Several Group policies on user
Is it possible to have several windows group policies on a user?
If it is a general gpo associated to the container, and a another to a user
or a group a user is member of, which one will be the effective? The closest
to the user or a mix of all of them?
I have done like that and get strange errors.
/Leif
Thanks Rolf!
Exactly the answer I wanted.
Must also thank you again for the tip on how to distribute certificates with
GPO.
It works great!
Regards
Leif
"Rolf Lidvall" <[email protected]> skrev i meddelandet
news:W1ike.670$[email protected]..
> Group Policies are additive and they apply in the order
> you have set in your Search Policy Search Order:
> http://www.novell.com/documentation/...k.html#a777rvi
> "Additive Group Policies:
> Group policies are now additive. This means that settings from multiple
> Group policies are cumulatively effective, rather than individually.
> Settings from multiple Group policies can affect users and workstations.
> Policies start with the local Group policy settings and are applied in
> reverse of the policy search order. This means that a setting in a policy
> applied first has lowest priority and its value is overwritten by any
> other
> policy with the same setting.
> Security settings are not additive; they are set by the last effective
> policy."
>
> See also:
> http://www.novell.com/documentation/...a/a779n8h.html
>
> Regards
> Rolf Lidvall
> Swedish Radio (Ltd)
> NSC SysOp
>
>
Similar Messages
-
Using Windows Group Policies in User policy package
I've been using the gp under User Config > Windows Settings > Internet Explorer Maintenance > Connection > Proxy Settings in the User policy Package for a while now to prevent students from getting to https sites.
There are some sites though that we had to the Exception list which has worked fine until I added a new one which is: https://secure.ontariocolleges.ca/sso/auth
When this one is added it seems the gp doesn't work at all, ie students can go to any https site they want, when I remove this exception they're blocked again.
Someone else told me there was a character limit to the exception list so I tried removing all other exceptions except the one above and it still doesn't work.
I am unable to find any other info on this. Does anyone have any ideas?
Thanks.Thanks for answering your own question :>
I'm sure the answer will help others.
Craig Wilson - MCNE, MCSE, CCNA
Novell Support Forums Volunteer Sysop
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
"jdwall" <[email protected]> wrote in message
news:[email protected]..
>
> I think I found the problem, I replaced
> https://secure.ontariocolleges.ca/sso/auth with
> https://*.ontariocolleges.ca and that resolved it.
>
>
>
>
> jdwall;1693410 Wrote:
>> I've been using the gp under User Config > Windows Settings > Internet
>> Explorer Maintenance > Connection > Proxy Settings in the User policy
>> Package for a while now to prevent students from getting to https sites.
>>
>>
>> There are some sites though that we had to the Exception list which has
>> worked fine until I added a new one which is:
>> https://secure.ontariocolleges.ca/sso/auth
>>
>> When this one is added it seems the gp doesn't work at all, ie students
>> can go to any https site they want, when I remove this exception they're
>> blocked again.
>>
>> Someone else told me there was a character limit to the exception list
>> so I tried removing all other exceptions except the one above and it
>> still doesn't work.
>>
>> I am unable to find any other info on this. Does anyone have any
>> ideas?
>>
>> Thanks.
>
>
> --
> jdwall
> ------------------------------------------------------------------------
> jdwall's Profile: http://forums.novell.com/member.php?userid=2475
> View this thread: http://forums.novell.com/showthread.php?t=353133
> -
Group policies not working in one lab.
G'day
I've got a situation at my school where group policies are not having any
effect on the PCs - but only in one of the 3 computer labs.
I've run through the steps of most of the troubleshooting documents I could
find but they haven't really helped.
to summarise...
If I delete the group policy folders from the system32 folder, then log in,
new copies are brought down OK.
If I force an update by executing secedit /refreshpolicy user_policy
/enforce the changes (proxy restrictions mostly) take effect
The policy IS correctly associated with the users and shows in the
Workstation manager as having been executed.
I'm at a loss.
I was wondering if anyone could have a look at the debug log
file I generated and give me some idea what's happening.
Thanks.
Paul Pofandt
IT Manager
St James College
Brisbane
WMHelperInitialization (Sep 22 2003) called! Flags: 0x4002. Event: 0x4000.
Impersonation: 0x2
Opened Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Exiting WMHelperInitialization. Returning flags: 0x204
WMHelperSystemEntryEx called!
Computer Object : CN=00:0D:60:40:D8:B7.OU=WORKSTATIONS.O=STJ
User Object : CN=admin.O=STJ
Entry Flags : 0x4200
Event Flags : 0x4000
DN is Typed convert it to TYPELESS
No user logged in.
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Reading User Logged In from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value User Logged In: 0x0 in key Software\Novell\Workstation
Manager\Group Policies
Detected user logout. Running GPCleanup.
Cleaning up user settings.
Entering GPCleanup
Reading Group Policy Machine Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Status not found. Assuming 0
GPStatus reg key not found. Assuming 0
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Reg key Group Policy Machine Flags not found. Assuming 0
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000060 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Flags: 0x80000060
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0xc100c0 in key Software\Novell\Workstation
Manager\Group Policies
Entered GPDel
Deleting C:\WINNT\System32\GroupPolicy\User
Deleting C:\WINNT\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring original GP as base.
Entered GPCopy(C:\WINNT\System32\GroupPolicy.WMOriginal,
C:\WINNT\System32\GroupPolicy, 0, handle, 0x70)
Copied C:\WINNT\System32\GroupPolicy.WMOriginal\GPT.ini to
C:\WINNT\System32\GroupPolicy\GPT.ini
Copied file
C:\WINNT\System32\GroupPolicy.WMOriginal\Machine\M icrosoft\Windows
NT\SecEdit\GptTmpl.inf to
C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows
NT\SecEdit\GptTmpl.inf
Copied file
C:\WINNT\System32\GroupPolicy.WMOriginal\Machine\M icrosoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows NT\SecEdit\IPS1.dat
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Entered AppendPolicy C:\WINNT\System32\GroupPolicy\Machine\Registry.pol
Error 0x2 opening file C:\WINNT\System32\GroupPolicy\Machine\Registry.pol
File does not exist. Nonfatal error.
Exiting AppendPolicy C:\WINNT\System32\GroupPolicy\Machine\Registry.pol 0x0
Entered AppendPolicy C:\WINNT\System32\GroupPolicy\User\Registry.pol
Error 0x2 opening file C:\WINNT\System32\GroupPolicy\User\Registry.pol
File does not exist. Nonfatal error.
Exiting AppendPolicy C:\WINNT\System32\GroupPolicy\User\Registry.pol 0x0
Error 3 calling
GetFileAttributes(C:\WINNT\System32\GroupPolicy.Wk sCache\Machine\Registry.po
l)
Error 3 calling
GetFileAttributes(C:\WINNT\System32\GroupPolicy.Wk sCache\User\Registry.pol)
No workstation cache. Skipping overlay of computer policies...
Entered writeData. File: C:\WINNT\System32\GroupPolicy\Machine\Registry.pol
No data.
Exiting writeData 0x0
Entered writeData. File: C:\WINNT\System32\GroupPolicy\User\Registry.pol
No data.
Exiting writeData 0x0
Entered AppendSecuritySettings
Inf path: C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows
NT\SecEdit\GptTmpl.inf
Dispatching SECEDIT.EXE /configure /DB ZENDB /CFG
"C:\WINNT\System32\GroupPolicy\Machine\Microsoft\W indows
NT\SecEdit\GptTmpl.inf" /log c:\GPSecApp.log.
LoadHive entered
LoadHive exit : 0
Exiting AppendSecuritySettings 0x0
LoadHive entered
LoadHive exit : 2
Error 2 loading ipsec settings 1.
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x3000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Signalling OS to refresh policies
RegQueryValueEx returned 2
Policies are set to apply asynchronously
Policies will be processed asynchronously
Entered SetGptVersion(0x0, TRUE).
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0xc100c0 in key Software\Novell\Workstation
Manager\Group Policies
Read file C:\WINNT\System32\GroupPolicy\GPT.ini
Found version 0xb800b7 in gpt.ini
Using version: 0xc100c0
Saving GPT version: 0xc200c1
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0xc200c1 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting SetGptVersion 0x0.
Applied Computer Policy.
Applied User Policy.
Exiting GPCleanup 0x0
Entered RemoveCleanup.
Loaded wmschapi.dll
Calling WMRemoveAction
Finished Calling WMRemoveAction(WMGRPPOL cleanup action, FALSE). Returned
0x0
Exiting RemoveCleanup 0x0
Apply computer policies releasing mutex.
Exiting WMHelperSystemEntryEx ccode: 0x0
Closing log file.
WMHelperInitialization (Sep 22 2003) called! Flags: 0x0. Event: 0x0.
Impersonation: 0x0
Opened Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Exiting WMHelperInitialization. Returning flags: 0x11
Entering WMHelperInteractiveUserEntry!
szFullDN = CN=test2006.OU=2006.OU=STUDENTS.O=STJ
DN is Typed convert it to TYPELESS
g_szUserDN = test2006.2006.STUDENTS.STJ
GinaGetUsersSIDInTextualForm ENTERED
Textual SID : S-1-5-21-1908370602-1493435055-278805897-1055
GinaGetUsersSIDInTextualForm EXIT : 0
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Entered CheckForObsoleteWksCache .
