User policies not applied hence dlu not working
We have 6 pc's that for some reason don't get user policies. Here's the
line from zmd-message.log of the workstation agent:
[1296] [ZenworksWindowsService] [56] [] [PolicyManager] []
[ApplyPolicies: Either user session is null or Device-only mode is
enabled or Zen logon module is not present; not applying user policies.]
The zone is 10.3.3, we use a user source connected to edir and the user
is getting user policies on other computers. What's this Device-only mode?
regards,
Limor
Found the problem. Our people disabled Zenworks User Authentication in
the registry.
On 13/09/2011 09:13, Limor wrote:
> We have 6 pc's that for some reason don't get user policies. Here's the
> line from zmd-message.log of the workstation agent:
> [1296] [ZenworksWindowsService] [56] [] [PolicyManager] []
> [ApplyPolicies: Either user session is null or Device-only mode is
> enabled or Zen logon module is not present; not applying user policies.]
>
> The zone is 10.3.3, we use a user source connected to edir and the user
> is getting user policies on other computers. What's this Device-only mode?
>
> regards,
> Limor
Similar Messages
-
SQL Server 2008 R2 Replication - not applying snapshot and not updating all repliacted columns
We are using transactional replicating on SQL Server 2008 R2 (SP1) using a remote distributor. We are replicating from BaanLN, which is an ERP application to up to 5 subscribers, all using push publications.
Tables can range from a couple million rows to 12 million rows and 100's of GBs in size.
And it's due to the size of the tables that it was designed with a one publisher to one table architecture.
Until recently it has been working very smooth (last four years)) but we have come across two issues I have never encountered.
While this has happen a half dozen times before, it last occurred a couple weeks ago when I was adding three new publications, again a one table per publication architecture.
We use standard SS repl proc calls to create the publications, which have been successful for years.
On this occasion replication created the three publications, assigned the subscribers and even generated the new snapshot for all three new publications.
However, while it appeared that replication had created all the publications correctly from end to end, it actually only applied one of the three snapshot and created the new table on both of the new subscribers (two on each of the
publications). It only applied the snapshot to one of the two subscribers for the second publications, and did not apply to any on the third.
I let it run for three hours to see if it was a back log issue.
Replication was showing commands coming across when looking at the sync verification at the publisher and
it would even successfully pass a tracer token through each of the three new publications, despite there not being tables on either subscriber on one of the publishers and missing on one of the subscribers on another.
I ended up attempting to reinitialize roughly a dozen times, spanning a day, and one of the two remaining publications was correctly reinitialized and the snapshot applied, but the second of the two (failed) again had the same mysterious result, and
again looked like it was successful based on all the monitoring.
So I kept reinitializing the last and after multiple attempts spanning a day, it too finally was built correctly.
Now the story only get a little stranger. We just found out yesterday that on Friday the 17th
at 7:45, the approximate time started the aforementioned deployment of the three new publications,
we also had three transaction from a stable and vetted publication send over all changes except for a single status column.
This publication has 12 million rows and is very active, with thousands of changes daily.
, The three rows did not replicate a status change from a 5 to a 6.
We verified that the status was in fact 6 on the publisher, and
5 on both subscribers, yet no messages or errors. All the other rows successfully updated.
We fixed it by updating the publication from 6 back to 5 then back to 6 again on those specific rows and it worked.
The CPU is low and overall latency is minimal on the distributor.
From all accounts the replication is stable and smooth, but very busy.
The issues above have only recently started. I am not sure where to look for a problem, and to that end, a solution.I suspect the problem with the new publication/subscriptions not initializing may have been a result of timeouts but it is hard to say for sure. The fact that it eventually succeeded after multiple attempts leads me to believe this. If this happens
again, enable verbose agent logging for the Distribution Agent to see if you are getting query timeouts. Add the parameters
-OutputVerboseLevel 2 -Output C:\TEMP\DistributionAgent.log to the Distribution Agent Run Agent job step, rerun the agent, and collect the log.
If you are getting query timeouts, try increasing the Distribution Agent -QueryTimeOut parameter. The default is 1800 seconds. Try bumping this up to 3600 seconds.
