IE10 GPP not applying using Computer Policy
Hi,
We're having an issue getting IE10 group policy preferences to apply to our Windows 7 PCs. We set our IE policies based on the OU that the PC is in so we can easily define desktops from laptops, allowing us
to use a PAC script for laptops so they can connect directly to the internet when not connected to the corporate LAN (none of our laptops have IE10 yet, so I'm not sure if this method has changed as well!).
We're using a Windows 8 PC to create the policy, but it will not assign to my Windows 7 test PC. The policy is applied to the OU that the PC resides in, so my expectation is that the proxy settings I've configured
should apply to any user who logs onto that PC.
Can anyone shed any light on to why this isn't working?
Thanks in advance.
Chris
> to my Windows 7 test PC. The policy is applied to the OU that the PC
> resides in, so my expectation is that the proxy settings I've configured
> should apply to any user who logs onto that PC.
Severe case of misunderstanding :)
Computers apply computer settings in GPOs that are linked to their OUs.
Users apply user settings in GPOs that are linked to their OUs. Since
the GPO is linked to the computer OU, the user doesn't even see it.
Link it to the user OU and do some Item level targeting to distinguish
to your needs.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))
Similar Messages
-
Patch 119578-10 will not apply
This patch would not apply using the updatemanager. When it was applied by itself, the process never completed over the night. I rebooted the machine.
I downloaded the zip patch, extracted and then I shut it down in single-user mode to apply it. That was the only technique I knew.
I did see discussion threads in the past about the "fmd" process. Extract steps/disclaimers would be needed to apply this patch as well. It is not updatemanager compatible.Yeah, that problem was reported for 119578-9.
It was supposed to be fixed by now.
But here 119578-10 has been released, and its still not fixed. -
Win7 Computer Config group policy not applying
Hi all: I am having a bit of trouble getting a Computer Configuration group policy to apply in Windows 7 using ZCM 11.2.3. I have two group policies, one for User Configuration settings and the other for Computer Configuration settings. User Config GP is associated with users and Computer Config GP is associated with Workstations. ZCM shows both policies as being successfully applied. Yet, if I run rsop.msc to generate a resultant GP set, all Computer Config settings show up as undefined.
I have used this same technique in XP for many years without issue. I suspect the User Config GP is overwriting all GP settings as it is the last to be applied, but since that policy is ONLY for User Config settings I do not see how. Can someone show me the "errors of my ways"?
Thanks a bunch, Chris.I have an identical policy setup - a policy wherein "Computer configuration" is checked and configured (I don't even touch the User related settings) and is applied to workstations as well as a second policy with "User configuration" checked and configured (as with the computer policy, I don't touch the Computer related policy in this User policy) and applied to users. I set it up that way because I want general settings specific to our environment to exist and be effective for all users including IT staff in the Computer policy. I then want to restrict users within the User Policy. I have no Active Directory.
The computer settings apply intermittently with no rhyme or reason, which makes it difficult to troubleshoot. I have Internet Zone Assignments configured in the Computer policy, so specific users have problems when this policy is not effective which is how I became aware of the problem. I found that I can run "gpudate /force" as the user and the computer policy becomes effective, which is what I do most of the time since it's a quick fix and I can move on to other things. I've tried changing the order the policies are applied. I am considering creating a single policy with both computer and user settings and associating it with users in hopes that it will always apply, but thought I'd check out the forum before doing so. ZCM 11.2.3 and Windows 7. -
ZCM DLU Policy Not Applying To Win7 Computer
I am running ZCM v10.3 and am preparing to migrate over to Active Directory. When I first setup ZCM, I created a DLU policy for my Windows 7 computers and its been working fine. However, its time to join my Windows 7 computers (running ZCM v10.3) to the AD Domain and I need to disable the DLU for the machines prior to joining the domain.
To do this I tried to exclude my test workstations from the DLU by adding the workstations to the exclusion list for the DLU Policy. My DLU policy is assigned to my Users so I used the "Excluded Workstation List" to attempt to prevent the DLU from applying to the workstation. This didn't work. I also tried the reverse by applying the DLU to the test workstation and adding users to the Exclusion list, but that didn't work either. I updated the version, ran "zac cc" and ran "zac ref bypasscache" but it didnt work.
I reassigned the DLU to all my Users and tried to use the registry to check for the existence and value of hklm\software\novell\zcm\zenlgn\domainlogin=1, but that didnt work either. I updated the version, ran "zac cc" and ran "zac ref bypasscache" but it didnt work.
Actually, the registry keys (DomainLogin and eDIRLogin) didn't exist so i had to manually add it using an AD GPO. I added DomainLogin and eDIRLogin and assign hexadecimal value of 1 to each DWORD via GPO (FYI). At this point I'm not even sure if the values of these keys are supposed to be set automatically upon login or if the admins manually control the values. Its not clear to me from the documentation on the Novell site. (http://www.novell.com/documentation/...stem_admin.pdf, pg 274)
(DLU Policy Filters not working)
I turned on debug by issuing the command: "zac log level debug", and would've attached the log here, but I don't know how. If anyone needs to see the log, please send me a link on how to attach a log and I'll do so.
