Itunes and group policy
Hi all,
I'm trying to deploy iTunes via published group policy package. I have modified the MSI package with ORCA. The setup goes fine but at the end it fails by the ipodservice.exe. It says the user does not have permission to install service. Anyone knows how to overcome this (with non-admin user of course) ?
try this in your package
1. create a custom action that runs the iPodService.exe file (found in the c:\program files\ipod\bin folder) with a /service
2. I placed this custom action last in the InstallExecute sequence.
Similar Messages
-
Windows 7 DNS and Group Policy Issues
Hi,
We have several suites of Windows 7 domain connected PC's.
In one of the suites I have been called into look at 3 different PC's where the users have not got mapped drives, desktop backgrounds, internet connectivity - because their group policies have not applied.
When I look at the error logs I find DNS 1014 errors, and Group Policy 1054 errors.
I have looked at the logs on the switches, and there is nothing on them - Could a pupil pulling the network cable out cause these errors?... Possibly they could have put it back in before I got back in the room.
The user logs off of the PC and back on again and are fine, as are the users that logon after them.
We have 2 DC's/DNS servers, which I would have thought would be able to cope with the load here.
Please let me know what you think the likely cause could be.Hello John555444,
What is your current situation?
Is this issue resolved?
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support -
Deploy itunes using group policy
I've found a few links out there and I feel like I'm really close, but I can't get iTunes to work via MS Group Policy Deployment. I've followed this article: http://techierambles.blogspot.com/2011/01/deploy-itunes-or-quicktime-msi-files.h tml but I'm not sure if things have just changed too much since 10.1 or what.
My main issue, I believe, is that I can't get the Apple Application Support MSI to deploy. I've tried assigning it and publishing it, but no joy. However, without that MSI the iTunes MSI won't install properly. Anyone ever run into this?
Windows Server 2008, Windows 7 clients, iTunes 10.5.2 64-bit, no QuickTime (not a requirement in the newest version of iTunes).
Thanks,
LaurenI've found a few links out there and I feel like I'm really close, but I can't get iTunes to work via MS Group Policy Deployment. I've followed this article: http://techierambles.blogspot.com/2011/01/deploy-itunes-or-quicktime-msi-files.h tml but I'm not sure if things have just changed too much since 10.1 or what.
My main issue, I believe, is that I can't get the Apple Application Support MSI to deploy. I've tried assigning it and publishing it, but no joy. However, without that MSI the iTunes MSI won't install properly. Anyone ever run into this?
Windows Server 2008, Windows 7 clients, iTunes 10.5.2 64-bit, no QuickTime (not a requirement in the newest version of iTunes).
Thanks,
Lauren -
How do I setup Active Directory and Group Policy on Windows Server 2012?
I work for a school district that uses a Windows 2012 server with about 400 Windows 7 PCs and 150 Mac PCs. We are set up with Roaming Profiles on the PCs and would like to be able to setup Active Directory, Group Policy, and Roaming Profiles on our macs. (We also have a mac server that they are using as a file server only) As we are a school, our funds are very low. Now for the questions...
Is there a software that allow us to accomplish this?
Is there a free solution or a very reduced price option to do this?
I heard that http://www.centrify.com/products/mac-edition.asp may accomplish this and I read something about it on here but didn't know if this is what I was really trying to do becuase it was marked as "The Golden Triangle" and did not mention Raoming Profiles. This is the link though: https://discussions.apple.com/message/17200059#17200059
Any help would be greatly appreciated.The above reply does not take into account that I am trying to use GROUP POLICY EDITOR to make it the default browser.
-
Access Connections and Group Policy generated network profiles
Hello,
We are in the middle of rolling out 3500 T400 machines and are having fits with Access Connections 5.02. We have a default in-house Preferred Wireless Network Profile that is created on each machine via Group Policy. This works fine with AC and everything does what is supposed to do when our users are in our buildings. When our users go offsite, we have nothing but fits with AC and trying to set up any other WAN connections.
If users set up a new network connection, we are asking them to set it up thru AC. We have had them try using both the "Use Windows to Configure Wireless Network" as well as "IEEE 802.1X Authentication". Once the network connection is set up, for some, the wireless will work for a short period (a week or so) and then will no longer detect network connections. The user nor the client site has made any changes to the wireless configuration.