Regarding the three transactions not replicating, inspect MSrepl_errors in the distribution database for the time these transactions occurred and see if any errors occurred.
Brandon Williams (blog |
linkedin) -
Desktop wallpaper is not applying on windows 7, works XP machine
Hi Team,
I have created Desktop wallpaper GPO for our environment and the Desktop wallpaper is applying on XP machines not windows 7 professional, so could you please help me with this issue ?Hi
Could please check the article about method 2 for configure a registry key wallpaper configuration;
http://www.grouppolicy.biz/2011/03/best-practice-using-group-policy-to-configure-desktop-wallpaper-background/ -
Namespace Errors System Error 1355 - Specified domain does not exist or could not be contacted
Ok, lets start with my environment:
dc1 - windows server 2003 r2
dc2 - windows server 2012 r2
fs1- windows server 2003 r2
fs2 - windows server 2012 r2
Namespace - \\<fqdn>\data (the fqdn would be like contoso.microsoft.com)
I am in the process of migrating everything from server1 to server2 (dc and fs listed above). I am done with mostly everything except DFS. I have migrated the data, setup permissions, shares, etc. and replicated the data between fs1 and fs2.
I have verified that all data is currently replicated and up to date, so no backlogs. I am trying to add dc2 and fs2 as namespace servers. This is so that I can point all of the referrals to FS2 that way when I remove FS1 no one gets an error
about not being able to find the files. The problem is that from all 4 servers, I receive an error message when loading the namespace via DFS Management tool. I then thought because of the drastic differences between the versions, the next best
thing would be to export the namespace and then import it into the new server, but even attempting the export command (dfsutil) gives me the same error. My suspect is that the original namespace server was removed sometime ago without the previous IT
person properly migrating everything (but I am at a loss cuz here I am). I then thought if I go through ADSIedit, I can change the namespace server to the new one for all of my shares, and then possibly be able to load the namespace within the MMC tool
(again just a guess); however, I cannot find anything listed for namespace or remoteservers under the properties of the share.
Note: the namespace does work when I navigate to it from a PC. \\contoso.microsoft.com\data does bring up folders and files. (changed the name for obvious reasons)
At this point, I just want to have my new namespace server, so that I can change the referrals, and decommission my other servers. (And yes there are many other steps I need to perform for the decommissioning, but that's not the point of this). I
have read numerous articles on this and haven't found a way to accomplish what I want. Even though I walked through the steps listed for those issues and unfortunately they either did not apply or did not work. I prefer to not use ADSIedit if at
all possible, simply because it's not the "clean" way of doing things, but if I have no other option then I have no other option.
Edit 1: In event viewer on dc1, under File Replication Service on the left hand side, I see the following error appear numerous times (not every day, but still a lot). I have not performed any of the steps listed simply because
I do not know if this pertains to my problem and I don't want to start troubleshooting a server I plan on decommissioning unless I need to (say for the above issue):
Event ID: 13568
Source: NtFrs
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Replica root path is : "c:\windows\sysvol\domain"
Replica root volume is : "\\.\C:"
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.
[1] Volume "\\.\C:" has been formatted.
[2] The NTFS USN journal on volume "\\.\C:" has been deleted.
[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long time.
[5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication
Service.
[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
To change this registry parameter, run regedit.
Click on Start, Run and type regedit.
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\Services\NtFrs\Parameters"
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Edit 2: I have verified that firewalls are off and I can communicate to all 4 servers from each other.
Edit 3: Attempted to try and fix error reported in 'Edit 1'; however the registry key mentioned does not exist (looked at all 4 servers to verify).I think in your situation it would be worth trying the things listed under the event. It does have to do with FRS and it's easy to do. I've used it to fix journal errors after a server unexpectedly restarts and sysvol stops replicating. I
could see where it could fix your issue, and if it doesn't, you're out 5 minutes. :)
The listed registry key does not exist
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\Services\NtFrs\Parameters"
Double click on the value name
"Enable Journal Wrap Automatic Restore"
-
During a company merger a standard exchange org was converted to a multi-tenant setup. Problem: Address Book Policies not applied in Outlook, users see all address lists and default GAL. However, in OWA its all as expected, users see only what is allowed
by the ABP.