I've tried so many different settings and combinations but i'm still unable to get consistent results. At some point I was able to get the DLU Policy to show up in the ZCM Agent properties with the status of "Not Applied" or "Not Effective" or something to that effect. That was the first time I was able to log in without the DLU applying. However it wasn't consistent among other machines so i kept testing. As it stands now, I have removed any filters and exclusions and now my test machine is not receiving any DLU policy and it should because I assigned the DLU Policy to my entire user base. I am totally lost.
Any help is appreciated.wanman,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
Urgent Group Policy Issue - not applying despite saying it does
Thank you for this urgent help. Auditors checking this out tomorrow morning.
We have a GPO that sets the eventlog audit settings for success or failure security events. The scope is set to Authenticated Users.
When I run the group policy wizard in GPMC it shows the settings applying to one of our servers in that OU.
When I run gpresult/z from that server it shows the policy applying to that server.
But when I go into gpedit.msc the security audit settings are all set to "not defined" and they are grayed out so I can't edit them manually.
As a test I set the GPO to deny applying to that server. I ran gpudpate/force on the system and then gpresult and it shows the GPO now not applying. But the settings are still set to not defined and still not editable. they are not being set by any other GPO.
In the event logs I only see three GPO errors but they are unrelated. A separate GPO is having issues creating user accounts. No other GPOs apply.
Quick help would be fantastic.
Server runs on Windows Server 2008 R2 (I can edit GPO but not the domain ones and I don't have access to the domain controllers).OK, After several hours I figured it out. Turns out there's bugs and odd functionality.
If someone ever tested the 'advanced audit settings' (which I did in the same GPO at some point) then it sets a registry key to disable the use of the older basic audit settings. But when you stop using those advanced settings in your GPO it doesn't remove
that registry bit. So I used the GPO to undo that setting. This was the first step. This is found Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > "Audit: Force audit policy subcategory
settings (Windows Vista or later) to override audit policy category settings" to DISABLED.
Even though this is done, sometimes the GPO files on the domain controllers don't remove the old audit settings. So in the comments of another thread I found out you may have to go to
\\domain-fqdn\SYSVOL\domain-fqdn\Policies\{your-policy-id-where-this-setting-was-originally-set}\Machine\Microsoft\Windows NT\ and delete the Audit folder which is left behind due to some odd bug. If you don't do this even after doing the next step the
next gpupdate will bring that security setting above back down.
Next you have to reset your audit settings on your PC to the defaults. Unfortunately there is no way to do this. Auditpol /clear does not accomplish this. The only way to do this is to take the audit settings from another working system, export them and
then 'restore' those same settings to the affected server. To do this:
1. On 'working system' run cmd.exe as administrator and export the audit settings to a folder like this:
auditpol /backup /file:c:\working-auditpol-settings.txt
2. Copy that file to the broken system such as the C:\ drive and run this on the broken system:
auditpol /restore /file:c:\working-auditpol-settings.txt
Open GPEDIT.MSC and verify the audit settings are back to normal. Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy
Then run gpupdate/force on the formerly broken system. Close gpedit.msc and reopen and verify the settings were not overwritten. If you skipped the sysvol audit folder deletion step they may come back.
Hope this helps someone. -
GPP for Folder Options Not Applying to Windows 7 Current Users
I have a Windows 7 client that I am trying to push a GPP for a folder option. The setting is "Show pop-up description for folder and desktop items".
If a user has already logged into the machine before the policy applied, it will not change the setting.
If a brand new user logs into the machine, the policy is applied.
On users that have logged in previosu to the policy, I can go to the Group Policy folder, check the history folder and I am showing that it is applied in the XML file.
Things I have verified:
Setting is for Windows Vista and Later
Same results on different Windows 7 PCs
Set to run in logged on user context
Apply once and not reapply is NOT checked.
Can anyone help shed some light on this?
Thanks!Hi JiuJitsuJeff,
Sorry for misunderstanding this issue. This GPP for folder option could apply to new users sucessfully, however, could not apply to old users sucessfully. Right?
Firstly, please check if the GPO has applied to old users. You can also run the following command on the problematic workstation when an old user logs on:
Gpresult /h > C:\temp\gpresult.html (“C:\temp\” is the path of the gpresult.html, you can set it yourself). This gpresult.html file is used for checking the result of Group Policy information.
If the GPO setting has been applied according to the result of Gpresult, please check if the value of corresponding registry key has been modified. The corresnponding registry key is shown as following:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced: ShowInfoTip
If the value is 1, this means the value has been modified. Vice versa.