Others will have a stable connection wirelessly until they connect over VPN – VPN will drop in a few minutes after connection. They can then sometimes reconnect after a reboot; but the instability is a constant problem.
It seems to me that the problem could all be traced back to GP enforcement, which occurs every 8 hours when connected to our network. If a user is offline for several days, then connects up to check email or transfer time or whatever, then they are kicked off. If a user connects via VPN, they are kicked off within minutes - again potentially traceable to GP enforcement.
Has anyone else dealt with this scenario of Preferred Wireless Network policies and Access Connections?
Thanks!Try going back to AC 4.52, which solved the problems i was having with AC5.02 (freezes, BSOD, loss of wireless connections when coming out of standby, GUI problems) on Vista Home Premium. Scroll down for prevous versions of AC5.02 here:
http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-67283
I do not use a VPN system so AC4.52 may not help your 3500 Thinkpads.
Lenovo (Mark_Lenovo) knows there are problems with AC5.02 for the last three (or more ) months and have stated that AC 5.1 will solve the problems, but it has not been released as far as I know. There are many threads on AC5.02 on this forum and also on thinkpads.com
the Lenovo Blog site also has an update on AC5.02 ;under "Design Matters" on how they selected the graphics for wireless connections - the responses there offer some suggestions to fix the problems.
T60: 6371-CTO, VISTA Home Premium+SP1, 2GB....R51: 1836-Q4U,XP,1GB...600...755CD -
Anyconnect tunnel-group and group-policy from LDAP
Recently we've changed from LOCAL to LDAP authentication and added additional group-policies for different users to increase security.
To prevent users from selecting an incorrect group-policy, the LDAP server provides a IETF-Radius-Class value which matches the different group-policy names.
It is my understanding that the authentication method is provided by the tunnel-group.
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group LDAP_AD
This all works, but for _one_ of the group policies i'd like to enable (external) two factor authentication. Two enable two factor auth a 'secondary-authentication-server-group' needs to be set in the tunnel-group.
Creating a tunnel-group which maches the name of the group-policy doesn't seem to have any effect. When listing the connected users via "show vpn-sessiondb anyconnect", it always states the correct Group Policy but also always DefaultWEBVPNGroup.
When enabling the listing of tunnel-groups for webvpn, thus allowing users to select their own tunnel-group, the two factor auth does work.
To summarize, is it possible to let LDAP decide which tunnel-group is used or is there another way to have different group policies without users being able to choose ?Fabian,
Your connection lands on a tunnel group and picks a group policy.
A typical way to overcome the problem you're indicating is by using group-url.
a URL is bound to a specific tunnel-group and allows you to land directly on the one you desire.
vide:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html
M. -
Difference between domain controllers and group policy objects in GPMC
Hello,
Am in confusion, someone can tel me the difference between
1.Domain controllers>default domain controller policy and
2.Group policy object>default domain controller policy
In Group policy management console and also i would like know where to define these categories. I normally use second option.
I have attached screenshot for your information.
regards,
Dharanesh,This first/upper item is a link to the GPO, the second/lower item is the actual GPO.
(notice the link, has a shortcut arrow showing)
by default, when you double-click on a link, a message will display which says "you have clicked on a link....." and the messagbox offers a checkbox for "do not display this message again..."
Effectively they are equivalent to a shortcut-to-a-file vs. the actual file.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Demoting a DC and Group policy, help needed.
Hi all,
so we have 3 domain controllers, lets say dc1,dc2 and dc3. We have the 3rd line assistance from another company, they have advised the following....
SO the stages will be
1) Can you please go through all the GPO's in DC3 and consolidate what you need and what you do not need, you need to extensively cross reference this with DC1 and DC2, this is something you have to do. As I will not know what you need and what you do
not. You can do this by logging into each domain controller and opening up the settings of each GPO and cross referencing.
2) Once the above is done, we will consolidate the GPO's to a central repository in your domain
3) Backup Sysvol directory and Netlogon folder in DC3
3) Proceed to dcpromo DC3 out of the domain
4) Test connectivity if clients to the AD
5) Add the additional Server options
6) All of the above can be done during office hours.
it was my understanding (perhaps wrongly) that the group policies were not on the individual Domain Controllers but in Sysvol and as such replicated anyway?
any advice would be very much appreciated.> I am being told that our Group policies are different across different
> Domain Controllers and to my knowledge that's impossible as we have
> discussed it should be in the replicated Sysvol.
