MBAM Policy Template on DC servers

Similar Messages

• Using Office 2013 group policy template to define Trusted Locations and Template Locations doesn't work

  User Configuration/Policies/Administrative Templates
  - Using Office 2013 group policy template to define Trusted Locations and Template Locations doesn't work
  Microsoft Word 2013/Word Options/Security/Trust Center/Trusted Locations
  - Allow Trusted Locations on the network: 
  Enabled 
  - Trusted Location #1: 
  Enabled 
  Path:  //server/sharedfoldername   [Edit:  Path:
  \\server\sharedfoldername]
  Date: June 10, 2013
  Description: Trusted Location
  Allow sub folders: Enabled
  The policy appears to apply to the client correctly by adding the following registry key and values:
  HKEY_CURRENT_USER\Software\Policies\Microsoft\office\15.0\word\security\trusted locations\location1
  allowsubfolders: 1
  date: June 10, 2013
  Description: Trusted Location
  Path:  //server/sharedfoldername  [Edit: Path: 
  \\server\sharedfoldername]
  However, when you open Word Options/Trust Centre/Trust Centre Settings…/Trusted Locations
  There are no trusted locations listed under ‘Policy Locations’
  I have tried setting similar settings for setting the Shared Templates folder location and just like the trusted locations policy, the registry keys are created properly in HKEY_CURRENT_USER\Software\Policies however word doesn’t
  seem to recognize these either.
  This used to work flawlessly using the administrative templates for Word 2007 and 2010. Has anyone been able to get these policies to apply successfully, or know why office doesn’t recognize these settings from the Policies registry
  Key?

  This would have been an easy solution to the issue.  Unfortunately it isn't the problem.  This question was originally posted on another Microsoft site and
  was transferred here and when it was transferred the path's changed from the original post: 
  \\server\sharedfodlername to //server/sharedfoldername.  (I will edit the question to show up as it did in the original post) Not sure how that happened.  This
  is still an issue that I haven't been able to get working correctly.
  As it turns out the 'New from Template' interface Word 2013 has developed is very bulky with large thumbnails and is not very customizable nor practical for an office
  that has a large number of templates.   Because I am unsatisfied with the display and performance of the 'New' template chooser I sought after a solution to change the way word creates a document from a template in another thread: 
  http://answers.microsoft.com/en-us/office/forum/office_2013_release-word/how-can-you-change-the-display-of-templates-in/d49194b9-a6b4-4768-8502-7d7b50e9dd65 working through this issue with Jay we were able to develop
  some VB script with handles a very large number of templates in a list view and it works much faster than the built-in Word interface.  The above thread is how I've worked around trying to define a shared template location and I am quite happy with it.

• MBAM - SCCM 2012 Reports - Error: the 'MBAM Policy' view does not exist

  Hi
  I have installed MBAM with SCCM 2012 integration. A single server install with SQL server 2012. Mostly it has gone smoothly and laptops are being encrypted and pins stored and recoverable. The problem I have is reports are not showing. I get the following
  error message.
  "Error: the 'MBAM Policy' view does not exist"
  Any ideas why this is? I get the same error message with all 4 reports.

  Hi Slycy,
  There is another thread that seems to be a similar issue
  here that may help you. The last post in particular has a number of steps that you can use to speed up creation of the views:
  Just for future reference, there are quite a few things that have to happen before the view is created. This is merely how CM works.
  Make MBAM MOF changes
  Select TPM spec version in hardware inventory
  Install MBAM CM Integration feature
  Perform a machine policy refresh cycle on a client to get the MOF changes that need to be inventoried
  Perform hardware inventory
  Update MBAM Supported Computers collection membership.  The machine should appear if it meets the criteria
  Run another machine policy refresh on the client so that the Configuration Baseline will come down
  Make sure that the MBAM agent has woken up once
  Evaluate the Configuration Baseline
  The MBAM views should be created now.
  You don't have to do this for every machine, but this is the process to speed it up.  If you let CM do it, it could take over a week before the view is created the first time, depending on when Hardware inventory runs, etc.
  Hope this helps,
  David

