Need a Way to Create a Local Group Push via GPO on Windows Server 2003 DC

Similar Messages

• Windows 8 and IE10 and 11 not accepting Proxy Settings via Group Policy from windows server 2003

  Hi
  We are still running Windows Server 2003 with a Win7 and Win8 desktop environment. I can control Win7 IE9 settings,
  But Win8 systems are running IE10. We have an internal proxy server.
  Is there any way to force the proxy settings to the Win8/IE10 or 11 systems .
  i have tried with The IE 10 .adm template and applied gpo,but does not have any proxy settings for ie10 and no changes were applies
  please can anyone help me regarding this
  i want to apply GPO from windows server 2003  to windows 8 ie10/11
  Thanks
  KNC

  Hi,   
  I agree with Zanderol24, we can install RSAT on a windows8 client, and then we can use Group Policy Management to manage group policy from the client.
  For more information about RSAT, we can refer to the following link:
  Remote Server Administration Tools (RSAT) for Windows Client and Windows Server (dsforum2wiki)
  http://social.technet.microsoft.com/wiki/contents/articles/2202.remote-server-administration-tools-rsat-for-windows-client-and-windows-server-dsforum2wiki.aspx
  For more detailed information about how to use GPP to configure the proxy setting for ie10 and ie11, we can refer to the following link:
  How to configure Group Policy Preference settings for Internet Explorer 11 in Windows 8.1 or Windows Server 2012 R2
  http://support.microsoft.com/kb/2898604
  When we use GPPs you need to be aware of the F5-F8 keys:
  Red / Green: GP Preferences doesn’t work even though the policy applied and after gpupdate \force
  http://blogs.technet.com/b/grouppolicy/archive/2008/10/13/red-green-gp-preferences-doesn-t-work-even-though-the-policy-applied-and-after-gpupdate-force.aspx
  Besides, aside from using group policy to manage IE, IEAK can also be used to do this.
  For IEAK, the following article can be referred to for more information.
  Internet Explorer Administration Kit (IEAK) Information and Downloads
  http://technet.microsoft.com/en-in/ie/bb219517.aspx
  Best Regards,
  Erin

• Is there a way to create a local package repository

  Is there a way to create a local package repository without technically being a mirror.  For example, setting up multiple AL box's on my network and having them grab all the latest packages from one AL box?
  Thanks,
  Craig

  What you most likely want is an ABS tree of your own, containing only the PKGBUILDs of those packages which you want to be included in your repository.
  You should already have heard of the gensync program. In short, the parameters are the root of PKGBUILDs, sorted in subdirectories (ie. like the ABS tree), the intented name and location of the repository database file, and the directory containing the binary packages.
  Let's assume you downloaded the current ABS tree to your hard drive, as well as all matching (same version as in the PKGBUILDs!) packages from a mirror, but you don't want the reiserfsprogs package in your repository. To achieve that, you must remove the /var/abs/base/reiserfsprogs directory, and may optionally remove the binary package, too. Since gensync analyzes the ABS tree you supplied as a parameter, removing the subdirectory of a specific package will cause this very package to not be included in the generated database. Assuming your packages lie in /home/arch/i686/current, your gensync call would look like this:
  gensync /var/abs /home/arch/i686/current/current.db.tar.gz /home/arch/i686/current
  If there are any discrepancies like
    - PKGBUILD, but no matching binary package found
    - PKGBUILD and binary package versions do not match
    - permission problems (writing the db file must be possible)
  gensync will gladly complain.
  Otherwise you should find the db file in the place you specified. Keep in mind that the name of the db.tar.gz file must be equal to the repository tag in the pacman.conf to use the repo.
  To make sure the db contains the right packages; use
  tar -tzf current.db.tar.gz | less
  to list the contents. Every package has it's own subdirectory including the metadata, which is rather obvious considering the file's generated from such a structure in the first place.
  The binary packages along with a correctly generated db file are all you need. Make the repository directory containing these files available through FTP if local availability doesn't cut it for you, edit your pacman.conf if needed, and use it!
  Adding packages works similar; All you need to have is the PKGBUILD in an ABS-like tree (it doesn't have to be the official tree; gensync doesn't care where the files come from. Just stick to one subdirectory per PKGBUILD, and you'll be fine), and the matching packages somewhere else, run gensync with the appropriate directories, and cackle with glee.
  HTH.