No workstation. Exiting CheckForObsoleteWksCache
Applying user policies
Reading Don't reparse from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value Don't reparse: 0x0 in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Entering ApplyPolicies
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000060 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Flags: 0x80000060
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Impersonating logged on user.
Context : OU=2006.OU=STUDENTS.O=STJ
Full Object DN CN=test2006.OU=2006.OU=STUDENTS.O=STJ
Calling WMGetAllAssociatedObjects(FALSE, MANGO, 1,
CN=test2006.OU=2006.OU=STUDENTS.O=STJ, WINNT Workstation Package,
zenwmGroupPolicy, 512, pBuffer)
Reverting to system impersonation.
Found DN CN=Student User Package:Windows Group Policy.O=STJ
WMCheckIfGroupPolicyObjectsChanged entered
Impersonating logged on user.
Reverting to system impersonation.
Group Policy object has changed!
Exiting WMCheckIfGroupPolicyObjectsChanged 0x0
Entered ScheduleCleanup.
Loaded wmschapi.dll
Calling WMScheduleAction
Finished Calling WMScheduleAction. Returned 0x0
Exiting ScheduleCleanup 0x0
Entered BackupOriginalGP.
Exiting BackupOriginalGP 0x0
Entering ApplyGroupPolicy.
Entered GPDel
Deleting C:\WINNT\System32\GroupPolicy.UserCache\User
Deleting C:\WINNT\System32\GroupPolicy.UserCache\Machine
Exiting GPDel 0
Entered GPCopy(C:\WINNT\System32\GroupPolicy.WMOriginal,
C:\WINNT\System32\GroupPolicy.UserCache, 0, handle, 0x70)
Copied C:\WINNT\System32\GroupPolicy.WMOriginal\GPT.ini to
C:\WINNT\System32\GroupPolicy.UserCache\GPT.ini
Copied file
C:\WINNT\System32\GroupPolicy.WMOriginal\Machine\M icrosoft\Windows
NT\SecEdit\GptTmpl.inf to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\GptTmpl.inf
Copied file
C:\WINNT\System32\GroupPolicy.WMOriginal\Machine\M icrosoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS1.dat
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Entered AppendPolicy
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Re gistry.pol
Error 0x2 opening file
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Re gistry.pol
File does not exist. Nonfatal error.
Exiting AppendPolicy
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Re gistry.pol 0x0
Entered AppendPolicy
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol
Error 0x2 opening file
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol
File does not exist. Nonfatal error.
Exiting AppendPolicy
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol 0x0
Entered MergeGptFile(C:\WINNT\System32\GroupPolicy.UserCac he, 0x30)
g_dwVersion: 0x0.
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0xc200c1 in key Software\Novell\Workstation
Manager\Group Policies
Found user extensions...
Exiting MergeGptFile 0x0
Processing CN=Student User Package:Windows Group Policy.O=STJ
Impersonating logged on user.
Flags: 0x80000060
Check for old settings: 0x60
Reverting to system.
Writing Group Policy User Flags to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x80000060 to Group Policy User Flags in key
Software\Novell\Workstation Manager\Group Policies
Entered GPCopy(\\THOR\sys\public\Policies_stu,
C:\WINNT\System32\GroupPolicy.UserCache, 1, handle, 0x80000060)
Granted temp acess to C:\WINNT\System32\GroupPolicy.UserCache\GPT.ini
Copied \\THOR\sys\public\Policies_stu\GPT.ini to
C:\WINNT\System32\GroupPolicy.UserCache\GPT.ini
Reverting to system.
Restored security on C:\WINNT\System32\GroupPolicy.UserCache\GPT.ini
Granted temp acess to C:\WINNT\System32\GroupPolicy.UserCache\User
Copied file \\THOR\sys\public\Policies_stu\User\Registry.pol to
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol
Granted temp acess to C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK
Copied file \\THOR\sys\public\Policies_stu\User\MICROSOFT\IEAK \install.ins
to C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\install.ins
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\BRANDING
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\BRANDING\favs
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\BRANDING\favs
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\BRANDING
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\LOCK
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\LOCK
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK
Restored security on C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT
Granted temp acess to C:\WINNT\System32\GroupPolicy.UserCache\User\Scrip ts
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\User\Scrip ts\Logoff
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\User\Scrip ts\Logoff
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\User\Scrip ts\Logon
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\User\Scrip ts\Logon
Restored security on C:\WINNT\System32\GroupPolicy.UserCache\User\Scrip ts
Restored security on C:\WINNT\System32\GroupPolicy.UserCache\User
GP_FLAG_APPLY_COMP_SETTINGS (0x10), not set. Will not copy machine folder
Copying security file
Granted temp acess to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows NT\SecEdit
Copied file \\THOR\sys\public\Policies_stu\Machine\Microsoft\W indows
NT\SecEdit\GptTmpl.inf to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\GptTmpl.inf
Copied file \\THOR\sys\public\Policies_stu\Machine\Microsoft\W indows
NT\SecEdit\IPS1.dat to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS1.dat
Copied file \\THOR\sys\public\Policies_stu\Machine\Microsoft\W indows
NT\SecEdit\IPS2.dat to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS2.dat
Copied file \\THOR\sys\public\Policies_stu\Machine\Microsoft\W indows
NT\SecEdit\IPS3.dat to
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS3.dat
Restored security on
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows NT\SecEdit
Exiting GPCopy 0x0
Entered MergeGptFile(C:\WINNT\System32\GroupPolicy.UserCac he, 0x80000060)
g_dwVersion: 0xc200c1.
Found user extensions...
Exiting MergeGptFile 0x0
Applying user settings.
Entered AppendPolicy
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol
Entered parseRegFile
Val: 'NoChangingWallPaper'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop\NoChangingW
allPaper
Val: 'NoHardwareTab'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoHardwareTab
Val: 'NoWindowsUpdate'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoWindowsUpdate
Val: 'NoNetworkConnections'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoNetworkConnect
ions
Val: 'ForceStartMenuLogOff'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ForceStartMenuLo
gOff
Val: 'ClearRecentDocsOnExit'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ClearRecentDocsO
nExit
Val: 'Intellimenus'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\Intellimenus
Val: 'NoSaveSettings'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSaveSettings
Val: 'NoMovingBands'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoMovingBands
Val: 'NoRecentDocsNetHood'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoRecentDocsNetH
ood
Val: 'NoCloseDragDropBands'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoCloseDragDropB
ands
Val: 'NoActiveDesktop'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoActiveDesktop
Val: 'NoControlPanel'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoControlPanel
Val: 'NoDeletePrinter'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoDeletePrinter
Val: '**del.NoAddPrinter'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoAddPrinter
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoAddPrint
er
Val: '**del.DisablePersonalDirChange'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
DisablePersonalDirChange
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.DisablePer
sonalDirChange
Val: 'DisallowRun'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun
Val: '**delvals.'
Trying to delete values under key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\**de
lvals.
