Removing SIDHistory for all users in an OU

Similar Messages

• How to remove the option "Set as default background..." from the right-click menu on a picture, for all users.

  Hi! I would like to know if there is any possibility to remove the option "Set as default background..." from the right-click menu on a picture, for all users. I know that's possible to edit userContent.css or userChrome.css, but this concerns only a profile at a time and being in a domain, I would like to set this for all people using Firefox.
  Can it be possible to edit a mozilla.cfg file to get the same result?
  Thank you in advance for help and tips.

  AFAIK then there is no way to do that system wide. You can only do that via userChrome.css or an extension like the Menu Editor per profile .You can install extensions globally, but the user will have to enable them anyway. That is not required for userChrome.css code.

• Permanent Regional Formatting, Save for all users, Remove Document Security

  Dear Experts,
  I have read the Documentation of Permanent Regional Formatting, Save for all users, Remove Document Security in Document Properties.
  Can anyone explain me in simple way all the above three. (More on Permanent Regional Formatting with example).
  Regards
  Sam

  There's no unmanaged Web Intelligence functionality support via .NET as far as I know.
  You might want to open a support case with SAP to get confirmation.
  Sincerely,
  Ted Ueda

• Remove Following people from mysite for all users

  [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server")
  $web = Get-SPWeb https://www.contoso.com/teams/yourteam
  $context = [Microsoft.SharePoint.SPServiceContext]::GetContext([Microsoft.SharePoint.SPSite]$web.Site)
  $upm = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager $context
  $users = $web.AssociatedMemberGroup.Users | where IsDomainGroup -eq $false
  $useraccounts = $users | select loginname | Foreach {"$($_.loginname)"}
  foreach ($user in $users) {
  $profile = $upm.GetUserProfile($user.UserLogin)
  #$objectToFollowRelativeToWeb = "/"
  if ($profile)
  #Create a Social Manager profile
  #SPSocialFollowingManager
  $followManager = New-Object Microsoft.Office.Server.Social.SPSocialFollowingManager($profile, $context)
  $following = $followManager.GetFollowed([Microsoft.Office.Server.Social.SPSocialActorTypes]::Users)
  for ($i=$following.Count - 1; $i -ge 0; $i--) {
  $followed = $following[$i]
  $acctname = $followed.AccountName
  #if claims:
  $acctname = 'i:0#.w|'+$acctname
  if ($acctname -iin $useraccounts ) {
  [Microsoft.Office.Server.Social.SPSocialFollowResult]$res = $followManager.StopFollowing($followed)
  Write-Verbose "$($user.UserLogin) stop following $acctname result is $res"
  I have the above script from one of the technet solution to remove followeronly  for Contributors from MySite. I want this script to run for all user and remove all existing association. Can someone help me update this script.
  Thanks Ba$va

  Hi Basva,
  According to your description, my understanding is that you want to remove all existing association for all users
  The $users = $web.AssociatedMemberGroup.Users | where IsDomainGroup -eq $false is to get all users in Contributors group. You can change the line to
  $users = $web.AllUsers, then run the script, compare the result.
  Here is an post for getting all users using PowerShell, please take a look at:
  http://www.sharepoint2013.me/Blog/Post/160/Get-all-the-unique-users-in-a-farm-using-PowerShell-script
  Best Regards,
  Wendy
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Wendy Li
  TechNet Community Support

• Any way to remove all "apps" for all users?`

  I get that the new start menu is a compromise, and it's neat that it's "back."
  What I'm not clear on, is if it's possible to remove/hide the "apps" for all users.
  I'm not keen on having all users have all of these, especially in a corporate environment.
  Would be preferable to have none, except for perhaps what's "allowed" by admins.
  Standard office users, power users, devs, artists, accountants, most folks at work simply don't have a use for most of these apps. I also don't want bandwidth constantly being used by any of the live tiles. If a user wants to know the weather, they can go to
  weather.com. If they want news, this is also available via any number of sites.
  The other compromise of having apps "windowed" is also nice, but for an office environment, I just don't see people firing up a sandboxed calculator app (or, any of the other built-in ones).
  Sorry, but honestly, I'd honestly just like to know if it's possible to set up a GPO, or use some other method to get the "apps" out of the way of the "standard office user."

