7200RPM RAID10 / GBitEthernet
Zyxel 1910-48 Port Switch
VDSL 50Mbps Down / 20Mbps Up
Since the DC is the only local DNS and there are no plans to add another one or move DNS to another server, the DNS server is configured with this own address as preferred DNS with three DNS forwarders 1) VDSL Router 2) ISP DNS1 3) ISP DNS2
Currently only one Network card is active for problem determination reasons.
There appears to be no consensus concerning IPV6 enabled or disabled, I tried both with no apparent effect
I have set all network cards server and client to Full Duplex and the same speed, also disabled Offload functions within the adapter settings. Some but no consistent improvements.
Best Practice Analyzer Results
DNS server scavening not enabled
Root hint server XYZ must respond to NS queries for the root zone
More than one forwarding server should be configured (although 3 are configured)
NIC1 should be configured to use both a preferred and alternate DNS (there is only one DNS in this network)
I have found some instructions to apply changes to the clients through a host file but I would rather like to understand whether this DNS response time issue can be resolved on the server for example timing setting perhaps. Currently the DNS forwarders are
set to 3 second.
Since a few people have reported issues with DNS but most are working with multi DNS, DC environment I could not really apply any suggestions made there. perhaps there is anyone like me who is running a single server who has overcome or experience the same
issues. Any help would be appreciatedHello Milos thx for your reply.. my comments below
1. What does it "switched"? You may mean migration or new installation. We do not know...
>> Switched is probably the incorrect term, replaced would be the appropriate wording. Before, there was a HP Proliant Server with SBS 2008 with distinct domain and now there is a Dell Server with MS 2012 R2 with a distinct domain. Client were
removed from one (SBS) domain and added to the new Server 2012 domain. Other components did not change for example same Network Switch or VDSL Router, Workstations and Printer
2. Two DCs are better alternative. Or backup very frequently. There are two groups of administrators. Those who have lost DC and those who will experience this disaster in near future.
>> Correct, and I am aware of that
3. NIC settings in W 7 and W 8.1, namely DNS points to DC (...and NOTHING else. No public IP or that of router DNS.))
>> Correct, this is how it's currently implemented. Clients point to DC for DHCP and DNS and Default Router, no public IP or DNS. The only references to ISP DNS exist on the VDSL Router itself as provided through ISP when establishing VDSL
Link and the list of Forwarders in the DNS Server configuration. However, I have just recently added the ISPs DNS as forwarders for test purposes and will probably learn tomorrow morning whether this had any effect for better or worse.
4. Do nslookup to RR on clients. RR branch is saying client basic info on LDAP parameters of AD.
>> Will post as soon as available
5. I do not use forwarders and the system works
>> Ok, does this mean it works for you in a similar or the same infrastructure setup or are you saying it is not required at all and I can remove any forwarder in a scenario like mine? If not required can you explain a bit more why it is not
required apart from that it does work for you that way?
6. DHCP should sit on DC (DHCP on router is disabled)
>> Correct, no other device is configured to provide DHCP service other than DC and DHCP is currently running on DC
7. NIC settings in DC points to itself (loopback address 127.0.0.1)
>> Are you sure this is still correct and does apply to Server 2012? I am reading articles stating that it should be the servers own IP but local loop or should this be added as alternate DNS in addition to the servers own IP?
8. Use IPCONFIG /FLUSHDNS whenever you change DNS settings.
>> OK, that was not done every time I changed some settings but I can do that next week. Reboot alone would not suffice, correct?