Val: '1'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\1
Val: '2'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\2
Val: '3'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\3
Val: '4'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\4
Val: '5'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\5
Val: '6'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\6
Val: '7'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\7
Val: '8'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\8
Val: 'DisableRegistryTools'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\DisableRegistryToo
ls
Val: 'DisableTaskMgr'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
Val: '**del.DisableLockWorkstation'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \System, val:
DisableLockWorkstation
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\**del.DisableLockW
orkstation
Val: 'NoAddRemovePrograms'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddRemoveProg
rams
Val: 'NoRemovePage'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoRemovePage
Val: 'NoAddPage'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddPage
Val: 'NoWindowsSetupPage'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoWindowsSetupP
age
Val: 'NoAddFromCDorFloppy'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromCDorFl
oppy
Val: 'NoAddFromInternet'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromIntern
et
Val: 'NoAddFromNetwork'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromNetwor
k
Val: 'DisableWindowsUpdateAccess'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \WindowsUpdate\DisableWind
owsUpdateAccess
Val: 'NoChat'
Added: Software\Policies\Microsoft\Conferencing\NoChat
Val: 'NoSharing'
Added: Software\Policies\Microsoft\Conferencing\NoSharing
Val: 'NoSharingDesktop'
Added: Software\Policies\Microsoft\Conferencing\NoSharing Desktop
Val: 'NoSharingDosWindows'
Added: Software\Policies\Microsoft\Conferencing\NoSharing DosWindows
Val: 'NoSharingExplorer'
Added: Software\Policies\Microsoft\Conferencing\NoSharing Explorer
Val: 'NoAllowControl'
Added: Software\Policies\Microsoft\Conferencing\NoAllowCo ntrol
Val: 'NoTrueColorSharing'
Added: Software\Policies\Microsoft\Conferencing\NoTrueCol orSharing
Val: 'NoAppSharing'
Added: Software\Policies\Microsoft\Conferencing\NoAppShar ing
Val: 'NoGeneralPage'
Added: Software\Policies\Microsoft\Conferencing\NoGeneral Page
Val: 'NoAdvancedCalling'
Added: Software\Policies\Microsoft\Conferencing\NoAdvance dCalling
Val: 'NoSecurityPage'
Added: Software\Policies\Microsoft\Conferencing\NoSecurit yPage
Val: 'NoAudioPage'
Added: Software\Policies\Microsoft\Conferencing\NoAudioPa ge
Val: 'NoVideoPage'
Added: Software\Policies\Microsoft\Conferencing\NoVideoPa ge
Val: 'Advanced'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced
Val: 'HomePage'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
Val: 'Cache'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache
Val: 'Connwiz Admin Lock'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz
Admin Lock
Val: 'Connection Settings'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\Connection Settings
Val: 'Proxy'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Proxy
Val: 'Autoconfig'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\Autoconfig
Val: 'Profiles'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Profiles
Val: 'Certificates'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\Certificates
Val: 'Ratings'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Ratings
Val: 'FormSuggest Passwords'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\FormSuggest Passwords
Val: 'Messaging'
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Messaging
Val: 'CalendarContact'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\CalendarContact
Val: 'ContentTab'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\ContentTab
Val: 'ConnectionsTab'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\ConnectionsTab
Val: 'ProgramsTab'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\ProgramsTab
Val: 'AdvancedTab'
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\AdvancedTab
Val: 'RestrictAuthorMode'
Added: Software\Policies\Microsoft\MMC\RestrictAuthorMode
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{011BE22D-E453-11D1-945A-00C04FB984F9}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{1AA7F839-C7F5-11D0-A376-00C04FC9DA04}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{3CB6973D-3E6F-11D0-95DB-00A024D77700}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{53D6AB1D-2488-11D1-A28C-00C04FB94F17}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{58221C65-EA27-11CF-ADCF-00AA00A80033}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{58221C67-EA27-11CF-ADCF-00AA00A80033}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{5ADF5BF6-E452-11D1-945A-00C04FB984F9}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{5C659257-E236-11D2-8899-00104B2AFB46}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{5D6179C8-17EC-11D1-9AA9-00C04FD8FE93}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{677A2D94-28D9-11D1-A95B-008048918FB1}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{7478EF61-8C46-11d1-8D99-00A0C913CAD4}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{753EDB4D-2E1B-11D1-9064-00A0C90AB504}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{8EAD3A12-B2C1-11d0-83AA-00A0C92C9D5D}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{8F8F8DC0-5713-11D1-9551-0060B0576642}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{90087284-d6d6-11d0-8353-00a0c90640bf}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{95AD72F0-44CE-11D0-AE29-00AA004B9986}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{A841B6C2-7577-11D0-BB1F-00A0C922E79C}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{B91B6008-32D2-11D2-9888-00A0C925F917}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{C9BC92DF-5B9A-11D1-8F00-00C04FC2C17B}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{D967F824-9968-11D0-B936-00C04FD8D5B0}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{DEA8AFA0-CC85-11d0-9CE2-0080C7221EBD}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{E26D02A0-4C1F-11D1-9AA1-00C04FC3357A}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{E355E538-1C2E-11D0-8C37-00C04FD8FE93}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{EBC53A38-A23F-11D0-B09B-00C04FD8DCA6}\Restr
ict_Run
Val: 'Restrict_Run'
Added:
Software\Policies\Microsoft\MMC\{FD57D297-4FD9-11D1-854E-00C04FC31FD3}\Restr
ict_Run
Val: '{D6526FE0-E651-11CF-99CB-00C04FD64497}'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\AllowedControls\{D6526FE0-E651-11CF-99CB-00C04FD64497}
Val: 'NoConfigCache'
Added: Software\Policies\Microsoft\Windows\NetCache\NoCon figCache
Val: 'NoMakeAvailableOffline'
Added: Software\Policies\Microsoft\Windows\NetCache\NoMak eAvailableOffline
Val: 'NoCacheViewer'
Added: Software\Policies\Microsoft\Windows\NetCache\NoCac heViewer
Val: 'NC_RasConnect'
Added: Software\Policies\Microsoft\Windows\Network Connections\NC_RasConnect
Val: 'NC_LanConnect'
Added: Software\Policies\Microsoft\Windows\Network Connections\NC_LanConnect
Val: 'NC_LanProperties'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_LanProperties
Val: 'NC_RasMyProperties'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RasMyProperties
Val: 'NC_RasAllUserProperties'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RasAllUserProperties
Val: 'NC_RenameConnection'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RenameConnection
Val: 'NC_RenameMyRasConnection'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RenameMyRasConnection
Val: 'NC_AddRemoveComponents'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_AddRemoveComponents
Val: 'NC_ChangeBindState'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_ChangeBindState
Val: 'NC_LanChangeProperties'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_LanChangeProperties
Val: 'NC_RasChangeProperties'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RasChangeProperties
Val: 'NC_NewConnectionWizard'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_NewConnectionWizard
Val: 'NC_DialupPrefs'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_DialupPrefs
Val: 'NC_AdvancedSettings'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_AdvancedSettings
Val: 'NC_ShowSharedAccessUI'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_ShowSharedAccessUI
Val: 'NC_AllowAdvancedTCPIPConfig'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_AllowAdvancedTCPIPConfig
Val: 'DisableCMD'
Added: Software\Policies\Microsoft\Windows\System\Disable CMD
Exiting parseRegFile
Exiting AppendPolicy
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol 0x0
Reverting to system impersonation.
Entered writeData. File:
C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol
Exiting writeData 0x0
Entered writeData. File:
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Re gistry.pol
No data.
Exiting writeData 0x0
Entered GenerateGptFile(C:\WINNT\System32\GroupPolicy.User Cache)
g_dwVersion: 0xc200c1.
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0xc200c1 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting GenerateGptFile 0x0
Reading workstation cache
Entered MergeGptFile(C:\WINNT\System32\GroupPolicy.WksCach e, 0x30)
g_dwVersion: 0xc200c1.
Exiting MergeGptFile 0x0
Entered AppendPolicy
C:\WINNT\System32\GroupPolicy.WksCache\User\Regist ry.pol
Error 0x3 opening file
C:\WINNT\System32\GroupPolicy.WksCache\User\Regist ry.pol
File does not exist. Nonfatal error.
Exiting AppendPolicy
C:\WINNT\System32\GroupPolicy.WksCache\User\Regist ry.pol 0x0
Entered AppendPolicy
C:\WINNT\System32\GroupPolicy.WksCache\Machine\Reg istry.pol
Error 0x3 opening file
C:\WINNT\System32\GroupPolicy.WksCache\Machine\Reg istry.pol
File does not exist. Nonfatal error.
Exiting AppendPolicy
C:\WINNT\System32\GroupPolicy.WksCache\Machine\Reg istry.pol 0x0
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Workstation flags: 0x0
Entered MergeAndSavePolicies(0x0, C:\WINNT\System32\GroupPolicy.UserCache)
Applying workstation, then user policies
Entered MemAppendPolicy
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop\NoChangingW
allPaper
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoHardwareTab
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoWindowsUpdate
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoNetworkConnect
ions
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ForceStartMenuLo
gOff
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ClearRecentDocsO
nExit
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\Intellimenus
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSaveSettings
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoMovingBands
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoRecentDocsNetH
ood
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoCloseDragDropB
ands
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoActiveDesktop
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoControlPanel
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoDeletePrinter
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoAddPrinter
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoAddPrint
er
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
DisablePersonalDirChange
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.DisablePer
sonalDirChange
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun
Trying to delete values under key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\**de
lvals.
