List all GPOs applied to every user in the AD

Similar Messages

• Folder Redirection policy is not applied to a user, when the server target is changed, but works after resetting the windows profile.

  Folder Redirection policy is not applied to a user, when the server target is changed. 
  After server target is changed via group policy, when user login  (roaming profile)first time, the the new server target has not been applied, instead it's pointing to the old folder redirection path.
  But if we reset the windows profile (roaming ), the new folder redirection works, can you please specify a solutions that the new folder redirection works when the user login for the first time. so it reduce the time on resetting users profile.
  it seems that we need to delete the old folder redirection path from the user profile (roaming user profile) via group policy or similar solutions..
  Many Thanks

  >   But when the specific users login they all get the same error, it
  Is the old server removed from the domain? Seems so - or some other
  authentication related issue, hard to tell from here...
  > seems that the roaming user profiles still keeps the old server details,
  Yes - if you change redirection targets, FR moves content from old to
  new, and only if this ends sucessfully, it will update the redirection
  target.
  Make the old redirection target accessible to the user and you'll be fine.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Command to list all email aliases /groups and members on the mail server.

  Hi,
  We are using SJS MEssaging server 6.2 .
  Which is the command to use to list all email aliases/groups and members on the mail server.
  Thanks,

  sureshsamuel wrote:
  We are using SJS MEssaging server 6.2 .
  Which is the command to use to list all email aliases/groups and members on the mail server.Email aliases/groups can exist in text files in the configuration directory of Messaging Server or be defined in the LDAP Directory Server. You can use the "commadmin group search" command to list the ldap groups (if you have Delegated Administration installed/configured), otherwise you can use a directory ldapsearch to find the groups.
  Regards,
  Shane.

• List all app-v applications in use on the users PC

  Hi All ,
  In need of a solution to list all the app-v application name that are currently "In Use" on the users PC.
      Tried with SFTTRAY.exe /EXIT - This command provides only the number of app-v applications in use but not the application name .
   Also tried with MS tool listAppVirt.exe from this link
  http://www.microsoft.com/en-us/download/details.aspx?id=8901. We could only list the running process & PID for the application. But could not find the application name .
  Please let me know if any one have idea on this.
  Thanks In Advance.
  Anand.

  Hello,
  See this script;
  http://www.verboon.info/2013/12/powershell-retrieve-app-v-4-6-package-information/
  Nicke Källén | The Knack| Twitter:
  @Znackattack

• Setting up MPD for every user on the machine

  I'm having a few problems setting up MPD. What I want to do is configure MPD such that it starts automatically at login using the current user config file (so that it uses the correct db) and stops playing and exit (to free port 6600) on logout. This way when a different user logs in MPD will use the correct database and playlists dir.
  So far I've created all the needed files (.mpd/{.conf,.pid,etc}) in the home dirs of every user and followed this (MPD/Autostart with systemd/Current Setup) then I followed these steps for user1 (created the needed files in user1's home) Using systemd to manage your session (Should I repeat them for user2?). I'm using this service for mpd:
  [Unit]
  Description=Music Player Daemon
  [Service]
  ExecStart=/usr/bin/mpd %h/.config/mpd/mpd.conf --no-daemon
  ExecStop= /usr/bin/mpd %h/.config/mpd/mpd.conf --kill  #I expected this to stop mpd on logout
  [Install]
  WantedBy=default.target
  The problem is that when I log out the music keeps playing which means mpd is still running. If I log in as user2 I can see users1 database (using ncmpc) but I can't control the playback e.g:If I want to skip the current track it stops playing.
  Any ideas?

  rodrigomb81 wrote:ExecStop= /usr/bin/mpd %h/.config/mpd/mpd.conf --kill  #I expected this to stop mpd on logout
  That will stop mpd when the service is stopped, which will happen when the user instance of systemd exits. So logout should do `systemctl --user exit`. (This might be mentioned on the wiki, but that systemd/user page is a big mess.)

• Start Screen Layout not applying to every user

  Ok, i'm stuck.  I have a 2012r2  DC with a 2012r2 terminal server.  I exported the xml file to be the start screen layout and have it applied to a specific user OU with my two users in it.  One gets the layout the other does not (metro
  layout btw)  Same users, same permissions, in the same OU.  Tried to gpupdate with no luck, the only difference I can tell is one users existed and the other I created brand new to test with.
  User config - policies - admin templates - start menus & taskbar - start screen layout
  this OU is blocked from inheritence for testing purposes.  I have also deleted all references to the non-woking user locally on the server and tried to re-login.  No dice.
  Idea's on what I am missing?

