Unable to edit Group Policies

Similar Messages

• Cannot Edit Group Policies - Windows Server 2003 R2

  Hello, everyone.
   I have a server running Windows Server 2003 R2 Standard Edition Service Pack 2 32-bit. Group policies were working fine until sometime last week. Now, whenever I would launch GPMC, I would get an error message that said "Windows cannot find gpedit.msc.
  Make sure you typed the name correctly and try again.' Then, after I click OK, I would get another error message that said "Failed to start the group policy snap-in. The gpedit.msc file may be missing, files with the .msc extension may not be associated
  with mmc.exe, or you may not have the appropriate rights."
  I removed GPMC to see if that would work, but I still get the same error messages when I try to edit group policies through ADUC.  I also tried de-registering and re-registering the gpedit .dll files but I did not have any luck.
  Is there anything else I can try? I do not have any group policies that I need to deploy at the moment, but I would like to get this fixed as soon as possible.

  > snap-in. The gpedit.msc file may be missing, files with the .msc
  > extension may not be associated with mmc.exe, or you may not have the
  > appropriate rights."
  So you verified that gpedit.msc exists and that it can be launched
  through "run"?
  > de-registering and re-registering the gpedit .dll files but I did not
  How did you do that exactly?
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Group owners unable to edit groups

  We migrated from portal version 3.0.9.8.5 to 9.0.2.6.18
  using verison4 of the upgrade scripts.
  Now group owners cannot edit groups.
  However when i login as portal30_admin or assign
  edit any group to group owners they can edit groups.
  Any pointers?

  This is a known bug in this version. You need to open a TAR for the solution.

• Unable to edit group email addresses

  I BCC my group, and the click on group to see and edit the addresses and the group names disappear. help

  Apple doesn’t routinely monitor the discussions. These are mostly user to user discussions.
  Send Apple feedback. They won't answer, but at least will know there is a problem. If enough people send feedback, it may get the problem solved sooner.
  Mail/Provide Mail Feedback

• Unable to edit Distribution Group membership via Outlook (works via ECP).

  SITUATION: I am attempting to enable the ability for specified users to edit the membership of Exchange 2010 distribution groups via Outlook 2010.  I have configured permissions via RBAC for them to be able to do this by following the instructions and
  running the script found here:
  http://msexchangeteam.com/archive/2009/11/18/453251.aspx
  After running the script, users specified as group managers are able to edit group membership through the ECP.  But when they attempt to do so via Outlook, they receive the same message that they would see if the permission to edit group membership
  was not enabled:
  "Changes to the public group membership cannot be saved.  You do not have sufficient permission to perform this operation on this object."
  QUESTION:  Does anyone have any idea as to why we are still unable to edit group membership via Outlook, when all the permissions appear to be enabled doing so?

  Click Start
   Collapse this imageExpand this image
  , point to All Programs , point to Exchange Server 2010 , and then click
  Exchange Management Shell .
  At the command prompt, run the following cmdlet:
  New-RoleGroup DistributionGroupManagement -Roles "Distribution Groups"
  At the command prompt, run the following cmdlet:
  Add-RoleGroupMember DistributionGroupManagement -Member <var>UserName</var>
  Open Outlook and try to remove from your distribution list those members that you could not remove before

• 11.2.3a - Unable to edit exsisting xp user policies

  Maybe I could get some help here. I am currently unable to edit XP group user policies from my zenworks 11.2.3a zone. All policies were "minted" uner the 11.2.2 version. I was able to edit policies no problem before the 11.2.3a Update. All machines have the 11.2.3a Group Policy helper activeX control installed on them (Fresh images not upgrades). Here are the problems I am having
  1. When the group policy editor opens, all my policies are set to "Not Configured", even though these are active working policies with many items configured
  2. Once in a ten or so tries, the group policy editor opens the ADM's correctly. I am able to configure the needed settings. The group Policy editor closes and echoes back theat the "Settings were successfully imported". The problem here is that the "upload button" stays dimmed out and I am unable to uplaed the configured policy.
  Not really to sure what is going on.