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\1
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\2
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\3
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\4
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\5
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\6
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\7
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\DisallowRun\8
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\DisableRegistryToo
ls
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \System, val:
DisableLockWorkstation
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\**del.DisableLockW
orkstation
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddRemoveProg
rams
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoRemovePage
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddPage
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoWindowsSetupP
age
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromCDorFl
oppy
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromIntern
et
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromNetwor
k
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \WindowsUpdate\DisableWind
owsUpdateAccess
Added: Software\Policies\Microsoft\Conferencing\NoChat
Added: Software\Policies\Microsoft\Conferencing\NoSharing
Added: Software\Policies\Microsoft\Conferencing\NoSharing Desktop
Added: Software\Policies\Microsoft\Conferencing\NoSharing DosWindows
Added: Software\Policies\Microsoft\Conferencing\NoSharing Explorer
Added: Software\Policies\Microsoft\Conferencing\NoAllowCo ntrol
Added: Software\Policies\Microsoft\Conferencing\NoTrueCol orSharing
Added: Software\Policies\Microsoft\Conferencing\NoAppShar ing
Added: Software\Policies\Microsoft\Conferencing\NoGeneral Page
Added: Software\Policies\Microsoft\Conferencing\NoAdvance dCalling
Added: Software\Policies\Microsoft\Conferencing\NoSecurit yPage
Added: Software\Policies\Microsoft\Conferencing\NoAudioPa ge
Added: Software\Policies\Microsoft\Conferencing\NoVideoPa ge
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz
Admin Lock
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\Connection Settings
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Proxy
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\Autoconfig
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Profiles
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\Certificates
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Ratings
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\FormSuggest Passwords
Added: Software\Policies\Microsoft\Internet Explorer\Control Panel\Messaging
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\CalendarContact
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\ContentTab
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\ConnectionsTab
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\ProgramsTab
Added: Software\Policies\Microsoft\Internet Explorer\Control
Panel\AdvancedTab
Added: Software\Policies\Microsoft\MMC\RestrictAuthorMode
Added:
Software\Policies\Microsoft\MMC\{011BE22D-E453-11D1-945A-00C04FB984F9}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{1AA7F839-C7F5-11D0-A376-00C04FC9DA04}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{3CB6973D-3E6F-11D0-95DB-00A024D77700}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{53D6AB1D-2488-11D1-A28C-00C04FB94F17}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{58221C65-EA27-11CF-ADCF-00AA00A80033}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{58221C67-EA27-11CF-ADCF-00AA00A80033}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{5ADF5BF6-E452-11D1-945A-00C04FB984F9}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{5C659257-E236-11D2-8899-00104B2AFB46}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{5D6179C8-17EC-11D1-9AA9-00C04FD8FE93}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{677A2D94-28D9-11D1-A95B-008048918FB1}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{7478EF61-8C46-11d1-8D99-00A0C913CAD4}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{753EDB4D-2E1B-11D1-9064-00A0C90AB504}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{8EAD3A12-B2C1-11d0-83AA-00A0C92C9D5D}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{8F8F8DC0-5713-11D1-9551-0060B0576642}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{90087284-d6d6-11d0-8353-00a0c90640bf}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{95AD72F0-44CE-11D0-AE29-00AA004B9986}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{A841B6C2-7577-11D0-BB1F-00A0C922E79C}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{B91B6008-32D2-11D2-9888-00A0C925F917}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{C9BC92DF-5B9A-11D1-8F00-00C04FC2C17B}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{D967F824-9968-11D0-B936-00C04FD8D5B0}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{DEA8AFA0-CC85-11d0-9CE2-0080C7221EBD}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{E26D02A0-4C1F-11D1-9AA1-00C04FC3357A}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{E355E538-1C2E-11D0-8C37-00C04FD8FE93}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{EBC53A38-A23F-11D0-B09B-00C04FD8DCA6}\Restr
ict_Run
Added:
Software\Policies\Microsoft\MMC\{FD57D297-4FD9-11D1-854E-00C04FC31FD3}\Restr
ict_Run
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\AllowedControls\{D6526FE0-E651-11CF-99CB-00C04FD64497}
Added: Software\Policies\Microsoft\Windows\NetCache\NoCon figCache
Added: Software\Policies\Microsoft\Windows\NetCache\NoMak eAvailableOffline
Added: Software\Policies\Microsoft\Windows\NetCache\NoCac heViewer
Added: Software\Policies\Microsoft\Windows\Network Connections\NC_RasConnect
Added: Software\Policies\Microsoft\Windows\Network Connections\NC_LanConnect
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_LanProperties
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RasMyProperties
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RasAllUserProperties
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RenameConnection
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RenameMyRasConnection
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_AddRemoveComponents
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_ChangeBindState
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_LanChangeProperties
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RasChangeProperties
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_NewConnectionWizard
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_DialupPrefs
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_AdvancedSettings
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_ShowSharedAccessUI
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_AllowAdvancedTCPIPConfig
Added: Software\Policies\Microsoft\Windows\System\Disable CMD
Exiting MemAppendPolicy
Entered MemAppendPolicy
Nothing to append.
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Entered GPCopy(C:\WINNT\System32\GroupPolicy.WksCache,
C:\WINNT\System32\GroupPolicy, 0, handle, 0x0)
Error 3 copying C:\WINNT\System32\GroupPolicy.WksCache\GPT.ini to
C:\WINNT\System32\GroupPolicy\GPT.ini
GP_FLAG_APPLY_USER_SETTINGS (0x20), not set. Will not copy user folder
GP_FLAG_APPLY_COMP_SETTINGS (0x10), not set. Will not copy machine folder
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Error: no files copied.
Exiting GPCopy 0x2
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000060 in key
Software\Novell\Workstation Manager\Group Policies
Entered GPCopy(C:\WINNT\System32\GroupPolicy.UserCache,
C:\WINNT\System32\GroupPolicy, 0, handle, 0x80000060)
Copied C:\WINNT\System32\GroupPolicy.UserCache\GPT.ini to
C:\WINNT\System32\GroupPolicy\GPT.ini
Copied file
C:\WINNT\System32\GroupPolicy.UserCache\User\MICRO SOFT\IEAK\install.ins to
C:\WINNT\System32\GroupPolicy\User\MICROSOFT\IEAK\ install.ins
Copied file C:\WINNT\System32\GroupPolicy.UserCache\User\Regis try.pol to
C:\WINNT\System32\GroupPolicy\User\Registry.pol
GP_FLAG_APPLY_COMP_SETTINGS (0x10), not set. Will not copy machine folder
Copying security file
Copied file
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\GptTmpl.inf to
C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows
NT\SecEdit\GptTmpl.inf
Copied file
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows NT\SecEdit\IPS1.dat
Copied file
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS2.dat to
C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows NT\SecEdit\IPS2.dat
Copied file
C:\WINNT\System32\GroupPolicy.UserCache\Machine\Mi crosoft\Windows
NT\SecEdit\IPS3.dat to
C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows NT\SecEdit\IPS3.dat
Exiting GPCopy 0x0
Entered writeData. File: C:\WINNT\System32\GroupPolicy\User\Registry.pol
Exiting writeData 0x0
Entered writeData. File: C:\WINNT\System32\GroupPolicy\Machine\Registry.pol
No data.
Exiting writeData 0x0
Exiting MergeAndSavePolicies 0x0
Entered GenerateGptFile(C:\WINNT\System32\GroupPolicy)
g_dwVersion: 0xc200c1.
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0xc200c1 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting GenerateGptFile 0x0
Exiting ApplyGroupPolicy 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x2000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Writing Group Policy User Flags to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x80000060 to Group Policy User Flags in key
Software\Novell\Workstation Manager\Group Policies
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x3000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Entered AppendSecuritySettings
Inf path: C:\WINNT\System32\GroupPolicy\Machine\Microsoft\Wi ndows
NT\SecEdit\GptTmpl.inf
Dispatching SECEDIT.EXE /configure /DB ZENDB /CFG
"C:\WINNT\System32\GroupPolicy\Machine\Microsoft\W indows
NT\SecEdit\GptTmpl.inf" /log c:\GPSecApp.log.
LoadHive entered
LoadHive exit : 0
Exiting AppendSecuritySettings 0x0
Signalling OS to refresh policies
RegQueryValueEx returned 2
Policies are set to apply asynchronously
Policies will be processed asynchronously
Entered SetGptVersion(0x0, TRUE).
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0xc200c1 in key Software\Novell\Workstation
Manager\Group Policies
Read file C:\WINNT\System32\GroupPolicy\GPT.ini
Found version 0xc200c1 in gpt.ini
Using version: 0xc200c1
Saving GPT version: 0xc300c2
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0xc300c2 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting SetGptVersion 0x0.
Applied Computer Policy.
Applied User Policy.
Exiting ApplyPolicies 0x0
Writing Last Run Time High to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1c4c14a to Last Run Time High in key
Software\Novell\Workstation Manager\Group Policies
Writing Last Run Time Low to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0xdd4dad14 to Last Run Time Low in key
Software\Novell\Workstation Manager\Group Policies
Apply user policies releasing mutex.
Exiting WMHelperInteractiveUserEntry ccode: 0x0
Closing log file.
WMHelperInitialization (Sep 22 2003) called! Flags: 0x2001. Event: 0x2000.
Impersonation: 0x1
Opened Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Exiting WMHelperInitialization. Returning flags: 0x11
Entering WMHelperInteractiveUserEntry!
szFullDN = CN=test2006.OU=2006.OU=STUDENTS.O=STJ
DN is Typed convert it to TYPELESS
g_szUserDN = test2006.2006.STUDENTS.STJ
GinaGetUsersSIDInTextualForm ENTERED
Textual SID : S-1-5-21-1908370602-1493435055-278805897-1055
GinaGetUsersSIDInTextualForm EXIT : 0
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Current time high: 0x1c4c14a
Reading Last Run Time High from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Last Run Time High: 0x1c4c14a in key
Software\Novell\Workstation Manager\Group Policies
Previous time high: 0x1c4c14a
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Entered CheckForObsoleteWksCache CN=00:0D:60:40:D8:B7.OU=WORKSTATIONS.O=STJ.
Full Object DN
CN=00:0D:60:40:D8:B7.OU=WORKSTATIONS.O=STJ.OU=2006 .OU=STUDENTS.O=STJ
Calling WMGetAllAssociatedObjects(FALSE, MANGO, 1,
CN=00:0D:60:40:D8:B7.OU=WORKSTATIONS.O=STJ.OU=2006 .OU=STUDENTS.O=STJ, WINNT
Workstation Package, zenwmGroupPolicy, 512, pBuffer)
WMGetAllAssociatedObject returned 103
No associated workstation policies. Deleting
C:\WINNT\System32\GroupPolicy.WksCache.