• Integration - Windows Server 2003/2008R2: Creating a login script that attaches programs to a certain user group. Upgrading to Windows 7/8

  We are currently running a windows server 2003 environment with a 2003 server being the DC. We have a couple of 2008 r2 servers that are member servers.
  OK...
  Our users are primarily operating off of windows xp clients/workstations in which they use RDP to connect to the newer member servers that are windows 2008. With their base profile in xp I am using roaming profiles via server 2003. I am looking to begin
  upgrading all of the workstations to all-in-one windows7/8 boxes partially because of cosmetic reasons(#weird) and partially because we will eventually begin using the camera options that are in the all-in-one's.
  Also..I must do this one at a time as we don't have the money to do a complete overhaul of all client workstations..If that was the case, I could just redo the network and make those members servers the DC and backup DC as well as add a virtual server
  in which everyone can access those legacy programs that are still needed...
  As you guys know windows 7/8 boxes will not work with server 2003 and roaming profiles. The reason we don't completely upgrade to 2008 r2 environment is because we are still holding on to a legacy program that requires server 2003 and these programs are
  vital to our operation.
  So..broken down even further...
  A: User is part of a 'LocalAdmins' group that makes them automatically a local admin upon any system within our domain.
  B: User  logs in to windows xp with credentials in which a tailored made per user roaming profile comes up from server 2003
  C: User then logs into one of the two terminal servers via RDP with same credentials and accesses new primary application. To access the legacy applications, they merely minimize their RDP session to get back to the windows xp session.
  Ultimately..
  1. I'd like to begin replacing option B: with windows 7/8 all-in-ones and and have the RDP saved sessions,that talk to the 2008 member servers, as well as, a few vital ie shortcuts automatically come to all users that are apart of that "LocalAdmins
  group period.
  2. Setup 1 server 2003 box that runs that legacy program and allow everyone access via a Virtual Environment..
  3. If they log into a windows xp box, or a windows 7/8 box, I want them to have access to the same icons.
  I guess this is a lot to digest, but my question is, what script could I make that would essentially allow uniformity for both my xp workstations and newly added windows 7/8 boxes? What script could I create that would,I guess reside on server 2003, that
  brings all the neccessary icons to the users that are apart of that "LocalAdmins" group despite having a windows xp, 7, or 8 workstation?

  " I don't see what the issue is because a logon script will still be managed by Group Policy and will have to be applied using GP rules.  In the end you still have to write the script."
  You basically contradicted the smug part of your rant and multiple answers with this statement!!! You just recognized that some sort of script would be necessary if I chose to use it via group policy. 
  But according to you..
  "It is not and has never been done via a script."
  Clearly it has a section per user for a "profile path" and a "logon SCRIPT". Which warrants my creation of this post since I have currentely implemented
  roaming profiles. That is how I am manipulating what users can have on their desktop because of course, we have different users that have different needs. But out of all the users, there are programs that need to be laced and seen upon immediate login.I
  will consult other people as this is only preliminary planning but about half of your statements are completely unwarranted and UNNECESSARY!
  This statement also proves your additional inaccuracies...
  "All of the profile things are handled by Windows and have nothing to do with scripts.  You define all of that in Group Policy."
  That's just silly talk. I told you in my initial break down of my scenario in an entirety that I am using "tailored made per user roaming profiles" to control desktop environments not group policies in this case. But you just made an absolute statement in
  saying "You define all of that in Group policy" which is completely wrong...
  Do me a favor, please don't respond to this post anymore. I'd love to see if any other partner, staff or whatever mind responding. Thank you for your help anyway. I will use what is useful in your post and discard the rest.
  Thanks