• Content Type policy template - labels

  Hello,
   I have create "Content Type policy template" .
   I enable "Labels" policy.
  When I press "Ok" , show the following error :
            "The label reference, ProjectName, could not be found"
     So What is wrong ?   
      Thanks
  ASk

  Hi,
  According to your post, my understanding is that you want to set the Information Management Policy labels.
  The “ProjectName” and “ProjectManager” are two fields of which are used as an example, if there are no such fields in your site, the error will occur.
  You can take other existing fields for a try.
  More information:
  http://office.microsoft.com/en-in/sharepoint-server-help/configure-features-of-an-information-management-policy-HA010132062.aspx
  http://social.technet.microsoft.com/Forums/en-US/67157526-f30f-4b44-97ed-131ba294ab60/how-to-attach-sharepoint-version-to-copied-document?forum=sharepointgenerallegacy
  Best Regards
  Dennis Guo
  TechNet Community Support

• Group policy template for Novell Client for Windows 7

  Does anyone know if there is a group policy template for the Novell Client for Windows 7? I find it really hard to believe that Novell has not yet released one, but I cannot find one anywhere. We use ZCM 11.2, and I really need to be able to send out settings for the client via a group policy.
  By the way, I am also posting this on the Novell Client forum, but since this is also a ZCM thing, I am hoping I might get some feedback here.
  Rick P

  Two recent/new resources are available for the Novell Client 2 SP3 for Windows:
  Cool Solutions AppNote: Novell Client 2 SP3 for Windows: Registry Settings
  Novell Client 2 SP3 for Windows: Registry Settings | Novell User Communities
  Cool Solutions Tool: Group Policy Administrative Template for Novell Client 2 SP3 for Windows
  Group Policy Administrative Template for Novell Client 2 SP3 for Windows | Novell User Communities

• Server 2012 Group Policy Templates installed on Server 2008 R2

  Setup: 2 x Domain Controllers running Server 2K8 R2 SP1
  We are currently running our environment with IE9 and want to upgrade to IE11. However 2K8 R2 group policy doesnt support IE11 unless you upgrade your DC's to this version of IE. We are not going to deploy IE11 all at once but instead as we reimage or replace
  PC's. 
  My question is can install http://www.microsoft.com/en-us/download/details.aspx?id=36991 Server 2012 templates on 2008 R2 and have the ability to apply GP objects to both versions of the browser? Will it's possibly make some of the current GP's ineffective
  by erasing some settings?
  Maybe there is a better was for me to do this? Any help on this would be appreciated! Thanks in advance. 
  I will monitor this thread very closely and reply to any questions as soon as I can. Thanks!
  BCU

  Yes this can be done and its advisable to install the latest and greatest admx templates, please be aware that from IE10 upwards IE maintenance is deprecated and applied via a GPP, id advise you create a central store for your Admx and adml files if not
  already done so
  http://support.microsoft.com/kb/929841
  http://support.microsoft.com/kb/929841

• Group Policy Templates - Namespace Already Defined

  Hi,
  I've got 2 Citrix environments (versions 6.5 and 7.6).  The older farm is currently using Citrix Profile Management GP template 4.1.1.  I would like to use the newer template 5.2.0 for the new farm but I'm getting the "Namespace 'Citrix' is
  already defined as the target namespace for another file in the store" error.
  We're using a central store for GP.  I would like to keep the status quo on the 6.5 farm but use the newer template for the 7.6 farm.  Is it possible to use 2 different versions of a template that has the same namespace?
  There's the option to upgrade the older farm to use the newer template but would like to avoid that as it'll be decommissioned once the 7.6 farm is online.
  Thanks.

