Run Script Once through Group for All users
Hello Everyone,
We have 4 forests with one domain each having forest trusts. I want to run a script only once on all the windows 7 machines in all the domains.
I have created the script and saved it in the .bat. how can i go ahead and do this.
Need your help.
Thanks in Advance
Hello Everyone,
We have 4 forests with one domain each having forest trusts. I want to run a script only once on all the windows 7 machines in all the domains.
You need to apply your script 4 times since you have 4 domains. Just use WMI filters to apply the GPO on Windows 7 machines only.
Filtering Group Policy to Windows 7 Computers
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers?
Similar Messages
-
Applescript: How to run a script once upon logon for multiple users
I'm deploying a NetRestore image to about 150 Macs which will be using Active Directory and I've designed a custom default user for each new user. However, our system requires a specialized certificate that has to be installed on the local login.keychain for each user otherwise network connectivity is impacted.
I've tried to use the security command through Terminal to install the certificate, but no matter what combination of commands, I cannot seem to get that to work properly even with an already-created user. While it will often say it's installed, the cert will not actually show up in the login keychain in Keychain Access. And the network connectivity is still impacted.
So instead, I created a brief AppleScript that just gives the user brief instructions to click "Add" on the prompt for which Keychain to add the cert and then "Always Trust" for the "This cert is not verified" prompt. Then it launches Keychain Access. Originally, I was going to have it actually click the buttons for the user, but I realized trying to get the whole Accessibility apps and assitive devices to work on every new user would be a nightmare.
I created the script on another 10.9 Mac using Automator to make it an actual application. I've used the instructions in OS X: Using AppleScript with Accessibility and Security features in Mavericks to sign it and I'm using root to move it from its network location into the Applications folder. I've adjusted the permissions to allow all Admin users to r/w (along with everyone else). To the root user, it shows as a usable application, but every other user on the Mac sees it as damaged/incomplete.
What I want to do is add it to the default Login Items, so I can run the final AppleScript command to simply remove the login items listing. That way I don't need to worry about it running again, but it's still available for the next user to sign onto the deployed Mac.
I know it's a little convoluted, but this is the final piece to the NetRestore deployment I've been working on for months. Any suggestions on how to make this work (or even a completely different solution) would be greatly appreciated.
Here was the original shell script in case you're curious.
#!/bin/bash
## Prompt for current user admin for use in Certificate Install
while :; do # Loop until valid input is entered or Cancel is pressed.
localpass=$(osascript -e 'Tell application "System Events" to display dialog "Enter your password for Lync Setup:" default answer "" with hidden answer' -e 'text returned of result' 2>/dev/null)
if (( $? )); then exit 1; fi # Abort, if user pressed Cancel.
localpass=$(echo -n "$localpass" | sed 's/^ *//' | sed 's/ *$//') # Trim leading and trailing whitespace.
if [[ -z "$localpass" ]]; then
# The user left the password field blank.
osascript -e 'Tell application "System Events" to display alert "You must enter the local user password; please try again." as warning' >/dev/null
# Continue loop to prompt again.
else
# Valid input: exit loop and continue.
break
fi
done
echo $localpass | sudo security import /'StartupFiles'/bn-virtual.crt ~/Library/Keychain/login.keychain
osascript -e 'tell Application "System Events" to delete every login item whose name is "LyncCert"
And this is the AppleScript itself. (I used the \ to make it easier to read. The first line is actually one complete command)
display dialog "Click OK to start installing Mac Network Certificate." & return & return & \
"In the following prompts, click the 'Add' then 'Always Trust'." & return & return & \
After you have clicked 'Always Trust', quit Keychain Access." default button 1 with title \
"Mac Network Certificate Install"
activate application "Keychain Access"
tell application "Finder" to open POSIX file "/StartupFiles/bn-virtualcar.crt"
tell application "System Events" to delete login item "Lync-AppleScript"
end
Thank you for your help!I have run into this same issue. Are you trying to run the script one time as a new user logs in or everytime a user logs in?
-
Script to Grant Role for All User Objects.
Hi DBAs,
I have created a select_only role. I need a script to populate that role with all user_objects belonging to one person and eventually grant that role to another person. Perhaps a dynamic sql.
Please help.
Thanks
-Samar-Samar,
Please see if the following documents help.