  Hi wlords,
  Thanks for your sharing!
  In addition, I would like to share with you a useful post which can help us to troubleshoot group policy application issues:
  Common steps to start troubleshooting Group Policy application issues                                  
  http://social.technet.microsoft.com/Forums/en-US/382c97e8-93c8-4022-b8fe-22401037d14c/forum-faq-common-steps-to-start-troubleshooting-group-policy-application-issues?forum=winserverGP
  Regards,
  Lany Zhang

• Change config on one switch and have it apply to every switch on the network

  Hi Everyone,
  I was wondering:
  Say you wanted to add a user to your config, but you have 30 switches in your lab and only want to configure one, but have the config propogate to all the switches.
  Is this possible, and if so, what is the CLI for it?
  Thanks
  Larry

  Hi Larry,
  I'm not an expert in this area but here's what I have:
  Switch Stacks
  One option (if lab area allows) is physically "stacking" your switches (requires a special cable).
  The limitations are:
  You can only have so many in a stack (12 max I believe)
  They will need to be stacked (and therefore, that restricts your distance to devices)
  If this option works for you, updating one switch updates them all because they act as one logical device.
  More on that here
  SmartInstall
  However, what I believe you might be looking for is SmartInstall.
  This is used for zero-touch switch deployment.
  While there are other (non-Cisco solutions), this is the one I've heard of before.
  Hope that helps,
  Dan

• List all files in a directory, not including the sub directories if any

  Hi,
  I have been looking around php.net for a bit and can not work
  out how i list the files that are in a directory i.e.
  www.site.com/directory/
  I would like the names of each file to be placed in an array,
  but not to have the sub directories in this list should there be
  any.
  I was given some code a while ago that done this but it
  listed the sub directories and i would like them not in this list.
  I do not have this code anymore and do not know where i got
  it, so i can not get it amended to what i need.
  please can someone tell me what line of code i should be
  using.
  thank you in advance for your help.

  (_seb_) wrote:
  > not very clever wrote:
  >> Hi,
  >>
  >> I have been looking around php.net for a bit and can
  not work out how
  >> i list the files that are in a directory i.e.
  >>
  >> www.site.com/directory/
  >>
  >> I would like the names of each file to be placed in
  an array, but not
  >> to have the sub directories in this list should
  there be any.
  >>
  >> I was given some code a while ago that done this but
  it listed the
  >> sub directories and i would like them not in this
  list.
  >>
  >> I do not have this code anymore and do not know
  where i got it, so i
  >> can not get it amended to what i need.
  >>
  >> please can someone tell me what line of code i
  should be using.
  >>
  >> thank you in advance for your help.
  >>
  >>
  >>
  >
  > The follwoing PHP code will do just that. Just replace
  "pathToFolder"
  > with the path to your folder.
  > I made the list of files also link to each file. Just
  remove the link
  > echo if you don't them to be links.
  >
  > <?php
  > // FUNCTION TO LIST FILES:
  > function listFiles($path){
  > if($handle = opendir($path)){
  > while(false !== ($file = readdir($handle))){
  > if (is_file($path.'/'.$file) &&
  !preg_match('/^\./',$file)){
  > $files_array[]=$file;
  > }
  > }
  > }
  > return($files_array);
  > }
  > $path = 'pathToFolder';
  >
  > // CALL THE FUNCTION:
  > $files_array = listFiles($path);
  > foreach($files_array as $file){
  > echo '<p><a
  href="'.$path.'/'.$file.'">'.$file,'</a></p>';
  > }
  >
  > ?>
  >
  I spotted one error:
  foreach($files_array as $file){
  echo '<p><a
  href="'.$path.'/'.$file.'">'.$file,'</a></p>';
  should be:
  foreach($files_array as $file){
  echo '<p><a
  href="'.$path.'/'.$file.'">'.$file.'</a></p>';
  (a dot after $file, not a coma)
  seb ( [email protected])
  http://webtrans1.com | high-end web
  design
  Downloads: Slide Show, Directory Browser, Mailing List

