Unable to edit Default Domain policy on Server 2012 R2 domain controller

Similar Messages

• Default Domain Controller Policy

  Hello All,
  We will be starting promotion of Windows Server 2012 R2 Domain Controller in our organisation. For that we are trying to implement the Default Domain Controller Policy for 2012 r2 related.
  We already have Account Policies, Password policy, Audit Policy and Security Option Firewall Settings
  But would like your advice about any new features which we can applied in our Default Domain Controller
  policy.
  Thanks.
  Thanks HA

  Hi,
  >>But would like your advice about any new features which we can applied in our Default Domain
  Controller policy.
  Regarding this point, the following articles can be referred to as reference.
  Chapter 4: Strengthening Domain and Domain Controller Policy Settings
  https://technet.microsoft.com/en-us/library/cc773205(v=ws.10).aspx
  Applying Selected Domain and Domain Controller Policy Settings
  https://technet.microsoft.com/en-us/library/cc773164(v=ws.10).aspx
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Default domain controller policy audit

  If I enable auditing in default domain controller policy, I see event only from all domain controller or see event from all workstation in domain, or I should create new audit GPO and then linked it to workstation UO?

  If I enable auditing in default domain controller policy, I see event only from all domain controller or see event from all workstation in domain, or I should create new audit GPO and then linked it to workstation UO?
  If I enable auditing in default domain controller policy, I see event only from all domain controller or
  see event from all workstation in domain
  ---NO you wont see workstations, only if editing the default domain policy, as described prior best practice would be to create a new GPO with a great name that you
  wont mix up such as "workstation audit GPO" and link to the site, domain or OU you require.
  Its not great practise IMO adding loads of stuff to default domain policy when you want to troubleshoot best to segregate GPOS with great easy to
  interpret names for brevity 

• Unable to log onto domain controller with user account

  Hi,
  I am able to log onto my DC as domain admin. I cannot log on as myself. I do not see what I am missing in the GPO to make this happen? I am part of a server admin group and would like the server admin group to be able to log on to the domain controller to
  maintain the server. 
  Any suggestions?
  Wave~Chaser

  Log on to this DC and run rsop.msc and check the following policies:
  Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally
  Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on locally
  Add your self to Allow log on locally
  (in default domain controller policy - as I mentioned above) and make sure your user account not belong to any group that have Deny log on locally.
  Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

• Can't edit default domain controllers policy on windows 8 or server 2012

  I have found that I can't edit the "Default Domain Controllers Policy" from a Windows 8 or Server 2012 machine.  I can edit and save changes fine from a Windows 7 machine.  The domain controllers are running Windows 2012 Standard upgraded
  from Windows 2008 R2.  Is there a security setting I am missing?

  Posting the resolution from the other thread.  Hope it helps!
  I just accidentally resolved this issue today.  I added the GPMC to a 2008 R2 server so I could make a needed firewall
  change within the Windows Firewall with Advanced Security section of the Default Domain Controllers GPO (I enabled the Remote Event Log management rule for the Domain profile).  About an hour later, I forgot I was using my Windows 8 machine and I went
  to edit the Default Domain Controllers GPO and opened for edit without a problem.  I can now edit it from Windows 8 and from Windows Server 2012.  Until now, I was using a Windows 7 VM to make the edits, so in my case the problem was resolved by
  editing the GPO once from a 2008 R2 machine.

• How do I set firefox as the default browser in Windows Server 2012 Group Policy Editor?

  Hello, I am unable to set firefox as the default browser despite multiple different attempts to do so using group policy.
  I have:
  - Set a registry command (targeted at 32/64 via a WMI query) to reset the opening command as shown below:
  HKEY_CURRENT_USER\Software\Classes\http\shell\open\command
  "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"
  - Set a powershell logon script to run (that does run):
  firefox.exe -silent -setDefaultBrowser
  Despite setting the above it seems the client computers browsers are not affected by the settings above. When the script runs or if I run the command above a UAC window pops up and requests that I accept the command (for the setDefaultBrowser) but even if I click yes as an administrator it does nothing.
  Since GPO in 2012 has changed perhaps there is something that I am missing? Do I need to somehow disable Windows Internet Explorer from achieving default browser status?
  Please do not reply if you will suggest that I use Internet Explorer Maintenance (since this function in GPO has been disabled since IE10)
  My DC is Server 2012, my client computers are Win7 32/64.