• Restrict local user login via GPO

  I need a way to restrict domain user's access to the PCs in my department. All users at the company are put into company wide general user groups and then, as a department, we put them into separate user groups per department OU. I want to restrict access
  to all users except the users in my OU user groups but there are hundreds of other user groups created by other departments so direct exclusion per group is out. I need a way to restrict everyone except my users via a group policy object. 
  Any help is appreciated.

  Hi,
  Please follow the below steps for denying logon to all users, except the users who are the members of groups in your department OU,
  1. Create a new group called "MyExcludedGroups" (To whom we are going to add the groups, for excluding logon to your department computers).
  2. Check the below steps for adding the groups to "MyExcludedGroups" group using powershell,
  - Go to Start -> Open Windows Powershell using Run as Administrator 
  - In the powershell type, set-executionpolicy unrestricted (for allowing commands to execute)
  - Type the command import-module activedirectory           (to enable and execute AD cmdlets)
  - For example to add the groups in "ou=test1,dc=mydomain,dc=com" to "MyExcludedGroups" group, type the below commands,
             $test1=Get-ADGroup -Filter * -SearchBase "ou=test1,dc=mydomain,dc=com" 
             Add-GroupMember -Identity MyExcludedGroups -Members $test1
        Similarly you can run the commands on each OU to add the groups to "MyExcludedGroups" group.
  3. Create a Group Policy Object (GPO) linked at the OU containing your department computers called "Deny Interactive Logon".
  4. Right click and edit the GPO "Deny Interactive Logon" and navigate to the node "Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment".
  5. In the "User Rights Assignment" node add "Deny log on locally" permission for "MyExcludedGroups" group.
  Regards,
  Gopi
  www.jijitechnologies.com

• Access windows server 2003 from a local user machine (windows 7 pro)?

  Is there a way to look up user accounts from a local machine running windows 7 pro without having to always go to the physical server itself?
  The reason is the location of the server, a bit of an inconvenience.
  It's a windows server 2003 btw.
  Thank you,
  Cris

  Hi,
  Thank you for posting in Windows Server Forum.
  Good to hear that you go it working.
  In respect to your another question, it seems that you want to have with smart card technique for password without entering manual credential. Please check following article for information.
  Smart Card and Remote Desktop Services
  http://technet.microsoft.com/en-us/library/ff404286(v=WS.10).aspx
  Guidelines for enabling smart card logon with third-party certification authorities
  http://support.microsoft.com/kb/281245
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Issues with creating PDF's (Acrobat 8.1.6. and 9.1.3) in Windows Server 2003 (32 bit) and Windows XP (64bit)

  We have a report package that generates customised reports
  We generate the PDF's by simply "printing" to the Adobe PDF printer
  In Windows XP Pro (32 Bit) the report creates the PDF perfectly
  In Windows Server 2003 (32 Bit) or Windows Xp Pro (64 Bit) the PDF is created 90% perfect but some of text has slipped on the page.
  Whilst we are looking into the report writer (Dev Express) I would like to rule out any Acrobat issues.
  With thanks
  Mark

  I think it will work fine if you use the "Enterprise" authentication option.  It may have dependencies on 32 bit components.  So, that's why we must run IIS in 32 bit mode even though it's on a 64 bit OS.  That means CR supports 64 bit OS systems only if you bring down other components that CR uses to 32 bit levels.  I'm not sure if that is considered "full support". 
  We are trying to use the LDAP authentication option, but that tab is disabled.  Other tabs such as Active Directory and WinNT are disabled as well.  There maybe another component that we must bring down to 32 bit processing.
  Is there a way to enable the LDAP authentication configuration tab?
  thanks

