Set group policy by computers

Similar Messages

• Is it possible to set GRoup Policy to prevent users manually changing Power Options?

  Hello,
  We use Dell laptops and there is a very well known issue that certain models freeze when they are docked.
  I have adjusted the power settings under high performance plan, and updated this in the group policy, which I have tested and is all fine.
  Basically, on the laptops now, the users can still change it from the GPO plan to balanced or power saver if they want to.
  Is there a way of setting group policy so the other power options are greyed out or cannot be used?
  Thanks!

  Hi!
  If the user is a local administrator on the client they will be able to change the plans. (They changes will be reverted when logging off though)
  But if they are standard users, it should be grayed out already.
  Check this link for more information, if there is a step that you might have missed when configuring the GPO. (Three pages/Parts)
  http://blogs.technet.com/b/askds/archive/2008/03/21/managing-power-with-group-policy-part-3-of-3.aspx
  Best regards
  Andreas Molin
  Andreas Molin | Site: www.guidestomicrosoft.com | Twitter: andreas_molin

• Does the Computers container in Active Directory have any Group Policy applied to it?

  Hello,
  It is my understanding that the Computers container can not have Group Policy applied to it. Does it still inherit the default domain policy, or is it not affected by any Group Policy at all?
  Thanks.

  Hi,
  Glad the issue was solved.
  Additionally, for the information about group policy related, please refer to the similar thread as below:
  https://social.technet.microsoft.com/Forums/zh-CN/2122fe4b-c9b4-47ab-b3b9-f114309c7b83/why-cant-i-assign-group-policy-to-computers-container?forum=winserverGP
  Regards.
  Vivian Wang

• Group Policy Preferences - Registry change - time targetting

  I have a customer who wants to change the timeouts etc on a screensaver based on the time of day.
  Users often leave a machine open and on(with Bloomberg info) and work using another machine while they keep an eye on the Bloomberg one.
  The plan is to have these machines running Bloomberg have a long screen timeout during the working day, and then go back to the default screensaver timeout after that so the users don't have to continually enter a password.
  Looking at GPP it needs to be done via a registry change.
  I've created the policy  (screensaver, lock and screensaver on are all set (3 reg updates), then 2 time targeted additional reg updates for the screen saver timeout), but the policy only applies at logon or a forced gpupdate.  It doesn't update when
  the time change occurs.
  If I run a "gpupdate /force" the policy does change based on time.  I have tried a scheduled task for "gpupdate / force" and that didn't apply the change.
  Is GPP registry just not up to the job for time scheduling with a registry change, or am I doing something wrong?
  All machines are Win7 pro x64

  Hi JaseFromLodon,
  To make it work ,we can set this policy to have a check.By default, computer Group Policy is updated in the background every 90 minutes.We can change this time to "0" instead of creating a task schedule and the update will be performed every 7
  second.
  Computer Configuration\Administrative Templates\System\Group Policy \Set group policy refresh internal for computers
  Here is a link for reference
  Group Policy refresh interval for computers
  https://technet.microsoft.com/en-us/library/cc940895.aspx
  For the time range faeture ,I am sorry I didn`t explain the issue clearly .
  Pay attention to the "note " in step 13 of the link as you posted .
  "Make sure you allow for the policy refresh interval (default 90 minutes with a 20% random offset) when configuring the start and end time. This means you might want to start applying the policy 2 hours before the start of business (e.g. 6:30am) to make
  sure all the computers are configured with the Business Hours Power Plan before people login in the morning (e.g. 8:30am)."
  The time targeting feature doesn`t mean the preference settings will be applied according to the specific time we have set .It means the preference settings will be applied to the machines whose time is included in the time range .Please pay attention to
  the explanation of the time range features carefully (the screenshot I have posted).
  Manually "gpupdate /force "will work .I suspect the task schedule hasn`t been set correctly .Please check the running history of this task schedule.
  Best regards

• Screen Saver Group Policy

  I am new to DC I want to implement screen saver on my domain PCs. Please tell me the way to configure/setting group policy for Domain Controller.
  Best Regards,
  Muhammad Arshad,

