IE 10 GPO Template

Hello all,
As I understand it, the Internet Explorer Maintenance Package with IE 10 is being discontinued. The issue I am running into is I downloaded the ADM in order to load the latest IE group policy template but I still have the IE 8 ADM loaded up as IE 8
is still in production in this environment with settings that are still in use under the maintenance window so I cannot just go ahead and replace that older template at the current time. I just want to test drive the new one. Is this possible to have both
of these ADMs loaded up without any conflicts? Or should I just load up the IE 10 ADM once we have migrated everything over to IE 10? How is it possible to just test the IE 10 template without disrupting current operations?

you can't have both templates available on a single machine at the same time, since they are named inetres.adm (or inetres.admx)
what you could do, is to setup a workstation, install RSAT on it, and have a differing version of the templates on there.
then you login to that workstation with your domain GP editing account, and play around with some test GPOs.
Note that the inetres is automatically updated by the installation of IE, so if the workstation gets IE10 on it (or IE11), that is the version of inetres you will be using there.
In case you have implemented a group policy central store in your domain, this won't work (because the point of a central store is that templates are always retrieved from the central store i.e. your DC's), but, you can override that central store behaviour
on a machine (so that it ignores the central store and instead reads templates from the machine local store)
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Similar Messages

ADM GPO templates for Reader XI are incomplete and misleading

We've just migrated to Reader XI, and I was hoping to switch configuring the registry settings to the new official Adobe Reader XI ADM templates. However, they are very incomplete. For example, the following registry setting are missing:
HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockdown
iProtectedView
bUSEWhitelistConfigFile
bEnhancedSecurityInBrowser
bEnhancedSecurityStandalone
bDisableTrustedSites
bDisableTrustedFolders
bDisableOSTrustedSites
Also, the description of many settings are misleading. A good example is "Disable automatic updates" which reads:
Disables automatic updates and removes associated user interface items.
0: Disable and lock the Updater.
1: No effect.
Setting bUpdater disables the user interface items Preferences > Updater and Help > Check for updates are disabled.
This seems logical, however to get a "0" to be set you have to set this GPO to Disabled. So you "Disable" the "Disable automatic updates" GPO. That feels like you are enabling it. Very confusing.
I welcome the release of the official ADM templates, but it looks like a rush job and that benefits noone.

Hi,
Thanks for your feedback again. I am not sure if you have noticed that the article you provided has been updated.
As the updated article states in the Addendum section:
Based on customer feedback, we have decided to wait thirty days before blocking any out-of-date ActiveX controls. Customers can use the new logging feature to assess ActiveX controls in their environment and deploy Group Policies to enforce blocking,
turn off blocking ActiveX controls for specific domains, or turn off the feature entirely depending on their needs. The feature and related Group Policies will still be available on August 12, but no out-of-date ActiveX controls will be blocked until Tuesday,
September 9th. Microsoft will continue to create a more secure browser, and we encourage all customers to upgrade and stay up-to-date with the latest Internet Explorer and updates.
Best regards,
Frank Shen

Gpo templates what policies are using them

hello
how can I tell what templates my existing gpo are using?
I need to migrate my current policies to another domain do I need to worry about the templates?

> how can I tell what templates my existing gpo are using ?
You cannot. At least there's no easy way. You would need to analyze
registry.pol for all keys and values it defines, and then you would need
to analyze all templates and identify those that have these keys and
values... Great fun :)
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))

GPO Template to secure Computers joined to a 2012 Domain

Hi,
We are looking to implement a "Quarenteen OU" for new machines that join our domain. I've found out how to change the behavior of assigning machines to a different OU than the Computers OU using the redircmp command. Does anyone have
a good "template" resource of default security polices to assign a new Server/destkop machine that gets placed into such a quarenteen OU to ensure its secure before moving it to a different/seperate OU? I'm currently looking for knowledge base
articles that cover this. Any help would be greatly appreciated.
Thanks,
Kevin C.

Hi Kevin,
Based on description, we can follow the suggestion provided by Martin to assign security policies to these machines.
SCM provides ready-to-deploy policies and DCM configuration packs based on Microsoft Security Guide recommendations and industry best practices, allowing
us to easily manage configuration drift, and address compliance requirements for Windows operating systems and Microsoft applications.
Regarding SCM, the following articles can be referred to for more information.
Microsoft Security Compliance Manager (SCM) - Getting Started
http://social.technet.microsoft.com/wiki/contents/articles/1866.microsoft-security-compliance-manager-scm-getting-started.aspx
Microsoft Security Compliance Manager
http://technet.microsoft.com/en-us/library/cc677002.aspx
Security Compliance Manager (SCM)
http://technet.microsoft.com/en-in/solutionaccelerators/cc835245.aspx
Best regards,
Frank Shen

