How to use Group Policy to remove the shutdown button on the logon screen

Similar Messages

• How do I make my HTA using group policy to always be on top of the task bar

  Ok, long story short, my project of the day is to come up with a HTA (My choice due to the click images etc),  that  will be pushed out via group policy ..  and that when the clients' computer users log into their laptop and b4 they see their
  desktop   the HTA application is triggered FULL Screen.
  right now what happens is the taskbar shows.. which freaks out management... they want to HTA Page to be completely covering the screen and NO Taskbar please.... ( as in NO ANCHOVIES PLEASE Song reference) .. but seriously
  how do I have the HTA  full screen over the TOP of the taskbar....
  right now I have this and it isn't over the taskbar:
  <hta:application
     showintaskbar = "no"
     caption = "no"
     border = "thick"
     contextmenu = "yes"
     icon = "path_to_icon.ico"
     innerborder = "no"
     scroll = "no"
     singleinstance = "yes"
     resizable = "no"
     windowState = "maximize"
  >

  First of all, copying and pasting your script into notepad, saving it as an HTA, and running it covered my taskbar. Even so, it is obviously not working in your environment. Typically, and as you've come to see, maximized applications do not cover the taskbar.
  I considered that you could run a registry command to auto-hide the taskbar when the HTA opened and then do the opposite in reverse, but this could get messy depending on how the HTA is closed. With a button press there would be no problem, but there's several
  ways to close an HTA and I'm not sure if you could catch them all - especially if mshta was forced closed from the Task Manager.
  What you could do is run some code inside the onLoad subroutine that obtains the screen's resolution (using WMI) and then resizes the HTA accordingly. Take a look at the answer on this forum post:
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/ac3b41b8-b563-4c8e-b50a-39952c442254/how-to-detect-screen-dpi-and-modify-hta-form-size-accordingly?forum=ITCG
  Edit: Corrected URL

• How to use GROUP BY  in ODI

  how to use GROUP BY in ODI tool

  Hi ,
  you can combine the insert stamt with the select ....so that in the target u will get a single line .....
  SQL&gt; select * from prop_details;
  PROPERTY RELAVANTD NOTICES
  10100 25-JAN-09 30
  10100 03-JAN-09 30
  10100 02-DEC-08 20
  10100 01-DEC-08 10
  10100 31-DEC-08 20
  10101 10-JAN-09 10
  10101 20-JAN-07 15
  10101 30-DEC-08 45
  10101 20-FEB-08 35
  10101 31-JAN-09 25
  10 rows selected.
  SQL&gt; select PROPERTY,max(RELAVANTDATE),SUM(NOTICES) from PROP_DETAILS GROUP BY P
  ROPERTY;
  PROPERTY MAX(RELAV SUM(NOTICES)
  10101 31-JAN-09 130
  10100 25-JAN-09 110
  SQL&gt;

• I have a problem in the shutdown button iPhone

  I have a problem in the shutdown button iPhone
  the button irresponsive

  Either visit an apple store or call 1-800-MY-APPLE. You can check your warranty status on your iPhone using the web address below, and as long as your phone is still under warranty, and has not sustained accidental damage (liquid, dropped, etc) then they'll fix it right up! Apple Store will fix it for you on the spot, you can mail it in to be fixed by calling tech support on the 800 number listed above.
  https://selfsolve.apple.com

• How can I deploy EFS using Group Policy and automatically encrypt computers for ALL users who login?

  How can I deploy EFS using Group Policy and Active Directory with a goal to automatically encrypt computers for ALL users who login? (NOT an option for me to use BitLocker)
  I was asked to deploy EFS to encrypt the user my documents folder and profile on all of the users laptops. The laptops are in common areas (board meeting rooms, etc) and security of files is a must.
  I successfully created a recovery certificate in AD. I created an OU and setup an EFS policy and users can now login and select to encrypt their own files. The issue is that management would like to have automaticy Encrypt ALL users my documents AUTOMATICALLY
  when a user login.
  Can this be done?
  Please help

  Hi,
  Any update?
  Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
  Best Regards,
  Andy Qi
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Andy Qi
  TechNet Community Support

• How to force group policy update remotely in a bunch of desktops(computers name in a textfile) by using powershell script?