  Following you have to do:user configuration -> Policies -> Administration Templates -> Control Panel / Personalization  settings as follows:
  Enable Screen Saver : Enabled
  Force Specific screen saver : Enabled
  Screen Saver exe name : scrnsave.scr
  Password protect the screen saver : Enabled
  Prevent changing the screen saver : Enabled
  Screen saver timeout: number of seconds 1800 (30 minutes)
  Time out interval depends on your requirement.
  Regards, Prabhu

• Deploying Reader through Group Policy

  Hi,
  I have applied for and been granted a deployment license, and am trying to follow the instructions to deploy reader through group policy to computers on my network.
  The document adobe gives you says to put the computer name under security filtering in the OU GP that was created.  I have done this but it's clear the policy isn't getting applied.
  When I run group policy result, it's not even showing so I must have something wrong.  The document that adobe gives has several of the pictures out of place and is covering some text (at least when I display it - and yes I am using most current version of reader).
  Any ideas?
  Thanks,
  Allen

  Unless I'm misunderstanding your last reply, the GPO is working as intended, when you change it back.
  GPO = Applied to one specific OU
  Security Filtering = 1 specific PC
  Active Directory OU for intended GPO contains = 0 computers
  The PC you're applying the security filtering to must exist in the Active Directory OU you created for the GPO.
  E.G. I create a GPO called acc_sw for my Accounting dept called accounting.  3 PCs in accounting are called:
  Ed_PC
  Karen_PC
  Thomas_PC
  In the security filtering for the GPO I created, I have:
  Ed_PC
  Karen_PC
  Thomas_PC
  Now, in Active Directory Users & Computers, in the accounting OU I have 0 computers.
  The end result is no acc_sw being processed for:
  Ed_PC
  Karen_PC
  Thomas_PC
  They must exist in the target OU, or a suboordinate OU of the target OU, for the GPO to work.

• Need help in setting up Group Policy for same user in local system and Terminal server

  Hi All,
  Currently our remote users are using our network using VPN client over internet.
  They are generally at their home computer and doing VPN as they have to work only in one RDP server for application.
  We actually have a OU created for these RDP users and assign then some strict policy like they can not use any other .exe,they can not user any explorer ,they can not even use windows explorer when they are on RDP they just use one exe of their application.
  Now what my management want is they want their home computers in Domain and want them to login via their same credentials they are using for RDP but they don't want them to restrict in their home computers with any strict policy.
  Now my confusion is how can I configure different policies for same users or same OU.
  Can any one guide me please...

  you can achieve this fairly easily with group policy.
  create an OU and put your remote desktop servers in that OU.
  configure both user and computer policies in a group policy and link it to that ou.
  you need to enable loopback mode - you may want it in merge or replace depending on your other policies you have. Probably replace though I would guess. this is set in the computer configuration > admin templates > system / group policy section.
  now remove the policy you have currently setup for your users on the users OU containing the rdp users. If you want you can move these users back to your main users OU.
  when your users login to the RDP server the settings in the user section of the GPO linked to the RDP Servers OU will apply.
  when the user logs in to their own computer the policies from the user OU and computer OU will apply - but not the more restrictive RDP OU.
  hope that makes sense.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  My Blog
  LinkedIn:

• How do I set firefox as the default browser in Windows Server 2012 Group Policy Editor?

  Hello, I am unable to set firefox as the default browser despite multiple different attempts to do so using group policy.
  I have:
  - Set a registry command (targeted at 32/64 via a WMI query) to reset the opening command as shown below:
  HKEY_CURRENT_USER\Software\Classes\http\shell\open\command
  "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"
  - Set a powershell logon script to run (that does run):
  firefox.exe -silent -setDefaultBrowser
  Despite setting the above it seems the client computers browsers are not affected by the settings above. When the script runs or if I run the command above a UAC window pops up and requests that I accept the command (for the setDefaultBrowser) but even if I click yes as an administrator it does nothing.
  Since GPO in 2012 has changed perhaps there is something that I am missing? Do I need to somehow disable Windows Internet Explorer from achieving default browser status?
  Please do not reply if you will suggest that I use Internet Explorer Maintenance (since this function in GPO has been disabled since IE10)
  My DC is Server 2012, my client computers are Win7 32/64.

  The above reply does not take into account that I am trying to use GROUP POLICY EDITOR to make it the default browser.