• Running 10G as a non local system account on Windows Server 2003

  Hi,
  I have an Oracle 10G database running on Windows Server 2003, SP2. I have created the database and it all works fine while the service is running as the default local system account. However, when I change the user that the service runs as to a different account the database starts and opens, and I can log on as SYS using a bequeath connection but I am unable to log on as any other user going through the listener. The listener responds to TNSpings, and all seems to be OK. When I switch it back to the local system user again it all works fine.
  Can anyone offer any advice or help?
  Thanks,
  Rob

  That's probably because the listener is still running as the local system account. Have you tried to change the listener service to run as the same account as the Oracle service?

• Cannot Edit Group Policies - Windows Server 2003 R2

  Hello, everyone.
   I have a server running Windows Server 2003 R2 Standard Edition Service Pack 2 32-bit. Group policies were working fine until sometime last week. Now, whenever I would launch GPMC, I would get an error message that said "Windows cannot find gpedit.msc.
  Make sure you typed the name correctly and try again.' Then, after I click OK, I would get another error message that said "Failed to start the group policy snap-in. The gpedit.msc file may be missing, files with the .msc extension may not be associated
  with mmc.exe, or you may not have the appropriate rights."
  I removed GPMC to see if that would work, but I still get the same error messages when I try to edit group policies through ADUC.  I also tried de-registering and re-registering the gpedit .dll files but I did not have any luck.
  Is there anything else I can try? I do not have any group policies that I need to deploy at the moment, but I would like to get this fixed as soon as possible.

  > snap-in. The gpedit.msc file may be missing, files with the .msc
  > extension may not be associated with mmc.exe, or you may not have the
  > appropriate rights."
  So you verified that gpedit.msc exists and that it can be launched
  through "run"?
  > de-registering and re-registering the gpedit .dll files but I did not
  How did you do that exactly?
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Do I need the /3gb switch on Windows Server 2003 Enterprise Edition

  I have an Oracle 10g database running on a Windows Server 2003 Enterprise Edition with 16gb of RAM. Do I need to set the /3gb and or /PAE switch in the boot.ini file for Oracle to use this memory?

  This metalink doc talking pretty extensively about the setting
  Implementing Address Windowing Extensions (AWE) or VLM on Windows Platforms
  Doc ID: Note:225349.1
  As you might know 32bit system has limitation of 4G max addressable memory issue. In Windows that's 2G limit because Windows reserve 2G for system. With /3G switch you can let Application address 3G with 1G for OS, if your system has more than 4G you need to use /PAE to address memory beyond 4G.
  Of course if you don't plan to allocate more than 2G to Oracle SGA then don't need the settings.

• Do I need to upgrade Windows Server 2003?

  What roles are you running on your Server 2003? Less than 15 workstations, any plans for future growth?

  I work at a small office, pediatrics.  I want to know if I still need to upgrade our server since we are using cloud-based for our EMR system. We only have less than 15 computers running on Windows server 2003. The server is mainly used for shared folders and shared printers only.  I need your advice. 
  Thank you.
  This topic first appeared in the Spiceworks Community

• Is there a firefox or best browser (except IE) for Windows Server 2003 R2 Standard? if so, is it free of charge (open source) forever? where can I get it? details. need answers to all questions

  is there a firefox or best browser (except IE) for Windows Server 2003 R2 Standard? if so, is it free of charge (open source) forever? where can I get it? details. need answers to all questions

  # As to what is the best browser, it is subjective. I think it is the best, others will disagree. There is no special version for Windows Server 2003, the usual version works on it.
  # It is free of charge and will always be free.
  # It is open source.
  # You can get it from http://www.mozilla.com

• Need info for installation of SAP XI on Windows server 2003

  Hi All,
  I need system requirement  ( hardware and software) for the installation of SAP XI 3.0 only on Windows server 2003.
  It would be great if  anyone can share the installation steps.
  Thanks in Advance...
  Regards
  Venkatesh