  The above reply does not take into account that I am trying to use GROUP POLICY EDITOR to make it the default browser.

• Reboot domain controller changes audit policy on Default Domain Controller Policy

  This has been happening for a long time no matter whether my DCs were running Windows Server 2003 or, as they are now, are running Windows Server 2012 R2. It happens on DCs in one particular site, but the policy change it causes is domain-wide.
  I have 2 DCs at that site, every time one of them is rebooted, the following policy is turned off, from Success and Failure to No auditing:
  Default Domain Controllers Policy - Computer Configuration - Policies - Windows Settings - Security Settings - Local Policies/Audit Policy.
  I have monitoring application relying on this policy being turned on, and if it's off, it's being reported. The monitoring application knows the change, but it doesn't know how the change was made.
  All my DCs are running Windows Server 2012 R2, DFL 2008 R2.
  Thanks and regards.

  Hi,
  >>I have 2 DCs at that site, every time one of them is rebooted, the following policy is turned off, from Success and Failure to No auditing:
  Did we try to run command gpresult/h report.html with admin privileges to collect group policy result report to check how the policy setting was  applied after rebooting?  Besides, we can also try to run command
  auditpol /get / category:* from an elevated command prompt to check what audit settings are applied.
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Unable to add replication feature in sql server 2012 web edition

  Hi All,
  We are using SQL Server 2012, Web edition and when it was installed replication is not an added feature so I tried to add this feature but getting below error.
  Error: There are no SQL Server instances or shared features that can be updated on this computer.
  Description: The version of SQL Server instance MSSQLSERVER does not match the version expected by the SQL Server update. The installed SQL Server product version is 11.1.3000.0, and the expected SQL Server version is 11.0.2100.60
  And also please let me know how to identify the default file location of the setup file 'setup.exe' for SQL Server 2012 (Webedition, 64bit) Grateful to your time and support.
  I'm using "C:\Program Files\Microsoft SQL Server\110\Setup Bootstrap\Update Cache\KB2777772\QFE\setup.exe" to add replication feature, please correct me if I'm wrong.
  Thank You.
  Regards,
  Kalyan
  ----Learners Curiosity Never Ends----

  It looks like you are trying to add Replication Components, however, you are using the Cumulative update package 5 setup, which is wrong.
  Note that you will not find the setup file for SQL Server on your file system, it will be on your installation media.
  To install SQL Server Replication Components, locate your installation media and run Setup.exe.  Select the add features to an existing instance option, select your instance, and add replication components.
  Brandon Williams (blog |
  linkedin)

• Unable to edit default permission for Screen capturing of BB 8800 curve after downgrade OS to 4.3

   i have downgrade my BB 8800 device OS to 4.3 , and its OS version is v4.3.1.27 (Platform 2.7.0.30) Cryptographic kernel v3.8.5.30 , So exact problem is like that now i am unable to edit the default permission for Screen Capturing properties of device, it shown the only option "Deny" and dont allow to me change it . For that i go to - Option->Security Options->Application Permissions->option button->Edit Default permissions->Interaction->Screen Capturing and it show only option "Deny" - So please suggest a solution

  Greetings, welcome to the Forums.
  There's lots of detail you left out...
  There is no OS 4.3 for the 8800 model. So, what model BlackBerry do you have, found at Options > About?
  What is your Operating System loaded to your device? Look at Options > About, third line down beginning with a "v.5.0.x.xxx", What is yours?
  What screencapture application are you using?
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Unable to found default domain under soa-infra

  Hi,
  I am new to SOA,i am trying to deploy an application from jdeveloper but i am not able to find default domain under soa-infra. anybody please help me to create default domain.
  Thanks,
  kesav.