9. Test your system with dcdiag.
>> See result below
10. Share your findings.
Regards
Milos
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = GSERVER2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GSERVER2
Starting test: Connectivity
......................... GSERVER2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GSERVER2
Starting test: Advertising
......................... GSERVER2 passed test Advertising
Starting test: FrsEvent
......................... GSERVER2 passed test FrsEvent
Starting test: DFSREvent
......................... GSERVER2 passed test DFSREvent
Starting test: SysVolCheck
......................... GSERVER2 passed test SysVolCheck
Starting test: KccEvent
......................... GSERVER2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... GSERVER2 passed test
KnowsOfRoleHolders
Starting test: MachineAccount
......................... GSERVER2 passed test MachineAccount
Starting test: NCSecDesc
......................... GSERVER2 passed test NCSecDesc
Starting test: NetLogons
......................... GSERVER2 passed test NetLogons
Starting test: ObjectsReplicated
......................... GSERVER2 passed test
ObjectsReplicated
Starting test: Replications
......................... GSERVER2 passed test Replications
Starting test: RidManager
......................... GSERVER2 passed test RidManager
Starting test: Services
......................... GSERVER2 passed test Services
Starting test: SystemLog
......................... GSERVER2 passed test SystemLog
Starting test: VerifyReferences
......................... GSERVER2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : GS2
Starting test: CheckSDRefDom
......................... GS2 passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... GS2 passed test CrossRefValidation
Running enterprise tests on : GS2.intra
Starting test: LocatorCheck
......................... GS2.intra passed test LocatorCheck
Starting test: Intersite
......................... GS2.intra passed test Intersite
Server: gserver2.g2.intra
Address: 192.168.240.6
*** gserver2.g2.intra can't find g2: Non-existent domain
> gserver2
Server: gserver2.g2.intra
Address: 192.168.240.6
g2.intra
primary name server = gserver2.g2.intra
responsible mail addr = hostmaster.g2.intra
serial = 443
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
> wikipedia.org
Server: gserver2.g2.intra
Address: 192.168.240.6
Non-authoritative answer:
wikipedia.org MX preference = 10, mail exchanger = polonium.wikimedia.org
wikipedia.org MX preference = 50, mail exchanger = lead.wikimedia.org
polonium.wikimedia.org internet address = 208.80.154.90
polonium.wikimedia.org AAAA IPv6 address = 2620:0:861:3:208:80:154:90
lead.wikimedia.org internet address = 208.80.154.89
lead.wikimedia.org AAAA IPv6 address = 2620:0:861:3:208:80:154:89
Final benchmark results, sorted by nameserver performance:
(average cached name retrieval speed, fastest to slowest)
192.168.240. 6 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
+ Cached Name | 0,001 | 0,002 | 0,003 | 0,001 | 100,0 |
+ Uncached Name | 0,027 | 0,076 | 0,298 | 0,069 | 100,0 |
+ DotCom Lookup | 0,041 | 0,048 | 0,079 | 0,009 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
gserver2.g2.intra
Local Network Nameserver
195.186. 4.162 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,022 | 0,023 | 0,025 | 0,000 | 100,0 |
- Uncached Name | 0,025 | 0,071 | 0,274 | 0,065 | 100,0 |
- DotCom Lookup | 0,039 | 0,040 | 0,043 | 0,001 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
cns8.bluewin.ch
BLUEWIN-AS Swisscom (Schweiz) AG,CH
195.186. 1.162 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,022 | 0,023 | 0,026 | 0,001 | 100,0 |
- Uncached Name | 0,025 | 0,072 | 0,299 | 0,066 | 100,0 |
- DotCom Lookup | 0,039 | 0,042 | 0,049 | 0,003 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
cns7.bluewin.ch
BLUEWIN-AS Swisscom (Schweiz) AG,CH
8. 8. 8. 8 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,033 | 0,040 | 0,079 | 0,011 | 100,0 |
- Uncached Name | 0,042 | 0,113 | 0,482 | 0,097 | 100,0 |