  > possible to use 2 different versions of a template that has the same
  > namespace?
  No. If you require this, you cannot use a central store, but use 2
  different workstations holding the appropriate ADMX files. Starting with
  8.1 you can disable the central store for individual computers:
  https://sdmsoftware.com/group-policy-blog/tips-tricks/override-the-group-policy-admx-central-store/
  Greetings/Grüße,
  Martin
  Mal ein
  gutes Buch über GPOs lesen?
  Good or bad GPOs? - my blog…
  And if IT bothers me -
  coke bottle design refreshment (-:

• Policy replication to satelite servers

  If a policy currently replicated to all satellite servers and a change is made to that policy but NOT incremented, will the "changed" policy be updated in the satellite's content repo?
  We need to make a change to our current DLU policy but do not want to increment it thus preventing it from updating on all current managed devices. We want the 'changed' policy to only apply to devices registered after the policy was updated.

  dtemple-sgi,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• SFEP policy templates

  I need a Antimalware Policies template for Exchange 2013, help?

  There's a default template for Exchange. Right click Antimalware Policy and select "Import".
  Select FEP_Default_Exchange_FPE.xml
  Benoit Lecours | Blog: System Center Dudes

• Stuck at Applying Group Policy Printers Policy on Windows 2008 Servers

  xp clients seem to be fine and map all printers at logon. The 2k8 servers all hang at logon for 30min or more at the Applying Group Policy Printers Policy. The print server is a DC in the same domain and it does not experience the issues at logon and gets to the desktop immediately.

  a DHCP workstation
  Microsoft Windows XP [Version 5.1.2600]
  (C) Copyright 1985-2001 Microsoft Corp.
  U:\>ipconfig /all
  Windows IP Configuration
          Host Name . . . . . . . . . . . . : CP0030621
          Primary Dns Suffix  . . . . . . . : us.tms.local
          Node Type . . . . . . . . . . . . : Unknown
          IP Routing Enabled. . . . . . . . : No
          WINS Proxy Enabled. . . . . . . . : No
          DNS Suffix Search List. . . . . . : us.tms.local
                                              us.tms.local
                                              tms.local
  Ethernet adapter Local Area Connection:
          Connection-specific DNS Suffix  . : us.tms.local
          Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
          Physical Address. . . . . . . . . : 00-19-BB-5F-EE-75
          Dhcp Enabled. . . . . . . . . . . : Yes
          Autoconfiguration Enabled . . . . : Yes
          IP Address. . . . . . . . . . . . : 10.1.10.165
          Subnet Mask . . . . . . . . . . . : 255.255.254.0
          Default Gateway . . . . . . . . . : 10.1.10.1
          DHCP Server . . . . . . . . . . . : 10.1.10.27
          DNS Servers . . . . . . . . . . . : 10.1.10.27
                                              10.1.10.28
          Lease Obtained. . . . . . . . . . : Monday, August 24, 2009 8:24:12 AM
          Lease Expires . . . . . . . . . . : Saturday, August 29, 2009 8:24:12 A
  Ethernet adapter Bluetooth Network Connection:
          Media State . . . . . . . . . . . : Media disconnected
          Description . . . . . . . . . . . : Bluetooth Device (Personal Area Net
  ork)
          Physical Address. . . . . . . . . : 00-0D-3A-A6-BA-28
  win2k3 web server which logs in successfully
  Microsoft Windows [Version 5.2.3790]
  (C) Copyright 1985-2003 Microsoft Corp.
  U:\>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : wlfdweb01
     Primary Dns Suffix  . . . . . . . : us.tms.local
     Node Type . . . . . . . . . . . . : Unknown
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : us.tms.local
                                         tms.local
  Ethernet adapter Local Area Connection 2:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter #2
     Physical Address. . . . . . . . . : 00-14-C2-C3-DA-3A
     DHCP Enabled. . . . . . . . . . . : No
     IP Address. . . . . . . . . . . . : 10.1.10.29
     Subnet Mask . . . . . . . . . . . : 255.255.254.0
     IP Address. . . . . . . . . . . . : 10.1.10.30
     Subnet Mask . . . . . . . . . . . : 255.255.254.0
     Default Gateway . . . . . . . . . : 10.1.10.1
     DNS Servers . . . . . . . . . . . : 10.1.10.27
                                         10.1.10.28
  Print Server that logs in fine (also a DC and DNS Server)
  Microsoft Windows [Version 6.0.6002]
  Copyright (c) 2006 Microsoft Corporation.  All rights reserved.
  U:\>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : wlfddc02
     Primary Dns Suffix  . . . . . . . : us.tms.local
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : us.tms.local
                                         tms.local
  Ethernet adapter Local Area Connection 4:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Ad
  apter #2
     Physical Address. . . . . . . . . : 00-1C-C4-EF-B7-A4
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.1.10.28(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.254.0
     Default Gateway . . . . . . . . . : 10.1.10.1
     DNS Servers . . . . . . . . . . . : 10.1.10.28
                                         10.1.10.27
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter Local Area Connection* 9:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.{9FB5C233-FB93-471F-873E-6DFDFCFED
  2AE}
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  server that hangs at applying group policy printers (the other dc and dns server for the domain)
  Microsoft Windows [Version 6.0.6002]
  Copyright (c) 2006 Microsoft Corporation.  All rights reserved.
  U:\>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : wlfddc01
     Primary Dns Suffix  . . . . . . . : us.tms.local
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : us.tms.local
                                         tms.local
  Ethernet adapter Local Area Connection:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
     Physical Address. . . . . . . . . : 00-0F-1F-68-D6-42
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.1.10.27(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.254.0
     Default Gateway . . . . . . . . . : 10.1.10.1
     DNS Servers . . . . . . . . . . . : 127.0.0.1
                                         10.1.10.25
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter Local Area Connection* 8:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.{C0EEED04-498A-42FC-9C42-86A37BD4D
  8D5}
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes

