User GPO policy issues - 2012R2

Similar Messages

• GPO Policy - Issue

  I am little frustrated when posting this question.
  What I have seen some GPO settings only apply when a computer is restarted.
  Can someone please elaborate on this behavior?
  Thanks,
  N

  > is because these desktops have not been restarted yet. I checked on the
  > one of the desktops to see if I could see an Event for background
  > processing but to no avail.
  Did you by chance disable background processing?
  Or set it to a really long interval?
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Hide Display Settings not applied in User GPO

  Hello,
  I am trying to hide the display settings via a GPO so folks can't change the resolution. I set the "Disable the Display Control Panel" setting to enable, but users can still go to the Control Panel and change the display settings. Other parts of
  the GPO are applying, like the Ctrl+Alt+Del settings. The GPO has the loopback function set to replace. From my understanding, that should force all user settings in that GPO on everyone who logs into the computer, whether they are in that OU or not.
  Some settings apply, just not the Display settings. Is there something else I have to enable to get that working?
  Thanks
  Jason Watkins MCSE, MCSA, MCDBA, CCNA

  Hi Jason,
  It's been a while. How is it going? If it still doesn't work out, we can run command
  gpresult/h report.html to collect group policy result to check this. Note: to collect computer part group policy settings, we need to run the command with administrative privileges.
  In addition, regarding troubleshooting group policy issues, the following thread can be referred to as reference.
  [Forum FAQ] Common steps to start troubleshooting Group Policy application issues
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/382c97e8-93c8-4022-b8fe-22401037d14c/forum-faq-common-steps-to-start-troubleshooting-group-policy-application-issues?forum=winserverGP
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Customizing User Name Policy OOTB Plugin

  Hi
  I want to use the User Name policy generation plugin to generate the user id for an oim user. But the requirement is that we have to create the User ID with Preferred Name(not with first name) and Last Name and the issue is that in the code we cannot get the attribute other then the attribute coming in the HashMap. So the question is , Is there any way in which we can pass this UDF to that hashmap or can get the value in the code?
  Please note Preferred name is a UDF and coming from the trusted Source.
  Thanks in Advance

  Maybe i've partially solved the issue, I've noted that during the user creation procedure the username field is mandatory in the for so I must specify a value.
  Maybe the validation procedure of the OOTB username policy returns alway a true value so the field is always converted in UPPERCASE and the username generation rule is never called
  How can i set a non mandatory account name field ?

• OU Group Policy over-riding User Group Policy

  I'm using ZfD 4.01 ir7 and have a restrictive Group Policy applied at the
  OU level. I've created a less restrictive Group Policy and assigned it to
  a user within the above mentioned OU but the settings are not
  taking...the OU Group Policy is over-riding the user Group Policy. The
  appropriate rights have been assigned and this configuration is working
  for other users/OUs in the tree. I've run a dsrepair against this
  partition and no errors were reported.
  Any suggestions to resolve this would be greatly appreciated.
  Ryan

  Paulr,
  It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
  - You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
  If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Loopback GPO on Replace prevents other user GPOs from applying

  I had the need to create a GPO and use a loopback.  Simple little GPO, just to add some stuff to trusted sites on a specific Citrix server.  I created it as a user GPO then did a loopback so I could apply it to only the application hosting XenApp
  server I wanted.
  I set the loopback to replace, just because it was default and the trusted site settings were not applied anywhere else; I didn't really care.
  Long story short, when I linked that GPO, it, for some reason, prevented all other user GPOs from applying.  Not denied, they just didn't even show up.  
  I figured it out shortly after, and when I changed it to merge, the other user GPOs applied again.  This is not the way I believe Loopback is supposed to work, in either replace or merge.  
  Any insight on why that might have happened?

  > Long story short, when I linked that GPO, it, for some reason, prevented
  > all other user GPOs from applying.  Not denied, they just didn't even
  > show up.
  > I figured it out shortly after, and when I changed it to merge, the
  > other user GPOs applied again.  This is not the way I believe Loopback
  > is supposed to work, in either replace or merge.
   This actually IS the way it is supposed to work:
  http://evilgpo.blogspot.com/2012/02/loopback-demystified.html
  http://blogs.technet.com/b/askds/archive/2013/02/08/circle-back-to-loopback.aspx
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))
  That makes a lot more sense.
  What it says on the GPO itself is:
  "Replace" indicates that the user settings defined in the computer's Group Policy objects replace the user settings normally applied to the user.  
  I was interpreting that as GPOs it would replace were only the settings in the loopback.