- DotCom Lookup | 0,049 | 0,079 | 0,192 | 0,039 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
google-public-dns-a.google.com
GOOGLE - Google Inc.,US
UTC: 2014-11-03, from 14:33:12 to 14:33:29, for 00:17,648
15: 40
192.168.240. 6 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
+ Cached Name | 0,001 | 0,002 | 0,004 | 0,000 | 100,0 |
+ Uncached Name | 0,025 | 0,074 | 0,266 | 0,063 | 100,0 |
+ DotCom Lookup | 0,042 | 0,048 | 0,075 | 0,007 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
gserver2.g2.intra
Local Network Nameserver
195.186. 1.162 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,022 | 0,024 | 0,029 | 0,001 | 100,0 |
- Uncached Name | 0,024 | 0,073 | 0,289 | 0,067 | 100,0 |
- DotCom Lookup | 0,039 | 0,041 | 0,043 | 0,001 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
cns7.bluewin.ch
BLUEWIN-AS Swisscom (Schweiz) AG,CH
195.186. 4.162 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,022 | 0,024 | 0,029 | 0,001 | 100,0 |
- Uncached Name | 0,025 | 0,073 | 0,286 | 0,065 | 100,0 |
- DotCom Lookup | 0,041 | 0,066 | 0,180 | 0,037 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
cns8.bluewin.ch
BLUEWIN-AS Swisscom (Schweiz) AG,CH
8. 8. 8. 8 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,033 | 0,038 | 0,077 | 0,009 | 100,0 |
- Uncached Name | 0,042 | 0,105 | 0,398 | 0,091 | 100,0 |
- DotCom Lookup | 0,049 | 0,066 | 0,141 | 0,025 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
google-public-dns-a.google.com
GOOGLE - Google Inc.,US
UTC: 2014-11-03, from 14:39:59 to 14:40:12, for 00:13,363 -
ISE 1.2 & AD & Meraki - Per User Group Policy ?
I am working on a PoC for a deployment in an MDU. We are using Meraki switches and access points. There are 250 units in the building, each unit will have it's own subnet. The goal is to have the tenant be able to connect to a common building SSID and be placed into their assigned VLAN. There will also be physical ports in each unit that will need to do the same. I am trying to figure out a way to use ISE to authorize on a per user basis and not based on groups of users. On the Meraki system there are group policies that will assign the VLAN for the user as well as any type of layer 7 firewalling and bandwidth control. So there will be 250 group policies, one for each unit. There is a deployment guide that shows how to setup ISE for use with Meraki and it is great but it assumes that there will be large groups like Employees, Contractors, etc.. that will be used. This is where I'm being tripped up, also... this is my first swing at a NAC deployment so I have a lot to learn.
1.Can I setup each user in Active Directory to have a tag that ISE can then forward on to Meraki for the group policy? Say it's unit 101 and I have a group policy called 101 in Meraki, Meraki documentation says to use the Airespace-ACL-Name attribute in ISE to indicate the group policy to use. This gives me the ability to place a group into that policy but not an individual. Or would this be better done by creating the users in ISE directly? Omit AD entirely?
2. Each unit will have devices that will need MAB because they are not 802.1x compatible. I need to do the same as above with them. I would create a separate SSID for these devices but then use the MAC address to authenticate them but will need to authorize them to go into a specific group policy.
I know this isn't a typical ISE application but I think that this will work really well in the end, just need to iron out these details and get a test system functioning. Any help would be greatly appreciated!!!
Thanks,
NathanPlease find the Meraki_ISE integration doc. in attachment.
When VLAN tagging is configured per user, multiple users can be associated to the same SSID, but their traffic is tagged with different VLAN IDs. This configuration is achieved by authenticating wireless devices or users against a customer-premise RADIUS server, which can return RADIUS attributes that convey the VLAN ID that should be assigned to a particular user’s traffic.