  Hi venkatesh,
  Plesae go through these links.
  Procedure to install :
  http://help.sap.com/bp_bpmv130/Documentation/Installation/XI30InstallGuide.pdf
  Configuration Guide
  http://help.sap.com/bp_bpmv130/Documentation/Installation/Configuration_Guide_FP.pdf
  A Beginner?s Guide to SAP XI Settings, Part I
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/73527b2c-0501-0010-5398-c4ac372c9692
  Guide to SAP XI Settings, Part II
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/6bd6f69a-0701-0010-a88b-adbb6ee89b34
  General Configuration Steps
  http://help.sap.com/saphelp_nw04/helpdata/en/cf/230240d981e469e10000000a155106/content.htm
  SAP Exchange Infrastructure (XI) : Installation & CONFIGURATION GUIDE
  http://help.sap.com/saphelp_nw04/helpdata/en/d7/f01a403233dd5fe10000000a155106/frameset.htm
  Personal Settings
  http://help.sap.com/saphelp_erp2004/helpdata/en/e9/c4cc9b03a422428603643ad3e8a5aa/content.htm
  Roles and Tool Access : Administration, Technical Configuration,Design,Configuration,Monitoring
  http://help.sap.com/saphelp_nw04/helpdata/en/89/05793c05f0807be10000000a11405a/content.htm
  http://www.forumtopics.com/busobj/viewtopic.php?t=59586&start=15&postdays=0&postorder=asc
  SLD:
  How To?Handle the SLD for SAP XI
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/9e76e511-0d01-0010-5c9d-9f768d644808
  How To?Handle Caches in SAP XI 3.0
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1a69ea11-0d01-0010-fa80-b47a79301290
  Refer these post installation links
  http://help.sap.com/saphelp_nw70/helpdata/en/a0/40084136b5f423e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw2004s/helpdata/en/14/39084136b5f423e10000000a155106/frameset.htm
  Link for posnt installation guide
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/95d7d490-0301-0010-ce93-c58f9a3cde0b
  https://websmp101.sap-ag.de/~sapidb/011000358700009389172004E.PDF
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/95d7d490-0301-0010-ce93-c58f9a3cde0b
  2004s PI installation - help.sap.com:
  http://help.sap.com/saphelp_nw04s/helpdata/en/78/f59442062bcd6ae10000000a155106/frameset.htm

• Is there an easier way to create a local variable?

  I want to create a local variable, but I don't wont to have to find the terminal first and then use the option create-local variable. Is there a way to make a copy of an existing local variable? If I use the CTRL-C and CTRL-V option another terminal is created too.

  > Great! That was exactly what I wanted. It even works if more than one
  > variable is selected.
  This may not apply in your situation, but I feel obliged to make this
  warning anytime I see this sort of posting. If you find yourself making
  too many local variables, it is worth checking to see if you are doing
  things the best way.
  If you are using the locals for communication between parallel loops or
  for UI -- writing to controls, then keep trucking. That is why they
  were added. If you are using them as storage locations, like variables
  in BASIC or C, or to avoid wires, then you should definitely read the
  devzone article about race conditions and the usage of globals/locals.
  If not, you will probably find yourself with some monument
  al debugging
  sessions later on.
  If you have questions, fire away.
  Greg McKaskle

• Add custom local group with similar power as Windows BUILTIN\Administrators group

  In windows 7 or windows 8
  Is there any possibility to create a custom Local group having the same power/privileges as it does the BUILTIN\Administrators group.
  If yes; how?
  For instance:  I created a new local group, then in Local Security Policy(secpol.msc) \Security Settings\Local Policies\User Rights Assignments I added all the available policies where the Administrators group was also there, then I create a normal
  local user and assigned this new customized group, however the user never obtained the sufficient power as it does a user from Administrators group.
  Can anyone help?
  Thanks in advance.

  I don't think you can create a replica for Admin group.
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.