• Pulseaudio and systemd --user: DBus scope issues?

  Hi,
  I have a multi-seat setup, so I need user-wide pulseaudio and whatnot. I'm trying to setup my boot through systemd --user.
  Testing audio working apps are firefox, mpv, and mpd. The problem is:
  - If I start pulseaudio and mpd manually everything is fine (no use of systemd)
  - If I start pulseaudio through systemd no application has sound.
  - If I start pulseaudio and mpd through systemd only mpd has sound.
  raimundoyamtech~$ cat .config/systemd/user/pulseaudio.service
  [Unit]
  Description=PulseAudio Sound System
  After=sound.target
  [Service]
  ExecStart=/usr/bin/pulseaudio
  [Install]
  WantedBy=multi-user.target
  raimundoyamtech~$ cat .config/systemd/user/mpd.service
  [Unit]
  Description=Music Player Daemon
  After=network.target sound.target
  [Service]
  ExecStart=/usr/bin/mpd %h/.config/mpd/mpd.conf --no-daemon
  ExecStop=/usr/bin/mpd %h/.config/mpd/mpd.conf --kill
  Restart=always
  [Install]
  WantedBy=multi-user.target
  If I add BusName=org.pulseaudio.Server to the pulseaudio.service nothing changes.
  Using pulseaudio's autospawn=yes leads to what seems to be same behaviour: mpd by systemd starts pulseaudio and is the only app with sound.
  ./config/pulse/client.conf only contains default-sink. Everything else is default.
  Using alsa alone is not an option because of firefox.
  Any thoughts?
  EDIT:
  raimundoyamtech~$ systemctl --version
  systemd 208
  +PAM -LIBWRAP -AUDIT -SELINUX -IMA -SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ
  raimundoyamtech~$ pulseaudio --version
  pulseaudio 4.0
  Last edited by Raimundo (2013-10-23 10:08:13)

  ewaller wrote:
  Please do not bump.   I understand the frustration; really, I do.  But, these are very active forums with some very good technical people lurking about.  I guarantee your post had been read.  I read it.  I did not have an answer, as I have never seen that behavior afore.   I am certain that was true for many other regulars.
  In the future, you can bring focus to a thread by providing more information..  Tell us what you have tried, what you have read since the last post, etc.  At least it gives the impression that you are working the problem rather than merely waiting for a response.
  I don't know almost anything about systemd, especially because it changes so rapidly and documention is so scarce and outdated that either I read the whole documentantion for my version in hopes of finding my problem (something for which I do not have time) or post a topic.
  I posted everything I touched regarding systemd since the installation of my system, that's all the relevant information I know I can give, so at this point I had no more info to give.
  Actually posting a topic is really my last resort, it usually means that I have already tried everything I knew and I'm hopeless already.
  raimundoyamtech~$ loginctl list-sessions
  SESSION UID USER SEAT
  2 1002 carla seat0
  1 1000 raimundo seat0
  2 sessions listed.
  raimundoyamtech~$ loginctl show-session 1
  Id=1
  Timestamp=Tue 2013-10-29 12:33:47 WET
  TimestampMonotonic=6670234
  VTNr=1
  TTY=tty1
  Remote=no
  Service=login
  Scope=session-1.scope
  Leader=1456
  Audit=1
  Type=tty
  Class=user
  Active=no <----- Is this what you are talking about?
  State=online
  IdleHint=yes
  IdleSinceHint=1383050072367636
  IdleSinceHintMonotonic=0
  Name=raimundo
  raimundoyamtech~$ loginctl show-session 2
  Id=2
  Timestamp=Tue 2013-10-29 12:33:47 WET
  TimestampMonotonic=6667439
  VTNr=2
  TTY=tty2
  Remote=no
  Service=login
  Scope=session-2.scope
  Leader=1453
  Audit=2
  Type=tty
  Class=user
  Active=no <----- Is this what you are talking about?
  State=online
  IdleHint=yes
  IdleSinceHint=1383050025387636
  IdleSinceHintMonotonic=0
  Name=carla
  raimundoyamtech~$ loginctl show-session 3
  Failed to issue method call: No such file or directory
  What is an active session? Oo Never heard of it
  I could start things. Pulseaudio started, so did mpd. I also have a /usr/lib/systemd/systemd --user process started for each user. I assumed this would be it since this
  raimundoyamtech~$ systemctl --user
  Failed to issue method call: Process /bin/false exited with status 1
  always happens and I've read that systemctl --user is no longer required.
  [EDIT]
  Fixed it. Don't remember where I read that it wasn't required, just that it was in the same place I found someone else complaining about getting this error.
  For anyone else encountering this: sed -i s/system-auth/system-login/g /etc/pam.d/systemd-user
  and systemctl --user will work. Insults fly out to the one who wrote it wasn't required!
  Still am not able to get an active session though
  [/EDIT]
  Why would there be a need for anything else? I'm gonna check on that. Thanks!
  See, the bump worked ^^ but ok I'll try to refrain from doing that next time. Sorry.
  Last edited by Raimundo (2013-10-29 16:27:55)