  Hi,
  I want to force group policy on a collection of computers remotely.The name of computers can be stored in a text file.
  By using this info. (about computer names) , Could you please guide me writing a Powershell script for this.
  Thanks in advance.
  Daya

  This requires that PSRemoting is enabled in your environment.
  $Computers = Get-Content -Path 'C:\computers.txt'
  Invoke-Command -ComputerName $Computers -ScriptBlock {
  GPUpdate /Force

• Does using Group Policy Preferences to deploy printers require the print driver to be pre-installed?

  I'm trying to prepare our school system for Windows 7 (we currently use XP).  I would like to use the new Group Policy Preferences method of deploying printers.  I pushed out the XP client side extensions through WSUS.  In my test environment, I added the shared printer in group policy preferences.  My XP machine had the printers show up automatically, but my Windows 7 machine did not.  I realized that I had previously connected a printer of the same type to my XP machine before and the drivers were already installed.  To test this theory, I manually connected the shared printers to the Windows 7 machine, deleted them, then logged off and back on.  Now the printers are showing up from group policy.  My question is does using group policy preferences to deploy printers require the print driver to be pre-installed?  If not, then what am I doing wrong?  If so, is there a way to work around this?  Thanks for your help.
  EDIT:  To clarify, I am using the share method in GPP.  This is the error message I get in the event log:
  The user 'PRINTERNAME' preference item in the 'win7 printer test {946461A1-27F8-406F-A0B3-0A1A05AF34F6}' Group Policy object did not apply because it failed with error code '0x80070bcb The specified printer driver was not found on the system and needs to be downloaded.' This error was suppressed.

  This link have a description of resolution:
  http://technet.microsoft.com/en-us/library/cc725938.aspx
  Open the GPMC.
  Open the GPO where the printer connections are deployed, and navigate to Computer Configuration, Policies, Administrative Templates, Control
  Panel, and thenPrinters.
  Note
  The Point and Print Restrictions setting can also be found under User Configuration\Policies\Administrative Templates\Control Panel\Printers.
  This policy is ignored by Windows 7 and Windows Server 2008 R2, but is enforced by earlier editions of Windows including Windows XP with SP1, Windows Server 2003 with SP1, and Windows Server 2008. We recommend that you change
  this policy setting in both locations so that all down-level clients have a consistent experience.
  Right-click Point and Print Restrictions, and then click Properties.
  Click Enabled.
  Clear the following check boxes:
  Users can only point and print to these servers 
  Users can only point and print to machines in their forest 
  In the When installing drivers for a new connection box, select Do not show warning or elevation prompt.
  Scroll down, and in the When updating drivers for an existing connection box, select Show warning only.
  Click OK.

• Uninstall Lync 2010 client, Install Lync 2013 using Group Policy/VB/MS Customisation Tool

  Hi, I am using Group Policy/vb/Lync customization tools to deploy 2013 and remove 2010. The machines have Office 2010. The vb script is as below:
  Dim objShell 'As Object
  Dim objFSO 'As FileSystemObject
  '-- SET OBJECTS
  Set objFSO = CreateObject("Scripting.FileSystemObject")
  Set objShell = CreateObject("WScript.Shell")
  strComputerName = objShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
  Dim WshNetwork : Set WshNetwork = WScript.CreateObject("WScript.Network")
  objShell.Run """\\xxxxxxxxx - Do not Remove\Lync Install 2013 2010\Lync 2013 Outlook 2010\setup.exe"""
  I have amended the OCT with relevant settings, Lync 2013 installs but Lync 2010 does not uninstall. Here is how i have it set:
  In the Office Customization Tool - Set-up - Add Installation and Run Programs,
  In target - pointing to the Lync2010 exe file (on above share)
  In Arguments - /silent /uninstall
  Is this correct?
  Also, i would have thought that, Remove Previous Installations, it would have an option to remove Lync2010?
  Anyway..pulling my hair out here!
  Hope you can help.