Regards,
Lany Zhang -
Group Policy Pref - Mapped Drives Not Applying to One User
Hi All,
I’m new to this list, so please excuse any etiquette slip ups.
I have three users at a site. All their machines are running Windows XP Service Pack 3 and have client side extensions installed. I created a group policy to map their default drives using GP User Preferences.
Each of the drives is set to "update".
As an example of the policy created XML is as follows:
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="H:" status="H:"
image="2" changed="2009-11-25 05:13:58"
uid="{8A44D2F4-AAE5-4F43-AEEC-D36F08EA619C}" desc="Maps the users H drive to
ServerName\users$\%username%" bypassErrors="1"><Properties action="U"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\users$\%username%" label="Home (ServerName)"
persistent="1" useLetter="1" letter="H"/></Drive>
and
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="J:" status="J:"
image="0" changed="2009-11-30 03:52:58"
uid="{535CD462-A45D-4363-ADA1-2316D5ECC703}" desc="Maps J drive for users to
\\ServerName\apps" bypassErrors="1"><Properties action="C"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\Apps" label="Apps (ServerName)" persistent="1"
useLetter="1" letter="J"/></Drive>
The group policy is applied to an OU for that site.
All three users are in the same OU.
All three users are also in the same “xxsitecode Users” group.
2 of the users log into their pc and get the mapped drives with no issue, but one user doesn’t.
There are no other login scripts and the user has no manually mapped drives.
He does have a H drive mapped using the profile field in his AD object as a temp measure. But every 90 mins any other manually mapped drives are removed by the policy.
We don’t use roaming profiles
To trouble shoot I have tried
- Reinstalling client side extensions
- Re-joining the pc to the domain
- Running gpupdate from the command prompt to see if any event logs are generated (none are)
- Manually mapping the drives to make sure there is network access etc – I can manually map them/he can access them.
- Creating the user a new account, when he logs in using that account he gets his mapped drives on all PC’s
- Getting the user to log into a different pc, when he does this he doesn’t get his drives – so it’s not his machine or profile
- Manually checking the security on the user object in AD against one of the users who gets their drives mapped
I'm sure the GP is fine because it works for two other users and the testing isolates his user account as the issue.
The Policy I’m having issues with is xxxx Mapped Drives/ Printers
I have posted this issue on the tech net GP discussion groups page, but haven’t had any replies.
Any suggestions would be appreciated.
SimoneWhat's interesting is that I applied a new GP to users - it has one policy setting and one preferences setting. He only gets the policy setting.. aka he gets the wallpaper but not the homepage.
Also, Jorke asked me to post the gpresult /z .
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 10/02/2010 at 2:19:34 PM
RSOP results for DOMAIN\USER on MACHINENAME : Logging Mode
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: SITECODE
Roaming Profile:
Local Profile: C:\Documents and Settings\USER.DOMAIN
Connected over a slow link?: No
COMPUTER SETTINGS
CN=MACHINENAME,OU=Laptops,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:06:38 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
au-mdwsus
Default Domain Policy
Legal Notice
Proxy Settings
Logon as service, operating system
AU-WSUS
Desktop Background & Home Page
Reg Permissions for default desktop
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
SITECODE Mapped Drives/ Printers
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The computer is a part of the following security groups:
BUILTIN\Administrators
Everyone
Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
MACHINENAME$
Domain Computers
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for Computer:
Software Installations
N/A
Startup Scripts
GPO: Desktop Background & Home Page
Name: image.bat
Parameters:
LastExecuted: 7:55:34 PM
Name: swiftdesktop.vbs
Parameters:
LastExecuted: 7:55:35 PM
Shutdown Scripts
N/A
Account Policies
Audit Policy
User Rights
Security Options
Event Log Settings
Restricted Groups
System Services
Registry Settings
File System Settings
Public Key Policies
N/A
Administrative Templates
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\CurrentVersion\Winlogon
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Desktop Background & Home Page
Setting: Software\Policies\Microsoft\Internet Explorer\Security
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
USER SETTINGS
CN=Matthew Luhrs,OU=Users,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:54:53 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
**** SITECODE Mapped Drives/ Printers - has Gp Pref's that should apply
Default Domain Policy
Proxy Settings
**** Desktop Background & Home Page - has Gp Pref's that should apply
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
AU-WSUS
Filtering: Not Applied (Empty)
Legal Notice
Filtering: Disabled (GPO)
Reg Permissions for default desktop
Filtering: Not Applied (Empty)
Logon as service, operating system
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
au-mdwsus
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The user is a part of the following security groups:
Domain Users
Everyone
Offer Remote Assistance Helpers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Computer Account Operators
Internet Users
SITECODE Users
DOMAIN-Public Folders Administrators
All Email Users
DOMAINSWIFTEMAIL
Domain Admins
Offer Remote Assistance Helpers
WSUS Administrators
DHCP Administrators
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for User:
Software Installations
N/A
Public Key Policies
N/A
Administrative Templates
N/A
Folder Redirection
N/A
Internet Explorer Browser User Interface
GPO: Proxy Settings
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
HTTP Proxy Server: Proxy:port
Secure Proxy Server: Proxy:port
FTP Proxy Server: Proxy:port
Gopher Proxy Server: Proxy:port
Socks Proxy Server: Proxy:port
Auto Config Enable: Yes
Enable Proxy: Yes
Use same Proxy: Yes
Internet Explorer URLs
GPO: Proxy Settings
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: Proxy Settings
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
GPO: Proxy Settings
Import the current Program Settings: No -
Default Domain Policy Not Applying Settings to Servers or Clients
I have 2008 R2 DC's with a functioning level of 2003. Our domain servers are a mix of 2003, 2008, 2008 R2, and 2012 and our clients are a mix of Windows 7 Pro and Windows 8.1 Pro.