DeleteGPRegVal: Error 0x2 deleting Group Policy Machine Flags
DeleteGPRegVal: Error 0x2 deleting Group Policy Machine Status
Exiting CheckForObsoleteWksCache 103
Applying user policies
Reading Don't reparse from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value Don't reparse: 0x1 in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Policy applied at predesktop. Skipping reapplication at user login.
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing Last Run Time High to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1c4c14a to Last Run Time High in key
Software\Novell\Workstation Manager\Group Policies
Writing Last Run Time Low to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0xe0da0d06 to Last Run Time Low in key
Software\Novell\Workstation Manager\Group Policies
Apply user policies releasing mutex.
Exiting WMHelperInteractiveUserEntry ccode: 0x0
Closing log file.Paul,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Hi everyone,
Im having an issue where group policies stop working on XP machines.
They stop working all together after a certain time. Below is a debug
log for the group policy update.
I've ran through TID
http://support.novell.com/cgi-bin/se...?/10073744.htm
and still no luck.
---------BEGIN DEBUG FILE------------------
WMHelperInitialization (Sep 22 2003) called! Flags: 0x2. Event: 0x0.
Impersonation: 0x2
Opened Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x204
WMHelperSystemEntryEx called!
Computer Object : CN=ALyle220_30_3_114.OU=Management.OU=MEL.O=KFA
User Object : CN=ALyle.OU=MEL.O=KFA
Entry Flags : 0x200
Event Flags : 0x0
DN is Typed convert it to TYPELESS
User logged in.
Writing User Logged In to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1 to User Logged In in key
Software\Novell\Workstation Manager\Group Policies
Reading User Logged In from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value User Logged In: 0x1 in key Software\Novell\Workstation
Manager\Group Policies
Applying computer policies.
Entering ApplyPolicies
Reading Group Policy Machine Flags from
\HKLM\Software\Novell\Workstation Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Reg key Group Policy Machine Flags not found. Assuming 0
Reading Group Policy Machine Status from
\HKLM\Software\Novell\Workstation Manager\Group Policies
Read reg. value Group Policy Machine Status: 0x1000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy Machine Status: 0x1000
Writing Group Policy Machine Status to
\HKLM\Software\Novell\Workstation Manager\Group Policies
Wrote reg. value 0x1000 to Group Policy Machine Status in key
Software\Novell\Workstation Manager\Group Policies
Context : OU=Management.OU=MEL.O=KFA
Full Object DN
CN=ALyle220_30_3_114.OU=Management.OU=MEL.O=KFA.OU =Management.OU=MEL.O=KFA
Calling WMGetAllAssociatedObjects(FALSE, KNIGHT-FRANK, 2,
CN=ALyle220_30_3_114.OU=Management.OU=MEL.O=KFA.OU =Management.OU=MEL.O=KFA,
WINNT Workstation Package, zenwmGroupPolicy, 512, pBuffer)
Error 0x 67 calling WMGetAllAssociatedObjects.
Exiting ApplyPolicies 0x67
Apply computer policies releasing mutex.
Exiting WMHelperSystemEntryEx ccode: 0x67
Closing log file.
----------------- END DEBUG FILE ----------------
Any help would be appreciated. I'm racking my brain here.
Thanks
Russell> Any help would be appreciated. I'm racking my brain here.
The only issue I know of if this is WinXP *SP2*.
If it's not, you can stop read here, because
then I'm lost :-(
*If* it's WinXP SP2, it's not supported at
all with ZENworks 3.x:
http://support.novell.com/cgi-bin/se...?/10092958.htm
"Novell ZENworks for Desktops 3.2 is not supported on XP SP2."
Furthermore, with other versions of ZEN there is a particular
issue with Group Policies when upgrading from WinXP SP1:
http://support.novell.com/cgi-bin/se...?/10095342.htm
Regards
Rolf Lidvall
Swedish Radio (Ltd)
NSC SysOp -
Provision a RO several times with one user using Access Policies
Hello,
we need to provision several Unix machines and for this purpose, we use one only resource object (SSH User). Additionallyl, we created an access policy for every machine:
- Access Policy Unix Server 1
- Access Policy Unix Server 2
- Access Policy Unix Server N
We created the following group in OIM: SSH Group.
We set the policies in such a way that whenever a user is added to the SSH Group, the SSH User RO is provisioned with the user for every machine. We created several access policies, because the parameters of the form are different for every machine.
The problem is that when a user is added to the SSH Group, the SSH User resource object is provisioned only once. It is provisioned by the access policy with the highest priority. We would like that the SSH User RO was provisioned by every access policy. That is, the user should have the SSH User RO provisioned N times, after adding it to the SSH Group.
Is there any way to achieve this without creating a resource object for every Unix Machine? We need to provision more than 300 Unix machines and this would require a lot of time...
Thank you for your helpThere are other options. You could create a child table to hold the IT Resource information, assuming all parent data is the same for every system. Then on the insert/delete to child table entries, you can provision and de-provision from that target. On disable/enable you would need to search through the child table and perform the action against all instances. The same for the other update tasks.
This is the limitation of access policies. They manage a single resource object target instance. You could also code a generic resource that has child table entries. When an insert happens, you can use the APIs to provision and instance of the specific target with the provided details. Then you could create access policies to add entries to the child table, and each would provision the appropriate object, and deprovision too.
Takes some custom code, but it's doable. Just remember though that they are all still the same resource object, so reporting would show them all, as well as attestation, as a single instance, with multiple provisioned to each user.
Another option is to duplicate the work flow using find and replace in the XML and generate a unique workflow for each instance.
-Kevin -
Our Bank's core processor has rewritten their product to run in a web browser. Their browser of choice is Firefox 3.6. The specifications from our core processor specify specific security and settings parameters that must be adhered to by all users for their product to run properly. Is there a way to globally configure these settings via the registry or group policies to insure everyone who logs in to a given workstation opens Firefox with the same settings? Thank you for any assistance you can provide - Steve Gish, First Bank Kansas.
== User Agent ==
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)You can try:
*http://kb.mozillazine.org/Locking_preferences -
Windows NT-2000-XP User Group Policies - Clarification - broke?
Environment ZFD 4.01 ir6
We use to use the Windows NT-2000-XP User Group Policies as a catch all for
our Windows 2000, XPsp1 and XPsp2 policies. Since applying ir6, I've
noticed it does not let me use this option anymore. Could someone clarify
my questions.
Does this mean..
I must use a Windows 2000 machine to configure the Windows 2000 policies and
save those group policies files in a different network location? Likewise,
should I use a WinXP sp1 machine, configure and save those group policies
files to a separate folder than W2K files? And then use a WinXP sp2 machine
and repeat the above? It seems that I when I use a WinXP sp2 machine to
configure the policies, my XPsp1 machines don't read the policies.
ThanksGreg,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
ASA 5505 VPN Group Policies (RADIUS) and tunnel group
I have a single ASA firewall protecting a small private developing network, and I need it in order to access remotely to two distinct network spaces both of wich are VLAN tagged: 1 is LAN and 3 is management. Each net has its own IP address space and DNS server.
I'd like to set up Anyconnect to land on lan 1, and SSL VPN in order to see the IPMI and management websites sitting on VLAN 3. In order to make things "safer" I have found a free OTP solution, OpenOTP, and I decided to implement it on a virtual machine, setting up a radius bridge to allow user authentication for VPN. I can pass wichever attribute I'd like to using this radius bridge (for example "Class" or "Group-Policy" or whatever is included in the radius dictionaries).
Actually all I need is quite simple. I have to segregate my remote users in 2 groups, one for Anyconnect, and one for SSL based on the radius response from authentication. (I don't need authorization nor accounting) I'm no Cisco Pro, what I've learnt is based on direct "on the field" experience.
I'm using two radius users for testing right now, one is called "kaisaron78" associated to a group policy "RemoteAC" and a second one called "manintra" associated to a group policy called "SSLPolicy". "kaisaron78" after logging in should only see the Anyconnect "deployment portal", while "manintra" should see the webvpn portal populated with the links specified in the URL list "Management_List". However, no matter what I do, I only see the default "clean" webvpn page. This is an example of "sh vpn-sessiondb webvpn" for both users..
Session Type: WebVPN
Username : kaisaron78 Index : 1
Public IP : 172.16.0.3
Protocol : Clientless
License : AnyConnect Premium
Encryption : Clientless: (1)RC4 Hashing : Clientless: (1)SHA1
Bytes Tx : 518483 Bytes Rx : 37549
Group Policy : RemoteAC Tunnel Group : DefaultWEBVPNGroup
Login Time : 10:59:33 CEDT Mon Aug 18 2014
Duration : 0h:00m:23s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : c0a801fa0000100053f1c075
Security Grp : none
Asa5505# sh vpn-sessiondb webvpn
Session Type: WebVPN
Username : manintra Index : 2
Public IP : 172.16.0.3
Protocol : Clientless
License : AnyConnect Premium
Encryption : Clientless: (1)RC4 Hashing : Clientless: (1)SHA1
Bytes Tx : 238914 Bytes Rx : 10736
Group Policy : SSLPolicy Tunnel Group : DefaultWEBVPNGroup
Login Time : 11:01:02 CEDT Mon Aug 18 2014
Duration : 0h:00m:05s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : c0a801fa0000200053f1c0ce
Security Grp : none
As you can see, it seems like the policies are assigned correctly by radius attribute Group-Policy. However, for example you'll notice no vlan mapping, even if I have declared them explicit in group policies themselves. This is the webvpn section of the CLI script I used to setup remote access.