Ok, that's a common problem. Fix it and you will be fine:
http//support.microsoft.com/kb/2218556 (for DFS-R Replication of Sysvol)
http://support.microsoft.com/kb/315457 (for NTFRS replication)
> I'm a bit lost on the central repository aspect but prior to saying it
> makes no sense I just wanted to check my understanding, especially with
> an MVP!
I agree. Talking of a "central repository" fro group policy doesn't make
sense, because group policy from the very beginning lives in AD and
sysvol, which both are kind of "central repository". Seems they don't
really know what they're talking about :)
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
IE 8 Trusted sites list and Group Policy
Hi all
I have a problem deploying some IE trusted sites to all our users.
I have previously been able to do this by editing the Local Group Policy, but am finding that what ZCM is telling me now, doesn't make sense. Here's what I'm doing when I edit the policy:
GP Helper in the ZCM console brings up the Group Policy window, then I proceed as follows:
Local Computer Policy / User Configuration / Internet Explorer Maintenance / Security / Security Zones and Content Ratings, click Continue to the prompt about Enhanced Security Configuration, then click Modify Settings.
When I go to the Security tab and open Trusted Sites, the sites I entered are no longer listed (the list is empty), BUT if I try to add the sites back in, I am told that "This Site is already in the Trusted Sites Zone".
If I log on as a user that has this policy applied, the sites are not in the Trusted Sites list.
I really don't want to be in position where I have to do this through a bundle, I figure that's what policy is for! I'm also concerned that if this part of policy is showing some weirdness, maybe other parts of my policy are no longer being applied properly too.
Just a bit stumped at the moment. Has anyone else seen this issue, or has any suggestions for me?Spearse,
I just tried this with IE7, and it worked as advertised... I would
suggest you look at the logs to see if there are any errors
Shaun Pond -
Hello,
how many group-policy can I configure on PIx 515E with release 7.x?
Thanks in advance
B.The number of group-policy is important for me because I've many vpn-client sessions that refer to only one vpn-group.
By radius I authenticate the user and I send to pix the name of group policy that contains the specific address-pool and the split-tunneling acl.
In this way I can associate per-user the address-pool and the split-acl.
The best way would be to have only one group-policy and to send by radius the name of addrress pool and the name of split acl but the pix seems no support these parameters.
Thanks B -
ZENworks 6.5 SP1b And Group Policy Editor Problems
I just installed ZENworks 6.5 SP1b on a brand new test server that I am
running. I have no users or strain on the server. After I installed the
service pack it started take about 20 to open the Group Policy Editor for
a user policy and about a minute 20 to close it. I was using it before the
upgrade and it only took like 10 seconds to close before. What's up? Can
any one help?Yeah Sorry I clicked the wrong one
> I presume someone will help in the Desktops forum, since this is for
> server management...
>
> --
>
> Shaun Pond
>
> -
Need help with Adobe Reader 11.0.0.8 and Group Policy Objects
I am trying to deploy Adobe Reader 11.0.0.8 using Adobe Reader.
I am using the AcroRead.msi I found in
C:\Program Files (x86)\Adobe\Reader 11.0\Setup Files\{AC76BA86-7AD7-1033-7B44-AB0000000001}
HOWEVER
Instead of installing 11.0.0.8 it installs 11.0.0.0
I have not had anyone complain about it asking for an update. But I'm sure it's only a matter of time. (I know about the customization which could prevent the updates, but I can't figure out how to get the correct version installed is the issue not the updates).
So if I run the Setup.exe it ends up installing 11.0.0.8 but AcroRead.msi I think only installs 11.0.0.0
Obviously you can't give a GPO an .exe so it's a closed loop. You can't use an .exe to install the proper version. And you can't install the proper version because you can't use an .exe
You can only use the .msi which apparently only does 11.0.0.0
I've been trying this that, have done jumping jacks and back flips trying to fix this (tried different versions, different approaches to this, nothing seems to work)
Need some help. THIS IS WAYYYYYYY WAYYYYYYYYYYY Overcomplicated btw, shouldn't be this complicated for something so mundane.A couple of approaches and all involve a bit of work.