Need GPO template to keep Bing Bar and Bing Desktop out of Microsoft Update

Due to geographical distribution we aren't (yet) able to leverage WSUS, and I'm constantly having to scrape Bing trash off client machines (along with Ask Spywarebar). I've figured out a registry hack that disables Ask from piggybacking on Java updates
and am working on keeping McAfee from joining with Flash or Reader updates. So now I need a good solid way to prevent Bing from pretending it's something useful and wasting resources.
Microsoft, you write this stuff. Give us a proper way to manage it. We need a solid reproducible way to keep all current and future versions of Bing junk from appearing in Microsoft Update. It's not an "Update" to any installed software,
it's foistware, and by doing this you're violating any trust IT people might have had in your promise to clean up your act.

Hi Mike,
Sorry, as far as I know, there is no such group policy template.
Best regards,
Frank Shen

Office 2013 macro warnings GPO

How do we enable all macros to run that are stored from our LAN?
At the moment we receive warning below the ribbon in excel and word advising that some content maybe dangerous and to enable macros. Also we receive a Security warning after enabling macros; Do you want to make this file a trusted documents? All files stored
on local drives and network shares should automatically be trusted so users are not faced with these prompts.
Please advise how i can suppress this using GPO?
regards

using office GPO templates, you need to change settings in Word and Excel - its under Word, Word Options, Security, Trust Center, Trusted locations. Excel path is similar. You can set trusted locations using gpo too.
The policy keys are at:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\word\security\trusted locations
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\trusted locations
Dword: allownetworklocations
Vlaue: 1 (allow)
Diane Poremsky [MVP - Outlook]
Outlook & Exchange Solutions Center
Outlook Tips
Subscribe to Exchange Messaging Outlook weekly newsletter

Allow changing of Outlook anywhere options after applying GPO

Policy
Setting
Configure Outlook Anywhere user interface options
Enabled
All config UI enabled
I have used the outlook2010 GPO template to configure outlook anywhere settings. However after enabling these options, the user can no longer change the outlook anywhere settings (all greyed out). So I enabled the above GPO in outlook 2010 ADMX template.
"This policy setting allows you to determine whether users can view and change user interface (UI) options for Outlook Anywhere.If you enable this policy setting, users can view and change UI options for Outlook Anywhere.If you disable or do not configure
this policy setting, users will be able to use the Outlook Anywhere feature, but they will not be able to view or change UI options for it."
However after performing gpupdate, it has no effect, users still cannot change any of the outlook anywhere settings. Here are the download locations for the admx templates if anyone else would like to test and confirm this issue.
http://www.microsoft.com/en-us/download/details.aspx?id=18968
http://support.microsoft.com/kb/2426686
Anand_N

Hi,
Please check if the value of the following registry key has been set correctly by Group Policy:
HKEY_CURRENT_USER\Software\Policies\Microsoft\office\14.0\outlook\rpc
Value name: EnableRPCTunnelingUI
Type: REG_DWORD
To enable all configuration the value should be: 1
Sincerely
Rex Zhang
Rex Zhang
TechNet Community Support

EMET 4.1 (Update 1) - GPO Settings

We have successfully deployed EMET 4.1 Update 1 via SCCM and now I am controlling EMET settings with GPO using the EMET GPO templates from the Deployment folder. However, after group policy is set, you have to use the command "emet_conf.exe --refresh"
to update EMET mitigation settings on each machine. Until and unless you do this on each machine, the processes aren't protected. Also, every time one makes any changes to the GPO setting, "emet_conf.exe --refresh" command has to be run on
100's of machines in our environment. Is there any other way for it to take effect without touching a machine besides having a scheduled task etc. as mentioned in the guide? You'd imagine once you set it in group policy, doing "gpupdate /force"
or during the next time when group policy is applied, the settings should take effect.....else what would be the point of using group policy to control these settings?? Any input is greatly appreciated.

In the same GPO, you can create a shutdown script that runs emet_conf.exe --refresh. That way when the system is rebooted it gets the group policy applied that is already pushed out. I'm not aware of the reason for this either.

How to disable SSL V3 via GPO on a win2008R2 server

Hi everyone
because of this new Poodle threat involving SSL v3, I need to disable SLL v3 on our network, via Group policy.
There's plenty of post on how to do this ie
https://technet.microsoft.com/library/security/3009008.aspx
But the problem is, the option needed, isnt available!
II need to find the option Turn off Encryption Support .
I can do this using a local GPO, but as soon as I jump on the DC, and go to the same settings, its not there.
This is a Win2008 R2 server based network, running IE10 and IE11.
I've tried adding the GPO templates for both IE10 and IE11, but there appears to be no difference, the option is still missing,
anyone got any ideas?
thanks
G.