  Hi,
  Based on your description, we can refer to the following threads for help.
  Slient Unninstall of Lync 2010 on client machines script required
  http://social.technet.microsoft.com/Forums/lync/en-US/69e32128-4581-4be5-9a44-b5d133e1f480/slient-unninstall-of-lync-2010-on-client-machines-script-required
  Scripting a Lync 2010 client Uninstall
  http://social.technet.microsoft.com/Forums/en-US/a65bd0d0-daa1-4616-8725-63f349fdde86/scripting-a-lync-2010-client-uninstall?forum=lyncconferencing
  For this issue is more related to Lync, in order to get better help, we can ask the question in the following TechNet dedicated Lync forum.
  Lync 2010 and OCS - Lync Clients and Devices
  http://social.technet.microsoft.com/Forums/lync/en-US/home?forum=ocsclients&filter=alltypes&sort=lastpostdesc
  In addition, for it also involves scripts, we can also ask for help in the following scripting forum.
  The Official Scripting Guys Forum
  https://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG&filter=alltypes&sort=lastpostdesc
  Hope it helps.
  Best regards,
  Frank Shen

• Uninstall IE and set another web browser such as Chrome and FireFox as default using Group Policy

  Hi there,
  Please can anyone instruct me on how to uninstall IE and set another web browser such as Chrome and FireFox as default using Group Policy. Your help would be much appreciated.
  Kind regards,
  RocknRollTim
  P.S. I was redirected by a forum user off the Microsoft Community forum.

  IE can't be uninstalled.  It's part of the operating system and cannot be removed.  You can hide the icon but the engine is still on the machine and still must be updated.
  This is a topic best suited for a Group policy forum. 
  https://social.technet.microsoft.com/Forums/en
  US/home?forum=winserverGP
  Step one is to install the Chrome ADMX templates - see the link below for more detais:
  Configuring Google Chrome via Group Policy | Jack Stromberg:
  http://jackstromberg.com/2013/08/configuring-google-chrome-via-group-policy/
  Of the two browsers, my personal preference is Chrome over Firefox.  Firefox's add in model is too prone to developer insecurity.
  My blog
  Thanks Justin Gu for marking this as the proposed answer.
  Thank you,
  RocknRollTim

• Block websites on Internet Explorer 11 using group policy

  hi everyone,
  i have been trying to block website for domain users using group policy windows server r2 for IE the problem is in internet properties content adviser option is not active.
  thanks in advance

  This is how you enable content adviser User Configuration -> Administrative
  Templates -> Windows Components -> Internet Explorer -> Internet Control
  Panel -> Content Page
  Cant see a way to edit the content thereafter via GP however

• Assign a local logon script using Group Policy

  Is there a way to assign a local logon script using Group Policy? The reason I ask is that I wrote a logon/logoff script that will record the date/time, user, and computer for everyone who logs on to any machine in the domain. Right now it's set on a domain
  GPO, so it works great for domain accounts, but I'd like to extend that functionality to local accounts as well. The only way I know how to do that would be to set my script to run using the local policy. Since I don't want to manually go around to all 400+
  machines in my domain, I would rather find a simpler way of modifying the local policy. Any ideas?

  Martin, thank you for your response. That's exactly the kind of out-of-the-box answer I was looking for, unfortunately, it looks like I can only do that for Logon scripts. I don't see an option for Logoff. (Maybe the took the Logoff functionality out?
  This article says there should be a Logoff item in the GPO, but they're talking about Windows 2000 in that article.)
  Matthias, I started playing around with what you said, and I noticed that the "Scripts" key only seems to show up on my Windows 7 clients. The XP workstations don't have that key. Plus I did some testing, and I think I can do it without having
  to mess with the registry at all.
  So I think I have a workable solution at the moment. I found
  this article that talks about copying Local Polices from one computer to another. I tried manually setting the Logon/Logoff scripts in the Local policy on a fresh machine. From that reference computer I copied the Scripts folder out of the %SYSTEMROOT%\System32\GroupPolicy\User
  directory. It also created a gpt.ini file in the %SYSTEMROOT%\System32\GroupPolicy directory. The gpt.ini file contained an attribute called gPCUserExtensionNames, and one called Version. The gPCUserExtensionNames attribute specified two GUIDs, which
  I assumed to be the GUIDs that identify the Local Policy. I tried manually creating the Local policy on several different machines, with several different Operating Systems, and those GUIDs always seemed to be the same (not sure why). So I copied the gpt.ini
  file off the reference machine as well. When I placed all of the files I copied from the reference machine on to a new machine, everything seemed to work just fine (no registry modification necessary), with one caveat. It seemed to be running the script twice.
  So I went back into the gpt.ini file and deleted one of the GUIDs listed under gPCUserExtensionNames, and now the script runs just once!
  So I think this solution will work ok for me. We don't have any other Local Policies in place, so demolishing all existing Local Policies is perfectly acceptable in my case. I'm just not sure if I'm doing any damage by copying the gpt.ini file from a reference
  machine (if anyone can expand on how that works, I would appreciate the peace of mind that I'm not making things worse by doing this). So all I need now is to write a Startup script, or an SCCM package to deliver the Logon scripts and associated ini files
  to the appropriate location on all the domain PCs. Easy enough to do on my own. If anyone knows of a reason why this method is a bad idea, please post here. I'll be testing it out on a handful of PCs in the mean time.
  Hi Guys,
  Will this solution work for my case? I have a forcereboot batch script that I need to load on the local policy (logoff script through GPEDIT) however I can only load it manually. I need to do it on multiple machines (approx 5000 computers). I am having
  trouble doing it using powershell. Is there any other options to do it? 
  Will I have to use the same GUID's you mentioned on the gpt.ini file? (gPCUserExtensionNames=[{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B66650-4972-11D1-A7CA-0000F87571E3}] since it refers to the local script and how about the version on the gpt.ini file?
  Thanks in advance.
  Dash
  https://social.technet.microsoft.com/Forums/en-US/1f636042-bcff-498d-93c0-e1aa89f80961/how-to-load-a-script-on-the-local-group-policy-on-multiple-computers?forum=mdopagpm