Three steps:
Do the install of the 11.0.0 MSI at the command line
Then follow it with the 11.0.07 Updater MSP at the command line
Finally the 11.0.08 Security Patch MSP at the command line.
AIP
Create the AIP from the three files above then then run the MSI from the command line. -
Does anybody know of ADM templates for Safari?
We need all of our users to be directed at a certain page when they launch their browser, but unless we can achieve this with Safari, we will have to ban it on our network
CheersHi jani, this site should be helpful and the following one:
http://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.html
http://www.adobe.com/products/flashplayer/fp_distribution3.html
Thanks,
eidnolb -
How can I install iTunes using Group Policy?
I have extracted msi files from installer and edited to install in English (strange Chinese thing going on). I don't want all components. Bonjor and Apple Software Update are not necessary if not inconvenient as the updater will surely need admin rights which users do not have. As it is iTunes installs but is dependant on QuickTime (also deployed via group policy); this seems to install OK but needs to be launched before iTunes recognises that it is installed. I am also getting an error on iTunes launch regarding CD import. This is getting to be a chore especially considering Apple has already done the packaging. Any advice would be apreciated.iTunes itself enlists the files as usual, but the track time is "not defineable" or something like that.
hiya!
for that one, first try deselecting error correction in your importing preferences. if no joy with that, try the other suggestions given here:
http://docs.info.apple.com/article.html?artnum=93453
... and these resources might be helpful with that:
http://docs.info.apple.com/article.html?artnum=300252
http://discussions.apple.com/click.jspa?searchID=-1&messageID=607642
keep us posted.
love, b -
Group Policy Guru? Group Policy and Windows 7 erratic and inconsistant.
(*If you don't feel like reading everything, skip to the bottom two paragraphs for my questions)
I've had a premier call open with MS since August. This week I had a Microsoft Technician in-house. Though we eliminated some possibilities, we're not really closer to a cause or solution.
Every time we work with an expert, I get a different explanation to describe the situation we are viewing.
Quick summery of the issue: We've been using Group Policy to manage most Windows XP and 7 settings for years, but starting the middle of last year, we began having clients with machines where some or all group policies would fail to apply.
These could be long assigned policies, new polices, or changes to policies. It would never affect everyone or even a majority at once, and the resolution is never the same. Sometimes a GPUDPATE /FORCE sometimes fixed automajically the next day,
sometimes (but very rarely) longer.
Troubleshooting History:
What we found in early troubleshooting, that these machines, had errors in Event Viewer for Netlogon, Time-Sync, and Group Policy. The other issue we noticed, was that our GPRESULT /H reports were missing security groups and the denied section was
nothing but SSID's. The first issue pointed me to:
Event ID 5719 and event ID 1129 may be logged when a non-Microsoft DHCP Relay Agent is used
I installed these Hot Fixes. No change to any of the errors in event viewer, or to our Group Policy problems.
Initial work with Premier Support found that Netlogon, Time-Sync, and Group Policy, were failing before loading of the network stack. The suggestion was to apply the group policy setting "Always wait for the network at computer startup and
logon". At the time, this seemed not to work. The policy was set on a test bed of laptops and desktops, and no changes in behavior were seen after 3 days.
Windows 7 Clients intermittently fail to apply group policy at startup
For some time after this, we were collecting GPSVC and NetTrace logs for Premeir Support, trying to document and troubleshoot the problem. Eventually we got fed up and asked our TAM to call in a pro to get this resolved. We were sent an engineer
for 3 days. For three days we banged away on this issue. We verified AD and replication health, we tried numerous fixes and workarounds. I learned 3 different desriptions of how Group Policy works, and in the end we thought we had a workaround
using the "Always wait for the network at computer startup and logon" because of a single success late in the day. On day 3 we tried replicating this fix, and quickly realized that the same issue we were having preventing other GPOs to apply,
were also preventing our "fix" GPO from applying. So we went the route of using a registry entry. I also had a problem that even though it was making the process more consistant, it was still taking 3 reboots for a Computer Policy, assigned
to a computer object via Security Group, to fully take affect on a computer.
I used the registry methods in the above article. It didn't work, no sign it was having the same affect the GPO had had.
Our support engineer claimed this was the proper method, but that path wasn't even close in a Windows 7 SP1 registry, and after creating all the keys that were not present, it still didn't work.
Always wait for the network at computer startup and logon - AzureWeb
We ran out of time, our engineer returned home.