I updated the admx and adml files in my central store to IE 11 ones and it added the option. Hope that helps. http://www.microsoft.com/en-us/download/details.aspx?id=40905

GPO for Automatically trust sites for Windows OS security zones

Hi Team,
Need your urgent help
Could you confirm which GPO we can use for Automatically trust sites for Windows OS security zones
I have checked Adobe Reader GPO templates but its not exists?
Pls assist

Hi,
We need to import these settings before we modify them.
To import security zones and privacy settings from our computer using IEM:
Click
Import the current security zones and privacy settings
To import content ratings from our computer:
Click
Import the current Content Ratings settings
Regarding how to configure Security Zones and Content Ratings, the following article can be referred to for more information.
Configure Security Zones and Content Ratings
http://technet.microsoft.com/en-us/library/cc772410.aspx
Best regards,
Frank Shen

EMET v5.1 ADMX Group Policy Template Issue - Default protection settings can't be disabled

I am configuring EMET v5.1 (from 11/18/14) settings via GPO using the custom EMET admx template provided by Microsoft. I am able to enable all the EMET settings via GPMC and disable most of them, but I am not able to disable these 3 EMET setting via
GPMC in a GPO:
Default Protections for Internet Explorer
Default Protections for Popular Software
Default Protections for Recommended Software
When configuring any of these 3 EMET GPO settings to disabled and pressing apply or OK, GPMC keeps it at Not Configured, it does not change to disabled as it normally would. I have never before seen this in GPMC, where you try to disable a setting and it
doesn't change to disabled.
Unless this is somehow intended by Microsoft for these 3 EMET GPO settings, I think that this is a glitch/bug in the EMET GPO Template or the way that it works in GPMC.
Looking for some Guidance from a MS Rep to replicate this issue or anyone else who can confirm if they also see this issue. I have tested on multiple Windows 8.1 Enterprise x64 Update 2 Workstations, with GPMC loaded and the latest EMET ADMX file loaded
from the EMET client on 11/18/14. I have tested this in 2 separate domains, Note that we do not have Central ADMX Stores in either domain.

I had a similar requirement as yours and found that we were able to get around in a simpler method then what was listed here. What we did was set GPO Preferences Registry changes which would then override the previously set EMET ADMX settings set from
another global GPO.
To be specific we had some thirds applications which were add-ons to Microsoft Excel, and the EMET was preventing the application from talking to Excel. So for the users that use this application we have a GPO which Does the following in the Preferences
section:
Action: Replace
HIVE: HKEY_LOCAL_MACHINE
Key path: SOFTWARE\Policies\Microsoft\EMET\Defaults
Value name: Excel
Value type: REG_SZ
Value data: *\OFFICE1*\EXCEL.EXE -Caller -MandatoryASLR

Adobe Reader Browser Plugin - How to disable right click print

Here is some background to my question
I'm using Adobe Reader 9.2 and have configured to use the Adobe Reader Active X browser plugin.
which has the effect of launching pdf's within the IE browser rather than launching the full client. This is all working fine
I have a requirement that I need to lockdown certain menu items (for the purpose of this example, lets say "SaveAs" and "Print") and toolbars which I have also done successfully using folder level javascripts. For example I have created a HideMenuItems.js file and placed this in the "C:\Program Files\Adobe\Reader 9.0\Reader\Javascripts", here is a snippet of the file which relate to hiding / removing the SaveAs and Print items
app.hideToolbarButton("Print");
app.hideToolbarButton("SaveFileAs");
app.hideToolbarButton("Save");
These work fine and hide the Print and Save toolbar buttons from the Adobe Reader Browser plugin menu.
As an aside If I wanted to hide the same icons from the full adobe reader client I could use app.hideMenuItem("Print");
So this all works fine and I'm happy so far. Now, with these settings in place I launch the pdf within the browser, although save and print buttons are now hidden and I cannot add them back, I can still RightClick anywhere in the pdf and get the context menu, from there I can select print.
What I'm after is a way to either
(i) Selectively remove menu items from the right click context menu, and therefore remove the print option e.g something like app.[hideRightClickMenuItem]("Print") would be great but I dont know what that method is called.
or
(ii) Disable the RightClick context menu altogether for Adobe Reader Browser Plugin
Not bothered what the solution is whether its a reg hack - HKCU / HKLM / or javascript line I can add to my HideMenuItems.js, But basically I want to lock down the ability for the users to select print button from all sources including "CTRL + P",
Or if this is not possible let them hit CTRL P or right click print, but then not display the Adobe Print Dialog.
Basically the printing of the documents in handled by our web app sending a silent print to the adobe application which again works fine, I just need to prevent the users from being able to initiate a print from within the pdf when displaying the pdf in a browser.
Having searched around there is an API called AVAppRegisterForPageViewRightClicks which is supposed to prevent right clicks, But I dont know how to use this, or whether it can be used within my HideMenuItems.js file, tried many different syntaxes but to no avail.
Does anyone have any experience in this? Adobe - do you have any suggestions ?
Cheers
Will