Note: 18080.1 - Script to Create Roles
Note: 174138.1 - How to Tranfer all Roles and Grants to Another Database
Note: 729428.1 - Script to create roles & apply grants from database A to B
Regards,
Hussein -
How to create global groups for end users
Just started deployment of Lync 2013. We do not host our exchange / mail internally. It is a hosted solution (not exchange). We do use outlook though.
It has been a long time since I set up Lync (Since OCS 2007 / 2007 R2)
Can someone please tell me how to create groups for all users on the Lync Client and populate them from groups in AD.Right now we are using Spark and we have decided to use Lync. In Spark it queries AD every day and populates the groups from AD
groups that we have defined.
I know that users can create there own groups, but we prefer to have every client have every group (department) and those in department listed below rather than them have to manually add them individually.
Thanks for your direction.
JohnHello john,
Lync Client can't use AD group or Exchange mail group. You can't create Lync client group with AD GPO. each Lync user can create their own group in Lync client and of course can delete.
You can not manage Lync client within the
group as the centeral. There is no such
feature in Lync. you can examine 3rd party applications. for example ;
http://www.vytru.com/contacts-manager-for-microsoft-lync.html
Regards
Zulfikar CAGLAR
The statement is incorrect. You CAN use Distribution Groups from Active Directory in Lync Client:
http://support.sherweb.com/Faqs/Show/how-to-add-contacts-from-distribution-lists-in-lync-2013
Please “Vote As Helpful” and/or “Mark As Answer” if this post helped you. -
Get all Groups for current user
Hi I try to get all groups for the current logged on user. This is what I do:
First I try to search with the IGruopSearchFilter to obtain all unique Group IDs. I always get an proxy error by doing this, maybe the query is to much.
Then I want to use the method group.isUserMember(user.getUniqueID() to check whether the user is a member of that group or not.
Is there a better way to obtain all groups for a user (without using a query IGroupSearchFilter)?
Thanks ahead for your help.
BurkhardtBurkhadrt,
have you tried this?
https://media.sdn.sap.com/javadocs/preNW04/SP2/60_sp2_javadocs/ume/com/sap/security/api/IUser.html#getParentGroups(boolean)
This should give you an iterator for all groups the given user is assigned to.
Hope it helps... and if so:
if (helpful) {
points++
Regards,
Dominik -
Cannot disable compatibility mode for all users once enabled
I work for a school district technology department. For a computer lab that is using an old version of adobe Photoshop, we tried turning compatibility mode to windows xp and set it to run as administrator for all users in hopes that it might fix some problems
with the program. When students log on it now asks them for a password. They do not have local administrator rights to the computers. After going back in and disabling the compatibility settings, the students are still being asked for a password to run the
program. I have even tried uninstalling and reinstalling photoshop and the computer is still asking for a password to open the program. Is there some way to undo this in a permanent fashion so students are not asked for a pssword?Hello Mike Witnauer,
Please correct me if I have misunderstanding:
1. The student account can ran the Photoshop without administrator password before you turn compatibility mode to Windows XP.
2. Then, the students need the password to run the Photoshop no matter if you use compatible setting.
Please take the following steps and check if this issue still exists.
1. Enable built-in administrator account
2. Use the following code
runas /user:ComputerName\Administrator /savecred "Full path to program's exe file"
For more information, please take a look at the answer in the following thread.
How to run a program as an administrator from within a non-elevated command prompt?
https://social.technet.microsoft.com/Forums/en-US/0339772f-9f9b-4381-b513-73b263e2cf2f/how-to-run-a-program-as-an-administrator-from-within-a-nonelevated-command-prompt?forum=w7itprogeneral
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support -
Disable right click for all users in a certain group
I would like to disable the right click function for all users in a particular group, regardless of which computer is the domain they log in to. Is there any way to do this? Thanks.
1. Create a new group policy and link it to the OU with the users you want to be affected.
2. Edit the new policy - In the left pane navigate to:
User Configuration \ Administrative Templates \ Windows Components \ Windows Explorer
3. Enable the setting Remove Windows Explorer's Default Context Menu.
Please let me know if you succeeded.
Regards, Liran. -
Retrieving user detail, group name for all users
Hi,
How can I retrieve User name, email, authentication, user group name
for all users using SDK.
It is possible to create this report in webi or CR?
