Windows 8.1 Group Policy to Force Domain Logon as Default?

Similar Messages

• How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

  Dear All,
  We are having an infrastructure setup of around 500 client computers managed through group policy.
  Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
  Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
  It would be great if you can assist me with the following query.
  How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
  Can we disable Network Tab on the left hand pane ?
  explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

  >   * explorer.exe is blocked already, but users are able to enter the
  >     Windows Explorer by clicking on the name which is visible on the
  >     Start Menu.
  You cannot block explorer.exe when you do not replace the shell - the
  desktop you see effectively IS explorer.exe...
  Your requirement sounds like you need a custom shell:
  http://gpsearch.azurewebsites.net/#2812
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• File and Printer sharing on Windows 7 Through Group Policy

  Hi,
  I was wondering how to enable File and Printer sharing on Windows 7 Through Group Policy. I have enabled the policy called: Allow inbound file and printer sharing exception.
  But when I go to advanced sharing settings, it's still turned off.
  Windows Server 2003 AD Domain, and I'm using the Group Policy Manager from my Windows 7 machine to edit the policy.
  Any ideas?

  Hi,
  Based on my knowledge, there is no Group Policy setting for enabling and disabling File and Printer sharing. To do this, you may need to write a script and you can go to our Scripting Forum for help.
  In addition, I would like to share the following with you:
  Enable or Disable File Sharing for a User or Group by Using Group Policy
  Network and Sharing Center Group Policy Settings
  Hope this helps. Thanks.
  Nicholas Li - MSFT

• RDS 2012 R2 - How do I lockdown access to Local Computer Management and Windows Backup via Group Policy

  Greetings all,
  I am needing assistance in how to lockdown access to Local Computer Management and Windows Backup via Group Policy for users that access RDS service. I have followed this awesome guide - h t t p://w w w.it.ltsoy.com/windows/lock-down-remote-desktop-services-server-2012/
    - but it is missing two important resources that I would like to lock down.Currently, I have successfully locked down Control Panel for users via Group Policy, but I cannot find any group policy or guide on how to restrict user access
  to Computer Management (different to Server Manager). When using Win-X shortcut to open the 'Administrator's shortcuts' near the windows icon, I have locked down everything except Computer Management. Computer Management gives direct access to Disk Management,
  Shares etc, which are locked down for users. But Windows Server Backup is still accessible. Can someone please guide me on how to restrict access to both Computer Management and Windows Server Backup.
  Thanks in advance.
  Terry.

  Prevent running of Windows Server Backup
  Computer Configuration\Policies\Windows Settings\Security Settings\File System
  Right click on File System - Add File - Drill down to \System32\wbadmin.msc
  On the Database Security ACL that pops up - Remove Creator Owner, Remove Users and check Adminstrators have Full Access.
  On the Object window - choose Propagate inheritable permissions to all... (Default)

• How do I set firefox as the default browser in Windows Server 2012 Group Policy Editor?

  Hello, I am unable to set firefox as the default browser despite multiple different attempts to do so using group policy.
  I have:
  - Set a registry command (targeted at 32/64 via a WMI query) to reset the opening command as shown below:
  HKEY_CURRENT_USER\Software\Classes\http\shell\open\command
  "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"
  - Set a powershell logon script to run (that does run):
  firefox.exe -silent -setDefaultBrowser
  Despite setting the above it seems the client computers browsers are not affected by the settings above. When the script runs or if I run the command above a UAC window pops up and requests that I accept the command (for the setDefaultBrowser) but even if I click yes as an administrator it does nothing.
  Since GPO in 2012 has changed perhaps there is something that I am missing? Do I need to somehow disable Windows Internet Explorer from achieving default browser status?
  Please do not reply if you will suggest that I use Internet Explorer Maintenance (since this function in GPO has been disabled since IE10)
  My DC is Server 2012, my client computers are Win7 32/64.

  The above reply does not take into account that I am trying to use GROUP POLICY EDITOR to make it the default browser.

• Is there a group policy to force all workstations in an OU to logoff?

  Hello,
  Is there a group policy to force all workstations in an OU to logoff?
  Thanks in advance.

  I have not seen a policy related to log off users of specific OU's, but why not to give this a try:
  import-module activedirectory
  $Computers=Get-ADComputer -Filter * -SearchBase "ou=hadock,dc=hadock,dc=net"
  foreach($PC in $Computers)
  (Get-WmiObject win32_operatingsystem -ComputerName $PC.name).win32shutdown(4)
  Above script uses WMI to send force logoff requests to clients in Hadock OU.
  Hope it helps.
  Mahdi Tehrani Loves Powershell
  Please kindly click on Propose As Answer
  or to mark this post as
  and helpfull to other poeple.