  Hi techresource0,
  Use export-startlayout cmdlet to export the start menu configuration first:
  Export-StartLayout
  http://technet.microsoft.com/en-us/library/dn283401.aspx
  Windows 10 Technical Preview has a new policy under start menu  and taskbar:
  Meanwhile, I have two thoughts on this if you are planning your environment:
  One: a customized image.
  Two: customize default profile.
  For the first thought, you can uninstall all provisioned windows store app and then deploy this image to your environment. Of course, you can do this in an online system as well.
  Removing Windows 8.1 Built-in Applications
  http://blogs.technet.com/b/deploymentguys/archive/2013/10/21/removing-windows-8-1-built-in-applications.aspx
  For second thought, you may prepare default profile, it would always copy to new created user profile:
  Customize the default local user profile when preparing an image of Windows
  http://support.microsoft.com/kb/973289
  Alex Zhao
  TechNet Community Support

• Changes like password and removal of roles for all users

  Hi
  i want to change password for all users and remove single roles from all users.When i am doing this in SU10 changes are not reflecting for users.Please help reg this
  Vinod

  Me too...I have never been able to remove roles from multiple users with SU10.  I don't know if it's a bug or (more likely) just a confusing screen, but in 4.7 it never worked for me.

• How do I install a Thunderbird add-on for all users? Putting the XPI file into Extensions folder didn't work.

  I'm trying to install Enigmail 1.8.2 for all users. I thought I read somewhere that you don't need to unpack the XPI file.
  Whilst writing this, I did some experimenting and found a solution, but it's messy (see below). Is there an easier way?
  Fresh install of Thunderbird 31.6 on Windows 7 x64. Have observed the following:
  1. If I install the extension for one user via the Add-Ons GUI (from the marketplace, not from a local file), it does work. The Appdata\Roaming\Mozilla\Extensions folder is empty. Folder {847b3a00-7ab1-11d4-8f02-006008948af5} is created in Appdata\Roaming\Thunderbird\Profiles\xxxxxxxx.default\extensions\staged\ and moved from staged to extensions when TB is restarted.
  2. If I download the XPI file from Enigmail site and copy it to Program Files(x86)\Mozilla Thunderbird\Extensions folder, then Thunderbird's Extensions screen says "You don't have any add-ons of this type installed".
  3a. If I rename the xpi to zip (e.g. enigmail-1.8.2-tb+sm.xpi.zip) then I can open it and see that the contents are similar to what was created at point (1). If I unzip the contents, then Thunderbird doesn't recognise the add-on, unless I rename the folder to the GUID above (which could be found in install.rdf or chrome.manifest, once you know what you're looking for).
  Presumably I could also have done a per-user install, copied the folder from the profile, removed the extension, then pasted the copy into the program folder. That would save looking up the GUID but is only a little less fiddly.
  3b. After renaming the folder and restarting TB, it gives me a new tab "Install Add-on" which says "Another program on your computer would like to modify Thunderbird with the following add-on: ... Location: C:\Program Files (x86)". Once I allow the add-on, it is listed in Profiles\xxxxxxxx.default\extensions.ini.
  Aside: Disabling the add-on simply removes the line from extensions.ini, so how does TB distinguish between an unapproved add-on and a disabled one? It seems to be in extensions.json.

  Is Thunderbird already installed in the computers? If so, you could download the .xpi file and drag and drop it into the extensions window (after opening that) to install it in all the computers, following which you click the Install buttons when they become enabled, and you might have to restart Tbird afterwards.

• You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation

  Hi all
  Have seen a couple threads regarding this but unfortunately nothing that solves my problem thus far!
  Right now, our developers are using the Domain Admin account to promote their website code using MSI files.  I'd like to change this as I feel the Domain Admin account should be on lock down and only used when absolutely necessary, pretty common.  The
  same goes for my account too, I would like to absolve as much use of the Domain Admin as I can.
  Problem is, when they run installers from their own accounts, they receive this error: You do not have sufficient privileges
  to complete this installation for all users of the machine. Log on as administrator and then retry this installation
  The accounts they are using are part of the Built In Administrators group and the Domain Admins group... I'm not sure what other permission you'd need in a domain?  We've gone as far as explicitly giving them local admin access on this server and still
  nothing changes.
  Is there a Group Policy or something that I can change to provide install rights and possibly remove these accounts as Domain Admin and more along the line of Power User?
  Thanks much for your help!
  Ryan