Thank you for reply,
GregorUse the following code to retrieve this information:
IInfoObjects users = oInfoStore.query("select * from ci_systemobjects where si_kind='user'");
for (int i=0; i<users.size(); i++)
IUser user = (IUser)users.get(i);
// user.getTitle(); for user name
// user.getFullName(); for user's full name
// user.getEmailAddress(); for user's email address
// for authentication type:
IUserAliases alises = user.getAliases();
for(int j=0; j<aliases.size();j++)
IUserAlias alias = alises.get(j);
// alias.getAuthentication() for authentication associated with this alias, since same user can have more than 1 authentication. e.g. Enterprise and Ldap.
// for user group memberships:
java.util.Set groups = user.getGroups();
// the groups Set object will contain SI_ID of all the user groups that this uses is member of. You need to query by the SI_ID of the usergroup to get the group names.
// e.g.
// oInfoStore.query("select si_id, si_name from ci_systemobjects where si_kind='usergroup' and si_id in (a,b,c....)");
where a,b,c are the SI_IDs of the usergroups.
To create a report based on the above fetched data, there are several methods such as:
you can use Java resultset where in you create the report structure in designer and push the data at runtime using java result set objects. Another way is to push this info in Excel or Access and design your report based on that excel\access. -
How can I deploy EFS using Group Policy and automatically encrypt computers for ALL users who login?
How can I deploy EFS using Group Policy and Active Directory with a goal to automatically encrypt computers for ALL users who login? (NOT an option for me to use BitLocker)
I was asked to deploy EFS to encrypt the user my documents folder and profile on all of the users laptops. The laptops are in common areas (board meeting rooms, etc) and security of files is a must.
I successfully created a recovery certificate in AD. I created an OU and setup an EFS policy and users can now login and select to encrypt their own files. The issue is that management would like to have automaticy Encrypt ALL users my documents AUTOMATICALLY
when a user login.
Can this be done?
Please helpHi,
Any update?
Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
Best Regards,
Andy Qi
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.
Andy Qi
TechNet Community Support -
Hi,
I have posted this in another large thread under the "Windows 8 General" group but have not had any appropriate feedback from MS.
After hours of testing and working with other users I have managed to isolate a simple situation that breaks all metro ui applications within Windows 8 for all users on the machine. Here are my exact steps and notes.
Before continuing if you are running Avast then your solution may be to turn of the behaviour shield functionality as this also breaks metro apps. This is NOT the problem we are having!
I have performed 3 cleans installs after isolating the problem and am able to reproduce the issue every time using the same steps on two different machines.
First thing to say is that for us it has nothing to do with simply joining the domain, domain/group policies nor does it appear to have anything to do with the software we installed, the problem here is much more simple but the result is pretty terrible.
Here are my exact steps of what I did to reproduce our problem:
Complete format of HDD in preperation for a clean install
Clean install performed
Set up the machine initially with a local account
Test metro apps - all working fine
Open control panel from the desktop, click on System, change the system to join the domain, click reboot
Log into the system using my domain account
Test metro apps - all working fine
Here's were the problem starts. I need my domain account to have admin rights on the local machine so I can install programs without the IT men having to come over and enter their password every 5 mins.
I go to control panel via the desktop and click on User Accounts. From with here I then click on "Manage User Accounts". This requires the IT guys to enter their details to give me access to such functionality. This is fine
In the dialog box that opens I can only see the local user that was initially created during setup. The "Group" for this local account shows as "Administrators" - Image included below (important to note that metro apps are working at this point)
I click add and then add my domain account - also giving it administrator access
Sign off or reboot to ensure the new security is applied
Sign back in to the domain account
Test metro - ALL BROKEN
Sign out
Sign in as local account
Test Metro - NOW ALL BROKEN FOR THIS USER ALSO
So as soon as I add my domain account to the local user accounts and set it as admin it breaks all metro apps for all users. This is on a totally clean install with nothing at all installed other than the OS.
Annoyingly if I go back and change the domain account to a standard user or if I totally remove the domain account from the local account management system the problem does not go away for either user. basically it is now permanently broken. The only fix I
could fathom was a full re install and not giving the domain user admin access to the local machine.
Screen one - this is the local user accounts window AFTER joining the domain and logging in with my domain account (All metro apps working at this point)
Screen 2: User accounts AFTER joining the domain and AFTER adding domain account to local user management (METRO BROKEN)
I have isolated my machine from all group policies so nothing like that is affecting me. Users I have spoken to in different companies have policies that automatically add users to the local user management. This means that metro apps break as
soon as they join the domain which leads them to wrongly think it is group policies causing the error. Once they isolate themselves from this they can reproduce following my steps.