• Setting a GPO for one computer regardless of the user permissons

  I have one computer that needs to be on a different GPO due to it being used for the boardroom meetings and the board of the directors do not like the 15 minute inactivity time that I have set on the Default Domain Policy. They want the computer to never
  lock due to inactivity and then have to sign back in again. But I am having major difficulties with the boardroom computer accepting this and picking the correct policy as the Winning GPO.  
  When I run the gpresults command, under Computer Configuration Summary - it shows that this GPO Was Applied. Under User Configuration Summary - it shows that this GPO was Denied (Security Filtering)....When I scroll down the page, it lists Computer Configuration
  and it has the Default Domain Policy as the Winning GPO on everything except Account Policies/Account Lockout Policy.  
  On the Group Policy Management on the domain controller - In the Scope section and underneath Security Filtering, I have the Boardroom Computer added here. On the Delegation section and underneath Advanced, I have the Read, Write, and Allow Group Policy
  allowed for the Computer Name permission.
  On the Precedence, I have the boardroom GPO as number one and the Default Domain Policy as number two. They are both Link Enabled and I have the boardroom as Enforced and the Default Domain Policy as not enforced.  
  Another issue that I don't know is interfering with this or not is that my primary domain controller is Server 2012 and I can't edit the Group Policys on it because not all of the options are there, so I have been working all of this on my secondary domain
  controller which is Server 2008.
  What do I need to do or check to make this works the way that it needs to? Thank you.

  Hi,
  Okay so the policy setting you have set is a user based policy not a computer based policy, so by targeting the computer it won't work.
  What I have done in the past to target just one computer is this.
  Create a new group policy.
  Set in the group policy the desired inactivity times in the screen saver - for never I think you can just set it to disabled.
  In the computer configuration > admin templates > system > group policy - enable the loopback processing and set it to merge.
  link the policy to your computers OU / the domain level.
  Change the permissions of the GPO and remove authenticated users from the policy permissions.
  Create a security group in AD (maybe call it no screensaver) and then add your computer to the group. You also need to add in domain users into the group, so this will mean that any user logging into the computer will not get the screen saver policy applied.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  Blog: http://www.windows-support.co.uk 
  Twitter:   LinkedIn:

• SAP R/3 : Indirect Role assignments - Is position unique to every user?

  Hi.
  While am exploring /learning SAP R/3 roles and auth, I would appreciate if I could get clarity on the following :
  This  link on SDN on Indirect role assignments are very informative.
  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/f03e6f6c-8c16-2a10-1581-ed8812e2effe
  This link is also more explanatory : http://my.affinitext.com/public/book/5442/-1/1423831
  So if my understanding is correct, it is better to assign roles - indirectly by position, so that if an employee's position changes, his role can be removed, based on position again ??? And somewhere we are linking with infotype 105.
  My only doubt is : if we are going to assign roles by position and remove the roles by position, so that as the position of an employee changes, the previous roles become null and void and new roles can be assigned as per new position.
  So would like to know :
  as to whether this position number which we see from PA20, is unique to every user on the system ?
  So that, if there is a need to remove a role based on postion, we could remove the role from PO13;
  BY doing that, then will it not affect other users ?
  Can somebody help me understand this.
  Because if i want to see the effect immediately, if i go to PFUD and put the role name and say execute, i see that the role which was removed from PO13 is gone immediately from the user.
  Many thanks
  Indu
  Edited by: Indumathy Narayanan on Nov 22, 2011 9:25 AM

  GOT IT THANKS.
  Hi Prashant.
  Good morning and wishes.
  Can you please help me understand this.
  I understand from HR person that position is uniquely defined (from hire to retire)
  and roles are generally given based on position.
  However, I see a person : whose roles have been assigned as per position all these years.
  He had 2 roles in project A. He now moved into a different project B.
  But. when i check, i still see the roles - reflecting on SU01  & well as in the tab of user of the role X under pfcg.
  BUT when i check PO13 - and put the position / relationship and say overview.
  I dont see the roles at all there.
  Why this is so.  Why the discrepancy on different screens.
  Also How can I get a confirmation that - these roles are actually removed and is not there for the user.
  Rather.
  How could the removal of roles based on position become completely effective on the system.
  So that all screens display the same information.
  Also would like to know - whether it is ok to remove the role expiry date directly from PFCG/ROLE Display/user tab/select user/
  and then make the role invalid or expired / or extend the expiry.
  Many thanks.
  Indu
  Edited by: Indumathy Narayanan on Dec 7, 2011 12:09 PM
  Edited by: Indumathy Narayanan on Dec 7, 2011 1:42 PM
  Edited by: Indumathy Narayanan on Dec 7, 2011 5:17 PM