• Skype History Settings using group policy

  Hello,
  How to disable Skype keep History for (Forever, 1months, no History) settings using Group Policy Settings.
  Regards,
  Yatin

  It's all in the Skype admin guide:
  https://support.skype.com/en/doc/DO5/skype-it-administrators-guide
  If you have Skype-specific questions, you'll probably get better help with your questions on the Skype site.
  Don't retire TechNet! -
  (Don't give up yet - 12,420+ strong and growing)

• Drive Block using group policy

  Can Any one help me about this drive block 
  i am unable to block the E & F drive for all users. so please advice with clear steps of commands, how do i write the drive blocks script using the group policy in server 2012.
  However I tried through registry but still its not working. my only concern how to block few users accessing D drive and few users from F drive in the local system using group policy. 
  Thanks in advance.

  whats registry settings have you set ?

• The processing of Group Policy failed. Windows attempted to read the file...

  Hello all-
  I am currently trying to configure group policy (specifically folder redirects) from a new Windows Server 2008 in my home... the server acts as both an AD DS and file server for 4 client computers, all running Windows Vista Ultimate.
  Here are the steps I am currently taking:
  I create a new Group Policy called All Users and Computers and apply it to the All Users and Computers OU, which contains exactly what it says (all users and computers in the domain).
  I verify that a new folder was created in \\<FQDN>\sysvol\<FQDN>\Policies.  The new folder created is named {6479C8E0-3134-4B4F-B047-7ADD51684684}
  I change the GPO Enforced setting to Enforced.
  I attempt to use the gpupdate command to see if the group policy can be updated successfully.  In a command prompt, I type gpupdate <enter>.  I receive the message 'Updating Policy...' then after about 15 seconds the message 'User Policy update has completed successfully.'
  I keep the cmd window open.  After about 10 seconds another message apperas which says "Computer policy could not be updated successfully.  The following errors were encountered: The processing of Group Policy failed.  Windows attempted to read the file \\<FQDN>\sysvol\<FQDN>\Policies\{6AC1786C-016F-11D2-945F-00C04Fb984F9}\gpt.ini from a domain controller and was not successful.  Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results."
  I confirm that the error code is #3 using the Event Log, "The system cannot find the file specificed"
  Of course the system cannot find the file specified because the folder does not exist in the sysvol folder. I am wondering why Windows is trying to read from this location when it does not exist, and is not the new group policy I created!  I have no other group policies linked or enforced to any other OU/Domain/etc.  Any help resolving this issue would be greatly appreciated.