! ADDRESS POOLS AND NAT
names
ip local pool AnyConnect_Pool 192.168.10.1-192.168.10.20 mask 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_27
subnet 192.168.10.0 255.255.255.224
access-list Split_Tunnel_Anyconnect standard permit 192.168.1.0 255.255.255.0
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.10.0_27 NETWORK_OBJ_192.168.10.0_27 no-proxy-arp route-lookup
! RADIUS SETUP
aaa-server OpenOTP protocol radius
aaa-server OpenOTP (inside) host 192.168.1.8
key ******
authentication-port 1812
accounting-port 1814
radius-common-pw ******
acl-netmask-convert auto-detect
webvpn
port 10443
enable outside
dtls port 10443
anyconnect image disk0:/anyconnect-win-3.1.05170-k9.pkg 1
anyconnect profiles AnyConnect_Profile_client_profile disk0:/AnyConnect_Profile_client_profile.xml
anyconnect enable
! LOCAL POLICIES
group-policy SSLPolicy internal
group-policy SSLPolicy attributes
vpn-tunnel-protocol ssl-clientless
vlan 3
dns-server value 10.5.1.5
default-domain value management.local
webvpn
url-list value Management_List
group-policy RemoteAC internal
group-policy RemoteAC attributes
vpn-tunnel-protocol ikev2 ssl-client
vlan 1
address-pools value AnyConnect_Pool
dns-server value 192.168.1.4
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_Anyconnect
default-domain value home.local
webvpn
anyconnect profiles value AnyConnect_Profile_client_profile type user
group-policy SSLLockdown internal
group-policy SSLLockdown attributes
vpn-simultaneous-logins 0
! DEFAULT TUNNEL
tunnel-group DefaultRAGroup general-attributes
authentication-server-group OpenOTP
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group OpenOTP
tunnel-group VPN_Tunnel type remote-access
tunnel-group VPN_Tunnel general-attributes
authentication-server-group OpenOTP
default-group-policy SSLLockdown
!END
I had to set up DefaultWEBVPNGroup and RAGroup that way otherwise I couldn't authenticate using radius (login failed every time). Seems like in ASDM the VPN_Tunnel isn't assigned to AnyConnect nor to Clientless VPN client profiles. Do I have to disable both default tunnel groups and set VPN_Tunnel as default on both connections in ASDM ? I know I'm doing something wrong but I can't see where the problem is. I'm struggling since may the 2nd on this, and I really need to finish setting this up ASAP!!!!
Any help will be more than appreciated.
Cesare GiulianiOk, it makes sense.
Last question then I'll try and report any success / failure. In this Cisco webpage, http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ref_extserver.html#wp1661512 there's a list of supported radius attributes. Actually I'm using number 25 Group-Policy, in order to get the correct group policy assigned to users. I see, in that list an attribute 146 Tunnel-Group-Name. Will it work out for the purpose you explained in the previous post ? I mean, if I set up two tunnel groups instead of 1, 1 for anyconnect with its own alias and its own url, and 1 for SSL VPN again with its own alias and url, do you think that using that attribute will place my users logging in into the correct tunnel group ?
Thank you again for your precious and kind help, and for your patience as well!
Cesare Giuliani -
Office 2013 group policies - not working
I'm using Office 2013 Pro Plus SP1 (volume license) on a Windows 7 Pro machine [both are 32 bit]. While I have Server 2003, it's configured to work with Windows 7 and Office 2013 Group Policy templates. I use RSAT on a Win 7 computer to
create/manage the Group Policies.
Since we're not using Office 365, I'm trying to block some of those features, as well as disabling the Office Start screens.
Thinking that SP1 might be the problem, I downloaded the group policy templates for SP1 and copied them to the server.
If I create a policy (Office_2013_settings), with a few settings, like "Block singing into Office". In Group Policy, I disabled the Computer Configuration, leaving the User Configuration enabled. If I force group policy on the target
computer and look at RSOP, I see the computer configuration settings disabled, but nothing for the user configuration, although it's enabled in the policy.
If I put a junk policy entry on the computer configuration and enable both policies on the backend, force group policy on the computer, and look at RSOP, under computer configuration, I see the Office_2013_settings policy, but the policy still doesn't appear
in the user configuration. If I scroll to the bottom of the file, where I can see other Administrative templates and their settings, my Office_2013_settings aren't visible.I have created a group policy with a few settings, and applied to my own computer. It seems to be very nice to me. Please first check the apply status on the client site based on the GPSVC.log
Thinking the issue might be on the way how you create/manage the Group Policies on Windows Server side. Please check the model of how you deploy your group policy, on a domain or OU level? Loopback Merge or Replace? This might affect whether the user
would receive all settings from GPO applied to User or Computer. This article might be useful to you:
http://blogs.technet.com/b/askds/archive/2013/02/08/circle-back-to-loopback.aspx
This might be an issue on Windows server side, you may need to post your question to below forum to get more suggestions:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=windowsserver -
Office 365 Group Policies question
We initially deployed Office 365 with updates turned off so about half of our users have an old version of Office 365. We want to now manage the updates using the new group policies for O365. I read this statement ...In
order for these four new policy settings to work, you will need to have at least the April 2014 build of Office 2013 Click-to-Run (Build 15.0.4605.1003) and download the latest Administrative templates files (ADMX/ADML).
Does this mean that the version on the PC has to have at least the April 2014 build to use the policies? If that's true how would I go about updating the users who have automatic updates turned off. there are a couple of thousand users.Does this mean that the version on the PC has to have at least the April 2014 build to use the policies? If that's true how would I go about updating the users who have automatic updates turned off. there are a couple of thousand users.
Yes.
Depending on how you deployed/deploy Office365ProPlus, and, the tools/techniques available to you in your environment, there are some options.
a) re-deploy Office365ProPlus to the computers. Use the latest build version.
b) check the relevant registry settings, and if correction is needed, deploy the correct registry settings.
These articles may help you to determine which of the multiple scenarios you have to deal with:
http://community.office365.com/en-us/f/156/t/220142.aspx
http://blogs.msdn.com/b/modonovan/archive/2014/04/09/office-365-pro-plus-fails-to-update-or-fails-with-error-code-30088-27.aspx
http://social.technet.microsoft.com/Forums/office/en-US/4369357e-5de9-4755-8f2c-33ae948b14fb/manually-triggering-updates-in-office-2013?forum=officeitpro
http://blogs.technet.com/b/office_resource_kit/archive/2013/06/17/automating-quick-repairs-in-office-365-proplus.aspx
http://blogs.technet.com/b/odsupport/archive/2014/03/03/the-new-update-now-feature-for-office-2013-click-to-run-for-office365-and-its-associated-command-line-and-switches.aspx
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
SSL Multiple Tunnel Groups with Multiple group policies
Hello folks.
Have a query and cant seem to find an answer on the web.
I have configured SSL Clientless VPN on a lab ASA5510, using 2 tunnel groups, one for enginneers and one for staff, mapped to 2 different group policies, each with different customisation. I have mapped the AD groups to the tunnel groups using both ACS and now LDAP (currently in use), both working successfully, using group lock and LDAP map of IETF-Radius-Class to Group name ensures engineers get assigned to the engineers tunnel group and staff get mapped to the staff tunnel group only.
The question i have is....is there a way to use a single tunnel group to map the user based on AD group which will then use the correct Group-policy (1 tunnel group to multiple group-polciies). I have seen examples of doing this with different URLs but want to know if they can all use the same URL and avoid using the drop down list using aliases.
It may be a simple "No" but it would be nice to know how to do it without using the URLs or drop down list. Users are easily confused ......Easy. Disable the drop-down list, and use the authentication-server (LDAP or Radius) in the DefaultWEBVPNGroup. By default when you browse to the ASA, it will be using the DefaultWEBVPNGroup. Let LDAP or Radius take care of the rest.
You will get the functionality you are looking for.
HTH
PS. If this post was helpful, please rate it. -
ZCM 11 Group Policies not applying to satellite servers
Hi there
We are running 2 Windows 2012 Primary Servers and a SQL 2012 Database server at our main site, all remote sites have SLES11 SP2/OES11 SP1 as satellite servers. We upgraded all servers last weekend to 11.3.1 and now have an issue with Group Policies applying to the satellites. The satellites are all set up the same with Authentication, Collection, Content and Imaging roles.