Hi thanks for your response, yes it seems this API is availalbe but there are no examples of how to use it. You mentioned its available in Adobe reader and Adobe Acrobat plugins. Well I'm using the Adobe Reader Active X Browser Plugin so how would I use this API to restrict the Browser plugin.l
I am not a developer writing my own custom plugins, I simply want to use the out of the box adobe reader product, specifically the Active X browser plugin, but I need to be able to customise and restrict what the user is able to do.
The reason I need to do this is that we publish IE on a citrix server which users access to launch this highly secure web based application. The sensitive data that they view is in the forms of PDFs which are viewed by the Adobe reader browser plugin within the browser. The web application controls who can save, export, print etc, so I need to be able to lock down the Adobe Reader Active X browser plugin so that the user cannot initiate save, and print functionality from within the viewed pdf. I've done this successfully by restricting the menu and toolbar items but it is still possible to right click on the viewed pdf and click select print from the context menu. This would cause us a big security flaw, which would result in users that are only supposed to view being able to click print.
I published a desktop (locked down) and published IE (locked down) all successfully with GPOs so the users cannot do anything they are not supposed to do, however Adobe reader it seems cannot be easily locked down and this is a problem as I might have to start looking at viable alterantives. Surely a simple requirement as this could be acheieved with relative ease.
In an ideal world there would be an available GPO template (.ADM file), which could be used to centrally manage these type of settings. I dont even mind writing an ADM myself, I've written many before, but for example what I need is the appropriate registry entries and how they are used to lock down / restrict certain functions so that I can write such an .ADM file.
I dont mind how I achieve this, I just need a way to do it. So if using the API AVAppRegisterForPageViewRightClicks would achieve this, can someone please tell me how I can implement something that would use this API to restrict the right Click Print options for example.
The sort of answer I;m looking for would be
Create a file, paste in this code, place the file is this location xxxxx, this is a per machine fix so will affect all users
or
Edit the regstry and make this HKCU change xxxxx - This is obviously a per user fix so use normal methods to get this into every users profile.
or
Open up the file in this location xxxxxx and add AVAppRegisterForPageViewRightClicks = AlwaysDisable (or whatever the syntax is)
Thanks for you help
Cheers
Will

Server 2012 R2 + WSUS = not updating

Hi all,
We've (finally!) started to deploy Server 2012 R2 machines, and one of the things I'm having problems with is WSUS. I've patched WSUS (which is running on 2008R2) so that it's aware of Windows 8/2012R2 machines, and servers are querying/reporting against
the server correctly, and pick up their updates fine.
The problem comes from trying to install them. I've updated the GPO templates so that in it includes the 2012R2 options that force an immediate reboot, rather than having to wait for a 'maintenance window'. I've also disabled the maintenance windows using
psexec + schtasks.
I can see, via the registry, that the 2012R2 machine is picking up the correct settings from the GPO, so that's not the problem. I think I've got everything set correctly, according to the all the articles/KBs I've read, but yet, the server doesn't reboot
when it should do.
I left the machine set to reboot at 1000 this morning, when I got back from the Easter break (thinking that, maybe, for some odd reason, it just needed some time for WSUS to sync, or whatever), but even after 6 days of being on and idle, it didn't do anything.
My GPO is as follows (relevant entries):
Configure Automatic Updates: 4, install during automatic maintenance is unticked (time and date altered for testing).
I had been testing each hour, but I've since left it over the long Easter weekend, set to install just after we reopen, and it's not done anything.
Always automatically restart at the scheduled time: enabled - wait 15 minutes.
Delay Restart for scheduled installations: enabled - 1 minute.
Any advice very gratefully received!
Thanks,
Joe

