Group Policy - Workstation Group
Hello,
I am trying to apply a windows group policy using a workstation policy package and associating it with a workstation group.
When I go log in to a workstation that is a member of the workstation group after the policy has been setup and go into gpedit.msc, the setting is not changed.
If I setup a user policy with the user I'm logging in as, the user settings work correctly.
Just as a test, I am going and enabling QOS Limit Reserve Bandwith and setting it to 0%. I have the policy running at user login applying only computer configurations and I have loopback support enabled in replace mode. persistent settings are NOT enabled.
Any suggestions? Thanks for any help
There are numerous reasons why a Zen managed Group Policy not will apply,
associated via group or not.
Also see my other replies.
Things to check regarding a "Workstation Policy Package" associated GPO
(that only contains "Computer Configuration" settings):
1. Workstation Object must have [RF] to the files on the server.
2. "Network location of existing/new Group Polies" path (in C1) must be UNC.
3. Schedule = "System Startup".
4. The "Computer Configuration" check box must be enabled (in C1).
5. GPT.INI on the server must not be Read-only.
See:
"Error: 5 when copying the policy file to workstation"
http://support.novell.com/docs/Tids/.../10075231.html
6. A Zen distributed GPT.INI should not have any "Options" set, only:
[General]
gPCMachineExtensionNames=
(if the GPO only contains "Computer Configuration" settings).
See:
"Computer Settings in Group Policy do not apply correctly"
http://www.novell.com/support/viewCo...6914&sliceId=1
7. GPT.INI must have the correct CSEs.
See:
http://technet.microsoft.com/en-us/l.../cc779745.aspx
http://support.microsoft.com/kb/216357
http://support.microsoft.com/kb/271135 (particularly the "Group Policy
Components" part).
Regards
Rolf Lidvall
Swedish Radio (Ltd)
Similar Messages
-
Hi
With restricted groups I can specify the end user -domain- accounts that are members of the local administrators group on domain PCs. But - I need a particular LOCAL account on all the machines to keep its membership of the local administrators group for testing reasons. At the moment restricted groups is striping this local account of its admin access.
Is it possible to specify a -local- computer account as admin on all the PCs via group policy or it can only be done with domain accounts?
thanksYou are asking for local accounts to be managed via "Restricted Groups".
Yes, it is possible.
Rajesh showed you one way with domain groups. In his version "Administrators" group will only contain those accounts
that are specified in the GPO, no manually added accounts. This is not always desired.
If you wish to have an account (group or user, local or domain) to be added to "Administrators" group while keeping all the other
members, proceed like this:
- create the local account on the client(s)
- in the GPO select "Add Group" in "Restricted Groups".
- type in the name of the local account, e.g. "TestID"
- in the appearing dialogue choose "This group is a member of" => Add
- type in "Administrators"
Link the GPO and that's all.
The original MS description for "Restricted Groups".is here:
http://support.microsoft.com/kb/279301/en-us
Another nice one here:
http://www.frickelsoft.net/blog/?p=13
Besides that, a great solution to manage local accouts is GP Preference Extension "Local Users and Groups".
You can simply create a "Local Users and Groups" Item (computer or user based) and specify the needed options.
http://technet.microsoft.com/en-us/library/cc731972.aspx
Of course you need some prerequisites (at least one Vista or Winows 2008 for management and the GPP CSE on each target machine).
If you are new to GPP, these links will help you to get into it:
http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=42E30E3F-6F01-4610-9D6E-F6E0FB7A0790&displaylang=en
http://support.microsoft.com/kb/943729/en-us
http://technet.microsoft.com/en-us/library/cc732027.aspx
http://technet.microsoft.com/en-us/library/cc731892(WS.10).aspx
Patrick -
Group Policy "Restricted Groups" (local groups) using group policy preferences
I was recently tasked a solution with creating a group policy to manage RDP user access to a set of Active Directory computer objects.
Part of the solution was to create a policy so that this would only apply a specific security group(users) to a specific set of Active Directory computer objects within the OU to which it was applied so that other machines
and/or user accounts in this OU remain un affected by this policy.
The policy was to be able to include multiple sets of Security groups(users) for the associated machines isolating those security groups(users) to only their sets of Active Directory computer objects.
Reduce the requirement to create multiple group policies to apply different "Local Group"/"Restricted groups" management for computer objects in the domain.
I thouhgt about using System based policies and creating different WMI filters to target sets of AD Computer objects, but came to the conclusion this would not help due to the limited of WMI quries I would be able to create for a standard
Image.
So I then thought about group policy preferences and came up with the solution
I created a new Group policy and created a new item for the local group, in this instance but not limited to "Remote Desktop users (built-in)" and added the security group(users). In my case I did not need to use the "delete
all member users" or "delete all member groups" as I wanted other groups in this local group for the computer objects to remain intact.
Then what I did is set the "item-level-target" setting from "the common tab" on the GPP and set it to the security group which containd the AD computer objects the user accounts required access to. I then did a couple of standard
tests to confirm the local security group(users) appeared only on the machine in the item level target security group and applied to no other machines in the outside of SOM.
So with this in place, if I needed to create any other entries for different groups and access to specific machines all I need to do is create a new GPP item within this policy.
Being mindful that system policies settings if applied to same OU will take preceedence over GPP settings....
Thought I would just share this in-case anyone else has had similar requests/thoughts and or has other methods that they have used that they would like to share.
I am not sure either on the limit of entries that GPP have either so if anyone does know please post and possible links?
I have struggled to find an answer, however it could be that I am not asking the right question!good sharing...
Best,
Howtodo -
Currently we are running ZfD 7 and Netware 6.5 and have recently upgraded all our workstations to Windows XP Service Pack 2. Our tree structure consists of an OU for each school level, elementary, middle, and high, and an OU for each school in that respective level. Example:
Elementary
West Main
South Main
Middle
Brown Middle
The current contents in each School OU have users, groups, policies, ect. Previously policy was applied by a workstation policy package that distributed all policies: user, machine, and security which were associated with the School OU. Now we split the policy into workstation packages and a user packages. The goal was to have the workstation apply the machine and security policy and the user policy to apply user settings and create dynamic the local user account.