  mdymes wrote:
  >
  > Maybe I could get some help here. I am currently unable to edit XP
  > group user policies from my zenworks 11.2.3a zone. All policies were
  > "minted" uner the 11.2.2 version. I was able to edit policies no
  > problem before the 11.2.3a Update. All machines have the 11.2.3a
  > Group Policy helper activeX control installed on them (Fresh images
  > not upgrades). Here are the problems I am having
  >
  > 1. When the group policy editor opens, all my policies are set to
  > "Not Configured", even though these are active working policies with
  > many items configured
  >
  > 2. Once in a ten or so tries, the group policy editor opens the ADM's
  > correctly. I am able to configure the needed settings. The group
  > Policy editor closes and echoes back theat the "Settings were
  > successfully imported". The problem here is that the "upload button"
  > stays dimmed out and I am unable to uplaed the configured policy.
  >
  > Not really to sure what is going on.
  I've seen something like this in earlier versions as well - in my case
  it was the version of the browser I used and the security settings of
  this. What browser do you use?
  Do you see the same if you use the ZCC from antoher server?
  Niels
  A true red devil...

• ZCM 11 Group Policies not applying to satellite servers

  Hi there
  We are running 2 Windows 2012 Primary Servers and a SQL 2012 Database server at our main site, all remote sites have SLES11 SP2/OES11 SP1 as satellite servers. We upgraded all servers last weekend to 11.3.1 and now have an issue with Group Policies applying to the satellites. The satellites are all set up the same with Authentication, Collection, Content and Imaging roles.
  Since we upgraded Group Policies are (99% of the time) not applying on satellite sites. I have tried manually replicating content (I assume policies will come from content replication?) to the satellites - I've done this with a zac cdp replicate and zac cvc and everything seems to replicate over however I tried highlighting a satellite server and clicking on Action, Specify Content - select the Policy that is not applying and move it into the selected Content to update column and when I click finish I get the error "The Wizard cannot continue for the following reason(s): Unable to complete your request for the following reason: Error updating content"
  On a managed device at the satellite site if you look at the properties of the Zenworks agent and click on Policies it has applied 4 device assigned policies successfully - Remote Management, Power Management, Application Launcher Config and Application Control Policy, also has successfully applied 3 out of the 4 User Assigned Policies - Mandatory Profile, Dynamic Local User, Application Control - but not the Windows Group Policy.
  Our PCs are on Windows 8.1 and all policies were applying fine before the weekend upgrade......
  Has anyone else had any experience of Group Policies not applying that could point me where to look? I have logged an SR with Novell through our reseller but as yet I am getting no response back at all, not even asking me for more information.
  Many thanks
  Sharon

  Sounds like you have a content replication issue more than a GPO issue.
  Especially if the GPO works for locations that point to the Primaries
  for Content.
  Do you have throttling configured anywhere in any fashion?
  You may need to increase the Replication Timeout to make sure content is
  getting over to the Sats. Often increasing from 60 to 240 helps, but
  watch out for throttling preventing content replication.
  It is possible things are backing up.
  On 7/31/2014 8:26 AM, shazzypoos wrote:
  >
  > I should add that when you looked at the "Click for Details" to the
  > right of the Effective "Failed" status the message is "Policy
  > Enforcement Failed : The action (0) threw an exception. Message (1).
  > Exception (2) (grouppolicy, "None of the source locations could be
  > found"
  >
  > Hmmmm! Currently in closest server rules there is only the server for
  > the site it's on set - we do not want it to come back to the Primary for
  > policies. As I say, this was working before the weekend upgrade. Thanks!
  >
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Technical Support Engineer
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.

• Group Policies won't apply then un-configure themselves

  I'm having problem with Group Policies at ONE school (I have 59 other schools that are not having this problem).
  Running ZDM7sp1_SR4 on Netware 6.5 sp7 and e-dir 8.8- "Student Group Policy" files are sitting on sys\public\gpolicy\student\ I edit the Group Policy in ConsoleOne and then apply to Student container on Event:UserLogin; NDS Rights are for the entire School OU.
  Student user logs in, Policy does not apply on login. Open ConsoleOne to see if I missed configured something, and all settings I had previously set have disappeard- everything is unconfigured: Proxy settings and everything in Administrative Templates.
  Run WMSched on workstation, see the Student_Group_Policy is associated, and when I "Run Now" it runs for about 2 secs then goes back to "Not" running.
  WMgrpPolicy.log are exactly the same as the WMgrpPolicy.log a PC (at a different OU) that does have Group Policies applying. Line-by-line, they are identical.
  I don't know what to do next.