  Hello all and thanks for the help.  First a few things:
  I understand that the DC should not be running RRAS, but this a simple server being used in aa home environment by 4 users and getting another server just for RRAS would be overkill.
  Secondly, I currently have it so that while the router is handling DHCP, I have reserved a fixed IP for the server, so it always has 192.168.1.100.  If I were to use the server as the DHCP, what would my hardware configuration have to look like?  I currently have the router plugged into the ISP modem, and then server plugged into the router.  All other clients connect to the router wirelessly.
  Here's the dcdiag output.  I tried dcdiag /fix but to no avail.
  Directory Server Diagnosis
  Performing initial setup:
  Trying to find home server...
  * Verifying that the local machine KELLERDCFS, is a Directory Server.
  Home Server = KELLERDCFS
  * Connecting to directory service on server KELLERDCFS.
  * Identified AD Forest.
  Collecting AD specific global data
  * Collecting site info.
  Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
  The previous call succeeded
  Iterating through the sites
  Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
  Getting ISTG and options for the site
  * Identifying all servers.
  Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
  The previous call succeeded....
  The previous call succeeded
  Iterating through the list of servers
  Getting information for the server CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
  objectGuid obtained
  InvocationID obtained
  dnsHostname obtained
  site info obtained
  All the info for the server collected
  * Identifying all NC cross-refs.
  * Found 1 DC(s). Testing 1 of them.
  Done gathering initial info.
  Doing initial required tests
  Testing server: Default-First-Site-Name\KELLERDCFS
  Starting test: Connectivity
  * Active Directory LDAP Services Check
  Determining IP4 connectivity
  Determining IP6 connectivity
  * Active Directory RPC Services Check
  ......................... KELLERDCFS passed test Connectivity
  Doing primary tests
  Testing server: Default-First-Site-Name\KELLERDCFS
  Starting test: Advertising
  The DC KELLERDCFS is advertising itself as a DC and having a DS.
  The DC KELLERDCFS is advertising as an LDAP server
  The DC KELLERDCFS is advertising as having a writeable directory
  The DC KELLERDCFS is advertising as a Key Distribution Center
  The DC KELLERDCFS is advertising as a time server
  The DS KELLERDCFS is advertising as a GC.
  ......................... KELLERDCFS passed test Advertising
  Test omitted by user request: CheckSecurityError
  Test omitted by user request: CutoffServers
  Starting test: FrsEvent
  * The File Replication Service Event log test
  Skip the test because the event log File Replication Service does not exist.
  ......................... KELLERDCFS passed test FrsEvent
  Starting test: DFSREvent
  The DFS Replication Event Log.
  ......................... KELLERDCFS passed test DFSREvent
  Starting test: SysVolCheck
  * The File Replication Service SYSVOL ready test
  File Replication Service's SYSVOL is ready
  ......................... KELLERDCFS passed test SysVolCheck
  Starting test: KccEvent
  * The KCC Event log test
  Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
  ......................... KELLERDCFS passed test KccEvent
  Starting test: KnowsOfRoleHolders
  Role Schema Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
  Role Domain Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
  Role PDC Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
  Role Rid Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
  Role Infrastructure Update Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
  ......................... KELLERDCFS passed test KnowsOfRoleHolders
  Starting test: MachineAccount
  Checking machine account for DC KELLERDCFS on DC KELLERDCFS.
  * SPN found :LDAP/KELLERDCFS.keller-pa.net/keller-pa.net
  * SPN found :LDAP/KELLERDCFS.keller-pa.net
  * SPN found :LDAP/KELLERDCFS
  * SPN found :LDAP/KELLERDCFS.keller-pa.net/KELLER-PA
  * SPN found :LDAP/42268b36-801f-4a6d-b162-34f3b01e04bb._msdcs.keller-pa.net
  * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/42268b36-801f-4a6d-b162-34f3b01e04bb/keller-pa.net
  * SPN found :HOST/KELLERDCFS.keller-pa.net/keller-pa.net
  * SPN found :HOST/KELLERDCFS.keller-pa.net
  * SPN found :HOST/KELLERDCFS
  * SPN found :HOST/KELLERDCFS.keller-pa.net/KELLER-PA
  * SPN found :GC/KELLERDCFS.keller-pa.net/keller-pa.net
  ......................... KELLERDCFS passed test MachineAccount
  Starting test: NCSecDesc
  * Security Permissions check for all NC's on DC KELLERDCFS.
  * Security Permissions Check for
  DC=ForestDnsZones,DC=keller-pa,DC=net
  (NDNC,Version 3)
  * Security Permissions Check for
  DC=DomainDnsZones,DC=keller-pa,DC=net
  (NDNC,Version 3)
  * Security Permissions Check for
  CN=Schema,CN=Configuration,DC=keller-pa,DC=net
  (Schema,Version 3)
  * Security Permissions Check for
  CN=Configuration,DC=keller-pa,DC=net
  (Configuration,Version 3)
  * Security Permissions Check for
  DC=keller-pa,DC=net
  (Domain,Version 3)
  ......................... KELLERDCFS passed test NCSecDesc
  Starting test: NetLogons
  * Network Logons Privileges Check
  Verified share \\KELLERDCFS\netlogon
  Verified share \\KELLERDCFS\sysvol
  ......................... KELLERDCFS passed test NetLogons
  Starting test: ObjectsReplicated
  KELLERDCFS is in domain DC=keller-pa,DC=net
  Checking for CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net in domain DC=keller-pa,DC=net on 1 servers
  Object is up-to-date on all servers.
  Checking for CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net in domain CN=Configuration,DC=keller-pa,DC=net on 1 servers
  Object is up-to-date on all servers.
  ......................... KELLERDCFS passed test ObjectsReplicated
  Test omitted by user request: OutboundSecureChannels