We followed the steps outlined in the MUlti-Tenancy and Hosting Guidance for Exchange Server 2010 SP2
http://www.microsoft.com/en-us/download/details.aspx?id=28192
It's EXCH 2010 SP3.
Any idea would be appreciated.Hi,
Please check whether the Default GAL changed in Outlook Online mode. The issue maybe occur when an Offline Address Book which is used for Outlook cached mode is not updated.
Please run the following command:
Get-OfflineAddressBook | Update-OfflineAddressBook
In Outlook client, we can do the following steps in Outlook to download Offline Address Book to check whether the issue persists:
1. Delete the *.oab files in the following folders in local machine:
\Users\<username>\AppData\Local\Microsoft\Outlook\Offline Address Books
2. Create a new Outlook profile that uses Cached Exchange Mode.
3. Start Outlook 2010 with this new profile.
4. In the ribbon click Send / Receive, click
Send/Receive Groups and then click Download Address Book.
Then check whether the Address Book is updated or not.
Regards,
Winnie Liang
TechNet Community Support -
Folder Redirection policy is not applied to a user, when the server target is changed.
After server target is changed via group policy, when user login (roaming profile)first time, the the new server target has not been applied, instead it's pointing to the old folder redirection path.
But if we reset the windows profile (roaming ), the new folder redirection works, can you please specify a solutions that the new folder redirection works when the user login for the first time. so it reduce the time on resetting users profile.
it seems that we need to delete the old folder redirection path from the user profile (roaming user profile) via group policy or similar solutions..
Many Thanks> But when the specific users login they all get the same error, it
Is the old server removed from the domain? Seems so - or some other
authentication related issue, hard to tell from here...
> seems that the roaming user profiles still keeps the old server details,
Yes - if you change redirection targets, FR moves content from old to
new, and only if this ends sucessfully, it will update the redirection
target.
Make the old redirection target accessible to the user and you'll be fine.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
"Local Policies User Rights Assignment" not applying
I bought Dell Vostro series computer with a Windows 7 Professional 64-bit OEM.
The OS cannot apply the changed User Rights Assignment in Local Policies.
Here is the step to re-produce the problem:
1. Launch "cmd"
2. Type "date 2014-06-20" in the command prompt. (i.e. try to change the date)
3. A error shown "A required privilege is not held by the client."
4. I go to "Control Panel > Administrative Tools > Local Security Policy".
5. I open "Local Policies > User Rights Assignment", and add "Everyone" to "Change the system time" and "Change the time zone"
6. Restart the computer
7. Launch "cmd" and type "date 2014-06-20", the same error message shown. That is, the policy is not applied.
Note: If I launch the cmd as administrator, no error will show.
I am not familiar with Local Security Policy and related and I tried to search online but not thing found (maybe I didn't know how to apply).
I would like to know how to resolve this problem from you. If you need more information like the log in Event Log, please tell me which one you need.
Thanks so much!Hi,
I tested this issue, after adding everyone to the group you mentioned above, I can successfully change the system time as a standard user. and the format is date 06-20-2014
I suggest you logon as admin, and manually check the policy, see whether it has been updated.
Yolanda Zhu
TechNet Community Support -
ZCM 11 Group Policies not applying to satellite servers
Hi there
We are running 2 Windows 2012 Primary Servers and a SQL 2012 Database server at our main site, all remote sites have SLES11 SP2/OES11 SP1 as satellite servers. We upgraded all servers last weekend to 11.3.1 and now have an issue with Group Policies applying to the satellites. The satellites are all set up the same with Authentication, Collection, Content and Imaging roles.