In order to perform per-user VLAN tagging, a RADIUS server must be used with one of the following settings:
MAC-based access control (no encryption)
WPA2-Enterprise with 802.1x authentication
A per-user VLAN tag can be applied in 3 different ways:
The RADIUS server returns a Tunnel-Private-Group-ID attribute in the Access-Accept message, which specifies the VLAN ID that should be applied to the wireless user. This VLAN ID could override whatever may be configured in the MCC (which could be no VLAN tagging, or a per-SSID VLAN tag). To have this VLAN ID take effect, “RADIUS override” must be set to “RADIUS response can override VLAN tag” under the Configure tab on the Access Control page in the “VLAN setup” section.
The RADIUS server returns a group policy attribute (e.g., Filter-ID) in the Access-Accept message. The group policy attribute specifies a group policy that should be applied to the wireless user, overriding the policy configured on the SSID itself. If the group policy includes a VLAN ID, the group policy’s VLAN ID will be applied to the user.
On the Client Details page, a client can be manually assigned a group policy. If the group policy includes a VLAN ID, the group policy’s VLAN ID will be applied to the user. -
Group Policy Files Not Being Deployed to UNC Paths
When attempting to deploy files via Group Policy Preferences, there is a well-known issue wherein you may receive an error to the effect of: 0x80070003
The system cannot find the path specified. This is due to the local system being the security context used to deploy the file. If the local system does not have rights to the location, as is true with mapped drives, access is denied and the path cannot
be found. The workaround for this is to enable the common option "Run under the logged in user's security context"
However, I have done this and still receive the same error. I have verified the logged-in user can reach both the source and destination. Specifically, the source is a file server and the destination is the user's HOMEPATH,
which resides on another fileserver in this case. More to the point, it's their redirected Documents folder, and it otherwise works fine; I cannot imagine this being a permissions or connectivity issue, especially because I receive the error even if I execute
a gpupdate
/force /target:user while logged in.
I've also installed the hotfix from Microsoft pertaining to this issue: "Error
code 0x80070003 when a Group Policy preference is applied to Windows 7 clients", but this did not change anything. (I only installed it onto the desktop; that seems to be where it belongs for my case.)
I'm at a loss as to why this happens. The domain controllers agree the common option is set, and a gpupdate does otherwise succeed. Also, if I change the target to a location on a local drive of the computer, it works fine. I do not see the common option reflected
in the output of gpresult,
but I'm not sure if I should.Hi Ron,
Before going further, how did we input the source file path and the destination file path? Did we input the paths as follows (t1.txt as an example):
Action: Create
Source file path: \\servername\sharename\username\documents\t1.txt
Destination file path:\\servername\sharename\t1.txt
Best regards,
Frank Shen -
Group Policy - Computer Startup Scripts - Add/Set Default printer
Good Morning.
Let's say we have 2 offices, A and B, and only 1 user. The user is using Roaming Profiles. Each office has its own printer.
What I am trying to do, is make a Startup script that is specific to the COMPUTER being logged into so when any user logs into that computer, they get the printer in that office defined and set as default.
I am able to do this successfully with my script but ONLY if i have the script be on the USER side of GP (i.e. in the Logon script section)
That is great that that is working however, when my user goes to Office B, they still get mapped to Office A's printer if I use that method.
So I figured I could just modify my GP and run the same script from the STARTUP section of the computer, rather than the LOGON section of the user. It does not work.
Here is my script:
Set WRFCUNetwork = CreateObject("Wscript.Network")
PrinterPath = "\\fileserver\MAINTELLER"
PrinterDriver = "PrinterDriver"
WRFCUNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
WRFCUNetwork.SetDefaultPrinter "\\fileserver\MAINTELLER"
This is where I Have the script placed:
Computer Configuration -> Windows Settings -> Scripts(Startup/Shutdown)
Once i'm in there, I double click Startup, click Add, and select my script which is named:
MainPrinterSetup.vbs
I have this GP applied to ONE OU, and that OU has ONE computer in it (my test computer)
I login with a brand new user called "testuser" (creative, huh?) and basically nothing happens
except they log in and have some Microsoft Document Image Writer printer set as default (which by the way sure does slow the PC down to the point of it almost being broke if anyone actually tries to print to that by accident)
No Main Teller Printer, no anything.