The workstation policy remains persistent on the workstation while the user policy creates a local user (non-volatile) and applies the user policy from a server path depending on group membership. We have four different user policy packages: Student, Teacher, Specialist and Technology. Each with there own group policy user configuration. Everyone in our Tree has the appropriate permissions to access the policies. We configure the user policy package as follows:
Policies Windows XP
Enabled Dynamic Local User
Enabled Windows Group Policy
Workstation Manager
Network Location
\\serverpath
Checked User Configuration
Policy Schedule
User Desktop is active
Advanced Schedule
Impersonation
Interactive User
Associations
Groups (Teachers, Students)
I can get the workstation policy to apply with no problem. The problem comes when a users logs on. It doesnt matter if a new user is being created or if they are simply just switching users. User group policy doesnt apply randomly. The strange thing is it does copy down to the machine. If I connect to the admin share on a newly imaged workstation (with no policy applied) and open c:\windows\system32\ you see the creation of GroupPolicy.Usercache Folder and it copies to the GroupPolicy Folder which is were it applies policy from. Also you can see policy dynamically changing if different users logs on. The Registry.pol updates in the c:\windows\system32\ GroupPolicy.Usercache\User folder and c:\windows\system32\ GroupPolicy \User Sometimes group policy applies and sometimes it does not. When a user logs on you see the policy that was copied down apply. For example the run option is taken away from the start menu. During the log on process this remains in effect but when the process completes its almost like policy is take away. When this occurs I can run WMSCHED.Exe and reapply the user policy and it will apply sometimes. I tried applying group policy through both groups and organizational units. Both with the same results. I was wondering if anyone has had issues with applying group policy with ZEN or if I am doing this incorrectly. Any help would be much appreciated. Thanks.rscurr,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Group Policy Helper tool not working properly
Hello,
I`m using IE 9 on a x64 Win 7 enterprise PC with ZCM 10.3.4.
When Im logging into ZCC and start to configure a "windows group policy" the group policy helper tool starts and begins to download the policy.
Then the gpedit.msc appears i get the popup "group policy settings imported successfully" immediately. This popup should certainly come up, when i close the gpedit.msc to import the changed policy setting.
But so i always get an empty policy for upload.
Any hints what`s wrong with it?!Originally Posted by andreas_karl
Hello,
I`m using IE 9 on a x64 Win 7 enterprise PC with ZCM 10.3.4.
When Im logging into ZCC and start to configure a "windows group policy" the group policy helper tool starts and begins to download the policy.
Then the gpedit.msc appears i get the popup "group policy settings imported successfully" immediately. This popup should certainly come up, when i close the gpedit.msc to import the changed policy setting.
But so i always get an empty policy for upload.
Any hints what`s wrong with it?!
IE 9 is not supported, you need to stay on IE8 until 11.2 is released (15 march).
Thomas -
I have looked all around but have not really found a solution to this problem. How do I lock UAC on via Group Policy so that no one can change it except via Group Policy and all the settings
are greyed out even for administrators? I just want it on the default settings and left alone. If I wanted to do something similar for Windows Firewall or Internet Explorer settings, it seems easy, but UAC seems to be different. Unfortunately I have situations
at clients where this setup is necessary and unavoidable.Hi,
This can be done via Local Group Policy or via Active Directory-based GPO, which is much more suited for large networks where one would like to disable UAC for many computers at once.
If using Local Group Policy you'll need to open the Group Policy Editor (Start > Run > gpedit.msc) from your computer.
If using in AD-based GPO, open Group Policy Management Console (Start > Run > gpmc.msc) from a Vista computer that is a member of the domain. In the GPMC window, browse to the required GPO that is linked to the OU or domain where the Vista computers
are located, then edit it.
1.In the Group Policy Editor window, browse to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
2.In the right pane scroll to find the User Access Control policies (they're down at the bottom of the window). You need to configure the following policies:
User Account Control: Behavior of the elevation prompt for……
User Account Control: Detect application installations and……
User Account Control: Run all administrators in Admin App……
3.You'll need to reboot your computers.
There is a detial Microsoft official website on Configuring UAC via Group Policy:
UAC Group Policy Settings and Registry Key Settings
http://technet.microsoft.com/en-us/library/dd835564(WS.10).aspx
Hope it helps.
Regards,
Blair Deng
Blair Deng
TechNet Community Support -
Group Policy Preferences - Registry change - time targetting
I have a customer who wants to change the timeouts etc on a screensaver based on the time of day.
Users often leave a machine open and on(with Bloomberg info) and work using another machine while they keep an eye on the Bloomberg one.
The plan is to have these machines running Bloomberg have a long screen timeout during the working day, and then go back to the default screensaver timeout after that so the users don't have to continually enter a password.
Looking at GPP it needs to be done via a registry change.
I've created the policy (screensaver, lock and screensaver on are all set (3 reg updates), then 2 time targeted additional reg updates for the screen saver timeout), but the policy only applies at logon or a forced gpupdate. It doesn't update when
the time change occurs.
If I run a "gpupdate /force" the policy does change based on time. I have tried a scheduled task for "gpupdate / force" and that didn't apply the change.
Is GPP registry just not up to the job for time scheduling with a registry change, or am I doing something wrong?
All machines are Win7 pro x64Hi JaseFromLodon,
To make it work ,we can set this policy to have a check.By default, computer Group Policy is updated in the background every 90 minutes.We can change this time to "0" instead of creating a task schedule and the update will be performed every 7
second.
Computer Configuration\Administrative Templates\System\Group Policy \Set group policy refresh internal for computers
Here is a link for reference
Group Policy refresh interval for computers
https://technet.microsoft.com/en-us/library/cc940895.aspx
For the time range faeture ,I am sorry I didn`t explain the issue clearly .
Pay attention to the "note " in step 13 of the link as you posted .
"Make sure you allow for the policy refresh interval (default 90 minutes with a 20% random offset) when configuring the start and end time. This means you might want to start applying the policy 2 hours before the start of business (e.g. 6:30am) to make
sure all the computers are configured with the Business Hours Power Plan before people login in the morning (e.g. 8:30am)."
The time targeting feature doesn`t mean the preference settings will be applied according to the specific time we have set .It means the preference settings will be applied to the machines whose time is included in the time range .Please pay attention to
the explanation of the time range features carefully (the screenshot I have posted).
Manually "gpupdate /force "will work .I suspect the task schedule hasn`t been set correctly .Please check the running history of this task schedule.
Best regards -
Group Policy Printer Error (0x80070005 Access Denied)
I am trying the deploy two network printers via group policy using Server 2008 R2 SP1. I created the GPO and added the printers from our print server under computer configuration so that it will apply to the computers, not just the users. After a computer in
the correct OU Gpupdates I recieve the following error in it's application event log:
WARNING: GROUP POLICY PRINTERS
Group Policy object did not apply because it failed with error code 0x80070005 Access is Denied. This error was suppresed.
Any suggestions or thoughts are appreciated. I have been dealing with this error and trying the figure it out for awhile now.Hi,
This issue mostly can be caused due to the incorrect permission settings.
Please try to perform the troubleshooting steps the following Microsoft TechNet blog provides.
Group Policies and Access Denied
http://blogs.technet.com/b/matthewms/archive/2005/10/29/413275.aspx
Regards,
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Group Policy - User Rights Assignments not taking effect on workstation`
Novell 5.1 SP7. ZenWorks 3.2 sp3. Windows XP Pro workstations.
In Group Policy, (Computer Configuration/Windows Settings/Security
Settings/Local Policies/User Rights Assignment), I have added Power Users to
the "Load and Unload device drivers" policy. However this setting is not
taking effect on my Windows XP workstations. My DLU policy for users is
configured to have the users members of the "Users" and "Power Users" groups
on the local PC.