I recently made a change to the Default Domain Policy located at Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options
For the Security Policy setting called: Network security: Configure encryption types allowed for Kerberos
The change was to enable DES because of a specific need that I have with an application that I work with but enabling DES and leaving the other options such AES unselected caused other applications to not work right. I decided to revert the changes
back to "Not Defined" but those changes did not reflect on the servers even after running the gpupdate /force command.
In order to keep the application working that broke, we enabled all of the encryption levels such as DES, AES, etc. on the server that's running the application via it's Local Security Policy as a temporary fix.
Now, I want to make sure all servers receive the settings from the Default Domain Policy and have their Local Security Policies reflect the "Not Defined" setting but it's not applying. It seems like they worked when I first applied them but
when I try to remove them it does not work.
If I change the setting directly on the Local Security Policy on the server or clients it shows "No minimum" instead of "Not Defined" which I've heard can be fixed by identifying the registry entry for that setting and deleting it...so
help with the location and how to identify that key would also be helpful.
My goal is not to manually have to change servers and clients to revert back to their default settings...I want the Domain policy to apply and override the servers and client's Local Security Policy.
Any help with this would be greatly appreciated and thank you in advance.I have 2008 R2 DC's with a functioning level of 2003. Our domain servers are a mix of 2003, 2008, 2008 R2, and 2012 and our clients are a mix of Windows 7 Pro and Windows 8.1 Pro.
I recently made a change to the Default Domain Policy located at Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options
For the Security Policy setting called: Network security: Configure encryption types allowed for Kerberos
refer:
http://technet.microsoft.com/en-us/library/jj852180(v=ws.10).aspx
We needed to implement a similar scenario a few years ago (when we introduced Windows7 into our estate).
We had an SAP/NetWeaver implementation which always worked on WinXP, but failed on Win7.
We had to enable the DES ciphers, since those were disabled by default in Win7. We discovered that we also needed to enable all the other ciphers (those which are enabled by default[not configured]).
i.e., when we changed the setting from "Not Configured", enabled DES, and left the RC4/AES stuff untouched by us, the RC4/AES stuff attracted a status of disabled.
So, we had to set the DES ciphers to Enabled, and, also set the RC4/AES ciphers to Enabled - this gave us the "resultant" enablement of the default stuff and the needed change/addition of DES.
When you set a GP setting "back to Not Configured", depending upon the setting *AND* the individual Windows feature itself - one of two things will happen:
a) the feature will "revert" to default behaviour
b) the feature will retain the current configured behaviour but becomes un-managed
In classic Group Policy terms, condition (b) above is often referred to as "tattooing", i.e., the last GP setting remains in effect even though GPMC/RSOP/etc does not reveal that to be the case.
(This is also a really good example of not doing this sort of stuff in the DDP. It could have borked your whole domain :)
What I'd suggest, is that you re-enable your ciphers for KRB settings again - this time, enable all the ciphers that would normally be "default", let that replicate around, and allow time for domain members to action it.
Then, set the setting back to Not Configured. This way, the "last" settings issued by GP will be those you want to remain as the "legacy".
Note: the GP settings reference s/sheet, has this to say:
Network security: Configure encryption types allowed for Kerberos
This policy setting allows you to set the encryption types that Kerberos is allowed to use.
If not selected, the encryption type will not be allowed. This setting may affect compatibility with client computers or services and applications. Multiple selections are permitted.
This policy is supported on at least Windows 7 or Windows Server 2008 R2.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Policies not applying + Computer name resolution failure
Hi everyone,
We are having issues with the applying of GPOs on our client PCs. We have two DCs - one (Lomu) configured with the master FSMO roles. The issue is completely intermittent, affecting a lagre number of machines that have been reimaged over the Summer (approx.
50 out of 150 machines reimaged are affected).
The results of a dcdiag are below:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine LOMU, is a Directory Server.