  Hi Kesav
  0. Which version of SOA are you using.
  1. Say in Windows, I guess you have now 2 dos windows. One where you ran startWeblogic.cmd and make sure you do NOT see any errors or exception stack traces in this window. The last lines should say like Server in Running Mode etc. Now in the other dos window, I guess you from \bin folder, startManagedWeblogic soa_server1. I hope you gave correct admin username and password when it prompted. Now make sure this dos window do NOT have any errors or stack traces. The last lines should say something like soa_server1 running and accepting the requests. Now if you see any errors in any of these windows, please give those details here.
  2. Now open a browser, and login into admin console like http://youradminhost:youradminport/console. After login, check the servers (soa_server1) is in Running Mode and is Active.
  3. Now open another browser and try http://youradminhost:youradminport/em. Login with Admin username/password. After login on left side you should see a node named like SOA -> soa_infra1 (...). If you do NOT see this, it means your soa_server1 is NOT started or some core modules like soa_infra module has NOT deployed properly.
  If all the above looks ok, then try to create a new connection again in JDeveloper and Test the connection and then expand it for details in the Application Servers Navigation window. If the servers are on the same machine and if the JDeveloper is also on the same machine, when you give weblogic host, give the dns name of that machine instead of localhost.
  Incase of Linxu also, you will have 2 shells opened to run the above 2 commands. But the steps are same. Later on you can start them in nohup mode with & in the end, so that you can close the shell windows and still the servers will be running.
  Thanks
  Ravi Jegga

• Windows Server 2008 R2: Server unable to authenticate with Domain Controller

  Hello, I was wondering what could be the reason for this error if it is certain that there was no other computer on the network using the same name:
  This computer could not authenticate with<Domain-controller>, a Windows domain controller for domain <Domain-name>, and therefore this computer might deny logon requests. This
  inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. 
  What would cause the machine account pw to be 'not recognized'?

  You can track changes in AD by enabling AD Auditing: https://technet.microsoft.com/en-us/library/cc731764%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
  As reading the logs is usually a complicated and time consuming task, it is recommended to use a third party tool for auditing. The one I usually recommend is Lepide Auditor - Active Directory: http://www.lepide.com/lepideauditor/active-directory.html
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Users using Windows Authentication unable to login after upgrade to SQL Server 2012 SP2 CU1

  We upgraded from SQL Server 2008 R2 to SQL Server 2012 SP2 CU1.  Upgrade was successful.  Users that have SQL Server Management Studio 2012 can successfully log in via Windows Authentication, but users with an older version of SQL Server Management
  Studio are unable to log in via Windows Authentication. 
  The error they receive is listed below:
  Connect not connect to XXXXXXX
  Login Failed.  The login is from an untrusted domain and cannot be used with Windows Authentication. 
  (Microsoft SQL Server, Error: 18452)
  If we switch to Mixed authentication, users can log in via SQL Server Authentication.
  Our security policy prohibits SQL Authentication. 
  Outside of having the staff upgrade to SQL Server 2012 SQL Server Management Studio, is there any setting I can set/unset to allow older version of SQL Server Management studio to connect to SQL Server 2012?
  Thanks.
  DJ

  Glad to see that you were able to resolve the issue yourself, but for the curious, could you explain what this
  Extended Protection is?
  Erland Sommarskog, SQL Server MVP, [email protected]

• Unable to add network printers from Windows Server 2012 R2 to client running Windows 7 Pro x64

  New Windows Server 2012 R2 Standard in the environment.  Added print services to it and added five HP printers to it and shared them.  Also deployed the printers via group policy.
  Clients are running Windows 7 Pro x64.  The group policy fails to install the printers (error 0x00000002).  We get the same error when trying to manually add the printer from the client side.
  From Event Viewer: Group Policy was unable to add per computer connection <<printer share>>. Error code 0x2. This can occur if the name of the printer connection is incorrect, or if the print spooler cannot contact the print server.
  Any ideas on troubleshooting this?
  Thanks.
  -John

  John,
  You might try playing with the HP universal driver, that might help you.  Try installing a new shared printer on the server using the universal print driver, then try and connect to it to see if it is any better.
  Check these GPO settings to ensure local machines can install the drivers.
  1. Configure the following two Group Policy settings:
  Computer Configuration\Policies\Administrative Templates\System\Driver Installation\Allow non-administrators to install drivers for these devices setup classesEnabled
  2. Device class GUID of printers: {4d36e979-e325-11ce-bfc1-08002be10318}
  Computer Configuration/Policies/Administrative Templates/Printers/Point and Print RestrictionsEnabled
  Security Prompts: When Installing Drivers for a new connection = Do not show warning or elevation prompt
  This article might help you out also:
  http://www.eversity.nl/blog/2012/09/windows-cannot-connect-to-the-printer-operation-failed-with-error-0x00000002/
  Cheers,
  Curt Winter
  Certified Microsoft Professional
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied. If you found my post helpful, please mark it as the answer.