Other parts of Group Policy (Computer Policy/Administrative Templates) are
taking effect on the workstation, so I'm wondering if the problem I am
having is related to Security Settings only.
I enabled Group Policy logging on the Windows XP workstation and include it
below:
WMHelperInitialization (Mar 4 2004) called! Flags: 0x8001002. Event:
0x1000. Impersonation: 0x2
Created Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x204
WMHelperSystemEntryEx called!
Entered GPCleanupEntry
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Reading Persist Workstation settings from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Persist
Workstation settings not found. Assuming 0
Error 2 reading Persist Workstation settings
Entered RestoreOriginalGP.
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Entered GPDel
Deleting C:\WINDOWS\System32\GroupPolicy\User
Deleting C:\WINDOWS\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring backup GP from C:\WINDOWS\System32\GroupPolicy.WMOriginal
Entered GPCopy(C:\WINDOWS\System32\GroupPolicy.WMOriginal,
C:\WINDOWS\System32\GroupPolicy, 0, handle, 0x80000070)
Warning: C:\WINDOWS\System32\GroupPolicy.WMOriginal\GPT.ini does not exist
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Writing Group Policy Machine Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x4000 to Group Policy Machine Status in key
Software\Novell\Workstation Manager\Group Policies
Exiting RestoreOriginalGP 0x0
Entered AppendSecuritySettings
Inf path: C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
Restoring GP settings
Loading Account Policies...
Loading Audit Policies...
Loading user rights...
Restoring security options...
No data
No data
No data
No data
No data
No data
No data
No data
Renamed Administrator account: Administrator
Local Administrator's user name = Administrator
Administrator account names match, skipping.
Renamed Guest account: Guest
Local Guest's user name = Guest
Guest account names match, skipping.
LoadXPSecuritySettings returning 0
LoadHive entered
LoadHive exit : 0
Exiting AppendSecuritySettings 0x0
GPCleanupEntry releasing mutex.
Exiting GPCleanupEntry: 0
Exiting WMHelperSystemEntryEx ccode: 0x0
Closing log file.
WMHelperInitialization (Mar 4 2004) called! Flags: 0x0. Event: 0x0.
Impersonation: 0x0
Created Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x11
Entering WMHelperInteractiveUserEntry!
szFullDN = CN=wintest3.OU=Users.OU=Newcastle.O=OSG
DN is Typed convert it to TYPELESS
g_szUserDN = wintest3.Users.Newcastle.OSG
GinaGetUsersSIDInTextualForm ENTERED
Textual SID : S-1-5-21-1214440339-507921405-1708537768-1019
GinaGetUsersSIDInTextualForm EXIT : 0
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Entered CheckForObsoleteWksCache .
No workstation. Exiting CheckForObsoleteWksCache
Applying user policies
Reading Don't reparse from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value Don't reparse: 0x0 in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Entering ApplyPolicies
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Flags: 0x80000070
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Impersonating logged on user.
Context : OU=Users.OU=Newcastle.O=OSG
Full Object DN CN=wintest3.OU=Users.OU=Newcastle.O=OSG
Calling WMGetAllAssociatedObjects(FALSE, MARITIME, 1,
CN=wintest3.OU=Users.OU=Newcastle.O=OSG, WINNT Workstation Package,
zenwmGroupPolicy, 512, pBuffer)
Reverting to system impersonation.
Found DN CN=XP User Package:WinNT-2000-XP:Windows Group Policy.OU=Policy
Packages.OU=Newcastle.O=OSG
WMCheckIfGroupPolicyObjectsChanged entered
Impersonating logged on user.
Reverting to system impersonation.
Group Policy object has NOT changed!
Exiting WMCheckIfGroupPolicyObjectsChanged 0x0
Entered ScheduleCleanup.
Loaded wmschapi.dll
Calling WMScheduleAction
Finished Calling WMScheduleAction. Returned 0x0
Exiting ScheduleCleanup 0x0
Entered BackupOriginalGP.
No backup exists. Creating one: C:\WINDOWS\System32\GroupPolicy.WMOriginal
Backing up original GP to C:\WINDOWS\System32\GroupPolicy.WMOriginal
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\admfiles.ini to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\adm files.ini
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\conf.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\con f.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\inetres.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\ine tres.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\system.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\sys tem.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\wmplayer.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\wmp layer.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\wuau.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\wua u.adm
Copied file C:\WINDOWS\System32\GroupPolicy\GPT.ini to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\GPT.ini
Copied file C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\IPS1.dat
Copied file C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\XPSec.dat
Entered SaveSecuritySettings
Inf path:
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\
Saving XP security settings
Saving Account Policies...
Saving Audit Policies...
Saving user rights...
Name: Administrator
Comment: Built-in account for administering the computer/domain
Full Name:
No rights.
Name: Guest
Comment: Built-in account for guest access to the computer/domain
Full Name:
Right: SeInteractiveLogonRight
Right: SeDenyInteractiveLogonRight
Right: SeDenyNetworkLogonRight
Name: HelpAssistant
Comment: Account for Providing Remote Assistance
Full Name: Remote Desktop Help Assistant Account
No rights.
Name: SUPPORT_388945a0
Comment: This is a vendor's account for the Help and Support Service
Full Name: CN=Microsoft Corporation,L=Redmond,S=Washington,C=US
Right: SeBatchLogonRight
Right: SeDenyInteractiveLogonRight
Right: SeDenyNetworkLogonRight
Name: vector
Comment: Account created by Novell's Workstation Manager
Full Name:
No rights.
Name: wintest3
Comment: Account created by Novell's Workstation Manager
Full Name:
No rights.
Name: None
Comment: Ordinary users
No rights.
Name: Administrators
Right: SeSecurityPrivilege
Right: SeBackupPrivilege
Right: SeRestorePrivilege
Right: SeSystemtimePrivilege
Right: SeShutdownPrivilege
Right: SeRemoteShutdownPrivilege
Right: SeTakeOwnershipPrivilege
Right: SeDebugPrivilege
Right: SeSystemEnvironmentPrivilege
Right: SeSystemProfilePrivilege
Right: SeProfileSingleProcessPrivilege
Right: SeIncreaseBasePriorityPrivilege
Right: SeLoadDriverPrivilege
Right: SeCreatePagefilePrivilege
Right: SeIncreaseQuotaPrivilege
Right: SeChangeNotifyPrivilege
Right: SeUndockPrivilege
Right: SeManageVolumePrivilege
Right: SeImpersonatePrivilege
Right: SeCreateGlobalPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Right: SeRemoteInteractiveLogonRight
Name: Users
Right: SeShutdownPrivilege
Right: SeChangeNotifyPrivilege
Right: SeUndockPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Name: Guests
No rights.
Name: Power Users
Right: SeSystemtimePrivilege
Right: SeShutdownPrivilege
Right: SeProfileSingleProcessPrivilege
Right: SeChangeNotifyPrivilege
Right: SeUndockPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Name: Account operators
No rights.