  It seems to mee that the settings you configure in ConsoleOne are not written to the policy files on the filesystem or the location of the files is incorrect.
  Could you verify that the location where the files reside (shown in top of the policy details screen) is writable to the user that creates the policy, and that it's readable by the workstations ?

• Unable to set group acl

  I am trying to import a 3.0.6 content area into a 3.0.6 portal
  schema. When I run contimp it imports the rows for the tables
  correctly. When it tries to merge I receive errors such as
  Unable to set group acl for: INTRANET/36/22025/FOLDER many times
  with the 22025 number changing. INTRANET is the name of the
  schema which I am importing the content area from.
  In the portal site the new content area name is present but
  there are no options for edit, properties etc and when I try to
  access the content area I receive Error 30502: The folder ID
  does not exist.
  Thanks for any help.

  Hi
  I took an export of my 3.0.6 content area using contexp. I then
  upgraded this portal schema to 3.0.9 which did not go
  correctly. The folders and content area is there but I cannot
  access the pages. I receive a 'Page not found' error. I am
  therefore trying to import the 3.0.6 export into another 3.0.6
  schema using contimp.
  Thanks for your help.

• Fiori: Failure unable to load groups

  Hello all,
  We have eprformed an upgrade of Fiori to wave2. (SAP UI SP09)
  But when starting the new launchpad we receive the error message: Failure unable to load groups.
  This is the URL resulting in an error message.
  Error we receive is status 404.
  The OData service PAGE_BUILDER_PERS is active and can be tested in SICF.
  We receive a correct response then.
  <host>/sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets('%2FUI2%2FFiori2LaunchpadHome')?$expand=Pages/PageChipInstances/Chip/ChipBags/ChipProperties,Pages/PageChipInstances/RemoteCatalog,Pages/PageChipInstances/ChipInstanceBags/ChipInstanceProperties,AssignedPages,DefaultPage
  Please advise.
  Thanks!
  Tags edited by: Michael Appleby

  Hello,
  we had the same error and fixed it by deleting the OData-Services and reconfigure them again:
  Transaction /IWFND/MAINT_SERVICE
  Select service ZINTEROP, delete SICF-Nodes (left bottom side), delete systemalias (right bottom side) and (important!) click again on ZINTEROP and choos "delete service".
  After that "add service", select your Systemalias, click "get services", choose /UI2/INTEROP and click "add selected services".
  We also had to to this procedure for the service "ZTRANSPORT" and "ZPAGE_BUILDER_*"
  Good Luck!

• Unable to edit the "Default Domain Controllers Policy" from a Server 2012 machine

  I am unable to edit the "Default Domain Controllers Policy" from a Server 2012 machine. The error message i recieve is:
  "Failed to open the group policy object.  You might not have the appropriate rights.  Details: The volume for a file has been externally altered so that the open file is no longer valid."
  The domain controllers are running Windows 2012 R2 upgraded from Windows 2008 R2, the domain functional level is Server 2012.
  I am able to edit the policy from both a Windows 7 and Server 2008 R2 machine.
  The following post is identical however the fix for them does not work for me:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/2d968a05-2cff-4dd0-9c5d-dd810d1fa66f/cant-edit-default-domain-controllers-policy-on-windows-8-or-server-2012
  Any ideas?

  MuhammadUmar
  Yes, the Unique ID is available on 2012 server
  Lany Zhang
  This only affects the default domain controllers policy object
  Another user added to amins and tested has no effect
  It is the same on another server
  DCDiag passes all tests
  Thanks for all your help so far

• Using Win2000 Group Policies to distribute runtime engine

  I have a Win2000 domain and would like to distribute the 7.1 runtime engine using Group Policies for a group of computers in the domain. I created the policy called LVRuntime and tried to add the 7.1 runtime MSI file to the policy under ComputerConfiguration\SoftwareSettings\SoftwareIns​tallation however I get the error message:
  "Add Operation Failed. Unable to extract the deployment information from the package. Run validation on the package to ensure the package is correct."
  MS has an article on this if the package is already installed on the system or if you are using a GPO of a different version, but neither are the case. I am creating the policy right on the Domain Controller just as I have many other policies like it.