• Implementing change to Task Templates for known servers

  We found that some of our Task Templates are pointing to old server names no longer available and have updated the Task Templates, but when the task executes, the task instance still shows the old server names. We have restarted the application server instance also with same results. Is there something else that needs to occur for the xchanges to actually tak eplace in IDM> Thanks.

  Sorry, possibly I am making incorrect assumptions. I am assuming that "knownServers" is the list of preferred servers to run the task in, and that the task defaults to the main server if those are not found but maybe I am wrong. We are trying to have a specific report run under a specific container.
  Say we have 5 containers defined as servers. When the Task Templates were originally created, the "knownServers" element listed, for example, "Andy", "Barney", Charlie", "David", and "Evan".
  Since then, the names have changed to, for example "Paula", "Rose", "Sally, "Teresa", and "Wanda". We never changed the Task Templates, so at this point the Task Templates STILL show the names "Andy" -" Evan" under "known Servers".
  So, we changed the Task Template "known Servers" to ,for example, only "Paula". But, when the Task Begins (in this case a report), and you view the Task Instance, it still shows known servers of "Andy" -" Evan".
  My questions are:
  1. Is my assumption about "knownServers" incorrect?
  2. Is there something else required to have the Task Instances pick up the new "knownServers" attribute?
  3. Can anything else that can be done to have Task Instance runs specifically in a named server (container)?
  Thanks for any help.

• MBAM: Policy is not Enforced

  My company recently rolled out MBAM 2.0 SP1 in SCCM. Although the report shows nearly all of them as COMPLIANT, there are a handful that says POLICY IS NOT ENFORCED.  Does anyone have further info as to what this means and how to correct it? 
  I did not find alot on the Internet about it.  Any info is appreciated.  Thanks.

  My guess is that the handful of computer have problems updating group policy. Look at the registry. Are the defined BitLocker settings configured. Try manually updating Group Policy.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Error: the 'MBAM Policy' view does not exist.