Hi Michael,
Yes, the output from gpresult -r was one of the first things I checked. I've confirmed the settings are being applied from the GPO by checking the registry too.
You say a snippet from one of the machines that rebooted: none of the 2012 test machines have reboot themselves yet. They've just picked up updates, but not rebooted. In the windowsupdate.log file, the only entries are checking for updates. Keeping in mind
it's set to reboot at 1000, the update log reads as follows (sorry for verbosity!)
2015-04-08 09:34:04:090
724 7c0
AU ## START ## AU: Search for updates
2015-04-08 09:34:04:090
724 7c0
AU #########
2015-04-08 09:34:04:090
724 7c0
SLS Retrieving SLS response from server using ETAG "4V8nqvoeoxgpu+6kKNNNGpLr4BCvPTmaz82CIDm5o5g=_1440"...
2015-04-08 09:34:04:090
724 7c0
SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=942&L=en-US&P=&PT=0x8&WUA=7.9.9600.17415
2015-04-08 09:34:05:512
724 7c0
EP Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL: "117cab2d-82b1-4b5a-a08c-4d62dbee7782"
2015-04-08 09:34:05:512
724 7c0
SLS FATAL: SLS:CSLSRequest::RetrieveAdditionalAttributesIfRequired: CoCreateInstance failed with 0x80040154.
2015-04-08 09:34:05:512
724 7c0
Agent WARNING: Failed to retrieve SLS response data for service 117cab2d-82b1-4b5a-a08c-4d62dbee7782, error = 0x80040154
2015-04-08 09:34:05:512
724 7c0
Agent FATAL: Caller Service Recovery failed to opt in to service 117cab2d-82b1-4b5a-a08c-4d62dbee7782, hr=0X80040154
2015-04-08 09:34:05:512
724 7c0
IdleTmr WU operation (CSearchCall::Init ID 155) started; operation # 56743; does use network; is at background priority
2015-04-08 09:34:05:512
724 7c0
Agent *** START *** Queueing Finding updates [CallerId = AutomaticUpdates Id = 155]
2015-04-08 09:34:05:512
724 7c0
AU <<## SUBMITTED ## AU: Search for updates [CallId = {E2B60763-5B4C-4FB1-A134-086EDD0CAA84} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2015-04-08 09:34:05:512
724 300
Agent *** END *** Queueing Finding updates [CallerId = AutomaticUpdates Id = 155]
2015-04-08 09:34:05:512
724 300
Agent *************
2015-04-08 09:34:05:512
724 300
Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 155]
2015-04-08 09:34:05:512
724 300
Agent *********
2015-04-08 09:34:05:512
724 300
Agent * Online = Yes; Ignore download priority = No
2015-04-08 09:34:05:512
724 300
Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0
and DeploymentAction='Uninstallation' and RebootRequired=1"
2015-04-08 09:34:05:512
724 300
Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2015-04-08 09:34:05:512
724 300
Agent * Search Scope = {Machine & All Users}
2015-04-08 09:34:05:512
724 300
Agent * Caller SID for Applicability: S-1-5-18
2015-04-08 09:34:05:512
724 300
Agent * RegisterService is set
2015-04-08 09:34:05:512
724 300
SLS Retrieving SLS response from server using ETAG "4V8nqvoeoxgpu+6kKNNNGpLr4BCvPTmaz82CIDm5o5g=_1440"...
2015-04-08 09:34:05:512
724 300
SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=942&L=en-US&P=&PT=0x8&WUA=7.9.9600.17415
2015-04-08 09:34:05:606
724 300
Agent WARNING: failed to access the auth cab, fatal error 0x80070003
2015-04-08 09:34:05:606
724 300
Agent WARNING: Invalid service in the backup data store; cleaning up
2015-04-08 09:34:05:606
724 300
Agent WARNING: Failed to add and register service 117cab2d-82b1-4b5a-a08c-4d62dbee7782 to the data store 0x80240031
2015-04-08 09:34:05:606
724 300
Agent WARNING: Service Recovery: Attempting to add pending registration for service 117cab2d-82b1-4b5a-a08c-4d62dbee7782 to the data store
2015-04-08 09:34:05:606
724 300
SLS Retrieving SLS response from server using ETAG "4V8nqvoeoxgpu+6kKNNNGpLr4BCvPTmaz82CIDm5o5g=_1440"...
2015-04-08 09:34:05:606
724 300
SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=942&L=en-US&P=&PT=0x8&WUA=7.9.9600.17415
2015-04-08 09:34:05:684
724 300
EP Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL: "117cab2d-82b1-4b5a-a08c-4d62dbee7782"
2015-04-08 09:34:05:684
724 300
SLS FATAL: SLS:CSLSRequest::RetrieveAdditionalAttributesIfRequired: CoCreateInstance failed with 0x80040154.
2015-04-08 09:34:05:684
724 300
Agent WARNING: Failed to retrieve SLS response data for service 117cab2d-82b1-4b5a-a08c-4d62dbee7782, error = 0x80040154
2015-04-08 09:34:05:684
724 300
Agent FATAL: Caller Service Recovery failed to opt in to service 117cab2d-82b1-4b5a-a08c-4d62dbee7782, hr=0X80040154
2015-04-08 09:34:05:684
724 300