Home Server = LOMU
* Connecting to directory service on server LOMU.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ryburn,DC=inte
rnal,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ryburn,DC=inte
rnal,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=VM-MARADONA,CN=Servers
,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\LOMU
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... LOMU passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\LOMU
Starting test: Advertising
The DC LOMU is advertising itself as a DC and having a DS.
The DC LOMU is advertising as an LDAP server
The DC LOMU is advertising as having a writeable directory
The DC LOMU is advertising as a Key Distribution Center
The DC LOMU is advertising as a time server
The DS LOMU is advertising as a GC.
......................... LOMU passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... LOMU passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... LOMU passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... LOMU passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 min
utes.
......................... LOMU passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
Role Domain Owner = CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
Role PDC Owner = CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Default-First-S
ite-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
Role Rid Owner = CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Default-First-S
ite-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
Role Infrastructure Update Owner = CN=NTDS Settings,CN=LOMU,CN=Servers,
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
......................... LOMU passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC LOMU on DC LOMU.
* SPN found :LDAP/LOMU.ryburn.internal/ryburn.internal
* SPN found :LDAP/LOMU.ryburn.internal
* SPN found :LDAP/LOMU
* SPN found :LDAP/LOMU.ryburn.internal/RYBURN
* SPN found :LDAP/8ee4cad0-4018-428e-b85b-07af05cf933c._msdcs.ryburn.in
ternal
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/8ee4cad0-4018-428e-b8
5b-07af05cf933c/ryburn.internal
* SPN found :HOST/LOMU.ryburn.internal/ryburn.internal
* SPN found :HOST/LOMU.ryburn.internal
* SPN found :HOST/LOMU
* SPN found :HOST/LOMU.ryburn.internal/RYBURN
* SPN found :GC/LOMU.ryburn.internal/ryburn.internal
......................... LOMU passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC LOMU.
* Security Permissions Check for
DC=ForestDnsZones,DC=ryburn,DC=internal
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=ryburn,DC=internal
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=ryburn,DC=internal
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ryburn,DC=internal
(Configuration,Version 3)
* Security Permissions Check for
DC=ryburn,DC=internal
(Domain,Version 3)
......................... LOMU passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share
\\LOMU\netlogon
Verified share
\\LOMU\sysvol
[LOMU] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... LOMU failed test NetLogons
Starting test: ObjectsReplicated
LOMU is in domain DC=ryburn,DC=internal
Checking for CN=LOMU,OU=Domain Controllers,DC=ryburn,DC=internal in dom
ain DC=ryburn,DC=internal on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal in domain CN=Configuration,
DC=ryburn,DC=internal on 1 servers
Object is up-to-date on all servers.
......................... LOMU passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
[Replications Check,LOMU] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
error 0x2105 "Replication access was denied."
......................... LOMU failed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 11603 to 1073741823
* LOMU.ryburn.internal is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 11103 to 11602
* rIDPreviousAllocationPool is 11103 to 11602
* rIDNextRID: 11249
......................... LOMU passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
Could not open NTDS Service on LOMU, error 0x5 "Access is denied."
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... LOMU failed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... LOMU passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=LOMU,OU=Domain Controllers,DC=ryburn,DC=internal and backlink on
CN=LOMU,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration
,DC=ryburn,DC=internal
are correct.
The system object reference (serverReferenceBL)
CN=LOMU,CN=Domain System Volume (SYSVOL share),CN=File Replication Serv
ice,CN=System,DC=ryburn,DC=internal
and backlink on
CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=ryburn,DC=internal
are correct.
The system object reference (frsComputerReferenceBL)
CN=LOMU,CN=Domain System Volume (SYSVOL share),CN=File Replication Serv
ice,CN=System,DC=ryburn,DC=internal
and backlink on CN=LOMU,OU=Domain Controllers,DC=ryburn,DC=internal
are correct.
......................... LOMU passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ryburn
Starting test: CheckSDRefDom
......................... ryburn passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ryburn passed test CrossRefValidation
Running enterprise tests on : ryburn.internal
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name:
\\LOMU.ryburn.internal
Locator Flags: 0xe00033fd
PDC Name:
\\LOMU.ryburn.internal
Locator Flags: 0xe00033fd
Time Server Name:
\\LOMU.ryburn.internal
Locator Flags: 0xe00033fd
Preferred Time Server Name:
\\LOMU.ryburn.internal
Locator Flags: 0xe00033fd
KDC Name:
\\LOMU.ryburn.internal
Locator Flags: 0xe00033fd
......................... ryburn.internal passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... ryburn.internal passed test Intersite
Just wondering if anyone has similar issues as us on this?