• How to set up Group Policy without any server installed

  How to set up Group Policy on Win8 without any server installed?
  I have set up 50 users on LAN and want to push softwares via one common point. From google I found to deploy Software using Group Policy. But then Group Policy occurs in Servers and I don't have any server set up.

  Hello,
  a Domain requires at least one Windows server OS machine which has Active Directory installed.
  As previous already mentioned from SenneVL this also requires that computers are added to the domain and that you create user accounts in Active Directory users and computers which stores the account information in the Active directory database.
  In your case with single computers each machine has its own database(SAM) which stores passwords etc. this is different in a domain.
  Each computer has a local policy which will be overwritten from centrally managed policies from the domain.
  "The common point would be my PC (Admin PC) ."
  This machine can not be used for your needs with software installation for 50 computers.
  "How To Use the Group Policy Editor to Manage Local Computer Policy."
  This is about the local machine and you cannot manage them for other computers from your Admin PC.
  "DOMAIN part: By default Microsoft takes everyone on Workgroup. Is that not a default DOMAIN? or should I make one lets say "ABC" on every PC ?"
  NO, this is NOT a domain.
  http://windows.microsoft.com/en-us/windows7/what-is-the-difference-between-a-domain-a-workgroup-and-a-homegroup
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Group Policy - Computer Startup Scripts - Add/Set Default printer

  Good Morning.
  Let's say we have 2 offices, A and B, and only 1 user.  The user is using Roaming Profiles.  Each office has its own printer.
  What I am trying to do, is make a Startup script that is specific to the COMPUTER being logged into so when any user logs into that computer, they get the printer in that office defined and set as default.
  I am able to do this successfully with my script but ONLY if i have the script be on the USER side of GP (i.e. in the Logon script section)
  That is great that that is working however, when my user goes to Office B, they still get mapped to Office A's printer if I use that method.
  So I figured I could just modify my GP and run the same script from the STARTUP section of the computer, rather than the LOGON section of the user.  It does not work.
  Here is my script:
  Set WRFCUNetwork = CreateObject("Wscript.Network")
  PrinterPath = "\\fileserver\MAINTELLER"
  PrinterDriver = "PrinterDriver"
  WRFCUNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
  WRFCUNetwork.SetDefaultPrinter "\\fileserver\MAINTELLER"
  This is where I Have the script placed:
       Computer Configuration -> Windows Settings -> Scripts(Startup/Shutdown)
  Once i'm in there, I double click Startup, click Add, and select my script which is named:
       MainPrinterSetup.vbs
  I have this GP applied to ONE OU, and that OU has ONE computer in it (my test computer)
  I login with a brand new user called "testuser" (creative, huh?) and basically nothing happens
  except they log in and have some Microsoft Document Image Writer printer set as default (which by the way sure does slow the PC down to the point of it almost being broke if anyone actually tries to print to that by accident)
  No Main Teller Printer, no anything.
  The strangest part about this is, if i apply this script to the user LOGON scripts, it works fine, the printer is there, and is set as default. (but see above why that wont work for my situation)
  So obviously the script works fine, but I guess i'm missing something when it comes to applying GP's to Computers rather than Users.
  Can anyone shed some light as to why the script is not running (i'm guessing the script isn't even attempting to run, rather than failing, but i have no way to know that)
  Thank you in advance!!
  Derek Conlon
  Network Administrator
  WRFCU
  EDIT:  Here are the PC's info that i'm working on:
       Server:  Windows Server 2003 Standard Edition (where my GP's are created and managed with AD)
       Target PC:  Windows XP Professional SP3
  EDIT #2:  I manually navigated to the Script file after logging in and "opened" it and it added and set the default printer no problem.  the issue is definately with the script running at startup.