EP Got WSUS Client/Server URL: "http://myserver/ClientWebService/client.asmx"
2015-04-08 09:34:05:700
724 300
Setup Checking for agent SelfUpdate
2015-04-08 09:34:05:700
724 300
Setup Client version: Core: 7.9.9600.17415 Aux: 7.9.9600.17415
2015-04-08 09:34:05:700
724 300
EP Got WSUS SelfUpdate URL: "http://myserver/selfupdate"
2015-04-08 09:34:05:700
724 300
Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
2015-04-08 09:34:05:715
724 300
Misc Microsoft signed: NA
2015-04-08 09:34:05:715
724 300
Misc Infrastructure signed: Yes
2015-04-08 09:34:05:715
724 300
Misc WARNING: Cab does not contain correct inner CAB file.
2015-04-08 09:34:05:715
724 300
Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
2015-04-08 09:34:05:715
724 300
Misc Microsoft signed: NA
2015-04-08 09:34:05:715
724 300
Misc Infrastructure signed: Yes
2015-04-08 09:34:05:715
724 300
Setup Skipping SelfUpdate check based on the /SKIP directive in wuident
2015-04-08 09:34:05:715
724 300
Setup SelfUpdate check completed. SelfUpdate is NOT required.
2015-04-08 09:34:05:997
724 300
PT +++++++++++ PT: Synchronizing server updates +++++++++++
2015-04-08 09:34:05:997
724 300
PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://myserver/ClientWebService/client.asmx
2015-04-08 09:34:05:997
724 300
PT WARNING: Cached cookie has expired or new PID is available
2015-04-08 09:34:05:997
724 300
EP Got WSUS SimpleTargeting URL: "http://myserver"
2015-04-08 09:34:05:997
724 300
IdleTmr WU operation (CAuthorizationCookieWrapper::InitializeSimpleTargetingCookie) started; operation # 56744; does use network; is at background priority
2015-04-08 09:34:05:997
724 300
PT Initializing simple targeting cookie, clientId = dd9980da-b1c3-45f0-9106-a5ed324f5861, target group = , DNS name = 2012-wsus-test
2015-04-08 09:34:05:997
724 300
PT Server URL = http://myserver/SimpleAuthWebService/SimpleAuth.asmx
2015-04-08 09:34:05:997
724 300
IdleTmr WU operation (CAuthorizationCookieWrapper::InitializeSimpleTargetingCookie, operation # 56744) stopped; does use network; is at background priority
2015-04-08 09:34:05:997
724 300
IdleTmr WU operation (CAgentProtocolTalker::GetCookie_WithRecovery) started; operation # 56745; does use network; is at background priority
2015-04-08 09:34:06:012
724 300
IdleTmr WU operation (CAgentProtocolTalker::GetCookie_WithRecovery, operation # 56745) stopped; does use network; is at background priority
2015-04-08 09:34:06:090
724 300
Agent Reading cached app categories using lifetime 604800 seconds
2015-04-08 09:34:06:090
724 300
Agent Read 0 cached app categories
2015-04-08 09:34:06:090
724 300
Agent SyncUpdates adding 0 visited app categories
2015-04-08 09:34:08:434
724 300
IdleTmr WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover) started; operation # 56746; does use network; is at background priority
2015-04-08 09:34:08:434
724 300
IdleTmr WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover, operation # 56746) stopped; does use network; is at background priority
2015-04-08 09:34:08:434
724 300
Agent Reading cached app categories using lifetime 604800 seconds
2015-04-08 09:34:08:434
724 300
Agent Read 0 cached app categories
2015-04-08 09:34:08:434
724 300
Agent SyncUpdates adding 0 visited app categories
2015-04-08 09:34:08:450
724 300
IdleTmr WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover) started; operation # 56747; does use network; is at background priority
2015-04-08 09:34:08:450
724 300
IdleTmr WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover, operation # 56747) stopped; does use network; is at background priority
2015-04-08 09:34:08:450
724 300
PT + SyncUpdates round trips: 2
2015-04-08 09:34:08:809
724 300
Agent WARNING: Failed to evaluate Installed rule, updateId = {{A4ECF96E-FE76-4933-B1A9-FAA712DC2A3B}.200}, hr = 80070057
2015-04-08 09:34:08:809
724 300
Agent WARNING: Failed to evaluate Installable rule, updateId = {{A4ECF96E-FE76-4933-B1A9-FAA712DC2A3B}.200}, hr = 80070057
2015-04-08 09:34:08:825
724 300
Agent WARNING: Failed to evaluate Installed rule, updateId = {{9941EB5F-4953-446D-99A2-C5989C596283}.200}, hr = 80070057
2015-04-08 09:34:08:825
724 300
Agent WARNING: Failed to evaluate Installable rule, updateId = {{9941EB5F-4953-446D-99A2-C5989C596283}.200}, hr = 80070057
2015-04-08 09:34:09:934
724 300
Agent * Added update {15D2ED04-1EB8-4E57-9E87-04C53FF227A0}.203 to search result
<snip>
<snip>