  MBAM 2.0 SP1 with SCCM 2012 integration:
  I am receiving this error when the reports are run from the reporting services point and from inside of the SCCM console. The view that the reports are testing for does exist in the SCCM database. I do not understand why the reports are giving this error.
  Each of these MBAM reports have a test for the view V_GS_MABM_POLICY :
      DECLARE @query nvarchar(70)
            SET @query = N'SELECT COUNT(EncodedComputerName0) AS Status FROM V_GS_MBAM_POLICY'
      BEGIN TRY
        EXEC(@query)
      END TRY
      BEGIN CATCH
        SELECT 0 AS Status
      END CATCH
  If the Try fails then you receive the above error message in Red Font.
  This view - V_GS_MBAM_POLICY does exist so I am not sure why this is occurring. I have completely redone the MBAM setup on the SCCM 2012 server after removing all the MBAM collection and reports, etc. following the instructions from this article -
  http://support.microsoft.com/kb/2831166 I also removed the classes. I ran the setup again - just the SCCM integration feature and it gives me the same results. Some have suggested that the inventory has
  to be collected by the clients first before these reports work and that doesn't appear to be the case. This red font error message is only shown if the view is not reachable. Anyone have any ideas?

  I was mistaken, the view is queried for a count and if 0, it displays that error message. So it may be correct that this is normal until the first clients return data that populates the MBAM/Bitlocker tables.

• EMET v5.1 ADMX Group Policy Template Issue - Default protection settings can't be disabled

  I am configuring EMET v5.1 (from 11/18/14) settings via GPO using the custom EMET admx template provided by Microsoft. I am able to enable all the EMET settings via GPMC and disable most of them, but I am not able to disable these 3 EMET setting via
  GPMC in a GPO:
  Default Protections for Internet Explorer
  Default Protections for Popular Software
  Default Protections for Recommended Software
  When configuring any of these 3 EMET GPO settings to disabled and pressing apply or OK, GPMC keeps it at Not Configured, it does not change to disabled as it normally would. I have never before seen this in GPMC, where you try to disable a setting and it
  doesn't change to disabled.
  Unless this is somehow intended by Microsoft for these 3 EMET GPO settings, I think that this is a glitch/bug in the EMET GPO Template or the way that it works in GPMC.
  Looking for some Guidance from a MS Rep to replicate this issue or anyone else who can confirm if they also see this issue. I have tested on multiple Windows 8.1 Enterprise x64 Update 2 Workstations, with GPMC loaded and the latest EMET ADMX file loaded
  from the EMET client on 11/18/14. I have tested this in 2 separate domains, Note that we do not have Central ADMX Stores in either domain.

  I had a similar requirement as yours and found that we were able to get around in a simpler method then what was listed here.  What we did was set GPO Preferences Registry changes which would then override the previously set EMET ADMX settings set from
  another global GPO.
  To be specific we had some thirds applications which were add-ons to Microsoft Excel, and the EMET was preventing the application from talking to Excel.  So for the users that use this application we have a GPO which Does the following in the Preferences
  section:
  Action: Replace
  HIVE: HKEY_LOCAL_MACHINE
  Key path: SOFTWARE\Policies\Microsoft\EMET\Defaults
  Value name: Excel
  Value type: REG_SZ
  Value data: *\OFFICE1*\EXCEL.EXE -Caller -MandatoryASLR

• MBAM Group Policy Problems

  I am trying to install and configure MBAM 2.0. I have installed all of the components on two separate servers. Server 1 has sccm 2012
  integration and gpo policy templates. Server two has the rest. When I load Group Policy Management the templates do not appear. I have manually extracted and copied the templates in the local policy definitions and still nothing. Any ideas?

  By default the Group Policy Management console will look for templates at a central SYSVOL location (a so called central store). Likely you have a PolicyDefinitions folder in
  \\domain.com\sysvol\domain.com\Policies and then you need to add the MBAM ADMX and ADML files to that location to be able to see those settings when managing group policies. The reason for this is
  that the central store has precedence over local group policy templates.
  Blogging about Windows for IT pros at
  www.theexperienceblog.com