Name: System operators
No rights.
Name: Printer operators
No rights.
Name: Backup operators
Right: SeBackupPrivilege
Right: SeRestorePrivilege
Right: SeShutdownPrivilege
Right: SeChangeNotifyPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Name: Replicators
No rights.
Name: RAS servers
No rights.
Name: Pre2000 compatible access
No rights.
Exiting SaveUserRights (0)
Saving Security Options
Found: MACHINE/Software/Microsoft/Driver Signing/Policy
Data type is 3
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Setup/RecoveryConsole/SecurityLevel
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Setup/RecoveryConsole/SetCommand
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/AllocateCDRoms
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/AllocateDASD
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/AllocateFloppies
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/CachedLogonsCount
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/ForceUnlockLogon
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/PasswordExpiryWarning
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/ScRemoveOption
Data type is 1
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DisableCAD
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLastUserName
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeCaption
Data type is 1
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeText
Data type is 7
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ScForceOption
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ShutdownWithoutLogon
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/UndockWithoutLogon
Data type is 4
Found: MACHINE/SOFTWARE/policies/Microsoft/windows
NT/DCOM/MachineAccessRestriction
Data type is 1
Found: MACHINE/SOFTWARE/policies/Microsoft/windows
NT/DCOM/MachineLaunchRestriction
Data type is 1
Found: MACHINE/System/CurrentControlSet/Control/Lsa/AuditBaseObjects
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/CrashOnAuditFail
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/DisableDomainCreds
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Control/Lsa/EveryoneIncludesAnonymous
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/ForceGuest
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/FullPrivilegeAuditing
Data type is 3
Found: MACHINE/System/CurrentControlSet/Control/Lsa/LimitBlankPasswordUse
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/LmCompatibilityLevel
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/MSV1_0/NTLMMinClientSec
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/MSV1_0/NTLMMinServerSec
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/NoDefaultAdminOwner
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/NoLMHash
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymous
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymousSAM
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/SubmitControl
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print
Services/Servers/AddPrinterDrivers
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Control/SecurePipeServers/Winreg/AllowedPaths/Machine
Data type is 7
Found: MACHINE/System/CurrentControlSet/Control/Session
Manager/Kernel/ObCaseInsensitive
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Session Manager/Memory
Management/ClearPageFileAtShutdown
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Session
Manager/ProtectionMode
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/AutoDisconnect
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/EnableForcedLogOff
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/EnableSecuritySignature
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionPipes
Data type is 7
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionShares
Data type is 7
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/RequireSecuritySignature
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/EnablePlainTextPassword
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/EnableSecuritySignature
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/RequireSecuritySignature
Data type is 4
Found: MACHINE/System/CurrentControlSet/Services/LDAP/LDAPClientIntegrity
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/DisablePasswordChange
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/MaximumPasswordAge
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RefusePasswordChange
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireSignOrSeal
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireStrongKey
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SealSecureChannel
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SignSecureChannel
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/NTDS/Parameters/LDAPServerIntegrity
Data type is 4
Administrator's user name = Administrator
Guest's user name = Guest
SaveHive entered
SaveHive exit : 0
Exiting SaveSecuritySettings 0x0
Backup path: C:\WINDOWS\System32\GroupPolicy.WMOriginal
Exiting BackupOriginalGP 0x0
Entered RestoreCachedGP.
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
No gpt.ini detected, aborting RestoreCachedGP.
Checking whether OriginalGP exists
Entered GPDel
Deleting C:\WINDOWS\System32\GroupPolicy\User
Deleting C:\WINDOWS\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring original GP.
Entered RestoreOriginalGP.
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Entered GPDel
Deleting C:\WINDOWS\System32\GroupPolicy\User
Deleting C:\WINDOWS\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring backup GP from C:\WINDOWS\System32\GroupPolicy.WMOriginal
Entered GPCopy(C:\WINDOWS\System32\GroupPolicy.WMOriginal,
C:\WINDOWS\System32\GroupPolicy, 0, handle, 0x80000070)
Copied C:\WINDOWS\System32\GroupPolicy.WMOriginal\GPT.ini to
C:\WINDOWS\System32\GroupPolicy\GPT.ini
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x4000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Exiting RestoreOriginalGP 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x4000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Entered GPCopy(C:\WINDOWS\System32\GroupPolicy.UserCache,
C:\WINDOWS\System32\GroupPolicy, 0, handle, 0x80000070)
Copied C:\WINDOWS\System32\GroupPolicy.UserCache\GPT.ini to
C:\WINDOWS\System32\GroupPolicy\GPT.ini
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\User\MIC ROSOFT\IEAK\install.ins to
C:\WINDOWS\System32\GroupPolicy\User\MICROSOFT\IEA K\install.ins
Copied file C:\WINDOWS\System32\GroupPolicy.UserCache\User\Reg istry.pol to
C:\WINDOWS\System32\GroupPolicy\User\Registry.pol
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\IPS2.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS2.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\IPS3.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS3.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
Copied file C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Registry.pol
to C:\WINDOWS\System32\GroupPolicy\Machine\Registry.p ol
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x3000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Entered MergeGptFile(C:\WINDOWS\System32\GroupPolicy.UserC ache, 0x80000070)
g_dwVersion: 0x0.
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0x70007 in key Software\Novell\Workstation
Manager\Group Policies
Found machine extensions...
Found user extensions...
Exiting MergeGptFile 0x0
Reading user's user settings.