2015-04-08 09:34:09:934
724 300
Agent * Added update {2DB7BC39-FF38-4849-B28F-4C8072C48F91}.200 to search result
2015-04-08 09:34:09:934
724 300
Agent * Found 30 updates and 71 categories in search; evaluated appl. rules of 472 out of 831 deployed entities
2015-04-08 09:34:09:950
724 300
Agent Reporting status event with 7 installable, 12 installed, 0 installed pending, 0 failed and 30 downloaded updates
2015-04-08 09:34:09:950
724 300
Agent *********
2015-04-08 09:34:09:950
724 300
Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 155]
2015-04-08 09:34:09:950
724 300
Agent *************
2015-04-08 09:34:09:950
724 300
IdleTmr WU operation (CSearchCall::Init ID 155, operation # 56743) stopped; does use network; is at background priority
2015-04-08 09:34:09:950
724 984
AU >>## RESUMED ## AU: Search for updates [CallId = {E2B60763-5B4C-4FB1-A134-086EDD0CAA84} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2015-04-08 09:34:09:950
724 984
AU # 30 updates detected
2015-04-08 09:34:09:950
724 984
AU #########
2015-04-08 09:34:09:950
724 984
AU ## END ## AU: Search for updates [CallId = {E2B60763-5B4C-4FB1-A134-086EDD0CAA84} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2015-04-08 09:34:09:950
724 984
AU #############
2015-04-08 09:34:09:950
724 984
AU All AU searches complete.
2015-04-08 09:34:09:950
724 984
AU AU setting next detection timeout to 2015-04-08 09:31:24
2015-04-08 09:34:09:950
724 984
AU Adding timer:
2015-04-08 09:34:09:950
724 984
AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2015-04-08 09:31:24, not idle-only, not network-only
2015-04-08 09:34:09:950
724 b74
Report REPORT EVENT: {12180EA2-ECBA-4B75-8E2D-AA285CAFD9D3}
2015-04-08 09:34:09:934+0100 1
147 [AGENT_DETECTION_FINISHED] 101
{00000000-0000-0000-0000-000000000000}
0 0 AutomaticUpdates
Success Software Synchronization
Windows Update Client successfully detected 30 updates.
2015-04-08 09:34:09:950
724 b74
Report REPORT EVENT: {430750CB-173C-4BA1-97EF-97A9512C15E5}
2015-04-08 09:34:09:950+0100 1
156 [AGENT_STATUS_30] 101
{00000000-0000-0000-0000-000000000000}
0 0 AutomaticUpdates
Success Pre-Deployment Check
Reporting client status.
2015-04-08 09:34:09:965
724 b74
Report WARNING: CSerializationHelper:: InitSerialize failed : 0x80070002
2015-04-08 09:34:09:965
724 984
AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037
2015-04-08 09:34:09:965
724 984
AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037
2015-04-08 09:34:09:965
724 b74
Report WARNING: CSerializationHelper:: InitSerialize failed : 0x80070002
2015-04-08 09:34:10:044
724 b74
Report CWERReporter finished handling 10 events. (00000000)
2015-04-08 09:34:10:044
724 b74
Report CWERReporter finished handling 10 events. (00000000)
2015-04-08 09:34:10:044
724 b74
Report CWERReporter finished handling 10 events. (00000000)
2015-04-08 09:34:14:950
724 b74
Report CWERReporter finished handling 2 events. (00000000)
2015-04-08 09:35:34:374
724 7c0
AU AU received policy change subscription event
2015-04-08 09:48:57:053
724 b74
EP Got WSUS Client/Server URL: "http://myserver/ClientWebService/client.asmx"
2015-04-08 09:48:57:115
724 b74
EP Got WSUS Reporting URL: "http://myserver/ReportingWebService/ReportingWebService.asmx"
2015-04-08 09:48:57:115
724 b74
Report OpenReportingWebServiceConnection, reporting URL = http://myserver/ReportingWebService/ReportingWebService.asmx
2015-04-08 09:48:57:115
724 b74
IdleTmr WU operation (CLegacyEventUploader::HandleEvents) started; operation # 57095; does use network; is at background priority
2015-04-08 09:48:57:115
724 b74
Report Uploading 2 events using cached cookie.
2015-04-08 09:48:58:115
724 b74
Report Reporter successfully uploaded 2 events.
2015-04-08 09:48:58:115
724 b74
IdleTmr WU operation (CLegacyEventUploader::HandleEvents, operation # 57095) stopped; does use network; is at background priority
2015-04-08 10:31:25:046
724 7c0
AU #############
2015-04-08 10:31:25:046
724 7c0
AU ## START ## AU: Search for updates
2015-04-08 10:31:25:046
724 7c0
AU #########
2015-04-08 10:31:25:046
724 7c0
SLS Retrieving SLS response from server using ETAG "4V8nqvoeoxgpu+6kKNNNGpLr4BCvPTmaz82CIDm5o5g=_1440"...
2015-04-08 10:31:25:046
724 7c0
SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=942&L=en-US&P=&PT=0x8&WUA=7.9.9600.17415
2015-04-08 10:31:25:499
724 7c0
EP Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL: "117cab2d-82b1-4b5a-a08c-4d62dbee7782"