When running gpupdates, we receive this message:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Thanks,
Tom.Hi,
I would suggest you check the group policy service log under event viewer\Applications and Services log\Microsoft\Windows\Group Policy, find the error log and check the Details, then apply the solutions mentioned in the link below depending on the detailed
error code.
http://technet.microsoft.com/en-us/library/dd392593(v=ws.10).aspx
As
arnavsharma mentioned, members in GP forum are more familiar with this topic.
Yolanda Zhu
TechNet Community Support -
Group policy Preference - Internet Option setting not applying
Hi,
I’m not very sure if any of you have encounter this strange issue when
configuring GPP -> Internet option setting for window 7 IE9 or IE11.
The following
are spec of OS and IE version used in my environment.
Window Server
2012 R2 (IE 10)
Window 7 (IE9
and IE11)
Recently I
have deployed proxy setting via GPP as I do not have IEM under my GPMC console.
Once the setting is been configured and deployed, I have notice that the GPO do
not apply after the user login. The following scenarios is what we observed.
1) User boot up the machine, Login and proxy setting will not applied
1a) gpupdate /force -> Proxy Settings applied
1b) setting will be removed after the GPO refreshed
2) User boot up the machine, Login and proxy setting will not apply
2a) User logoff and login proxy setting applied.
2b) Setting will be removed after the GPO refreshed
Kindy advise
if there is any solution to ensure that the setting apply whenever the user
login and stay intact even after the gpo refreshed by itself.Hi,
>>1a) gpupdate /force -> Proxy Settings applied
>>1b) setting will be removed after the GPO refreshed
Based on the description, we can run command gpresult/h report.html to collect group policy result reports to compare how the settings are being applied.
Besides, have we installed the following hotfix on the computers with IE 9? If not, we can try to install the hotfix.
Internet Explorer Group Policy Preferences do not apply to Internet Explorer 9 in a Windows Server 2008 R2 domain environment
https://support.microsoft.com/en-us/kb/2530309?wa=wsignin1.0
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Windows Server 2012 R2 - ALL HF's Failing to install as "Does Not Apply to this computer"
Hi,
A general question about hot fix installs.
I have multiple servers that are all Windows 2012 R2. They do not have internet connections, so I have to install the Hotfixes manually. I download the HF's from the ISO download page (https://support.microsoft.com/en-us/kb/913086) every month. I collect them and install in a bulk install during a release cycle ( a couple times a year). I just realized that NO HF's have installed since JUNE 2014. Every HF that shows up in WindowsServer2012R2 directory fail to install with a message of "The update is not applicable to your computer". Which is fine if that was true, but.... I get this message for every HF from the ISO's since June 2014. NOT one HF thinks it is applicable to my computer. Could that be the case? No HF's apply to my Server 2012 systems since June of 2014?
This is my system info, and below that is the results from attempting to install 95 HF's.
C:\TEMP>systeminfo
Host Name: MYHOST
OS Name: Microsoft Windows Server 2012 R2 Datacenter
OS Version: 6.3.9600 N/A Build 9600
OS Manufacturer: Microsoft Corporation
OS Configuration: Member Server
OS Build Type: Multiprocessor Free
Registered Owner: Windows User
Registered Organization:
Product ID: 00252-80025-36226-AA727
Original Install Date: 6/13/2014, 8:04:39 AM
System Boot Time: 3/16/2015, 2:34:45 PM
System Manufacturer: Dell Inc.
System Model: PowerEdge R720
System Type: x64-based PC
Processor(s): 2 Processor(s) Installed.
[01]: Intel64 Family 6 Model 62 Stepping 4 GenuineInt
el ~2500 Mhz
[02]: Intel64 Family 6 Model 62 Stepping 4 GenuineInt
el ~2500 Mhz
BIOS Version: Dell Inc. 2.2.2, 1/16/2014
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-07:00) Mountain Time (US & Canada)
Total Physical Memory: 262,099 MB
Available Physical Memory: 249,337 MB
Virtual Memory: Max Size: 301,011 MB
Virtual Memory: Available: 288,015 MB
Virtual Memory: In Use: 12,996 MB
Page File Location(s): C:\pagefile.sys
Domain: mydomain.sgn
Logon Server: \\MYHOST
Hotfix(s): 25 Hotfix(s) Installed.
[01]: KB2862152
[02]: KB2868626
[03]: KB2876331
[04]: KB2888505
[05]: KB2892074
[06]: KB2893294
[07]: KB2893984
[08]: KB2898785
[09]: KB2898868
[10]: KB2898871
[11]: KB2900986
[12]: KB2901125
[13]: KB2901128
[14]: KB2909210
[15]: KB2909921
[16]: KB2912390
[17]: KB2916036
[18]: KB2919442
[19]: KB2922229
[20]: KB2923392
[21]: KB2925418
[22]: KB2930275
[23]: KB2931358
[24]: KB2931366
[25]: KB2936068
Network Card(s): 6 NIC(s) Installed.