• Unable to connect computers to a Windows Server 2012

  I have two brand new Windows 7 Professional computers that I want to connect to a Windows Server 2012 Essentials.  I'm able to download the connector software but when it is searching for the server I receive a message that "Cannot locate or identify
  your server". I tried both with the IP and FQDN but neither works.  I received in the server the following error message:
  Event code: 3005
  Event message: An unhandled exception has occurred.
  Event time: 3/31/2014 8:53:24 AM
  Event time (UTC): 3/31/2014 12:53:24 PM
  Event ID: 916a5b3024ce43549f54a925866b24d9
  Event sequence: 10
  Event occurrence: 1
  Event detail code: 0
  Application information:
      Application domain: /LM/W3SVC/1/ROOT/Connect-1-130407439956811749
      Trust level: Full
      Application Virtual Path: /Connect
      Application Path: C:\Program Files\Windows Server\Bin\WebApps\Client\
      Machine name: DRALHFS-01
  Process information:
      Process ID: 13760
      Process name: w3wp.exe
      Account name: NT AUTHORITY\NETWORK SERVICE
  Exception information:
      Exception type: HttpException
      Exception message: The remote host closed the connection. The error code is 0x800704CD.
     at System.Web.Hosting.IIS7WorkerRequest.RaiseCommunicationError(Int32 result, Boolean throwOnDisconnect)
     at System.Web.Hosting.IIS7WorkerRequest.ExplicitFlush()
     at System.Web.HttpResponse.Flush(Boolean finalFlush, Boolean async)
     at Microsoft.WindowsServerSolutions.Client.Website.Default.TransmitFile(String filePath, String nameToTransmit, Boolean endResponse)
     at Microsoft.WindowsServerSolutions.Client.Website.Default.RunComputerConnector(Object sender, EventArgs e)
     at System.Web.UI.WebControls.LinkButton.OnCommand(CommandEventArgs e)
     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  Request information:
      Request URL: https://dralhfs-01:443/connect/default.aspx
      Request path: /connect/default.aspx
      User host address: 192.168.1.101
      User: 
      Is authenticated: False
      Authentication Type: 
      Thread account name: NT AUTHORITY\NETWORK SERVICE
  Thread information:
      Thread ID: 8
      Thread account name: NT AUTHORITY\NETWORK SERVICE
      Is impersonating: False
      Stack trace:    at System.Web.Hosting.IIS7WorkerRequest.RaiseCommunicationError(Int32 result, Boolean throwOnDisconnect)
     at System.Web.Hosting.IIS7WorkerRequest.ExplicitFlush()
     at System.Web.HttpResponse.Flush(Boolean finalFlush, Boolean async)
     at Microsoft.WindowsServerSolutions.Client.Website.Default.TransmitFile(String filePath, String nameToTransmit, Boolean endResponse)
     at Microsoft.WindowsServerSolutions.Client.Website.Default.RunComputerConnector(Object sender, EventArgs e)
     at System.Web.UI.WebControls.LinkButton.OnCommand(CommandEventArgs e)
     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  Custom event details:
  This event entry appears every time I try to connect the machines.  I have verified the DNS entries and resolution and it works correctly. Any advise will be greatly appreciated.
  Thanks,
  Hector M. Devarie

  Hi Hector M.Devarie,
  Would you please check if can ping the server successfully by using server name and IP address? Please temporarily
  disable firewall and then connect to server again. And monitor the result.
  You descript “I'm able to download the connector software”. Would you please let me know the complete error
  message when can’t download. Or provide a screenshot, it will help me to understand this issue clearly.
  By the way, please check if IIS run as normal in the server.
  Hope this helps.
  Best regards,
  Justin Gu

• Unable to install Device CALs on Windows Server 2012 after OS Reinstall

  Due to a hardware fault we had to reinstall Windows Server 2012. I have activated the Terminal Services licensing Server but I am unable to install Device CALs that we have purchased.
  The error is as follows:
  "Remote Desktop Services Licensing is unable to process your request. Make sure you provided correct information. If the problem persists, try other methods of activation. Error code is 800"
  I tried contacting technical support over phone - they are also unable to resolve the issue.

  Hi, thanks for response.
  I contacted Clearing House over phone and provided them with all the details regarding authorization
  number(s), license number(s) et al. However they also mentioned that there is some technical error from their "tool" and directed me to Technet Forum.
  I shall try the Hotfix