  Hi,
  You could use Software Restriction Policies (SRP’s) or Applocker(supported on Windows server 2008 R2/Windows 7 only) to restrict the running
  of the application for specific user.
  Description of the Software Restriction Policies
  http://support.microsoft.com/kb/310791
  HOW TO: Restrict Users from Running Specific Windows Programs
  http://support.microsoft.com/kb/323525
  How to Implement Group Policy Security Filtering
  http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.htmlPlease remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Setting Crystalviewer for all users in CMC

  I am trying to setup Crystal Reports server 2008 VI for my organization. One of the requirement is to disable the Preferences in inoview and set the crystal report viewer to the Web ActiveX control for all users. I was able to disable the preference parameter in CMC -> Allications -> InfoView, but could not find away to set the default viewer for all InfoView users to the activeX control? Is this doable? If so I would like to know how.
  Any help is greatly appreciated.

  Enable preferences and go to Infoview, click oh Preferences and change the view format to ActiveX and save it. Do this for Administrator users.
  There is download available, using that you can make the same change for all users, check the below link.
  Re: Setting the same "InfoView Start Page" to all users in one group
  With that you can change the settings for all users as Administrator, once done remove the access to Preferences.
  Thanks,
  Hari

• Adding a domain user to the admin role within the local user management breaks all metro apps for all users!!

  Hi,
  I have posted this in another large thread under the "Windows 8 General" group but have not had any appropriate feedback from MS.
  After hours of testing and working with other users I have managed to isolate a simple situation that breaks all metro ui applications within Windows 8 for all users on the machine. Here are my exact steps and notes.
  Before continuing if you are running Avast then your solution may be to turn of the behaviour shield functionality as this also breaks metro apps. This is NOT the problem we are having!
  I have performed 3 cleans installs after isolating the problem and am able to reproduce the issue every time using the same steps on two different machines. 
  First thing to say is that for us it has nothing to do with simply joining the domain, domain/group policies nor does it appear to have anything to do with the software we installed, the problem here is much more simple but the result is pretty terrible.
  Here are my exact steps of what I did to reproduce our problem:
  Complete format of HDD in preperation for a clean install
  Clean install performed
  Set up the machine initially with a local account
  Test metro apps - all working fine
  Open control panel from the desktop, click on System, change the system to join the domain, click reboot
  Log into the system using my domain account
  Test metro apps - all working fine
  Here's were the problem starts. I need my domain account to have admin rights on the local machine so I can install programs without the IT men having to come over and enter their password every 5 mins.
  I go to control panel via the desktop and click on User Accounts. From with here I then click on "Manage User Accounts". This requires the IT guys to enter their details to give me access to such functionality. This is fine
  In the dialog box that opens I can only see the local user that was initially created during setup. The "Group" for this local account shows as "Administrators" - Image included below (important to note that metro apps are working at this point)
  I click add and then add my domain account - also giving it administrator access
  Sign off or reboot to ensure the new security is applied
  Sign back in to the domain account
  Test metro - ALL BROKEN
  Sign out
  Sign in as local account
  Test Metro - NOW ALL BROKEN FOR THIS USER ALSO
  So as soon as I add my domain account to the local user accounts and set it as admin it breaks all metro apps for all users. This is on a totally clean install with nothing at all installed other than the OS.
  Annoyingly if I go back and change the domain account to a standard user or if I totally remove the domain account from the local account management system the problem does not go away for either user. basically it is now permanently broken. The only fix I
  could fathom was a full re install and not giving the domain user admin access to the local  machine.
  Screen one - this is the local user accounts window AFTER joining the domain and logging in with my domain account (All metro apps working at this point)
  Screen 2: User accounts AFTER joining the domain and AFTER adding domain account to local user management (METRO BROKEN)
  I have isolated my machine from all group policies so nothing like that is affecting me. Users I have spoken to in different companies have policies that automatically add users to the local user management. This means that metro apps break as
  soon as they join the domain which leads them to wrongly think it is group policies causing the error. Once they isolate themselves from this they can reproduce following my steps.
  Thanks