  Starting test: Replications
  * Replications Check
  * Replication Latency Check
  ......................... KELLERDCFS passed test Replications
  Starting test: RidManager
  * Available RID Pool for the Domain is 1600 to 1073741823
  * KELLERDCFS.keller-pa.net is the RID Master
  * DsBind with RID Master was successful
  * rIDAllocationPool is 1100 to 1599
  * rIDPreviousAllocationPool is 1100 to 1599
  * rIDNextRID: 1111
  ......................... KELLERDCFS passed test RidManager
  Starting test: Services
  * Checking Service: EventSystem
  * Checking Service: RpcSs
  * Checking Service: NTDS
  * Checking Service: DnsCache
  * Checking Service: DFSR
  * Checking Service: IsmServ
  * Checking Service: kdc
  * Checking Service: SamSs
  * Checking Service: LanmanServer
  * Checking Service: LanmanWorkstation
  * Checking Service: w32time
  * Checking Service: NETLOGON
  ......................... KELLERDCFS passed test Services
  Starting test: SystemLog
  * The System Event log test
  An Error Event occurred. EventID: 0x00000422
  Time Generated: 07/07/2009 17:53:59
  Event String:
  The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  An Error Event occurred. EventID: 0x00000422
  Time Generated: 07/07/2009 17:59:02
  Event String:
  The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  An Error Event occurred. EventID: 0x00000422
  Time Generated: 07/07/2009 18:04:04
  Event String:
  The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  An Error Event occurred. EventID: 0x00000422
  Time Generated: 07/07/2009 18:09:06
  Event String:
  The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  An Error Event occurred. EventID: 0x00000422
  Time Generated: 07/07/2009 18:14:08
  Event String:
  The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  An Error Event occurred. EventID: 0x00000422
  Time Generated: 07/07/2009 18:19:10
  Event String:
  The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  An Error Event occurred. EventID: 0x00000422
  Time Generated: 07/07/2009 18:24:12
  Event String:
  The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  An Error Event occurred. EventID: 0x00000422
  Time Generated: 07/07/2009 18:29:15
  Event String:
  The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  An Error Event occurred. EventID: 0x00000422
  Time Generated: 07/07/2009 18:34:17
  Event String:
  The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  An Error Event occurred. EventID: 0x00000422
  Time Generated: 07/07/2009 18:39:19
  Event String:
  The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  An Error Event occurred. EventID: 0x00000422
  Time Generated: 07/07/2009 18:49:23
  Event String:
  The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
  a) Name Resolution/Network Connectivity to the current domain controller.
  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
  c) The Distributed File System (DFS) client has been disabled.
  ......................... KELLERDCFS failed test SystemLog
  Test omitted by user request: Topology
  Test omitted by user request: VerifyEnterpriseReferences
  Starting test: VerifyReferences
  The system object reference (serverReference)
  CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net and backlink
  on
  CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
  are correct.
  The system object reference (serverReferenceBL)
  CN=KELLERDCFS,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=keller-pa,DC=net
  and backlink on
  CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
  are correct.
  ......................... KELLERDCFS passed test VerifyReferences
  Test omitted by user request: VerifyReplicas
  Test omitted by user request: DNS
  Test omitted by user request: DNS
  Running partition tests on : ForestDnsZones
  Starting test: CheckSDRefDom
  ......................... ForestDnsZones passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... ForestDnsZones passed test
  CrossRefValidation
  Running partition tests on : DomainDnsZones
  Starting test: CheckSDRefDom
  ......................... DomainDnsZones passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... DomainDnsZones passed test
  CrossRefValidation
  Running partition tests on : Schema
  Starting test: CheckSDRefDom
  ......................... Schema passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... Schema passed test CrossRefValidation
  Running partition tests on : Configuration
  Starting test: CheckSDRefDom
  ......................... Configuration passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... Configuration passed test CrossRefValidation
  Running partition tests on : keller-pa
  Starting test: CheckSDRefDom
  ......................... keller-pa passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... keller-pa passed test CrossRefValidation
  Running enterprise tests on : keller-pa.net
  Test omitted by user request: DNS
  Test omitted by user request: DNS
  Starting test: LocatorCheck
  GC Name: \\KELLERDCFS.keller-pa.net
  Locator Flags: 0xe00013fd
  PDC Name: \\KELLERDCFS.keller-pa.net
  Locator Flags: 0xe00013fd
  Time Server Name: \\KELLERDCFS.keller-pa.net
  Locator Flags: 0xe00013fd
  Preferred Time Server Name: \\KELLERDCFS.keller-pa.net
  Locator Flags: 0xe00013fd
  KDC Name: \\KELLERDCFS.keller-pa.net
  Locator Flags: 0xe00013fd
  ......................... keller-pa.net passed test LocatorCheck
  Starting test: Intersite
  Skipping site Default-First-Site-Name, this site is outside the scope
  provided by the command line arguments provided.
  ......................... keller-pa.net passed test Intersite
  Here's the nslookup from Vista client:
  Microsoft Windows [Version 6.0.6001]
  Copyright (c) 2006 Microsoft Corporation. All rights reserved.
  C:\Users\Andrew>nslookup KELLERDCFS
  Server: UnKnown
  Address: 192.168.1.100
  Name: KELLERDCFS.keller-pa.net
  Addresses: 192.168.1.150
  192.168.1.100
  C:\Users\Andrew>
  Thanks again!