[01]: Broadcom BCM57800 NetXtreme II 10 GigE (NDIS VB
D Client)
Connection Name: ISCSI
DHCP Enabled: No
IP address(es)
[01]: 192.168.1.30
[02]: fe80::38c9:e59c:5ac2:e0a1
[02]: Broadcom BCM57800 NetXtreme II 1 GigE (NDIS VBD
Client)
Connection Name: NIC3
Status: Hardware not present
[03]: Broadcom BCM57800 NetXtreme II 1 GigE (NDIS VBD
Client)
Connection Name: MGMT
DHCP Enabled: No
IP address(es)
[01]: 7.48.64.32
[02]: 7.48.64.30
[03]: fe80::f14e:9339:9326:c7fd
[04]: Broadcom BCM57810 NetXtreme II 10 GigE (NDIS VB
D Client)
Connection Name: SLOT 5 Port 1_swport_VMRepwan
DHCP Enabled: Yes
DHCP Server: N/A
IP address(es)
[05]: Broadcom BCM57800 NetXtreme II 10 GigE (NDIS VB
D Client)
Connection Name: NIC2
Status: Hardware not present
[06]: Broadcom BCM57810 NetXtreme II 10 GigE (NDIS VB
D Client)
Connection Name: SLOT 5 Port 2_swport_VMOpswan
DHCP Enabled: Yes
DHCP Server: N/A
IP address(es)
Hyper-V Requirements: A hypervisor has been detected. Features required for
Hyper-V will not be displayed.
I have a script that runs each HF install.. If I run them manually without the tool I get the same results so it is not the script..
Installing 95 patches
for Microsoft Windows Server 2012 R2 Datacenter x64
Repository path: U:\Patch Repository_4_1\2012_R2_HFs\
1. Windows8.1-KB2894852-v2-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
2. Windows8.1-KB2894856-v2-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
3. Windows8.1-KB2920189-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
4. Windows8.1-KB2926765-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
5. Windows8.1-KB2928120-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
6. Windows8.1-KB2931358-x64.msu patch status: ALREADY INSTALLED - SKIPPING
7. Windows8.1-KB2931366-x64.msu patch status: ALREADY INSTALLED - SKIPPING
8. Windows8.1-KB2933826-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
9. Windows8.1-KB2939576-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
10. Windows8.1-KB2953522-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
11. Windows8.1-KB2957151-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
12. Windows8.1-KB2957189-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
13. Windows8.1-KB2957689-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
14. Windows8.1-KB2961072-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
15. Windows8.1-KB2961887-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
16. Windows8.1-KB2962872-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
17. Windows8.1-KB2964718-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
18. Windows8.1-KB2964736-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
19. Windows8.1-KB2965788-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
20. Windows8.1-KB2966072-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
21. Windows8.1-KB2966826-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
22. Windows8.1-KB2966828-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
23. Windows8.1-KB2971850-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
24. Windows8.1-KB2972213-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
25. Windows8.1-KB2972280-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
26. Windows8.1-KB2973114-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
27. Windows8.1-KB2973201-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
28. Windows8.1-KB2973351-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
29. Windows8.1-KB2974008-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
30. Windows8.1-KB2976627-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
31. Windows8.1-KB2976897-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
32. Windows8.1-KB2977292-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
33. Windows8.1-KB2977629-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
34. Windows8.1-KB2978668-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
35. Windows8.1-KB2982794-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
36. Windows8.1-KB2982998-v2-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
37. Windows8.1-KB2987107-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
38. Windows8.1-KB2987114-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
39. Windows8.1-KB2988948-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
40. Windows8.1-KB2992611-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
41. Windows8.1-KB2993651-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
42. Windows8.1-KB2993958-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
43. Windows8.1-KB3000061-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
44. Windows8.1-KB3000483-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
45. Windows8.1-KB3000869-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
46. Windows8.1-KB3001237-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
47. Windows8.1-KB3002657-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
48. Windows8.1-KB3002885-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
49. Windows8.1-KB3003057-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
50. Windows8.1-KB3003381-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
51. Windows8.1-KB3003743-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
52. Windows8.1-KB3004150-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
53. Windows8.1-KB3004361-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
54. Windows8.1-KB3004365-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
55. Windows8.1-KB3005607-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
56. Windows8.1-KB3006226-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
57. Windows8.1-KB3008923-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
58. Windows8.1-KB3008925-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
59. Windows8.1-KB3010788-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
60. Windows8.1-KB3011780-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
61. Windows8.1-KB3013126-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
62. Windows8.1-KB3013455-v2-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
63. Windows8.1-KB3014029-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
64. Windows8.1-KB3018943-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
65. Windows8.1-KB3019215-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
66. Windows8.1-KB3019978-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
67. Windows8.1-KB3020393-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
68. Windows8.1-KB3021674-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
69. Windows8.1-KB3021952-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
70. Windows8.1-KB3023607-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
71. Windows8.1-KB3036197-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
72. Windows8.1-KB3021953-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
73. Windows8.1-KB3022777-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
74. Windows8.1-KB3023266-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
75. Windows8.1-KB3023562-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
76. Windows8.1-KB3024663-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
77. Windows8.1-KB3029944-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
78. Windows8.1-KB3030377-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
79. Windows8.1-KB3031432-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
80. Windows8.1-KB3032323-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
81. Windows8.1-KB3032359-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
82. Windows8.1-KB3040335-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
83. Windows8.1-KB3033408-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
84. Windows8.1-KB3033889-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
85. Windows8.1-KB3034196-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
86. Windows8.1-KB3034344-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
87. Windows8.1-KB3035017-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
88. Windows8.1-KB3035034-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
89. Windows8.1-KB3035126-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
90. Windows8.1-KB3035131-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
91. Windows8.1-KB3035132-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
92. Windows8.1-KB3037634-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
93. Windows8.1-KB3039066-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
94. Windows8.1-KB3044132-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
95. Windows8.1-KB3046049-x64.msu patch status: DOES NOT APPLY TO THIS COMPUTER
Thanks,
Dave
Hi Dave,
Would you please check CBS lg file and other relevant event logs if find more clues? On current situation, please refer to following article and check if can help you.