• Users are having issues w/ the community page for pa.

  It seems other users are having issues with accessing the community page for pa, as noted on
  URL: http://www.dslreports.com/forum/r22862991-Any-else-out-there-having-issues-w-the-community-page-4-pa
  Title/Location: DSLR (dslreports.com) Forums -> US Telco Support -> Verizon -> Verizon Fiber Optics -> Any else out there having issues w/ the community page 4 pa?
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

  This is what I told at the online chat..
  Richardo: if some people can get to both URLs and others can only get to the new one that could be that the old one is being done away with or if not that then it would have to be the setting for those computers that are not getting to the old one.
  Me: Like what kind of settings?
  Me: I have, as you may know, A Static Public IP (IP, Subnet Mask, Default Gateway, and DNS Servers) as assigned by Verizon.
  Richardo: that would be the settings within the browser.
  Me: like cache, or proxy server for example... ?
  Me: connection setting
  Me: You do not need to tell me where these settings are, just what type of browser settings...
  Me: Please, and thanks.
  Richardo: the security , cookies, temporary internet files
  [EDIT] My appolgies for Cross posting.
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

• Application User Passsword Policy

  Hi,
  I am using Oracle APPS 11i.
  How can I incorporate Special character as mandatory in Application user Password policy.
  Thanx

  Check Note: 362663.1 - How to implement (Signon Password Custom) Profile Option in Oracle Applications 11i
  https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=362663.1

• Access policy issues and daylight savings

  I have the WRVS4400N. I have purchased a few Linksys routers in the past and have been happy with their operation. The wireless access however, was mediocre until I purchased this model. This model has great a great wireless connection. I like the fact that I can make many changes to the settings on the router without having to reboot the router. The performance of this router in combination with the cable modem has been excellent. It far outperforms the equipment that it replaced. I will normally pick a linksys product over another brand.
  I am having 2 intermittent issues that are really causing me grief and an additional couple of annoying issues. I need help in fixing these issues. I have confirmed that I have the latest firmware version.
  1) Some computers do not have connection to the internet. As if the security policy is confused about the time or connection. I really think this is a security policy issue, but I will let you decide.
  2) There are some computers that I allow a 24/7 connection to the internet. For the rest I don’t want them to have access between the hours of 12a-6a. I have found that the connection doesn’t always shut-off. I have kids and do not want them to have access during those hours. I never had problems with my previous linksys router.
  3) I am unable to set an access policy that spans the 5 min between 11:55p and 12a. In my previous linksys router I could.
  4) The new daylight savings schedule is not part of my current firmware. This really threw off my security policies.
  I have found that if I reboot or if I simply goto the security policy screen and click on save settings it seems to correct itself. But, I shouldn’t have to babysit it to make sure that it’s working correctly. When I am out of town I need to know that my security policies will continue to work while I am away.
  Here’s my set up:
  1) I have a linksys cable modem that connects me to the internet through my cable provider.
  2) I have the linksys wireless (WRVS4400N) router that connects to the cable modem.
  3) I have a 3Com Superstack II switch as the backbone of my network which connects to the router.
  4) I have several devices connected to this router: computers, xbox, vonage phone line.