  I wanted to clarify a few things:
  1. While it is true that printer connections are usually per user, it is definitely possible to create "global printers".  There are a number of ways to do this, but two methods that come to mind are using:
  a. "Rundll32 printui.dll,PrintUIEntry" option with the "/ga" switch.  The "/ga" switch is the key here since it allows you to deploy printers "per machine" instead of "per user".  More information
  about this is available at:
  http://members.shaw.ca/bsanders/NetPrinterAllUsers.htm
  http://technet.microsoft.com/en-us/library/ee624057%28WS.10%29.aspx
  http://www.computerperformance.co.uk/Logon/logon_printer_computer.htm
  http://www.robvanderwoude.com/2kprintcontrol.php
  b. The Print Management console that is available in Windows 2003 R2 and higher can help you deploy printers "per machine" in addition to "per user".  More information about this is available at:
  http://www.czsolution.com/print-management/print-management/print-management-console.htm#DeployingPrintersByGroupPolicy
  http://technet.microsoft.com/en-us/library/cc753109%28WS.10%29.aspx
  2. As Guy mentioned, Group Policy Preferences can help set the default printer.  But there is another way to accomplish this.  The problem with the computer startup portion is that it runs before the user logs in.  And applying this script
  in the login script section would not work per computer unless you used loopback processing.  So another way to do this is to place a script that sets the default printer into the "All Users" startup folder.  Items in the "All Users"
  startup folder run for any user that logs into the computer, but it runs in the user's context.  So, this script would effectively set the default printer on a "per machine" basis.  The script method is a cruder way to approach the problem,
  but it will help get the job done.  Here are some resources on setting the default printer via script:
  http://www.intelliadmin.com/index.php/2007/08/set-default-printer-from-a-script
  http://www.computerperformance.co.uk/ezine/ezine17.htm

• How to access a domain server which is targeted by Group Policy set to block Inbound and Outbound connections

  Hi,
  I have a practice lab with two physical servers 2012 R2, one of them is Hyper-V host and one of VMs is a domain controller. I was doeing some exercises with firewall rule deployment through Group Policy, so I created an outbound rule to block port 80 which
  was targeted to Domain Computers. Now my other physical server has inbound and outbound connections set to block and domain controller cannot be contacted to update policy ( with rule removed ). At least that is my understanding. Maybe I messed up something
  with the profiles too, because port 80 would not have block all outband traffic, or?
  I am new to IT so my understanding is still poor.
  Best
  Robert

  Hi Robert,
  If we block inbound connections, all connections that do not have firewall rules that explicitly allow the connection will be blocked.
  If we block outbound connections, all connections that do not have firewall rules that explicitly allow the connection will be blocked.
  If we block outbound TCP port 80, it will mean all websites will be unreachable, for TCP port 80 is for HTTP.
  Regarding Windows firewall security settings, the following article can be referred to for more information.
  Windows Firewall with Advanced Security Properties Page
  http://technet.microsoft.com/en-us/library/cc753002.aspx
  Best regards,
  Frank Shen

• Group Policy question about setting Start menu items using devices and not users

  I am using Windows Server 2003 and Windows Server 2008 R2 servers set up for use as Active Directory Servers.
  What I am trying to do is lock down thin clients start menu options and I have been able to get this to work down to the user level.  However, what I want to do is have it locked down on the machine level.
  We have multiple users that use both "Thin Clients" with Windows 7 Embedded and we also have them using other PC's with using the same log in.
  So, for example when you create an OU for "Thin Clients", I want thin client devices in there and when people log in to these thin clients then the start menu will be locked down.  I want this to be user independent and thus I don't want Users
  in the OU, but I want to lock down the start menu.
  How can I do this with Group Policy Objects on a domain level?

  Hi,
  you could achieve this using GPO loopback processing. It was designed for the purpose of applying settings from user GPO to a certain group of computers.
  http://technet.microsoft.com/en-us/library/cc978513.aspx
  MCP/MCSA/MCTS/MCITP

• Group policy Preference - Internet Option setting not applying

  Hi,
  I’m not very sure if any of you have encounter this strange issue when
  configuring GPP -> Internet option setting for window 7 IE9 or IE11.
  The following
  are spec of OS and IE version used in my environment.
  Window Server
  2012 R2 (IE 10)
  Window 7 (IE9
  and IE11)
  Recently I
  have deployed proxy setting via GPP as I do not have IEM under my GPMC console.
  Once the setting is been configured and deployed, I have notice that the GPO do
  not apply after the user login. The following scenarios is what we observed.
  1) User boot up the machine, Login and proxy setting will not applied
  1a) gpupdate /force -> Proxy Settings applied
  1b) setting will be removed after the GPO refreshed
  2) User boot up the machine, Login and proxy setting will not apply
  2a) User logoff and login proxy setting applied.
  2b) Setting will be removed after the GPO refreshed
  Kindy advise
  if there is any solution to ensure that the setting apply whenever the user
  login and stay intact even after the gpo refreshed by itself.