Update is not applicable to your computer- but it is
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
I just purchased Adobe Illustrator and I cant find the serial number. When I try to download using Cloud it says it does not support my computer system. Just yesterday I finished my trial. What shall i do?
To locate the serial number:
http://helpx.adobe.com/x-productkb/global/find-serial-number.html
http://helpx.adobe.com/x-productkb/policy-pricing/serial-number-retrieval-process-faq.html -
I needed to install a previously purchased CS6 versus on new computer. To do this, I had to download a version from CC. I will not be using CC. How do I activate Photoshop under my license so that it does not stop working when I am out of communication range a month from now?
The CC version will not activate with your perpetual CS6 license. Download the version from here:
http://helpx.adobe.com/x-productkb/policy-pricing/cs6-product-downloads.html
Your number should work with this version. -
Good evening I would please help me, IGood evening I would please help me, I have problems with flash player when update on my computer Flash Player for windows 8, gives me error in the installation that is not apply on my computer. Please help. Thank You
First, confirm that ActiveX Filtering is configured to allow Flash content:
https://forums.adobe.com/thread/867968
Internet Explorer 11 introduces a number of changes both to how the browser identifies itself to remote web servers, and to how it processes JavaScript intended to target behaviors specific to Internet Explorer. Unfortunately, this means that content on some sites will be broken until the content provider changes their site to conform to the new development approach required by modern versions of IE.
You can try to work around these issues by using Compatibility View:
http://windows.microsoft.com/en-us/internet-explorer/use-compatibility-view#ie=ie-11
If that is too inconvenient, using Google Chrome may be a preferable alternative. -
User Group Policy Settings not applied to new user profiles at first logon
Good Afternoon,
We have an issue that occurs to a new user when they first log on to their machines. They log on and a new profile creates from the Default User Profile. We can see that a number of our Group Policy Settings applied as "User Configuration" are
not applying.A log off and back on is required before the policies apply.
Any thoughts to this behaviour please?
Regards
LeeB
Lee Bowman MCITP MCTSHi,
How about your problem now? How many system encounter this problem? Is all policy couldn't be applied? Is there any feedback when using gpresult to check policy applied status?
As Group Policy applies after user identity authentication, generally speaking, user logoff and back doesn't helpful with this problem.
When this problem occures, have you checked event log if it identify this problem?
Roger Lu
TechNet Community Support
Maybe you are looking for
-
Project settlement to CO-PA and BAdI for automatic creation of rules
Hello SAP experts! I have managed to implement settlement rule strategy to CO-PA for sales project WBS-elements, which automatically creates the settlement rules for WBS-elements with billing indicator. One or more sales order items are assigned to t
-
SelectBooleanCheckbox in RIch:datatable
Hello All, I have data table with some actions(column 1, column 2, column 3 , delete, update).. And selectBooleanCheckbox for checking before start delete, its must mandatory before any actions. I added validator vor selectBooleanCheckbox to make it
-
Does anyone know if the Accelerometer (An accelerometer detects when you rotate iPod touch from portrait to landscape, then automatically changes the contents of the display, so you immediately see the entire width of a web page) works in Mail? When
-
ABAP Function Module Example to move data from one Cube into Another
Hi experts, Can any please help out in this ..? A Simple ABAP Function Module Example to move data from one Cube into Another Cube (How do i send the data from one client to another client using Function moduel). Thanks -Upen. Moderator message: too
-
How do I create edible fields in Acrobat DC. I need contain font size, font and color. Please help