Since we upgraded Group Policies are (99% of the time) not applying on satellite sites. I have tried manually replicating content (I assume policies will come from content replication?) to the satellites - I've done this with a zac cdp replicate and zac cvc and everything seems to replicate over however I tried highlighting a satellite server and clicking on Action, Specify Content - select the Policy that is not applying and move it into the selected Content to update column and when I click finish I get the error "The Wizard cannot continue for the following reason(s): Unable to complete your request for the following reason: Error updating content"
On a managed device at the satellite site if you look at the properties of the Zenworks agent and click on Policies it has applied 4 device assigned policies successfully - Remote Management, Power Management, Application Launcher Config and Application Control Policy, also has successfully applied 3 out of the 4 User Assigned Policies - Mandatory Profile, Dynamic Local User, Application Control - but not the Windows Group Policy.
Our PCs are on Windows 8.1 and all policies were applying fine before the weekend upgrade......
Has anyone else had any experience of Group Policies not applying that could point me where to look? I have logged an SR with Novell through our reseller but as yet I am getting no response back at all, not even asking me for more information.
Many thanks
SharonSounds like you have a content replication issue more than a GPO issue.
Especially if the GPO works for locations that point to the Primaries
for Content.
Do you have throttling configured anywhere in any fashion?
You may need to increase the Replication Timeout to make sure content is
getting over to the Sats. Often increasing from 60 to 240 helps, but
watch out for throttling preventing content replication.
It is possible things are backing up.
On 7/31/2014 8:26 AM, shazzypoos wrote:
>
> I should add that when you looked at the "Click for Details" to the
> right of the Effective "Failed" status the message is "Policy
> Enforcement Failed : The action (0) threw an exception. Message (1).
> Exception (2) (grouppolicy, "None of the source locations could be
> found"
>
> Hmmmm! Currently in closest server rules there is only the server for
> the site it's on set - we do not want it to come back to the Primary for
> policies. As I say, this was working before the weekend upgrade. Thanks!
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Technical Support Engineer
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human. -
Group Policy Pref - Mapped Drives Not Applying to One User
Hi All,
I’m new to this list, so please excuse any etiquette slip ups.
I have three users at a site. All their machines are running Windows XP Service Pack 3 and have client side extensions installed. I created a group policy to map their default drives using GP User Preferences.
Each of the drives is set to "update".
As an example of the policy created XML is as follows:
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="H:" status="H:"
image="2" changed="2009-11-25 05:13:58"
uid="{8A44D2F4-AAE5-4F43-AEEC-D36F08EA619C}" desc="Maps the users H drive to
ServerName\users$\%username%" bypassErrors="1"><Properties action="U"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\users$\%username%" label="Home (ServerName)"
persistent="1" useLetter="1" letter="H"/></Drive>
and
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="J:" status="J:"
image="0" changed="2009-11-30 03:52:58"
uid="{535CD462-A45D-4363-ADA1-2316D5ECC703}" desc="Maps J drive for users to
\\ServerName\apps" bypassErrors="1"><Properties action="C"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\Apps" label="Apps (ServerName)" persistent="1"
useLetter="1" letter="J"/></Drive>
The group policy is applied to an OU for that site.
All three users are in the same OU.
All three users are also in the same “xxsitecode Users” group.
2 of the users log into their pc and get the mapped drives with no issue, but one user doesn’t.
There are no other login scripts and the user has no manually mapped drives.
He does have a H drive mapped using the profile field in his AD object as a temp measure. But every 90 mins any other manually mapped drives are removed by the policy.
We don’t use roaming profiles
To trouble shoot I have tried
- Reinstalling client side extensions
- Re-joining the pc to the domain
- Running gpupdate from the command prompt to see if any event logs are generated (none are)
- Manually mapping the drives to make sure there is network access etc – I can manually map them/he can access them.
- Creating the user a new account, when he logs in using that account he gets his mapped drives on all PC’s
- Getting the user to log into a different pc, when he does this he doesn’t get his drives – so it’s not his machine or profile
- Manually checking the security on the user object in AD against one of the users who gets their drives mapped
I'm sure the GP is fine because it works for two other users and the testing isolates his user account as the issue.
The Policy I’m having issues with is xxxx Mapped Drives/ Printers
I have posted this issue on the tech net GP discussion groups page, but haven’t had any replies.
Any suggestions would be appreciated.