Entered AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\User\Reg istry.pol
Entered parseRegFile
Val: 'BlockExeAttachments'
Added: Software\Microsoft\Outlook Express\BlockExeAttachments
Val: 'NoHTMLWallPaper'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop\NoHTMLWallPaper
Val: '**del.NoChangingWallPaper'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop, val:
NoChangingWallPaper
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop\**del.NoChangingWallPaper
Val: 'ForceClassicControlPanel'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ForceClassicControlPanel
Val: 'NoSMMyPictures'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSMMyPictures
Val: 'NoStartMenuMyMusic'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoStartMenuMyMusic
Val: 'NoDesktopCleanupWizard'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoDesktopCleanupWizard
Val: 'NoWelcomeScreen'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoWelcomeScreen
Val: 'NoActiveDesktop'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoActiveDesktop
Val: '**del.NoInternetIcon'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoInternetIcon
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoInternetIcon
Val: '**del.NoNetHood'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val: NoNetHood
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoNetHood
Val: 'NoAutoUpdate'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoAutoUpdate
Val: 'NoSMBalloonTip'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSMBalloonTip
Val: 'NoSMConfigurePrograms'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSMConfigurePrograms
Val: 'NoComputersNearMe'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoComputersNearMe
Val: 'MaxRecentDocs'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\MaxRecentDocs
Val: 'NoSharedDocuments'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSharedDocuments
Val: '**del.NoStartMenuEjectPC'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoStartMenuEjectPC
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoStartMenuEjectPC
Val: 'NoActiveDesktopChanges'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoActiveDesktopChanges
Val: '**del.NoAddPrinter'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoAddPrinter
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoAddPrinter
Val: '**del.NoDeletePrinter'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoDeletePrinter
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoDeletePrinter
Val: '**del.NoToolbarsOnTaskbar'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoToolbarsOnTaskbar
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoToolbarsOnTaskbar
Val: '**del.NoSetTaskbar'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoSetTaskbar
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoSetTaskbar
Val: 'ForceStartMenuLogOff'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ForceStartMenuLogOff
Val: '{20D04FE0-3AEA-1069-A2D8-08002B30309D}'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Val: '**del.{450D8FBA-AD25-11D0-98A8-0800361B1103}'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum, val:
{450D8FBA-AD25-11D0-98A8-0800361B1103}
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum\**del.{450D8FBA-AD25-11D0-98A8-0800361B1103}
Val: '**del.{645FF040-5081-101B-9F08-00AA002F954E}'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum, val:
{645FF040-5081-101B-9F08-00AA002F954E}
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum\**del.{645FF040-5081-101B-9F08-00AA002F954E}
Val: '**del.Wallpaper'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \System, val: Wallpaper
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\**del.Wallpaper
Val: '**del.WallpaperStyle'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \System, val:
WallpaperStyle
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\**del.WallpaperStyle
Val: 'NoDispScrSavPage'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\NoDispScrSavPage
Val: 'NoAddFromNetwork'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromNetwork
Val: '**del.NoAddRemovePrograms'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall, val:
NoAddRemovePrograms
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\**del.NoAddRemovePrograms
Val: 'ListBox_Support_Allow'
Added: Software\Policies\Microsoft\Internet Explorer\New
Windows\ListBox_Support_Allow
Val: '*.fleetviewonline.com'
Added: Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow\*.fleetviewonline.com
Val: '*.osg.com'
Added: Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow\*.osg.com
Val: 'NoHelpItemTutorial'
Added: Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoHelpItemTutorial
Val: 'NoHelpItemNetscapeHelp'
Added: Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoHelpItemNetscapeHelp
Val: 'NoHelpItemSendFeedback'
Added: Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoHelpItemSendFeedback
Val: 'PreventAutoRun'
Added: Software\Policies\Microsoft\Messenger\Client\Preve ntAutoRun
Val: ''
Added: Software\Policies\Microsoft\SystemCertificates\Tru st\Certificates\
Val: ''
Added: Software\Policies\Microsoft\SystemCertificates\Tru st\CRLs\
Val: ''
Added: Software\Policies\Microsoft\SystemCertificates\Tru st\CTLs\
Val: 'ScreenSaverIsSecure'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaverIsSecure
Val: 'ScreenSaveActive'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaveActive
Val: 'ScreenSaveTimeOut'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaveTimeOut
Val: 'SCRNSAVE.EXE'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\SCRNSAVE.EXE
Val: 'ListBox_Support_ZoneMapKey'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\ListBox_Support_ZoneMapKey
Val: '*.osg.com'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\ZoneMapKey\*.osg.com
Val: 'osgintranet'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\ZoneMapKey\osgintranet
Val: '1A00'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\Zones\1\1A00
Val: '1809'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\Zones\1\1809
Val: '1803'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\Zones\1\1803
Val: 'DontPromptForWindowsUpdate'
Added:
Software\Policies\Microsoft\Windows\DriverSearchin g\DontPromptForWindowsUpdate
Val: 'NC_RenameLanConnection'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RenameLanConnection
Val: 'PromptPasswordOnResume'
Added:
Software\Policies\Microsoft\Windows\System\Power\P romptPasswordOnResume
Val: 'NoAUAsDefaultShutdownOption'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAUAsDefaultShutdownOption
Val: 'NoAUShutdownOption'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAUShutdownOption
Val: 'BehaviorOnFailedVerify'
Added: Software\Policies\Microsoft\Windows NT\Driver
Signing\BehaviorOnFailedVerify
Val: 'MovieMaker'
Added: Software\Policies\Microsoft\WindowsMovieMaker\Movi eMaker
Exiting parseRegFile
Exiting AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\User\Reg istry.pol 0x0
Reading user's computer settings.
Entered AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Registry.pol
Entered parseRegFile
Val: 'NoUpdateCheck'
Added: Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoUpdateCheck
Val: 'NoSplash'
Added: Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoSplash
Val: 'PreventAutoRun'
Added: Software\Policies\Microsoft\Messenger\Client\Preve ntAutoRun
Val: 'NV PrimaryDnsSuffix'
Added: Software\Policies\Microsoft\System\DNSClient\NV PrimaryDnsSuffix
Val: ''
Added: Software\Policies\Microsoft\Windows\Safer\
Val: 'WUServer'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ WUServer
Val: 'WUStatusServer'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ WUStatusServer
Val: 'NoAutoRebootWithLoggedOnUsers'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAutoRebootWithLoggedOnUsers
Val: 'AutoInstallMinorUpdates'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\AutoInstallMinorUpdates
Val: 'DetectionFrequencyEnabled'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\DetectionFrequencyEnabled
Val: 'DetectionFrequency'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\DetectionFrequency
Val: 'UseWUServer'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\UseWUServer
Val: 'RescheduleWaitTimeEnabled'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\RescheduleWaitTimeEnabled
Val: 'RescheduleWaitTime'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\RescheduleWaitTime
Val: 'NoAutoUpdate'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAutoUpdate
Val: 'AUOptions'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\AUOptions
Val: 'ScheduledInstallDay'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\ScheduledInstallDay
Val: 'ScheduledInstallTime'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\ScheduledInstallTime
Val: 'RegistrationOverwritesInConflict'
Added: Software\Policies\Microsoft\Windows
NT\DNSClient\RegistrationOverwritesInConflict
Val: 'SearchList'
Added: Software\Policies\Microsoft\Windows NT\DNSClient\SearchList
Val: 'PreventIISInstall'
Added: Software\Policies\Microsoft\Windows NT\IIS\PreventIISInstall
Val: 'SecurityCenterInDomain'
Added: Software\Policies\Microsoft\Windows NT\Security
Center\SecurityCenterInDomain
Exiting parseRegFile
Exiting AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Registry.pol 0x0
Entered GenerateGptFile(C:\WINDOWS\System32\GroupPolicy)
g_dwVersion: 0x70007.
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x70007 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting GenerateGptFile 0x0
Exiting RestoreCachedGP 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x3000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Bumping GPT version...
Entered SetGptVersion(0x0, TRUE).
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0x70007 in key Software\Novell\Workstation
Manager\Group Policies
Read file C:\WINDOWS\System32\GroupPolicy\GPT.ini
Found version 0x70007 in gpt.ini
Using version: 0x70007
Saving GPT version: 0x80008
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x80008 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting SetGptVersion 0x0.
Entered AppendSecuritySettings
Inf path: C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
Restoring GP settings
Loading Account Policies...
Loading Audit Policies...