  This is EXACTLY what my router is doing...
  2) Access restrictions do not work, PERIOD...."ALLOW" will disable internet access for the entire subnet (regardless of the rule), and "DENY" will prevent uploading of file attachments to hotmail, myspace, facebook etc....for every computer on the subnet.
  Message Edited by DSMKilla on 10-26-2008 11:08 AM
  (Edited post for guideline compliance. Thanks!) 
  Message Edited by JOHNDOE_06 on 10-26-2008 11:39 AM

• A User facing a issue of "Collaboration Folder is not created"

  Dear All,
  A user facing an issue of collaboration folder is not created even through they have created in the SRM Potal.
  Can anybody put some light on the issue as soon as possible.
  Thanks,
  Pranav

  Hi
  Please refer below URL.
  cFolder settings in SRM
  Thanks
  Karitkeya

• Deny user based policy for a specific computer

  I have a user based policy that deploys software for specific users when they log in to their Windows 7 workstations.  
  Some of these same users also have login access to a test server.  I am trying to prevent the software deployment policies from being processed when users login to this test server.  I have denied the 'read' and the 'Apply group Policy' security settings
  to the test computer, but since it is a user based policy I believe these computer level denies are being ignored.  
  I have looked into loopback processing but I cannot grasp how it would fit in to my environment.     Do I enable the loopback processing in the same policy that deploys the software?  
  Any suggestions?

  Use loopback merge in the policy of the software that I want to keep?  Or in the Policy I want to deny?
  I finally got it to work.
  I moved the computer object to a new OU and blocked inheritance.<o:p></o:p>
  I created a new policy that only has Loopback Policy enabled (replace).
   I linked that new policy to the OU that has the test server.<o:p></o:p>
  I removed any loopback processing settings from any other policies. I left them at 'Not Configured'.<o:p></o:p>
  For the software I was trying to block I modified its security permission to read DENY for the computer object (Computer Name) of the test computer
  .  ('Apply group policy' was left blank).<o:p></o:p>
  I then linked all other software deploy policies to this new OU and modified the security filtering from authenticated users to whichever users specifically
  needed the software.<o:p></o:p>
  Ran Gpresult /R /scope computer and verified that the only computer policy the server was receiving was my loopback policy<o:p></o:p>
  Reboot test server.
  <o:p>Thanks everybody for your help!</o:p>

• ISE 1.1.1 - User Accept Policy keeps returning

  Hello there
  I have an ISE 1.1.1 setup, with a guest portal. The AD can be used to log onto this portal, and the Guest Portal Policy Configuration is on First Login.
  However, every time a AD user logs in on the portal, he has to accept the User Accept Policy. Is this a bug? Or is there a configuration error?
  Greetings

  Steve,
  It should be able to redirect users based on the username and device that they are authenticating from, if you look at the endpoint there is an attribute that is AUP specific once that is set to yes, the profiling database should have this flag set so it isnt redirected to the AUP after login.
  In your authorization profile is the client being redirected to another authorization policy after CoA?
  Please post screenshots of the authorization policy, the endpoint attribute, and the authentication events....
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• LMS 4.2 compliance reports for the User-Defined Policy Groups.

  Dear team,
  I need your help to know if i will be able to export compliance reports in PDF or CSV for the User-Defined Policy Groups.
  I have checkedk the reports tab and i was able to export compliance reports in PDF format inly for the system defined policies but i couldn't i find any option to export these reports for the a user defined compliance policy.
  Kindly let me know if this is possible.
  Regards,
  Muhannad

  Dears,
  Do anyone have an idea about this question?
  Regards,
  Muhannad

• Doubt regarding User Name Policy

  Hi,
  I have a requirement where I have to generate User Login based on First Name,Last Name and Employee Number(Employee Number generated in pre-process event handler). We have trusted recon in place. So. I opted for User Name Policy. I have written custom code and implemented it as per instructions in Article ID:[ID 1228035.1].
  But when I create a User through UI, User name policy is getting triggered ahead of Employee Number pre-process handler. And as a result, Employee number is generated as NULL. How can I change this order of triggering between User Name policy and Employee Number pre-process handler?
  Also how exactly is this User Name policy triggered? Is it an event handler? If it is a pre-process event handler, how will it trigger for trusted recon as trusted recon supports only post-process event handlers?
  Thanks
  DPK

  Hi,
  Any suggestions on this please.