SimoneWhat's interesting is that I applied a new GP to users - it has one policy setting and one preferences setting. He only gets the policy setting.. aka he gets the wallpaper but not the homepage.
Also, Jorke asked me to post the gpresult /z .
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 10/02/2010 at 2:19:34 PM
RSOP results for DOMAIN\USER on MACHINENAME : Logging Mode
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: SITECODE
Roaming Profile:
Local Profile: C:\Documents and Settings\USER.DOMAIN
Connected over a slow link?: No
COMPUTER SETTINGS
CN=MACHINENAME,OU=Laptops,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:06:38 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
au-mdwsus
Default Domain Policy
Legal Notice
Proxy Settings
Logon as service, operating system
AU-WSUS
Desktop Background & Home Page
Reg Permissions for default desktop
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
SITECODE Mapped Drives/ Printers
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The computer is a part of the following security groups:
BUILTIN\Administrators
Everyone
Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
MACHINENAME$
Domain Computers
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for Computer:
Software Installations
N/A
Startup Scripts
GPO: Desktop Background & Home Page
Name: image.bat
Parameters:
LastExecuted: 7:55:34 PM
Name: swiftdesktop.vbs
Parameters:
LastExecuted: 7:55:35 PM
Shutdown Scripts
N/A
Account Policies
Audit Policy
User Rights
Security Options
Event Log Settings
Restricted Groups
System Services
Registry Settings
File System Settings
Public Key Policies
N/A
Administrative Templates
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\CurrentVersion\Winlogon
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Desktop Background & Home Page
Setting: Software\Policies\Microsoft\Internet Explorer\Security
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
USER SETTINGS
CN=Matthew Luhrs,OU=Users,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:54:53 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
**** SITECODE Mapped Drives/ Printers - has Gp Pref's that should apply
Default Domain Policy
Proxy Settings
**** Desktop Background & Home Page - has Gp Pref's that should apply
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
AU-WSUS
Filtering: Not Applied (Empty)
Legal Notice
Filtering: Disabled (GPO)
Reg Permissions for default desktop
Filtering: Not Applied (Empty)
Logon as service, operating system
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
au-mdwsus
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The user is a part of the following security groups:
Domain Users
Everyone
Offer Remote Assistance Helpers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Computer Account Operators
Internet Users
SITECODE Users
DOMAIN-Public Folders Administrators
All Email Users
DOMAINSWIFTEMAIL
Domain Admins
Offer Remote Assistance Helpers
WSUS Administrators
DHCP Administrators
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for User:
Software Installations
N/A
Public Key Policies
N/A
Administrative Templates
N/A
Folder Redirection
N/A
Internet Explorer Browser User Interface
GPO: Proxy Settings
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
HTTP Proxy Server: Proxy:port
Secure Proxy Server: Proxy:port
FTP Proxy Server: Proxy:port
Gopher Proxy Server: Proxy:port
Socks Proxy Server: Proxy:port
Auto Config Enable: Yes
Enable Proxy: Yes
Use same Proxy: Yes
Internet Explorer URLs
GPO: Proxy Settings
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: Proxy Settings
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
GPO: Proxy Settings
Import the current Program Settings: No -
MCX Does Not Apply to Cross Realm User Accounts
Here's the situation:
Kerberos realm (REALM1) set up for user account access
AD created to allow authentication via REALM1 as well as AD (REALM2)
Mac OS workstations are bound to AD and local Mac OS Kerberos configurations on the clients allow authentication using user accounts defined in REALM1.
Users are able to log in to client workstations with no issues. Kerberos works fine within AD services. What we're attempting to do it get MCX policies to somehow apply when an AD account logs in to a Mac OS X workstation. We've been using either local MCX (dslocal) or OD (via Golden Triangle).
When a native AD account or local Mac OS user account logs in to Mac OS, policies are successfully applied. However, when a user account in our MIT Kerberos Realm logs in (REALM1), no policies are applied. It appears that policies exist when using mcxquery, although these policies are not apparent to the users that log in.