Loading user rights...
Restoring security options...
No data
No data
No data
No data
No data
No data
No data
No data
No data for Administrator account name.
LoadXPSecuritySettings returning 0
LoadHive entered
LoadHive exit : 0
Exiting AppendSecuritySettings 0x0
Signalling OS to refresh policies
RegQueryValueEx returned 2
Policies are set to apply asynchronously
Policies will be processed asynchronously
Entered SetGptVersion(0x0, TRUE).
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0x80008 in key Software\Novell\Workstation
Manager\Group Policies
Read file C:\WINDOWS\System32\GroupPolicy\GPT.ini
Found version 0x80008 in gpt.ini
Using version: 0x80008
Saving GPT version: 0x90009
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x90009 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting SetGptVersion 0x0.
Entering RunGPUpdate
Exiting RunGPUpdate 0
Exiting ApplyPolicies 0x0
Writing Last Run Time High to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1c58076 to Last Run Time High in key
Software\Novell\Workstation Manager\Group Policies
Writing Last Run Time Low to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x34349ce0 to Last Run Time Low in key
Software\Novell\Workstation Manager\Group Policies
Apply user policies releasing mutex.
Exiting WMHelperInteractiveUserEntry ccode: 0x0
Closing log file.
WMHelperInitialization (Mar 4 2004) called! Flags: 0x2001. Event: 0x2000.
Impersonation: 0x1
Opened Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x11
Entering WMHelperInteractiveUserEntry!
szFullDN = CN=wintest3.OU=Users.OU=Newcastle.O=OSG
DN is Typed convert it to TYPELESS
g_szUserDN = wintest3.Users.Newcastle.OSG
GinaGetUsersSIDInTextualForm ENTERED
Textual SID : S-1-5-21-1214440339-507921405-1708537768-1019
GinaGetUsersSIDInTextualForm EXIT : 0
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Current time high: 0x1c58076
Reading Last Run Time High from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Last Run Time High: 0x1c58076 in key
Software\Novell\Workstation Manager\Group Policies
Previous time high: 0x1c58076
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Entered CheckForObsoleteWksCache
CN=LT_VECTOR.OU=Workstations.OU=Newcastle.O=OSG.
Full Object DN
CN=LT_VECTOR.OU=Workstations.OU=Newcastle.O=OSG.OU =Users.OU=Newcastle.O=OSG
Calling WMGetAllAssociatedObjects(FALSE, MARITIME, 1,
CN=LT_VECTOR.OU=Workstations.OU=Newcastle.O=OSG.OU =Users.OU=Newcastle.O=OSG,
WINNT Workstation Package, zenwmGroupPolicy, 512, pBuffer)
WMGetAllAssociatedObject returned 2
No associated workstation policies. Deleting
C:\WINDOWS\System32\GroupPolicy.WksCache.
DeleteGPRegVal: Error 0x2 deleting Group Policy Machine Flags
Exiting CheckForObsoleteWksCache 2
Applying user policies
Reading Don't reparse from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value Don't reparse: 0x1 in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Policy applied at predesktop. Skipping reapplication at user login.
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing Last Run Time High to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1c58076 to Last Run Time High in key
Software\Novell\Workstation Manager\Group Policies
Writing Last Run Time Low to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x38844da0 to Last Run Time Low in key
Software\Novell\Workstation Manager\Group Policies
Apply user policies releasing mutex.
Exiting WMHelperInteractiveUserEntry ccode: 0x0
Closing log file.
Thanks in advance
AliDUPLICATE
Answered in
novell.support.zenworks.desktops.3x.workstation-manager
Regards
Rolf Lidvall
Swedish Radio (Ltd)
NSC SysOp -
Is there a group policy to force all workstations in an OU to logoff?
Hello,
Is there a group policy to force all workstations in an OU to logoff?
Thanks in advance.I have not seen a policy related to log off users of specific OU's, but why not to give this a try:
import-module activedirectory
$Computers=Get-ADComputer -Filter * -SearchBase "ou=hadock,dc=hadock,dc=net"
foreach($PC in $Computers)
(Get-WmiObject win32_operatingsystem -ComputerName $PC.name).win32shutdown(4)
Above script uses WMI to send force logoff requests to clients in Hadock OU.
Hope it helps.
Mahdi Tehrani Loves Powershell
Please kindly click on Propose As Answer
or to mark this post as
and helpfull to other poeple. -
Windows 2008 R2 group policy not applied to windows 8 Workstations, but applied to XP and Win 7
I have a Windows 2008 R2 Domain Controllers and have a Policy to put a specify wallpaper, eventuality i have to change the Wallpaper, this setting applied sucesfully in Windows xp and Windows 7 workstations, but not applied in Windows 8 workstations even
if i run gpupdate /forcé,
Best Regards,
Thank youHi,
Thanks for posting in the forum.
Before going further, would you please let me know how did you configure the Group Policy setting to deploy the wallpaper? Have you configured some settings to limit the scope the GPO applying?
If all Windows 8 machines failed to receive the GPO settings? In order to narrow down the cause of the issue, I suggest we could try to collect the following information for troubleshooting.
GPMC.log
==================
a. On domain controller, click Start ->Run, type GPMC.MSC, it will load the GPMC console.
b. Right click on "Group Policy Result" and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select the proper
user in the wizard)
c. Right click
the resulting group policy result and click the "Save Report…" => save report to save the report to a HTML file.
Once we get the report, please check if the settings have been applied to the target correctly.
In addition, would you please let me know whether you have imported the latest Windows 8 Administrative Templates to the Windows Server 2008 DC? If not, please try to download and import it.
Then try to configure the wallpaper GPO settings again to see if it could help.
For details, please refer to the following articles.
Administrative Templates (.admx) for Windows 8 and Windows Server 2012
http://www.microsoft.com/en-us/download/details.aspx?id=36991
Set Desktop Background via Group Policy in Windows 7, Windows 8 in a Server 2008 or Server 2012 Domain
http://dizzyit.com/2013/04/14/set-desktop-background-group-policy-windows-7-windows-8-server-2008-server-2012-domain/
Hope this helps.
Best Regards,
Andy Qi
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.
Andy Qi
TechNet Community Support -
Question on a specific Group Policy setting for SCCM Updates
Hello,
This may not exactly be the correct forum for this question but in looking around I didn't come up with an immediate answer and was hoping someone else had this issue.
I have a WSUS server and am moving over to SCCM for updates. I've actually had success in getting 2 sets of patches installed after some very frustrating days thanks to people here.
I've noticed that when I switch workstations to my AD folder that has the SCCM Updates GPO instead of our standard WSUS GPO that we get action center errors "Set up Windows Update", "Windows Update is not set up". When we click
the flag it tells us to "Choose an Update Option".
In my new GPO I do have Configure Automatic Updates Enabled for "Auto Download and notify for install" but we still get this warning. Is there a differnet setting that controls this action that anyone is aware of in their experience? I looked
through the other settings but didn't se anything obvious.