• Group Policy "Restricted Groups" (local groups) using group policy preferences

  I was recently tasked a solution with creating a group policy to manage RDP user access to a set of Active Directory computer objects.
  Part of the  solution was to create a policy so that this would only apply a specific security group(users) to a specific set of Active Directory computer objects within the OU to which it was applied so that other machines
  and/or user accounts in this OU remain un affected by this policy.
  The policy was to be able to include multiple sets of Security groups(users) for the associated machines isolating those security groups(users) to only their sets of Active Directory computer objects.
   Reduce the requirement to create multiple group policies to apply different "Local Group"/"Restricted groups" management for computer objects in the domain.
  I thouhgt about using System based policies and creating different WMI filters to target sets of AD Computer objects, but came to the conclusion this would not help due to the limited of WMI quries I would be able to create for a standard
  Image.
  So I then thought about group policy preferences and came up with the solution
  I created a new Group policy and created a new item for the local group, in this instance but not limited to "Remote Desktop users (built-in)" and added the security group(users).  In my case I did not need to use the "delete
  all member users" or "delete all member groups" as I wanted other groups in this local group for the computer objects to remain intact.
  Then what I did is set the "item-level-target" setting from "the common tab" on the GPP and set it to the security group which containd the AD computer objects the user accounts required access to.  I then did a couple of standard
  tests to confirm the local security group(users) appeared only on the machine in the item level target security group and applied to no other machines in the outside of SOM. 
  So with this in place, if I needed to create any other entries for different groups and access to specific machines all I need to do is create a new GPP item within this policy.
  Being mindful that system policies settings if applied to same OU will take preceedence over GPP settings.... 
  Thought I would just share this in-case anyone else has had similar requests/thoughts and or has other methods that they have used that they would like to share. 
  I am not sure either on the limit of entries that GPP have either so if anyone does know please post and possible links? 
  I have struggled to find an answer, however it could be that I am not asking the right question!

  good sharing...
  Best,
  Howtodo