I also attempted to use mcxrefresh to get a better idea (with the -a switch for authentication), but it does not work since it bases authentication on REALM2 (AD) rather than REALM1 (MIT Kerberos). Since it cannot authenticate, no policies are refreshed and nothing applies.
I'm just wondering if anyone has seen this issue and if they managed to solve it, how they solved it. We're hoping to find a solution that does not require a CoD (Cylinder of Destiny) or LDAP schema changes.
Any info is appreciated.Hi Shiju,
Before going further, we can run command gpresult/h report.html with administrative privileges to collect group policy result report to check how group policy settings are applied.
Besides, we can try to install the following hotfix to see if it helps.
Users cannot access removable devices after you enable and then disable a Group Policy setting in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2
https://support.microsoft.com/en-us/kb/2738898?wa=wsignin1.0
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
ZCM DLU Policy Not Applying To Win7 Computer
I am running ZCM v10.3 and am preparing to migrate over to Active Directory. When I first setup ZCM, I created a DLU policy for my Windows 7 computers and its been working fine. However, its time to join my Windows 7 computers (running ZCM v10.3) to the AD Domain and I need to disable the DLU for the machines prior to joining the domain.
To do this I tried to exclude my test workstations from the DLU by adding the workstations to the exclusion list for the DLU Policy. My DLU policy is assigned to my Users so I used the "Excluded Workstation List" to attempt to prevent the DLU from applying to the workstation. This didn't work. I also tried the reverse by applying the DLU to the test workstation and adding users to the Exclusion list, but that didn't work either. I updated the version, ran "zac cc" and ran "zac ref bypasscache" but it didnt work.
I reassigned the DLU to all my Users and tried to use the registry to check for the existence and value of hklm\software\novell\zcm\zenlgn\domainlogin=1, but that didnt work either. I updated the version, ran "zac cc" and ran "zac ref bypasscache" but it didnt work.
Actually, the registry keys (DomainLogin and eDIRLogin) didn't exist so i had to manually add it using an AD GPO. I added DomainLogin and eDIRLogin and assign hexadecimal value of 1 to each DWORD via GPO (FYI). At this point I'm not even sure if the values of these keys are supposed to be set automatically upon login or if the admins manually control the values. Its not clear to me from the documentation on the Novell site. (http://www.novell.com/documentation/...stem_admin.pdf, pg 274)
(DLU Policy Filters not working)
I turned on debug by issuing the command: "zac log level debug", and would've attached the log here, but I don't know how. If anyone needs to see the log, please send me a link on how to attach a log and I'll do so.
I've tried so many different settings and combinations but i'm still unable to get consistent results. At some point I was able to get the DLU Policy to show up in the ZCM Agent properties with the status of "Not Applied" or "Not Effective" or something to that effect. That was the first time I was able to log in without the DLU applying. However it wasn't consistent among other machines so i kept testing. As it stands now, I have removed any filters and exclusions and now my test machine is not receiving any DLU policy and it should because I assigned the DLU Policy to my entire user base. I am totally lost.
Any help is appreciated.wanman,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
Help! Computer List policies not applying to computers
The computers are bound with LDAP to the xserve, in the computers list and have been restarted multiple times what can I do to make the policies apply?
ThanksAfter many hours of tinkering I have finally found what was wrong.
This is how to resolve this issue.
Problem:
Computer polices not applying although in computers list,after deleting MCX settings and LDAP plugin settings on the local machine.
Cause of problem.
Workgroup manager fails to remove certain records or up date them as things are changed.
Solution
Open work group manager and remove computers that are having these difficulties from the computers lists.
Now open preferences in work group manager. Select the box showing 'show all records' tab and inspector.
You should see in the left hand side a new tab appear next to groups users and computers list.
Select the accounts at the top and then click on the 'inspector tab'. This should now show a small drop down menu with several items in it.
Select computers, and delete the unnecessary or incorrect records for computers.
After this re add the computers to the computers list and your done.