Thanks for any help!Hi Dustin,
I'd read a number of different things trying to solve the problem. That article looked a little familiar but I re-read it carefully.
I do have "specify intranet Microsoft Update service location" set to Not Configured as someone had correctly pointed me to that as the reason I was not getting updates.
I did not have "Allow signed updates from an Intranet Micorsoft update server" enabled so that shoudl help some.
"Configure Automatic Updates" was enabled because I, incorectly, thoguth that's all that might be needed since Ihad to make sure I'd Not Configured the first setting.
I had "Turn on Recommended Updates" Enabled so I put it back to not configured.
I understand that turning things to Not Configured doesn't necessarily change any previous group policy settings so I may be getting some fallout from having a WSUS server on these systems before. I'd just like to aviod having to have everyone go into the
action center and manually click to configure updates.
I'll see if my one setting change has any effect.
UPDATE: I forced a gpupdate and the red flag in the action center has not disappeared. -
GPP Scheduled Task Fails in Group Policy Modeling depending on DC
We have multiple domain controllers running at a 2003 functional level.
We have 1 DC running Server 2003 x86 SP2 and the rest run Server 2008 (maybe R2)
I created a GPO that includes a Scheduled Task Group Policy Preference under Computer Configuration.
In order to test this I used Group Policy Modeling in the GPMC on a 2008 R2 Machine where I am editing Group Policy.
If I run the modeling (perform the simulation on the 2003 DC it fails. (Note I am modeling the GPO for a different computer, not the 2003 SP2 DC, I am running the modeling for a Workstation)
Information from the Component Status on the Summary Tab of the Modeling Report
Component Name Status
Group Policy Infrastructure Success
EFS recovery Success (no data)
Group Policy Scheduled Tasks Failed
Group Policy Scheduled Tasks failed due to the error listed below and failed to log resultant set of policy information.
Additional information may have been logged. Review the application event log on the domain controller on which the simulation was run for events between 2/28/2014 10:07:36 AM and 2/28/2014 10:07:36 AM.
Registry Success
Security Success
Info on the Settings Tab of the Modeling Report below.
An error has occurred while collecting data for Scheduled Tasks.
The following errors were encountered:
An unknown error occurred while data was gathered for this extension. Details: Invalid class
If I run the modeling using a 2008 DC to perform the simulation it works fine.
Per the instructions on the Summary Tab regarding the scheduled task failure I look at the event log on the 2003 domain controller and this is what i find.
The event I get on the 2003 DC is 8196 and I will place the details below.
Event Type: Error
Event Source: Group Policy Scheduled Tasks
Event Category: Disk
Event ID: 8196
Date: 2/27/2014
Time: 4:48:47 PM
User: NT AUTHORITY\SYSTEM
Computer: <computername>
Description:
The client-side extension caught the unhandled exception '0xC0000005' inside: 'threadEntry : client main' See trace file for more details. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
So, should I be concerned that this is failing on the 2003 DC, does this mean that if my workstations authenticate to my 2003 DC that the preference will not process?
I was reading that in 2003 client side extensions were not there and can be installed, would this make the modeling succeed?
How do I get verified, I tried to post screenshots, but I could not. :(Hi Jonathan,
As you have found the reason, I want to confirm whether the issue has been fixed.
In fact, for Windows Server 2003 to apply or process Group Policy Preferences settings, we must install client-side extensions of GPP for Windows Server 2003.
Although this is not related to this case, for your information, if our clients are Windows XP or Windows Vista, to use GPP, we must install client-side extensions for these
workstations respectively.
Regarding GPP, the following article can be referred to for more information.
Group Policy Preferences Getting Started Guide
http://technet.microsoft.com/en-us/library/cc731892(v=WS.10).aspx
Best regards,
Frank Shen -
The Group Policy client-side extension Scripts failed ...
This is an error I've been seeing forever and it was always the impression that upgrading would resolve it, but it never has even in 10.3. 100% of our users get these errors in the Event Viewer:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1085
Date: 10/21/2010
Time: 8:04:52 AM
User: NT AUTHORITY\SYSTEM
Computer: XXXXXX
Description:
The Group Policy client-side extension Scripts failed to execute. Please look for any errors reported earlier by that extension.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
We also seem to have flakey policy issues where once in awhile a user will not be able to logon to Windows with Workstation Only while getting the " not allowed to logon interactively" message, other times the users report not being able to access the Windows Date and Time Properties and further sometimes they are unable to make system changes.
We have troubleshooted this and the only resolutions we've found are to run zac cc, zac ref, zac pl and sometimes it seems like deleting c:\windows\system32\grouppolicy will help.
In regards to the Event Viewer entry I posted, on any given machine I can issue the command gpupdate and it will put another entry into the Event Viewer (sometimes multiple ones). I've learned through research that if I "clean up" c:\windows\system32\grouppolicy\gpt.ini the errors go away, but once the policy is refreshed they come right back.
This is the version ZenWorks gives the users:
[General]
gPCFunctionalityVersion=2
gPCFunctionalityVersion=2
gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
Version=6488106
gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B66650-4972-11D1-A7CA-0000F87571E3}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
This is the version I cleaned up:
[General]
gPCFunctionalityVersion=2
gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
I'm not sure how to get Zenworks to use the cleaned up version nor and I too sure what those extra extensions are and how they got in there. I may need to contact Novell in regards to this, but since I'm already working on an SR with them I figured I'd go ahead and post here first.
Any help or advice would be greatly appreciated.Here are the groups I'm using. NOTE: These have been in affect throughout the issues experienced. Users will work perfectly fine then suddenly the problem will start happening without any policy change on our side.
-Member of-
Network Configuration Operators+
Remote Desktop Users+
Users+
-Assigned Rights under a group I called "Other Rights"-
Access this computer from network
Change the system time
Log on locally
Shut down the system
The only condition I have is that these issues happen when logging in Workstation Only and I'm not able to recreate the problem on demand with tests.
Originally Posted by craig_wilson
The "Interactive Logon" is a Windows Security Permission.
It is generally assigned to certain local groups such as "User".
Which groups are assigned this right can be changed manually and
controlled by local security policies.
When user's get this error, it generally means their account is not in a
local group that has been assigned that right.
If using "DLU", make sure the user accounts are a member of "Users".
And If anyone was messing with security policies, make sure they did not
take away "Interactive Logons" from anyone.
On 10/29/2010 7:06 AM, jcsmith1 wrote:
>
> Thanks for replying craig.
>
> My policy woes have only grown since my first post. We are currently
> testing the removal of administrative rights and now we're having
> teleworkers (who login Workstation Only) getting the message "policy
> does not allow interactive login". What -seems- to fix it is a zac cc,
> zac ref and zac pl, however we just started getting call backs from
> users.
>
> I seem to have no further leads and Novell's ZenWorks tech supports
> seems to be going through some kind of painful-to-the-customer
> transition as one of my thoughts on resolving the issue is to go to 10.3
> or 10.3.1, but my Satellites appear to be upgrading but in reality do
> not upgrade (but the primary servers upgraded) (See SR 10655976331).