ThanksHi Juke,
Thank you for the response and apologies for the delay in getting back to you. My machine was running a long task so I couldn't try your suggested solution.
I had already tried running the registry merge suggested at the top of the thread to no avail. I had not tried deleting the OLE key totally so I did that and the problem still exists. I will post all the errors I see in event viewer below. For
your info, since posting my initial comment I have sent out my steps to 7 different people and we can all reproduce the problem. This comes to 10 different machines (3 of them mine then the other guys) in 3 different businesses / domains. We see the same errors
in event viewer.
Under "Windows Logs" --> "Application" : I get two separate error events the first reads "Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional
information." The second arrives in the log about 15 seconds after the first and reads "App winstore_cw5n1h2txyewy!Windows.Store did not launch within its allotted time."
Under "Windows Logs" --> "System" : I get one error that reads "The server Windows.Store did not register with DCOM within the required timeout."
Under "Applications And Services Logs" --> "Microsoft" --> "Windows" --> "Apps" --> "Microsoft-Windows-TWinUI/Operational" : I get one error that reads "Activation of the app winstore_cw5n1h2txyewy!Windows.Store for the
Windows.Launch contract failed with error: The app didn't start."
If you require any further information just let me know and I will provide as much as I can.
Thanks -
How to embed fonts in document for all users
Hello,
we are using a custom font for our documents. I know it's possible to embed fonts in document when saving.
Is there an option to enforce this setting with a policy?
I cannot find the right policy in the Office Policy templates.
We are using Office 2013 x86.
Thanks in advance.Hi,
Based on my knowledge, the option is document-based, we can't control this on the Policy level.
If your request is to turn on this option for all new created documents. Since all new documents are based on the Normal.dotm template, a workaround is to create a new Normal.dotm template in which this option is checked:
Browse to C:\Users\Username\AppData\Roaming\Microsoft\Templates, open Normal.dotm, tick the option and save it as Normal_1.dotm, save it in the same location.
Then rename the old Normal.dotm to Normal.old, rename Normal_1.dotm to Normal.dotm.
Open Word and create a new blank document, you will see this option is ticked.
To deploy this file for all users, we can write a startup script. The process is like: 1. Remove the old Normal.dotm, 2. Copy the new Normal.dotm template from a network shared location to C:\Users\Username\AppData\Roaming\Microsoft\Templates.
I hope the information is helpful to you.
Regards,
Melon Chen
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs. Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Default Color, Size and Font for all user.
Hi
I have been looking around for the correct way to set some default styles for all Word users in a domain thrugh GPO. I just have some questions.
So far i can only get it working if it set a "Workgroup templates path" under "User Configuration/Administrative Templates/Microsoft Office 2013/Shared paths". Then the users are able to select it when they say "New" - "Shared"
and then the template
But i would like it to be default for all users, like in the Normal.dotm. But without making a script to replace the file for every users APPDATA.
Then i saw the "User Configuration/Administrative Templates/Microsoft Office 2013/Shared paths/Enterprise templates path", how and what does that do?Hi,
As far as I know, if we want to distribute the Normal.dotm to users in a domain through GPO, we could
use GPP file extension to
distribute Normal.dotm to the path "C:\Documents and Settings\user name\Application Data\Microsoft\Templates." for every user. For more detailed steps, please refer to the following link:
http://technet.microsoft.com/en-us/library/cc772536.aspx
Similar issue:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/87ab10d3-1cb6-4269-9334-1e0c37527e0a/move-location-of-normaldotdotm-to-central-file-server-best-solution?forum=winserverGP
If you want to config Enterprise templates path, please read this thread:
https://social.technet.microsoft.com/Forums/office/en-US/c4e5c872-402c-4339-9c02-cfa91e949e41/office-2013-templates-group-policies?forum=officesetupdeploy
If you have further question about the GPO, I recommend you post it to GPO forum:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverGP
Regards,
George Zhao
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please click "[email protected]" -
Setting Default Preferences for All Users in Crystal Reports Server 2008 v1
We are currently looking to set the default preferences in the CMC for all of our users.
I did locate this page Link: [How to set default preferences for all users in Infoview 3.1/CRS 2008]
The first part of the thread did seem promising but I am unable to find the sample .jsp code that people recommended.
I would assume that this scenario is common enough that someone knows a way to set universal preference defaults.
Thank youI thought I could just run it too but when I attempt to I get a Windows Script Host error:
Script: C:\User Prefs.vbs
Line: 1
Char: 1
Error: Expected statement
Code: 800A0400
Source: Microsoft VBScript compilation error.