  Hi Juke,
  Thank you for the response and apologies for the delay in getting back to you. My machine was running a long task so I couldn't try your suggested solution.
  I had already tried running the registry merge suggested at the top of the thread to no avail. I had not tried deleting the OLE key totally so I did that and the problem still exists. I will post all the errors I see in event viewer below. For
  your info, since posting my initial comment I have sent out my steps to 7 different people and we can all reproduce the problem. This comes to 10 different machines (3 of them mine then the other guys) in 3 different businesses / domains. We see the same errors
  in event viewer.
  Under "Windows Logs" --> "Application" : I get two separate error events the first reads "Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional
  information." The second arrives in the log about 15 seconds after the first and reads "App winstore_cw5n1h2txyewy!Windows.Store did not launch within its allotted time."
  Under "Windows Logs" --> "System" : I get one error that reads "The server Windows.Store did not register with DCOM within the required timeout."
  Under "Applications And Services Logs" --> "Microsoft" -->  "Windows" --> "Apps" --> "Microsoft-Windows-TWinUI/Operational" : I get one error that reads "Activation of the app winstore_cw5n1h2txyewy!Windows.Store for the
  Windows.Launch contract failed with error: The app didn't start."
  If you require any further information just let me know and I will provide as much as I can.
  Thanks

• How to embed fonts in document for all users

  Hello,
  we are using a custom font for our documents. I know it's possible to embed fonts in document when saving.
  Is there an option to enforce this setting with a policy?
  I cannot find the right policy in the Office Policy templates.
  We are using Office 2013 x86.
  Thanks in advance.

  Hi,
  Based on my knowledge, the option is document-based, we can't control this on the Policy level.
  If your request is to turn on this option for all new created documents. Since all new documents are based on the Normal.dotm template, a workaround is to create a new Normal.dotm template in which this option is checked:
  Browse to C:\Users\Username\AppData\Roaming\Microsoft\Templates, open Normal.dotm, tick the option and save it as Normal_1.dotm, save it in the same location.
  Then rename the old Normal.dotm to Normal.old, rename Normal_1.dotm to Normal.dotm.
  Open Word and create a new blank document, you will see this option is ticked.
  To deploy this file for all users, we can write a startup script. The process is like: 1. Remove the old Normal.dotm, 2. Copy the new Normal.dotm template from a network shared location to C:\Users\Username\AppData\Roaming\Microsoft\Templates.
  I hope the information is helpful to you.
  Regards,
  Melon Chen
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs. Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Disable JRE Auto update in Vista for all users?

  I feel like a complete idiot that I can't figure this out, but it's either so obvious I'm overlooking it, or I just plain can't figure it out, so I'm hoping someone here can help.
  We have not yet been able to figure out how to simply disabled the Auto Update option when installing JRE under Vista, so it will never check for updates, no matter what user is logged into a pc. I've just installed the newest version 1.6.0_05-b13, but get the same results.
  Basically, we are creating a "base clone image" of a Vista workstation and we need the auto update feature of the JRE to be disabled so it doesn't check for updates. When a new user logs into the pc, we want them to 'inherit' this setting from the default user profile, or we simply want a 'global' setting on the pc that stops all JAVA update checks from occuring. But even though there are multiple registry keys that 'look' like they control the auto update function, no matter how we set them the update option still shows it is enabled when you open the JAVA control panel.
  We have 2 basic problems:
  - When a standard user runs the JAVA Control Panel applet and they select the 'Update' tab, the option to "uncheck" autoupdates is "grayed out". If we make the user a local administrator, then it is not grayed out anymore and they can set the option. Problem is, we have thousands of users and none of them are local administrators, hence the problem of getting it to already be defaulted to not check for updates. How do we get the update checkbox to NOT be grayed out for a NON-administrator?
  - How do we set the 'global' (or default) option to disable the auto update checkbox for ALL users? No matter what we try, when a new user logs in, the auto update feature is still enabled after their initial profile is generated from the first time login.
  I was able to figure out if I change the "EnableJavaUpdate" value in the below registry key, it will "remove" the Update tab from the JAVA Control Panel. But does the simply remove the tab? Or does it remove the tab AND disable auto updates for ALL users on the computer?
  HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy
  I've sent multiple emails to Sun asking for help on what should be a simple thing to do, but have never received a reply from them.
  Keith Hemmelman