>
> Does anyone knows how to troubleshoot policy issues when the users
> aren't loggin into ZCM?
>
> craig_wilson;2036646 Wrote:
>> See: 'Group Policy Error: The Group Policy client-side extension Script
>> failed to execute.'
>> (Group Policy Error: The Group Policy client-side extension Script failed to execute.)
>>
>> This would never be fixed in any patch, since it would be the job of
>> GPEDIT to properly maintain the GPT.INI.
>>
>> Most of the Time these errors are cosmetic and caused by stray script
>> extensions.
>>
>> You may want to create an Enhancement Request to allow the creation of
>> "Filters" so certain errors are discarded and not sent to the DB/ZCC.
>> This way an Admin could choose to filter out various error messages
>> that
>> they deem are not actually of concern.
>>
>> On 10/21/2010 9:36 AM, jcsmith1 wrote:
>>>
>>> This is an error I've been seeing forever and it was always the
>>> impression that upgrading would resolve it, but it never has even in
>>> 10.3. 100% of our users get these errors in the Event Viewer:
>>>
>>> -Event Type: Error
>>> Event Source: Userenv
>>> Event Category: None
>>> Event ID: 1085
>>> Date: 10/21/2010
>>> Time: 8:04:52 AM
>>> User: NT AUTHORITY\SYSTEM
>>> Computer: XXXXXX
>>> Description:
>>> The Group Policy client-side extension Scripts failed to execute.
>>> Please look for any errors reported earlier by that extension.
>>>
>>> For more information, see Help and Support Center at
>>> http://go.microsoft.com/fwlink/events.asp.
>>> -
>>> We also seem to have flakey policy issues where once in awhile a
>> user
>>> will not be able to logon to Windows with Workstation Only while
>> getting
>>> the " not allowed to logon interactively" message, other times the
>> users
>>> report not being able to access the Windows Date and Time Properties
>> and
>>> further sometimes they are unable to make system changes.
>>>
>>> We have troubleshooted this and the only resolutions we've found are
>> to
>>> run zac cc, zac ref, zac pl and sometimes it seems like deleting
>>> c:\windows\system32\grouppolicy will help.
>>>
>>> In regards to the Event Viewer entry I posted, on any given machine
>> I
>>> can issue the command gpupdate and it will put another entry into
>> the
>>> Event Viewer (sometimes multiple ones). I've learned through
>> research
>>> that if I "clean up" c:\windows\system32\grouppolicy\gpt.ini the
>> errors
>>> go away, but once the policy is refreshed they come right back.
>>>
>>> This is the version ZenWorks gives the users:
>>>> [General]
>>>> gPCFunctionalityVersion=2
>>>> gPCFunctionalityVersion=2
>>>>
>> gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
>>>> Version=6488106
>>>>
>> gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B66650-4972-11D1-A7CA-0000F87571E3}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
>>>>
>>>>
>>>
>>> This is the version I cleaned up:
>>>> [General]
>>>> gPCFunctionalityVersion=2
>>>>
>> gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
>>>>
>> gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
>>>>
>>>>
>>>
>>> I'm not sure how to get Zenworks to use the cleaned up version nor
>> and
>>> I too sure what those extra extensions are and how they got in there.
>> I
>>> may need to contact Novell in regards to this, but since I'm already
>>> working on an SR with them I figured I'd go ahead and post here
>> first.
>>>
>>> Any help or advice would be greatly appreciated.
>>>
>>>
>>
>>
>> --
>> Craig Wilson - MCNE, MCSE, CCNA
>> Novell Knowledge Partner
>>
>> Novell does not officially monitor these forums.
>>
>> Suggestions/Opinions/Statements made by me are solely my own.
>> These thoughts may not be shared by either Novell or any rational
>> human.
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human. -
The Group Policy Client Service Failed The Logon
Hello,
When our students login to our Windows 7 machines they are getting this error:
The Group Policy Client Service Failed The Logon
Access is denied.
We are attempting to use both volatile and roaming profiles. The profiles are being stored on their H drives. I seem to only see the issue when the Windows NT 6.1 Workstation Profile.V2 folder already exists on their H drive. If the profile is not there then everything works fine.
Loading the user's ntuser.dat hive located in their H drive and changing the permissions manually to allow System, Administrators, and Users Full Control fixes the issue. How can I do this across all my user's H drives? Should I just delete them all and manually create the folder myself?
Last time I found one, the permissions for the hive had an "Unknown" user in the permissions list. There was no "Users" group. Removing the "Unknown" and adding "Users" fixed the problem. Are the permissions getting corrupted somehow?
Thanks for any assistance.
I've used the following link for reference:
Support | Windows 7 Roaming Profiles fail - user is assigned a temporary profile or fails to log on
Novell Doc: ZENworks 10 Configuration Management Policy Management Reference - Assigning a Roaming Profile Policy that has the User Profile Stored on a Home DirectoryOriginally Posted by coreyhansen
So it appears that I am experiencing the temporary profile detailed in my link I referenced above. I have status bubbles disabled by policy and didn't notice the notification. I'm going to try pre-populating my user H drives with the Windows NT 6.1 Workstation Profile.V2 folder containing an ntuser.dat file I've already edited the hive permissions of. This worked in small scale testing, so we will see.
I've been referencing this thread: http://forums.novell.com/novell-prod....html#poststop
So I have tried this with students that are experiencing the problem, and gotten limited success. It feels like it works at random, with around 50% of attempts working.
Has anyone out there had success with roaming profiles? Do I just need to go back to folder redirection? Will anyone please respond?
This is what the student's ntuser.dat hive permissions look like when things are not working:
Maybe you are looking for
-
Query Based Approval Procedure for Sales order .
Hi I have created query for SO which results above 5000 d 50,000 . By using this each query i created two seperate Approval Procedures which So is >5000 d >50000. If So>5000 Approval Procedure wants to activate same thing for >50,000., Bur approval
-
Hold switch doesn't work....can i fix it?
I just went and got my ipod repaired but they just gave me a brand new one and the hold switch DID work...for the frist day. then it worked occasionally, and now it dooesn't work at all and i've had it for ABOUT a week. can i fix it myself or should
-
Help ! I have recently used iTunes to subscribe to some Podcasts flawlessly. Then suddenly, I could only view the latest downloaded Podcasts in my iTunes account. I no longer had any Podcasts on my 160GB Classic. Can anyone save me from me ? I would
-
1141n multiple AP's one SSID with Radius
I have two 1141n APs. I have the first one configured as a root AP using the built in Radius feature (LEAP) I also have this thing configured using AES CCM. My clients are connecting to it with WPA2-Enterprise, getting 144Mbps. Perfect. The question
-
Registering JSP forms in oracle apps
Hi, Can anyone suggest me how to register JSP forms in oracle apps 11i (11.5.9 version), on Windows NT Regards