  Hi,
  >>1a) gpupdate /force -> Proxy Settings applied
  >>1b) setting will be removed after the GPO refreshed
  Based on the description, we can run command gpresult/h report.html to collect group policy result reports to compare how the settings are being applied.
  Besides, have we installed the following hotfix on the computers with IE 9? If not, we can try to install the hotfix.
  Internet Explorer Group Policy Preferences do not apply to Internet Explorer 9 in a Windows Server 2008 R2 domain environment
  https://support.microsoft.com/en-us/kb/2530309?wa=wsignin1.0
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Set default printer group policy

  I am deploying our new printers via group policy.  We have a new printer in place and I am fairly familiar on how to actually deploy them.  I am deploying the printers MOSTLY by user configuration and with that method, I am able to easily delete old printers and set the correct one as a default.  
  However, We have some computers that have multiple users.  In that case, I am deploying the printers as a Computer configuration, not an employee configuration.  My question is, how can I set the newly deployed printer as a default for all users that log on to that particular computer?  Thank you.  
  This topic first appeared in the Spiceworks Community

  I am deploying our new printers via group policy.  We have a new printer in place and I am fairly familiar on how to actually deploy them.  I am deploying the printers MOSTLY by user configuration and with that method, I am able to easily delete old printers and set the correct one as a default.  
  However, We have some computers that have multiple users.  In that case, I am deploying the printers as a Computer configuration, not an employee configuration.  My question is, how can I set the newly deployed printer as a default for all users that log on to that particular computer?  Thank you.  
  This topic first appeared in the Spiceworks Community

• "Group Policy Service & Permission Problems" I Will Never Buy Microsoft Windows Computers Again..

   I am trying to get some last bit of use out of my Worthless Microsoft Windows Software.. I have spent more time attempting to make this worthless  junk work, than I ever get using the computer for what it is designed for.. Both My Windows 7 Pro,
  and my Windows 8.1 are the worst products Microsoft has come out with ever.. I started out using Punch Card Machines, in the 70's that worked better than the junk Microsoft is selling us today.. The last 13 computers I have purchased with Windows software
  are all in the dumpster. Their tech support is worthless, and half the time you get sent from one phone number to another, and no one knows anything.. I have purchased two sets of software from Microsoft store that have turned out to be Non-Genuine, I paid
  full price for, have receipts of sales, dates, validation key numbers, and still spend three days in a row trying to explain to the other end that my software they sold me is shit, and no one understands.. And on top of that will not give me a e-mail address
  to send them a copy of the proof of purchase to them for my file, and to prove to them they are selling shit, and they will not  give me a  address to send them their problems plagued software..  I have three sets of software that i downloaded,
  and had disk sent as backups that have bad validation keys, and Microsoft will not honer their sales, and will not give me keys that work.. 
  If it dose finally work, I can not get the "Diagnostic Policy Service" to start, this online troubleshooting will not  work, never has worked  on windows 8, nor have I ever had any sound on the same computer, nor has my Windows Media
  Player ever worked either.. Both Win 7 Pro, and Win 8.1 Group Policy will not let me download anything on the C-drive that can possibly repair what is wrong with the Crap at hand, Their my computers, but I have no permission to do a goddamn thing to repair
  what is wrong with it,,I do not want to read another fucking article on tech shit, I want to know how to delete "Group Policy" from every machine I have, because its only purpose I see it to keep me from using my machine , and forcing me to have
  to sit on hold and listen to those idiots on the other end just say its another 99 bucks to fix something that I have already given them 99 bucks several times before to fix nothing.. WTF, I was never a fan of Bill Gates, but today he looks like a genius compared
  to who/what is working there today.. Dose this happen to everyone, or am I just jinxed? Can someone give me a patch or something besides another article to make this shit work..  Thanks, Barnstormer2790

  Wouldn't think anyone wants to help you at all with that attitude - Microsoft products work just great for me.
  perhaps you should look closer to home for the issues you have!! Im Out!!!!