• Database query in MaxL DBS-Name list all file information failed

  When I tried list all file information command in MaxL it gave me an error saying the user doesn't exist. When I check the user through display user; command in MaxL I get the information as listed below.
  Is there something wrong with the way the user was created ?
  How can I (Admin) get the index and data file information?
  MAXL> query database Application.Database list all file information;
     ERROR - 1051012 - User ADMIN@Native Directory does not exist.
  MAXL> display user;
  user                description         logged in           password_reset_days enabled             change_password     type                protocol
     conn param          application_access_
  +-------------------+-------------------+-------------------+-------------------+-------------------+-------------------+-------------------+-----------------
  --+-------------------+-------------------
  ADMIN@Nati                                    TRUE                   0                TRUE               FALSE                   3 CSS
     native://DN=cn=911,                   1

  Has anyone resolved the problems with using TNSFormat?
  As is, I want to move to a shared server setup and to do that I want to use TNSFormat and point to a tns entry which is setup for IPC+Shared connection.
  But the Oracle Home that has the Oracle HTTP Server (from the companion CD) does not have SQL*net installed and does not seem to understand TNS.
  I have TNS_ADMIN setup, I have ORACLE_HOME_LISTENER poiting to the DB Home.
  for the OHS home, using "sqlplus login/pw@ipcshared" works, but "tnsping ipcshared" does not, since tnsping does not exist in the OHS home.
  I cannot install SQL*Net from the CD1, since it requires a dedicated/new home and does not want to install in the OHS Home.
  The only format that works in a dedicated OHS Home setup is ServiceNameFormat.
  Any help or input would be very helpful.
  Regards
  ps. This is a redhat linux setup.
  Message was edited by:
  Oli_t

• Report to list all computers and their collection membership

  Hi
  I am currently working on a site where direct membership is used for collections but a need has arisen to move to AD Queries.
  I have created a simple powershell script that creates groups based on the contents of a csv file and another script which populates this with the members listed in another csv file.
  To help speed up the process is there a way to generate a report that lists ALL Computers and their Collection membership?
  The only reports I seem to find that are built in require an inputted value of either computer name of collection ID. I simply need a report that lists Computer Name is column 1 and Collection Name in column 2 for all computers and all collections.
  Many Thanks,
  Matt Thorley

  select 
  FCM.Name,
  C.Name
  from 
  dbo.v_Collection C
  join dbo.v_FullCollectionMembership FCM on C.CollectionID = FCM.CollectionID
  Thanks to Garth for original query. I just modified it :)
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

• Urgent: How to list all alias for a server throw DNS query?

  Hi
  Is there anyone know how to list all alias for a server by asking the network DNS. Is that possible?
  It doesn't work with InetAddress it return a single result.
  Best regard

  InetAddress will not get you the aliases, but you can certainly find all the different IP addresses for a specific host name using the getAllByName() method.
  You won't be able to get the aliases since those IP addresses (assuming there are more than 1) will all be cached as mapping to the name you passed to the getAllByName() method and you can't clear the map cache until the JVM exits.
  So your best hope is to get a list of IP's and either exit your app and restart with a new mode, or save them to a file for another app to read.

• List all Virtual Machines with Associated Tags

  I have custom attributes for application engineer, OS engineer, application name, etc. In the vSphere Client I can list all VMs and their custom attributes.  I can then sort the list by custom attribute.  Doing this allows me to find virtual machines with empty custom attributes.
  I have converted my custom attributes to tags.  I cannot find a way to list all virtual machines with associated tags in the vSphere Web Client.  Is there a way to do this using PowerCLI? I'd like to be able to produce a CSV file that contains all virtual machines and their associated tags.

  If you have tag assignments for the category of "OS engineer".  You can write this:
  Get-TagAssignment -Category "OS engineer"
  That will list the tags in the category and the associated VMs.

• GPO not applying to all users in the same security groups

  If Elaine logs in on Angie's PC does it work?

  Using Windows Server 2008 R1. I have a single domain with two DCs (both Server 2008 R1). Both DCs seem to be communicating without issues, as changes on one DC are replicating normally to the other for all services.I have a group policy set up to set drive mapping for my users. However when I run the GP modeling wizard only a few of the users receive the proper mappings. In this specific instance I have two users, Elaine and Angie. 1. Both are members of the Domain Users security group and another security group I created called Staff2. Neither user is a member of any other security groups.3. My group policy Security Filtering setting is set to apply the policy ONLY to the Staff security group4. When running the GP Results Wizard, Elaine's computer successfully processes the policy, but Angie's does not, and returns "Access Denied...
  This topic first appeared in the Spiceworks Community