  Thank you for the reply. I apologize for not getting back here sooner.
  We actually already use a deployment.properties file located under the Default User profile on our Vista setup. It's located under the "C:\Users\Default\AppData\LocalLow\Sun\Java\Deployment" folder. This file does get copied over to a new user profile when a new person logs in. This is what we want since we have set things like the maximum cache size and temporary file location.
  The problem though is there is no setting that disables the automatic update check within this file. The best I can figure out is that for some reason under the Vista environment, the auto update setting is controlled in the registry at: HKEY_CURRENT_USER\Software\JavaSoft\Java Update\Policy
  There is a REG_BINARY key there that appears to control this option. It is named "EnableAutoUpdateCheck". The problem is that the value of this key is "several" characters long and it is "different" from one user to the next. I tried disabling auto update under the Java Control Panel and then copied the value of this key into the same aread of the Default User hive but when a new user logs in, it ignores that setting and auto update is still enabled. I also tried using a simple "0" to disable the autoupdate or a "1" to enable it for this key, but it doesn't work either. (This is very frustrating why there isn't a simple 1 or 0 setting to turn the auto update setting on/off.)
  We had no problem getting this to work under XP. Basically we didn't have to do anything special in XP. We simply created a temporary user account and made all the settings we wanted and then copied that profile over to our Default User profile and the Java autoupdate setting under the Java Control Panel was disabled for all new users. We did the same thing under Vista, but the auto update setting was ignored and re-enabled for all new users.
  I read through the settings for the deployment.properties file located at the below link, but there is nothing there to control the auto update setting.
  http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/properties.html
  Thus, we can't get the auto update setting to be disabled in the default user profile so it will in turn be disabled for all new users that log into the computer. This is extremely frustrating.
  The other equally frustrating problem we have run into under the Vista environment is that when you run the Java Control Panel, the option to disable the auto update check is "grayed out" and the user can't uncheck this option to disable auto update. We have found you must be an administrator before this option is no longer grayed out. Since none of our thousands of users are admins, this is also a problem for us. (This option works fine for a standard user if you are on a XP machine though. It's just Vista where things have changed.)
  I've sent repeated emails to Sun in the past asking for help, but they never replied.
  Keith

• Credential manager to see credentials stored for all users?

  Is there a way to see and manage credentials stored for all users on a server (we use 2008 R2) rather than just the user who logs on and uses credential manager (or the cmdkey command)? We have users using three terminal servers and some of them store
  incorrect creds (wrong username or password), so would be good for myself as domain admin, if I could go to the servers myself, and remove any credentials that OTHER users have stored.

  Hi
  The cached credential are stored in a special location in the registry. (an example there;
  http://msitpros.com/?p=1029)
  I doubt you can manipulate the string directly as it's encrypted (possibly "salted" with the user token), but maybe their is some workaround that I don't know of. (edited; to erase it's surelly easily doable)
  Regards, Philippe
  Don't forget to mark as answer or vote as
  helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
  Answer an interesting question ? Create a
  wiki article about it!

• Enable save for all users in rich client document defaultly for all users

  Hi,
  Is there a option to enable save for all users in a rich client document defaultly for all users across the company. As the users who are creating reports are forgetting to check the box before sending the rich client document to others. Kindly let me know if you have any suggestions on this.
  Thanks,
  Karthik

  I'd suggest that is is where your BO folder structure comes in. You can export from Rich Client to any folder that you have permissions to access - some sort of collaboration folder system would potentially be better and more secure than sending unsecured reports via email. If your IT security team found out that you were removing document security, I doubt they'd be impressed!
  You can't do the default save for all users, simple as that (it's bad practice anyway, which is probably why you can't). While it's not the answer that you want to hear, it is the correct one.

• Save for all users not working

  I created a query in the rich client and selected "save for all users", but still cannot open it on another server.  Has anyone else experienced this?  I am on version 12.3.1 build 684.

  I just did a Save As and checked the "Save for all users" box.  I think I have to check "Remove document security", but that's grayed out); Deski only had the one option and it worked fine.  There error I received is:
  The document has been secured on another cluster. You cannot open this document on the current cluster. To open it, log on the right cluster and save it as unsecured. If the cluster is not reachable, try to connect to the following system : '<server>'. If this system is not reachable or not online, try the previous offline session with the connection ''. (WIS 30910)