I noticed the first most line seems to be markup for a web interface though I am not familiar with vbs so I may be wrong. I used the publishing wizard to put the script on the CMC to attempt to run it through the CMC but it still does not work. -
Setting up proxies for all users and clearing it on logoff
Hi,
This is an emergency, So any help would be welcomed.
Scenario - I have a lab which is configured with windows 8.1 enterprise 64bit. I created two local account. I want to connect it to our proxy such that its set up for all users and local users would not be able to change it. this way they have to log in
to use the browsers (IE/Firefox/Chrome). Secondly if they logout and log back in, it should require them to re-login to use the browsers. (It looks like its cached by default.
Any idea how to do these, Any suggestions are welcome.
I would Preferably like to script this so that I can run it on all machines.
Thanks
ManojHi,
Could you please have a share with the network environment?
If we are in a domain environment, we could configure the proxy using group policy, but the configuration won't change unless the policy changes.
For the scripting, if you would like to use, we'd better ask in the scripting guys forum for a better help.
http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home
Best regards
Michael Shao
TechNet Community Support -
Remove Following people from mysite for all users
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server")
$web = Get-SPWeb https://www.contoso.com/teams/yourteam
$context = [Microsoft.SharePoint.SPServiceContext]::GetContext([Microsoft.SharePoint.SPSite]$web.Site)
$upm = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager $context
$users = $web.AssociatedMemberGroup.Users | where IsDomainGroup -eq $false
$useraccounts = $users | select loginname | Foreach {"$($_.loginname)"}
foreach ($user in $users) {
$profile = $upm.GetUserProfile($user.UserLogin)
#$objectToFollowRelativeToWeb = "/"
if ($profile)
#Create a Social Manager profile
#SPSocialFollowingManager
$followManager = New-Object Microsoft.Office.Server.Social.SPSocialFollowingManager($profile, $context)
$following = $followManager.GetFollowed([Microsoft.Office.Server.Social.SPSocialActorTypes]::Users)
for ($i=$following.Count - 1; $i -ge 0; $i--) {
$followed = $following[$i]
$acctname = $followed.AccountName
#if claims:
$acctname = 'i:0#.w|'+$acctname
if ($acctname -iin $useraccounts ) {
[Microsoft.Office.Server.Social.SPSocialFollowResult]$res = $followManager.StopFollowing($followed)
Write-Verbose "$($user.UserLogin) stop following $acctname result is $res"
I have the above script from one of the technet solution to remove followeronly for Contributors from MySite. I want this script to run for all user and remove all existing association. Can someone help me update this script.
Thanks Ba$vaHi Basva,
According to your description, my understanding is that you want to remove all existing association for all users
The $users = $web.AssociatedMemberGroup.Users | where IsDomainGroup -eq $false is to get all users in Contributors group. You can change the line to
$users = $web.AllUsers, then run the script, compare the result.
Here is an post for getting all users using PowerShell, please take a look at:
http://www.sharepoint2013.me/Blog/Post/160/Get-all-the-unique-users-in-a-farm-using-PowerShell-script
Best Regards,
Wendy
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Wendy Li
TechNet Community Support
Maybe you are looking for
-
although it is possible to insert podcasts into a playlist on the Mac, these are not in the playlist on the iPod after SYNC
-
Navigation between two applications under a single webdynpro project
Hi All, Here i needs to work with a webdynpro project which has two application which needs navigation one view form the first application to one view in the next application. I have already tried with "EXIT URL" concept and its working fine. Is ther
-
Facing Problem in SLD(getting 500 INTERNAL SERVER ERROR IN PORTAL)
Dear All, we had ESS application just few days back it went to Go live , very frequently we are facing the issue Regards JCO 's , we are getting "500 Internal Server Error" in production Portal After getting the error ,the " Maintained JCO's" and "Cr
-
Installed ios 5 and created a location reminder to see how it worked. The gps icon came on and I expected it would because how else would the phone know where I'm at. After I was reminded and marked it as complete I also deleted the reminder from the
-
Converting Oracle XML Query Result in Java String by using XSU
Hi, I have a problem by converting Oracle XML Query Result in Java String by using XSU. I use XSU for Java. For example: String datum=new OracleXMLQuery(conn,"Select max(ps.datum) from preise ps where match='"+args[0]+"'"); String datum1=datum; I bec