Since we upgraded Group Policies are (99% of the time) not applying on satellite sites. I have tried manually replicating content (I assume policies will come from content replication?) to the satellites - I've done this with a zac cdp replicate and zac cvc and everything seems to replicate over however I tried highlighting a satellite server and clicking on Action, Specify Content - select the Policy that is not applying and move it into the selected Content to update column and when I click finish I get the error "The Wizard cannot continue for the following reason(s): Unable to complete your request for the following reason: Error updating content"
On a managed device at the satellite site if you look at the properties of the Zenworks agent and click on Policies it has applied 4 device assigned policies successfully - Remote Management, Power Management, Application Launcher Config and Application Control Policy, also has successfully applied 3 out of the 4 User Assigned Policies - Mandatory Profile, Dynamic Local User, Application Control - but not the Windows Group Policy.
Our PCs are on Windows 8.1 and all policies were applying fine before the weekend upgrade......
Has anyone else had any experience of Group Policies not applying that could point me where to look? I have logged an SR with Novell through our reseller but as yet I am getting no response back at all, not even asking me for more information.
Many thanks
SharonSounds like you have a content replication issue more than a GPO issue.
Especially if the GPO works for locations that point to the Primaries
for Content.
Do you have throttling configured anywhere in any fashion?
You may need to increase the Replication Timeout to make sure content is
getting over to the Sats. Often increasing from 60 to 240 helps, but
watch out for throttling preventing content replication.
It is possible things are backing up.
On 7/31/2014 8:26 AM, shazzypoos wrote:
>
> I should add that when you looked at the "Click for Details" to the
> right of the Effective "Failed" status the message is "Policy
> Enforcement Failed : The action (0) threw an exception. Message (1).
> Exception (2) (grouppolicy, "None of the source locations could be
> found"
>
> Hmmmm! Currently in closest server rules there is only the server for
> the site it's on set - we do not want it to come back to the Primary for
> policies. As I say, this was working before the weekend upgrade. Thanks!
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Technical Support Engineer
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human. -
Unable to see Active Directory Groups in the User Profile Database after Profile Import
***Major Update - I have finally been able to get the direct attention of the folks responsible for the User Profile Service on the SharePoint Product Team. Long story short, they have reproduced the error and identified as an actual mistake
that needs to be fixed, so it is now officially in the bug pipeline and will be fixed. The current estimate is some time in the summer. They will keep me updated with timeframes, which I am allowed to share as time goes on.
SharePoint Server 2010 Enterprise RTM. W2K8R2 w/multi-server setup:
AD/DNS
SQL 2008
WFE
APP
Claims Mode Web App only using Windows Integrated Auth
So, this was never a problem in 2007, and I didn't even realize it was a problem in 2010 until I started to build a solution that utilized my blog article:
InfoPath - User Roles in Browser-Enabled Forms Using AD Groups. I went to utilize the same web method of the same web service, but I noticed that no data was showing up at all. Typically,
the GetUserMembership/GetCommonMembership methods return the specified user's memberships: AD Security Groups, AD Distribution Lists, and SharePoint Sites (not SharePoint Groups, though).
My user profile sync is working. All AD users are pulled in with the proper profile data.
"Users and Groups" is selected in the Synchronization Entities section of my Sync Settings.
Security groups are working for permissions and audience targeting. Confirmed my users are affected properly by the use of Security Groups.
My query to the GetUserMemberships web method (and GetCommonMemberships) is running (not failing), but it's not returning anything even though my user is in some Security Groups and has explicit membership to multiple sites.
The GetUserProfileByName method of the same UserProfileService.asmx web service
returns all the regular profile data like expected, so the web service works and my profile database is populated
Basically, I'm not seeing my AD groups or any membership data populated in the profile database. I did use MIISCLIENT.exe to see what I could find, and here is what I saw:
Using the Metaverse Search, I searched for the "person" type and saw all of the users in my profile sync connection (single OU)
Using the same tool, I searched for the "group" type and saw nothing, but the message said 4 items were retrieved
I realized that the only column showing was displayName, and they were blank, so I added other columns to be sure
objectGUID, objectType, distinguishedName all showed values, and I could now see all the Security Groups from the OU where I'm doing my profile sync
My "person" objects all have displayNames showing but none of the groups do. In SharePoint, the GetUserMemberships method relies on displayName and accountName, but neither are coming through the profile import
So, it does seem like the groups are coming in with the profile import, but I can't see them. I also can't verify that the groups are being associated with my users in the profile database, because doing a query to the membership methods returns nothing...not
even blank rows.
***Edit: New information! Regular AD Distribution Lists _do_ work properly. I just never bothered testing them until folks on my blog notified me. DLs come through the profile sync, are visible in the profile database, and show up
when using the GetUserMemberships method.
***Edit: Ok, now we're getting somewhere. I checked my last profile sync with the MIISCLIENT, and this is what I found:
Here are the properties of my Distribution List:
Here are the properties of my Security Group:
Notice that the groupType value of the DL is a normal integer (2), but the groupType value of the SG is some crazy negative number. Both types are still lacking DisplayNames for some reason, but when I retrieve the DL via GetUserMemberships, it DOES
show the proper DisplayName despite nothing showing in the MIISCLIENT.
SharePoint Architect || Microsoft MVP ||
My BlogHello Clayton,
I have same problem with SP 2010 and now I am testing SP 2013 and seems that the problem still.aa
Probably I have some configuration problem, but all seems work, except this.
SharePoint 2013 has no improvements on this. Until seeing this thread, I thought it was an issue within my farm configuration or AD Service account for User Profile Sync. And I've dug far and wide for any other possible settings which would prevent users
from populating in the site people-picker. This might be flagged as off-topic, but I'll beg differ. How can I expect SharePoint to retrieve AD Users and Groups for accuracy in the sites which rely on this server??? Frustrating. I've spent hours and days on
this! I have 3 SP2013 farms with multiple clients (different OU's/containers and security groups). Testing in a separate QA DEV farm with the same config. NO luck yet!
This is where I'm at with it (posted this as a question recently on SharePoint Stack Exchange):
"Help.... Please.... Users from AD groups are not populating in the site people picker. I've set up a SharePoint 2013 site collection permissions group with only AD groups in it, no users added directly. Whether or not I give this SharePoint group permissions
to the site content, I still get none of the AD users showing up in the people picker. I have done the iisreset after adding the groups.
I've checked all of the people picker properties in stsadm to be sure there are no constraints in effect on the web app or site collections. User profiles are synching and I've tried both AD import and User Profile Sync. The AD groups are security
groups, though not email-enabled. The AD service account has all the special permissions. My web app is claims based. My app pool runs with Network Service account. No policies in place to restrict users, checked CA and the site collection settings.
What am I missing? I've read in multiple places that this is a supported/working config. So why can't I get these users to populate in people picker for things like Assigned To in a tasks list, or attendees of an event? "
There is some pretty good insight here, but no real hope:
User profile
synchronization: importing users and security groups in SharePoint 2010
Other Properties that I checked, before realizing this was an issue with the Profile Import...
stsadm -o getproperty -pn siteuseraccountdirectorypath -url https://URL
stsadm -o getproperty -propertyname peoplepicker-activedirectorysearchtimeout -url https://URL
stsadm -o getproperty -propertyname peoplepicker-distributionlistsearchdomains -url https://URL
stsadm -o getproperty -propertyname peoplepicker-nowindowsaccountsfornonwindowsauthenticationmode -url https://URL
stsadm -o getproperty -propertyname peoplepicker-onlysearchwithinsitecollection -url https://URL
stsadm -o getproperty -propertyname peoplepicker-searchadcustomfilter -url https://URL
stsadm -o getproperty -propertyname peoplepicker-searchadcustomquery -url https://URL
stsadm -o getproperty -propertyname peoplepicker-searchadforests -url https://URL
stsadm -o getproperty -propertyname peoplepicker-serviceaccountdirectorypaths -url https://URL
Hope we find a better answer, as it IS very misleading. User Profile Import specifies Users, or Users and Groups. Nothing is said about Containers or Distribution Groups, worse yet there lacks any clear disclosure about how "Groups" will not
actually import if they are a Global Security Group and the users contained within them exclusively will NOT be included in your profiles,
nor in any compiled Audiences. Which was another BIG bummer!
I'm hoping to see future improvements on the Group imports. -
Best Practice: Deploying Group Policy to Users on different OUs
Greetings, everyone! I am needing some advice on how to deploy some group policy objects to specific users stored on different OUs.
Let me set the stage: I work for a large school district, and have recently taken over the district's career center. The idea behind the career center is that students from different high schools around the city come in to take classes based on their choice
of career, such as radio broadcasting or auto mechanic and such. The AD structure is set up so that each school has their own OU. When a user (staff, student, etc.) is assigned to a school OU, they automatically are added to
their school's security group (i.e. EASTHIGH-STUDENT), and that when any user moves from one school to another, we have to move their AD account to that school's OU, which will remove the security group from the old school and apply the new school
security group.
For the career center, since we have students coming from different buildings every day, rather than trying to find a way to move their AD account from their high school OU to the career center OU, the previous techs created generic accounts (such as tv001,
tv002, etc.) in AD and stored them in the career center OU. This way, teachers can assign students that particular generic account so that they can access the drives and printers from the career center, as well as access the career center network
drives while they are at their home high school.
Since I have moved to the career center, and apparently I have more knowledge about group policy than most of the techs in the district, the district system engineers want me to remove all of the generic accounts from the career center OU, and have students
use their own AD accounts. Obviously I also want to do this since the generic accounts are very confusing to me, but I'm trying to figure out the best way to do this.