  Hi Jordan,
  The MSI deployment through group policies is not supported for LabVIEW RTE. Although MSI is used as the outer layer, we use our own technology inside.
  Regards,
  Ankita A.
  National Instruments

• Unable to edit the forms in Adobe Acrobat 9 Pro and adobe pdf reader.

  Hai ,
      i am unable to edit pdf forms . on clicking on the form text field error message comes as "font capture" message heading and content as
  "C:\Windows\system32/ATMLIB.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."
  if pressed ok . aplication get closed
  i reinstalled all aplication with old versions but sill have the same error .please give  a solution . thank you.

  thank you for the suggestion, but I do not have a "Send Email" or "Submit" button available in my version. I have "Attach to email" option which automatically opens a new message in MS outlook (which I did not set up, it just started doing so automatically) without any further dialogue boxes or options.
  Also, this is only for regular PDF files, not forms.

• I am unable to edit an image in Photoshop.

  I just installed Lightroom 5.3, and I have Photoshop CS5.1 installed. The problem is that I am unable to edit an image in Photoshop. When I click Photo>Edit In, the option for Photoshop is not active (i.e., it's not black), so I can't click on it. Why are the options for Photoshop and all of the other Photoshop related options, such as Merge to Panorama, etc., not active? In Preferences I have the following settings: File Format = TIFF; Color Space = ProPhotoRGB; Bit Depth = 16 bits; Resolution = 240; Compression = None. I am using Windows 7.

  Chris:
  I have to apologize for being misleading on my request for help in
  resolving the problem.
  Actually the version I am using is CS2 not CS3.
  Yesterday I tried numerous times, and ways, to edit an image and each time
  it refused to allow me to save it.
  The software program just shut down. This evening when I decided to give it
  another try it worked perfect.
  Guess the program just took the day off.
  Thank you for offering to help
  Regards,
  Doug