If the preferences still didn't apply its now machine based and you should delete the MCX preferences on the machine and flush the MCX cache. -
W7 Group Policies not applying
We are planning on deploying Windows 7 Pro in our offices this coming year and I have been in the process of building my Windows 7 group policies from scratch by using the XP policies as a template. I have 3 policies that I create the standard lockdown, administrative mode, and IT. As I'm building the policies and the have the Group Policy editor open, whatever changes that I make do apply on my local machine, but after I save and upload the policies and apply them to machines the policy status in the Zen Notify Icon says that they have applied, but in function no policies have applied. I'm getting ready to start adding my Allow These Executables list but don't want to waste the time if the desktop look and feel and general access features aren't being applied correctly to the machines. Is there anything that I can check to see why this isn't working correctly?
I am making the policies from scratch on a Win7 Pro machine. When I use the GP Editor from ZCM to create and reopen the policies all of my policy details are applying correctly to my local machine which I am working on the policy with. When I apply them to Win7 systems the policy status under the ZCM desktop icon shows that they were applied successfully, but when trying do do anything prohibited by policy or checking the gpedit.msc everything says Not Configured. This is only happening to "Windows Group Policy" objects, DLU and Remote Control are working correctly.
-
Print preferences do not apply to CRM users
When Print Preferences are set for a document type (for example, print 2 copies on Add), they are applied to Professional users, but not to CRM users. While it seems reasonable to restrict CRM users from changing the print preferences, these are meant to be company-wide defaults and should apply to all users. I have verified with SAP support that CRM users are not affected by settings in the print preferences. We are currently using a work-around of setting the preferences in User Defaults for these users, but it is time-consuming and could be neglected when adding a new user. There is no reason why system defaults should not apply to CRM users.
Hi,
I agree with Meinolf. Besides, we can try to configure this setting under Computer Configuration and apply the GPO to the terminal server, in which way all users logging onto
the server will apply the setting.
Regarding how to add trusted sites, the following article can be referred to as reference.
How to configure Internet Explorer security zone sites using group polices
http://blogs.msdn.com/b/askie/archive/2012/06/05/how-to-configure-internet-explorer-security-zone-sites-using-group-polices.aspx
Best regards,
Frank Shen -
Email Address Policies not applying
Hi,
Before installing Exchange 2010 in our domain, we accidentally deleted few users, and restored back again. However, after installing Exchange, we can see that EAP are not applying to these users, but works fine for other users. Is there any tweak we can
apply to make EAP apply (ADSIEDIT, or other tool)?
Thank you for any help
alfa21Hi,
Is the e-mail address policy your default
e-mail address policy or a new policy you created before?
If the e-mail address policy is a new created policy, we can use the
Update-EmailAddressPolicy cmdlet to apply an e-mail address policy to all recipients:
Update-EmailAddressPolicy -Identity EMAIL_ADDRESS_POLICY01
We can use EMC to check whether the problematic users are listed in the
Default Email Address Policy preview:
http://exchangeserverpro.com/exchange-server-2010-email-address-policies/
Thanks,
Winnie Liang
TechNet Community Support
Maybe you are looking for
-
Japenese charc not prinitng while downloading ALV to excel
hI - I am dowaloading an ALV report to Excel file . But that ALV contains japenese charactres so after downloading to excel . it got converted to cryptic/garbage characters . Please advice
-
Can I run a company calandar on iCal?
I run my personal calandar on iCal and I love how intuative it is, that its color coded and how it syncs through my iCloud account. My company is looking to impliment a company calandar for workflow, meetings, days off, etc and I suggested iCal but e
-
How do I obtain column names and types?
I am using Visual Studio C++ to connect and query an Oracle database using SQL commands. My code works, but I don't fully understand it because I'm new to Oracle and it is modified example code. I need to obtain column names and types for a known tab
-
ok, i lost all the music on my powerbook in i tunes, it tells me it can't locate any of the songs. I'm backed up to the cloud so how do i get my music back? I have it on my iphone what to do?
-
Vista32 + Audigy + 5.1 Speakers = 2.1 Only?!
, I have updated the driver for my Sound Blaster Audigy for Vista but I can't change the speakers to 5., it jumps back to 2/2.. Can it be hardware or software conflict? Connections are perfectly fine and correct. I need some advice, please! :smileyin