For simplicity sake, I'm just going to start off by figuring out how to set up a group policy for mapping the career center drives. Now, I obviously know that the best way would be to create security groups for each career area, and that we would need
to add students to those groups so that only those particular students would get the GPO for the career center, but my question is where would I like the group policies to? Do I need to link it at the root of the domain so that every OU is hit?
Just curious about this.
Thanks!Don't link it to the root.... apply the drive mapping as a policy at the OU or you could apply the drive mapping using Group Policy Preferences using security group targeting... .I would also strongly recommend you check out my articles
Best Practice: Active Directory Structure Guidelines
– Part 1
Best Practice: Group Policy Design Guidelines – Part 2
Hope it helps... -
On current build ZCM 11 SP3... We had some original group polices created for Windows 7 64 bit that seem to be applying properly to the workstation. I'm able to confirm workstation policy settings on the workstation by opening up gpedit.msc and confirming my settings. The problem that exist is when I login to the ZCM console and try to edit any of my policies it seems to come down from the server but when I open my policy settings they are all set at not configured. I even tried creating a test policy and making like three changes. I saved the policy and uploading seems to work without any errors but when I try to re-edit the policy it has the three that were change defaulted back to not configured. I attached a copy of the Zen_GP.log file that shows this...
ZEN GP Handler - 5/19/2014 - 10:30:41 AM - Logged on User - Could not load file or assembly 'zmd, Version=11.3.0.34986, Culture=neutral, PublicKeyToken=null'
or one of its dependencies. The system cannot find the file specified.: at
Novell.Zenworks.PolicyHandlers.WindowsGroupPolicyP lural.AbstractGPHandler.ApplyUserPolicy(String cachedirectory, Boolean copyscripts, MessageDetails&
lastErrorMessage, String PolicyGUID, String userName, String usersession, Boolean dontapplyIEsettings)
at Novell.Zenworks.PolicyHandlers.WindowsGroupPolicyP lural.AbstractGPHandler.ApplySettingsToolMode(Stri ng zipFilepath, String username)
at Novell.Zenworks.PolicyHandlers.WindowsGroupPolicyP lural.WindowsGPHandler.EditGPSettings(String zipFilePath, Boolean edit)
ts\StartuptoC:\Users\Logged on User\AppData\Local\Temp\635360922292841726\GroupPo licy\Machine\Scripts\Startup
Any thoughts on why I'm not able to edit group policies but was able to do so before the SP3 update?
ThanksI believe they are targeting ZCM 11.3.1 for the Fix, but that is still
probably about 3 months out.
I have not really delved deep into where it is trying to find this DLL,
just that it is trying to find it and failing as you noted.
Maybe Procmon will show where it is trying to load it from.
On 5/20/2014 8:36 AM, bkferrante wrote:
>
> Craig... Once again thanks for the assistance. I tried putting a copy
> of zmd.dll in C:\Windows\System32 and restarted the workstation and I'm
> still having the problem as described. I did confirm an installed agent
> will allow for the policy editing but it is frustrating that things were
> working fine until the 11 SP3 update. Is there any other solutions you
> can offer as a work around until the patch... Also, any idea when the
> patch fix will be released?
>
> Thanks again
>
>
> CRAIGDWILSON;2319752 Wrote:
>> I presume anywhere in the Windows Path would be sufficient, most folks
>> I
>> talked to just put the agent on their Clean GPO VM.
>>
>> On 5/19/2014 12:36 PM, bkferrante wrote:
>>>
>>> CRAIGDWILSON;2319686 Wrote:
>>>> The ZCM Agent will need to be installed or you will need to copy in
>> the
>>>> zmd.dll from a device with the agent.
>>>>
>>>> This was a new requirement inadvertently added in 11.3, that is
>>>> expected
>>>> to be removed in a forthcoming patch.
>>>>
>>>> On 5/19/2014 11:06 AM, bkferrante wrote:
>>>>>
>>>>> On current build ZCM 11 SP3... We had some original group polices
>>>>> created for Windows 7 64 bit that seem to be applying properly to
>> the
>>>>> workstation. I'm able to confirm workstation policy settings on
>> the
>>>>> workstation by opening up gpedit.msc and confirming my settings.
>> The
>>>>> problem that exist is when I login to the ZCM console and try to
>> edit
>>>>> any of my policies it seems to come down from the server but when I
>>>> open
>>>>> my policy settings they are all set at not configured. I even
>> tried
>>>>> creating a test policy and making like three changes. I saved the
>>>>> policy and uploading seems to work without any errors but when I
>> try
>>>> to
>>>>> re-edit the policy it has the three that were change defaulted back
>>>> to
>>>>> not configured. I attached a copy of the Zen_GP.log file that
>> shows
>>>>> this...
>>>>>
>>>>> ZEN GP HANDLER - 5/19/2014 - 10:30:41 AM - LOGGED ON USER - COULD
>> NOT
>>>>> LOAD FILE OR ASSEMBLY 'ZMD, VERSION=11.3.0.34986, CULTURE=NEUTRAL,
>>>>> PUBLICKEYTOKEN=NULL'
>>>>>
>>>>> OR ONE OF ITS DEPENDENCIES. THE SYSTEM CANNOT FIND THE FILE
>>>> SPECIFIED.:
>>>>> AT
>>>>>
>>>>>
>>>>
>> NOVELL.ZENWORKS.POLICYHANDLERS.WINDOWSGROUPPOLICYP LURAL.ABSTRACTGPHANDLER.APPLYUSERPOLICY(STRING
>>>>> CACHEDIRECTORY, BOOLEAN COPYSCRIPTS, MESSAGEDETAILS&
>>>>>
>>>>> LASTERRORMESSAGE, STRING POLICYGUID, STRING USERNAME, STRING
>>>>> USERSESSION, BOOLEAN DONTAPPLYIESETTINGS)
>>>>> AT
>>>>>
>>>>
>> NOVELL.ZENWORKS.POLICYHANDLERS.WINDOWSGROUPPOLICYP LURAL.ABSTRACTGPHANDLER.APPLYSETTINGSTOOLMODE(STRI NG
>>>>> ZIPFILEPATH, STRING USERNAME)
>>>>> AT
>>>>>
>>>>
>> NOVELL.ZENWORKS.POLICYHANDLERS.WINDOWSGROUPPOLICYP LURAL.WINDOWSGPHANDLER.EDITGPSETTINGS(STRING
>>>>> ZIPFILEPATH, BOOLEAN EDIT)
>>>>> TS\STARTUPTOC:\USERS\LOGGED ON
>>>>>
>>>>
>> USER\APPDATA\LOCAL\TEMP\635360922292841726\GROUPPO LICY\MACHINE\SCRIPTS\STARTUP
>>>>>
>>>>>
>>>>> Any thoughts on why I'm not able to edit group policies but was
>> able
>>>> to
>>>>> do so before the SP3 update?
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Craig Wilson - MCNE, MCSE, CCNA
>>>> Novell Technical Support Engineer
>>>>
>>>> Novell does not officially monitor these forums.
>>>>
>>>> Suggestions/Opinions/Statements made by me are solely my own.
>>>> These thoughts may not be shared by either Novell or any rational
>> human.
>>>
>>> Thanks for the quick reply Craig... Can you be a little more clearer
>> on
>>> the steps to copy the ZMD.dll... Location to copy the file on a
>> machine
>>> without an agent... Thanks...
>>>
>>>
>>
>>
>> --
>> Craig Wilson - MCNE, MCSE, CCNA
>> Novell Technical Support Engineer
>>
>> Novell does not officially monitor these forums.
>>
>> Suggestions/Opinions/Statements made by me are solely my own.
>> These thoughts may not be shared by either Novell or any rational human.
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Technical Support Engineer
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
Maybe you are looking for
-
Hp3400 keeps crashing with blue screen with clean windows 7 64
Hi, A brand new hp3400 mt (with product number LH121EA#ABU) crashed during the initial setup process for win 7. Eventually I could boot to windows, but then it kept crashing. Since then, I have reformatted and reinstalled win 7 64, and downloaded an
-
Cannot see Timecapsule in Airport Utility on Windows XP
Just purchased a 2T TC and can connect MBP and Macbook air ok. I also have a Lenovo laptop with Windows XP that uses TC for internet access that works ok. When I run Airport Utility (v5.5.3) on Windows XP it cannot see the TC. I have Bonjour Printer
-
Any applications that I try to download wont. It says I need adobe air installed to download them. I Do have it installed but same message over and over. Have uninstalled it re-installed it and still the same. Working on Vista with SP1 Thanks in adv
-
Dislike the 5.0 version greatly. 4.6 version was better and been strongly advised not to downgrade back to it. So for next update, things to consider: Keypad lock - there was nothing wrong with Lock + Green phone, why you have to use the mute button
-
Telstra's Third Party Purchases SCAM
On my 03Dec-02Jan bill, I have been charged $65.25 for "Third party purchases"from "Openmarket Pty. Ltd." These charges were for me receiving 14 text messages from a company I did not know or request any service from. I have complained at my local Te