• ASA 5505 VPN Group Policies (RADIUS) and tunnel group

  I have a single ASA firewall protecting a small private developing network, and I need it in order to access remotely to two distinct network spaces both of wich are VLAN tagged: 1 is LAN and 3 is management. Each net has its own IP address space and DNS server.
  I'd like to set up Anyconnect to land on lan 1, and SSL VPN in order to see the IPMI and management websites sitting on VLAN 3. In order to make things "safer" I have found a free OTP solution, OpenOTP, and I decided to implement it on a virtual machine, setting up a radius bridge to allow user authentication for VPN. I can pass wichever attribute I'd like to using this radius bridge (for example "Class" or "Group-Policy" or whatever is included in the radius dictionaries). 
  Actually all I need is quite simple. I have to segregate my remote users in 2 groups, one for Anyconnect, and one for SSL based on the radius response from authentication. (I don't need authorization nor accounting) I'm no Cisco Pro, what I've learnt is based on direct "on the field" experience.
  I'm using two radius users for testing right now, one is called "kaisaron78" associated to a group policy "RemoteAC" and a second one called "manintra" associated to a group policy called "SSLPolicy". "kaisaron78" after logging in should only see the Anyconnect "deployment portal", while "manintra" should see the webvpn portal populated with the links specified in the URL list "Management_List". However, no matter what I do, I only see the default "clean" webvpn page. This is an example of "sh vpn-sessiondb webvpn" for both users..
  Session Type: WebVPN
  Username     : kaisaron78             Index        : 1
  Public IP    : 172.16.0.3
  Protocol     : Clientless
  License      : AnyConnect Premium
  Encryption   : Clientless: (1)RC4     Hashing      : Clientless: (1)SHA1
  Bytes Tx     : 518483                 Bytes Rx     : 37549
  Group Policy : RemoteAC               Tunnel Group : DefaultWEBVPNGroup
  Login Time   : 10:59:33 CEDT Mon Aug 18 2014
  Duration     : 0h:00m:23s
  Inactivity   : 0h:00m:00s
  VLAN Mapping : N/A                    VLAN         : none
  Audt Sess ID : c0a801fa0000100053f1c075
  Security Grp : none
  Asa5505# sh vpn-sessiondb webvpn
  Session Type: WebVPN
  Username     : manintra               Index        : 2
  Public IP    : 172.16.0.3
  Protocol     : Clientless
  License      : AnyConnect Premium
  Encryption   : Clientless: (1)RC4     Hashing      : Clientless: (1)SHA1
  Bytes Tx     : 238914                 Bytes Rx     : 10736
  Group Policy : SSLPolicy              Tunnel Group : DefaultWEBVPNGroup
  Login Time   : 11:01:02 CEDT Mon Aug 18 2014
  Duration     : 0h:00m:05s
  Inactivity   : 0h:00m:00s
  VLAN Mapping : N/A                    VLAN         : none
  Audt Sess ID : c0a801fa0000200053f1c0ce
  Security Grp : none
  As you can see, it seems like the policies are assigned correctly by radius attribute Group-Policy. However, for example you'll notice no vlan mapping, even if I have declared them explicit in group policies themselves. This is the webvpn section of the CLI script I used to setup remote access.
  ! ADDRESS POOLS AND NAT
  names
  ip local pool AnyConnect_Pool 192.168.10.1-192.168.10.20 mask 255.255.255.0
  object network NETWORK_OBJ_192.168.10.0_27
   subnet 192.168.10.0 255.255.255.224
  access-list Split_Tunnel_Anyconnect standard permit 192.168.1.0 255.255.255.0
  nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.10.0_27 NETWORK_OBJ_192.168.10.0_27 no-proxy-arp route-lookup
  ! RADIUS SETUP
  aaa-server OpenOTP protocol radius
  aaa-server OpenOTP (inside) host 192.168.1.8
   key ******
   authentication-port 1812
   accounting-port 1814
   radius-common-pw ******
   acl-netmask-convert auto-detect
  webvpn
   port 10443
   enable outside
   dtls port 10443
   anyconnect image disk0:/anyconnect-win-3.1.05170-k9.pkg 1
   anyconnect profiles AnyConnect_Profile_client_profile disk0:/AnyConnect_Profile_client_profile.xml
   anyconnect enable
  ! LOCAL POLICIES
  group-policy SSLPolicy internal
  group-policy SSLPolicy attributes
   vpn-tunnel-protocol ssl-clientless
   vlan 3
   dns-server value 10.5.1.5
   default-domain value management.local
   webvpn
    url-list value Management_List
  group-policy RemoteAC internal
  group-policy RemoteAC attributes
   vpn-tunnel-protocol ikev2 ssl-client
   vlan 1
   address-pools value AnyConnect_Pool
   dns-server value 192.168.1.4
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value Split_Tunnel_Anyconnect
   default-domain value home.local
   webvpn
    anyconnect profiles value AnyConnect_Profile_client_profile type user
  group-policy SSLLockdown internal
  group-policy SSLLockdown attributes
    vpn-simultaneous-logins 0
  ! DEFAULT TUNNEL
  tunnel-group DefaultRAGroup general-attributes
   authentication-server-group OpenOTP
  tunnel-group DefaultWEBVPNGroup general-attributes
   authentication-server-group OpenOTP
  tunnel-group VPN_Tunnel type remote-access
  tunnel-group VPN_Tunnel general-attributes
   authentication-server-group OpenOTP
   default-group-policy SSLLockdown
  !END
  I had to set up DefaultWEBVPNGroup and RAGroup that way otherwise I couldn't authenticate using radius (login failed every time). Seems like in ASDM the VPN_Tunnel isn't assigned to AnyConnect nor to Clientless VPN client profiles. Do I have to disable both default tunnel groups and set VPN_Tunnel as default on both connections in ASDM ? I know I'm doing something wrong but I can't see where the problem is. I'm struggling since may the 2nd on this, and I really need to finish setting this up ASAP!!!!
  Any help will be more than appreciated.
  Cesare Giuliani

  Ok, it makes sense.
  Last question then I'll try and report any success / failure. In this Cisco webpage, http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ref_extserver.html#wp1661512 there's a list of supported radius attributes. Actually I'm using number 25 Group-Policy, in order to get the correct group policy assigned to users. I see, in that list an attribute 146 Tunnel-Group-Name. Will it work out for the purpose you explained in the previous post ? I mean, if I set up two tunnel groups instead of 1, 1 for anyconnect with its own alias and its own url, and 1 for SSL VPN again with its own alias and url, do you think that using that attribute will place my users logging in into the correct tunnel group ?
  Thank you again for your precious and kind help, and for your patience as well!
  Cesare Giuliani