Instant Search not working on local mailbox in Outlook 2007 on Windows Server 2008 R2 Terminal Server

Sometime last week Instant Search stopped working on a Terminal Server we have deployed. I don't use Outlook on the server so I didn't notice it myself but users started complaining several days ago. When I checked instant search settings everything was
grayed out. I noticed that the feature for Windows Search was disabled so I enabled that feature rebooted the server and now instant search is looking for email in archive folders and sharepoint lists. Local Mailbox mail however is not being indexed by instant
search. When I check data files it says that there is no file for the local mailbox. I checked and Cached Exchange Mode is disabled so no OST is being created and apparently there is no PST for it either.
Do I need an OST/PST to search the local mailbox?
Also I have added the Office GPO Templates and enabled the GPO for allowing Cached Exchange Mode but that doesn't seem to be helping either. Please help.

Have you had any luck with this?
One of our clients has reported that 5 different users, when RDP'd into 3 different RDS Servers, cannot use the Instant Search.
I haven't been able to find anything about this in my online searches.
Like you, the mailboxes aren't even appearing under Instant Search > Search Options. Also, it would appear that there are no locally-hosted .ost/.pst's for any of the users on this server; can the instant search function work on a .pst that's saved
somewhere else on the network?

Can we disable the 'Do not send a response' option for invitations?

Our organization recently migrated to Outlook \Exchange 2010 from Lotus Notes\Domino R7.0.4. Users are getting frustrated with the many limitations, or hopefully our lack of understanding, related to calendaring in Outlook.
Current Issue:
Employees can select "Do Not Send a Response" to meeting invitations, but still accept the invitations for their personal calendars. This can be very frustrating to the invitee, who is attempting to orchestrate complex meetings, since they do not
get updates for invitees who have accepted the meeting using this option.
It is plausible that all invitees could accept a meeting, but choose not to send a response. The originator of the meeting may than cancel the meeting, thinking, "what's the point, no one accepted it". The originator or an Admin staff should have
the ability to disable the "Do not Send a Response" option or at least have the option to require a response if desired.
Additionally, when invitees do send a response, it would be nice to have an option not to see response in the form of an email, but simply as an update to the Calendar 'Attendees' status, to avoid inbox clutter.
Lotus Notes had these functions at least 10 years ago, so I'm sure we are just overlooking a setting or configuration. Any guidance Microsoft support or readers can provide would be greatly appreciated.

Hi,
We can disable that option via GPO.
Please refer to Disable user interface items and shortcut keys in Office 2010:
http://technet.microsoft.com/en-us/library/cc179143(v=office.14).aspx
After adding the Office 2010 GPO templates to the domain, in Group Policy Management go to:
User Configuration / Polices / Administrative Templates / Microsoft Outlook 2010 / Disable Items in User Interface / Custom
Add the following Policy ID's: 19987, 19995 and 19991.
This will disable the three menu items "Do Not Send a Response" below the buttons Accept, Tentative and Decline. When the mouse pointer points to the disabled ("grayed out") menu item a message is shown telling the user that this menu is disabled by the
administrator.
If you are not used to the email response, simply create a rule to move all these responses to a single folder and clean them up periodically:
http://office.microsoft.com/en-in/outlook-help/manage-email-messages-by-using-rules-HA010355682.aspx
Regards.
Melon Chen
TechNet Community Support
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

IE 10 GPO Template

Similar Messages

Maybe you are looking for