The strangest part about this is, if i apply this script to the user LOGON scripts, it works fine, the printer is there, and is set as default. (but see above why that wont work for my situation)
So obviously the script works fine, but I guess i'm missing something when it comes to applying GP's to Computers rather than Users.
Can anyone shed some light as to why the script is not running (i'm guessing the script isn't even attempting to run, rather than failing, but i have no way to know that)
Thank you in advance!!
Derek Conlon
Network Administrator
WRFCU
EDIT: Here are the PC's info that i'm working on:
Server: Windows Server 2003 Standard Edition (where my GP's are created and managed with AD)
Target PC: Windows XP Professional SP3
EDIT #2: I manually navigated to the Script file after logging in and "opened" it and it added and set the default printer no problem. the issue is definately with the script running at startup.I wanted to clarify a few things:
1. While it is true that printer connections are usually per user, it is definitely possible to create "global printers". There are a number of ways to do this, but two methods that come to mind are using:
a. "Rundll32 printui.dll,PrintUIEntry" option with the "/ga" switch. The "/ga" switch is the key here since it allows you to deploy printers "per machine" instead of "per user". More information
about this is available at:
http://members.shaw.ca/bsanders/NetPrinterAllUsers.htm
http://technet.microsoft.com/en-us/library/ee624057%28WS.10%29.aspx
http://www.computerperformance.co.uk/Logon/logon_printer_computer.htm
http://www.robvanderwoude.com/2kprintcontrol.php
b. The Print Management console that is available in Windows 2003 R2 and higher can help you deploy printers "per machine" in addition to "per user". More information about this is available at:
http://www.czsolution.com/print-management/print-management/print-management-console.htm#DeployingPrintersByGroupPolicy
http://technet.microsoft.com/en-us/library/cc753109%28WS.10%29.aspx
2. As Guy mentioned, Group Policy Preferences can help set the default printer. But there is another way to accomplish this. The problem with the computer startup portion is that it runs before the user logs in. And applying this script
in the login script section would not work per computer unless you used loopback processing. So another way to do this is to place a script that sets the default printer into the "All Users" startup folder. Items in the "All Users"
startup folder run for any user that logs into the computer, but it runs in the user's context. So, this script would effectively set the default printer on a "per machine" basis. The script method is a cruder way to approach the problem,
but it will help get the job done. Here are some resources on setting the default printer via script:
http://www.intelliadmin.com/index.php/2007/08/set-default-printer-from-a-script
http://www.computerperformance.co.uk/ezine/ezine17.htm -
Win7 Computer Config group policy not applying
Hi all: I am having a bit of trouble getting a Computer Configuration group policy to apply in Windows 7 using ZCM 11.2.3. I have two group policies, one for User Configuration settings and the other for Computer Configuration settings. User Config GP is associated with users and Computer Config GP is associated with Workstations. ZCM shows both policies as being successfully applied. Yet, if I run rsop.msc to generate a resultant GP set, all Computer Config settings show up as undefined.
I have used this same technique in XP for many years without issue. I suspect the User Config GP is overwriting all GP settings as it is the last to be applied, but since that policy is ONLY for User Config settings I do not see how. Can someone show me the "errors of my ways"?
Thanks a bunch, Chris.I have an identical policy setup - a policy wherein "Computer configuration" is checked and configured (I don't even touch the User related settings) and is applied to workstations as well as a second policy with "User configuration" checked and configured (as with the computer policy, I don't touch the Computer related policy in this User policy) and applied to users. I set it up that way because I want general settings specific to our environment to exist and be effective for all users including IT staff in the Computer policy. I then want to restrict users within the User Policy. I have no Active Directory.