I can understand how these errors indicate a problem applying Group Policy at boot. But to me it doesn't explain why it doesn't correct post boot, and after a GPUDPATE /FORCE and a reboot.
It also doesn't explain why we were working fine for years, then all of a sudden DHCP is being outrun by background services. (By the way logging showed DHCP wasn't significantly delayed, out boot process was actually excellent, health wise.)
Why all of a sudden is this not behaving optimly? No changes to network design or function. No changes to the domain since 2008 R2 was installed in 2011.
Today I'm reading through all these KB's and articles again, and took some time to read:
[Forum FAQ] Common steps to start troubleshooting Group Policy
application and it's links below.
We ran though all of that before and during the 3-day onsite. It's not getting us any closer to the cause or a solution.
I found and begin some deep reading in this link today. It has some additional information I will try to use next week:
Group Policy Basics - Part 3: How Clients Process GPOs
The one unanswered question I have is this. How is group policy supposed to apply to a computer, when that policy is applied to a AD Security Group, in which the computer object is a member?
Before we began having this problem, we would assign a computer GPO, then ask the user to reboot. If it were a user GPO, we'd ask the user to log off, or reboot. Either way, if we allowed a few minutes for AD and FRS replication, the user would
log back in with that new policy in affect. A new imaged machine would boot with all the GPO's linked to that domain and assigned to "Authenticated Users", already in affect. Admin groups would be present in administrators, proxy settings
would be set in Internet Explorer, etc.
Now I'm aked to beleive this was never the case from Premeier Support and Microsoft Engineers. That those policies require the equilent of a "GPUPDATE /FORCE" that was executed by the Local_System account. That 3 reboots may
be nessessary for a group policy to be applied. One for the AD Security Group to be applied. One for the Computer Policy to be applied. And a final one for the policy in the GPO to be applied to Windows.
Can someone confirm or correct this information please? It's imperitive to my troubleshootng.
There's no place like 127.0.0.1That key is empty on all of my machines I have checked today. Working and problematic alike.
GPRESULT logs, when ran as me, historically would show the group polices applied, denied, and the AD group membership all by name. About 6 months ago I noticed this changed.
Now they show the applied GPO's by name, a few of the denied GPO's by name, most by SID, and only 2 to 3 AD groups, though PowerShell shows all the AD groups assigned. This happens after several AD security and distribution groups are added to the
machine (Radia software distribution uses Dist groups to assign software).
A check showed no groups with long legacy Kerberos keys.
When we make a change to AD Security Group membership, to assign or deny a Group Policy, is usually when we encounter this problem. It will usually fix itself in 24 hours of the machine being left up and running. But no amount of GPUPDATE /FORCE
and rebooting will cause the changes to take affect.
During this time, the Group Policies will show assigned to the computer in the GPRESULT log.
Yesterday I began looking into Spanning Tree configuration on our network being a possible cause for the boot up issues. I'm waiting on responses from our Network group to confirm our configuration.
There's no place like 127.0.0.1
Maybe you are looking for
-
JDBC connection pool failures when used by JMS stores
We are using WebLogic 6.1 sp2. We defined a separate connection pool for use by a JMS Store. <JDBCConnectionPool Name="sybaseJMSPool" Targets="cluster00" InitialCapacity="2" MaxCapacity="10"
-
WRT610N v20090121 Media Server Problem!
Since upgraded to the newfirmware, I was not able to view any video that was on the usb hardrive or flashdisk through my PS3 or PC via UPNP Media Server. I'm able to view or change the file through my network, but I want to be able to stream it to my
-
I recently got a new computer and installed itunes from which had been saved onto an external drive - all music shows up in the library, however when I click on a song I receive this message "the song "abc" could not be used because the original file
-
I have strange problem with my mp3 player. When I bought it, it was all ok, I uploaded songs etc. But now mp3 player is just recharging but computer don't recognize it, I can't upload new songs. I don't why :/ Any sugestions ?
-
Faster performance storing iPhoto library on boot SSD or secondary?
I'm running an early 2008 Mac Pro, 2.8GHz 8-core, with multiple hard drives (side note - this Mac Pro only supports up to SATA II). My iPhoto library has grown quite large (~350GB) and I am looking to upgrade the 1TB mechanical HD it is on to a simil