The computer settings apply intermittently with no rhyme or reason, which makes it difficult to troubleshoot. I have Internet Zone Assignments configured in the Computer policy, so specific users have problems when this policy is not effective which is how I became aware of the problem. I found that I can run "gpudate /force" as the user and the computer policy becomes effective, which is what I do most of the time since it's a quick fix and I can move on to other things. I've tried changing the order the policies are applied. I am considering creating a single policy with both computer and user settings and associating it with users in hopes that it will always apply, but thought I'd check out the forum before doing so. ZCM 11.2.3 and Windows 7. -
Extreme slow login on Server 2008 R2 TS at Group Policy Preferences - Printers
I see references to this problem everywhere, going back to 2010. However I'm not finding any real answers.
I have Group Policy Preferences installing printers to Terminal Server Users. I have one policy that applies to 4 terminal servers. One of them is a 2008 R2, the others are 2003 x64. Only for the 2008 R2 server, after all of the printers
show (in event viewer) as successfully loaded, there is a long hang. I have many printers applied to me, and that results in my load time being the longest of all at about 3 minutes. I am an administrator on the machine. Others have the exact
same problem, just a bit less pronounced depending on the number of printers.
The policy preference is set to UPDATE, so it's not loading the driver... again, the printer is already successfully applied.
I've tried setting UAC to "Never" on the server. No effect. I've played with the Point and Print policy at both computer and user level, finally just setting both to disabled, but prior to that setting them to Enabled with the "do
not show warning" on both settings. No effect (which makes sense since that is for non-admins and I am having this problem as an admin).
My logging pasted below shows this same thing in all cases.
Is there an answer to this that I am just not finding?
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Filters passed.
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Adding child elements to RSOP.
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Set user security context.
2013-12-06 09:11:44.289 [pid=0x388,tid=0xca0] Set system security context.
2013-12-06 09:14:13.873 [pid=0x388,tid=0xca0] Set user security context.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] Set system security context.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] Properties handled.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] RunOnce value created [SUCCEEDED(S_FALSE)]Hi,
Based on your description, I want to confirm whether we have used Item-level Targeting of GPP for printer deploying.
GP Preferences settings that use Item- Level Targeting (ILT) are not inherently harmful. However, certain kinds of Item Level Targeting queries can
take more time to run.
Regarding this issue, the following article can be referred to for more information and the hotfix in the article can be downloaded to fix the issue.
You experience a long domain logon time in Windows Vista, Windows 7, Windows Server 2008 or Windows Server 2008 R2 after you deploy Group Policy preferences
to the computer
http://support.microsoft.com/kb/2561285/en-us
In addition, regarding group policy and logon impact, the following article can be referred to for more information.
Group Policy and Logon Impact
http://blogs.technet.com/b/grouppolicy/archive/2013/05/23/group-policy-and-logon-impact.aspx
Best regards,
Frank Shen
Maybe you are looking for
-
When I am in Firefox and go into my Yahoo mail the mail's font is so large it does not even fit into the screen. I can not see where I can change the size. It is only when using Firefox I have this problem. I appreciate your help.
-
Dunning letter via email with invoice attachments
Hi Experts, We have requirement where in dunning letter should be send to customer via email along with invoice attachments. We have copied standard script F150_DUNN_02 to custom one as per requirements and configured it in SPRO. We are using BTE 104
-
Hello all, I have read these forums with a passion for the past couple of weeks seeking a way to fix my problem by myself. Basically what happened was, I was moving something and I accidently unplugged my computer. I plugged it back in, started it up
-
No progress seen in OATM migration
Hi Gurus, I am performing OATM migration on my 11.5.10.2 applications with 10.2.0.4 database. I see the status is 99.96% completed - Generating Migration progress report for all schemas. Please wait... Migration Progress Report Report Date : April 13
-
Newbie: Java FX Resizable Gui Layout
Dear all, I am trying to create a User Interface for entering address data. The GUI should be resizable so i was experimenting with the jfxtras Grid Layout. With the included code a rudimentary Gui is created. My Problem is that i cannot control the