• Disabling windows update via group policy

  hi,
  i would like to disable automatic windows upate via group policy on windows server 2008. is it possible?
  thanks.
  sundeep

  hi,
  disabling the automatic update is not a recommended practice, but here are the steps,
  Click Start, and then click
  Run.
  Type gpedit.msc, and then click
  OK.
  Expand Computer Configuration.
  Right-click Administrative Templates, and then click
  Add/Remove Templates.
  Click Add, click
  Wuau.admin the Windows\Inf folder, and then click Open.
  Click Close.
  Under Computer Configuration, expand
  Administrative Templates, expand Windows Components, and then expand Windows Update.
  The Configure Automatic Updatespolicy appears. This policy specifies whether the computer receives security updates and other important downloads through the Windows Automatic Updates feature. The settings for this policy let you specify if
  automatic updates are enabled on the computer. If the service is enabled, you must select one of the three configuration options.
  To view the policy settings, double-click the
  Configure Automatic Updatespolicy.
  To turn on Automatic Updates, click
  Enabled or to turn off select
  Disabled
  hope this helps
  thanks

• Windows Active directory group policy objects

  Like many small to medium businesses, we use Firefox in addition to Internet Explorer. The Windows Active Directory group policy objects we have for IE works nicely in all versions of IE. Firefox on the other hand has stopped playing ball. Any policy files I have found on the Internet simply does not fire when used in Windows Group Policy. We have Windows 2008 R2 servers with Windows 7 clients.
  Does Mozilla have official group policy objects that will work with Windows Active Directory group policy and is supported in Firefox versions 27 onwards? A lot of the material on the Internet are simply workarounds to achieve something simple.
  I believe this may have been asked several times already, but no definitive answer has been supplied to
  resolve the issue to my knowledge.
  Thanks and regards

  To my knowledge, Firefox historically has not had integration with group policy, and third party tools have been required to bridge the gap. You may have found templates that work in one of those tools.
  These threads have links to third party tools, articles, mailing lists, and other resources:
  * [https://support.mozilla.org/questions/980567 i need to include the Firefox Browser Configuration in my Group Policy and Control Proxy and Browsing Settings]
  * [https://support.mozilla.org/questions/978874 Is it possible to configure firefox using group policy]
  Please report back if you find a solution. Thanks.

• Group Policy - Computer Startup Scripts - Add/Set Default printer

  Good Morning.
  Let's say we have 2 offices, A and B, and only 1 user.  The user is using Roaming Profiles.  Each office has its own printer.
  What I am trying to do, is make a Startup script that is specific to the COMPUTER being logged into so when any user logs into that computer, they get the printer in that office defined and set as default.
  I am able to do this successfully with my script but ONLY if i have the script be on the USER side of GP (i.e. in the Logon script section)
  That is great that that is working however, when my user goes to Office B, they still get mapped to Office A's printer if I use that method.
  So I figured I could just modify my GP and run the same script from the STARTUP section of the computer, rather than the LOGON section of the user.  It does not work.
  Here is my script:
  Set WRFCUNetwork = CreateObject("Wscript.Network")
  PrinterPath = "\\fileserver\MAINTELLER"
  PrinterDriver = "PrinterDriver"
  WRFCUNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
  WRFCUNetwork.SetDefaultPrinter "\\fileserver\MAINTELLER"
  This is where I Have the script placed:
       Computer Configuration -> Windows Settings -> Scripts(Startup/Shutdown)
  Once i'm in there, I double click Startup, click Add, and select my script which is named:
       MainPrinterSetup.vbs
  I have this GP applied to ONE OU, and that OU has ONE computer in it (my test computer)
  I login with a brand new user called "testuser" (creative, huh?) and basically nothing happens
  except they log in and have some Microsoft Document Image Writer printer set as default (which by the way sure does slow the PC down to the point of it almost being broke if anyone actually tries to print to that by accident)
  No Main Teller Printer, no anything.
  The strangest part about this is, if i apply this script to the user LOGON scripts, it works fine, the printer is there, and is set as default. (but see above why that wont work for my situation)
  So obviously the script works fine, but I guess i'm missing something when it comes to applying GP's to Computers rather than Users.
  Can anyone shed some light as to why the script is not running (i'm guessing the script isn't even attempting to run, rather than failing, but i have no way to know that)
  Thank you in advance!!
  Derek Conlon
  Network Administrator
  WRFCU
  EDIT:  Here are the PC's info that i'm working on:
       Server:  Windows Server 2003 Standard Edition (where my GP's are created and managed with AD)
       Target PC:  Windows XP Professional SP3
  EDIT #2:  I manually navigated to the Script file after logging in and "opened" it and it added and set the default printer no problem.  the issue is definately with the script running at startup.

  I wanted to clarify a few things:
  1. While it is true that printer connections are usually per user, it is definitely possible to create "global printers".  There are a number of ways to do this, but two methods that come to mind are using:
  a. "Rundll32 printui.dll,PrintUIEntry" option with the "/ga" switch.  The "/ga" switch is the key here since it allows you to deploy printers "per machine" instead of "per user".  More information
  about this is available at:
  http://members.shaw.ca/bsanders/NetPrinterAllUsers.htm
  http://technet.microsoft.com/en-us/library/ee624057%28WS.10%29.aspx
  http://www.computerperformance.co.uk/Logon/logon_printer_computer.htm
  http://www.robvanderwoude.com/2kprintcontrol.php
  b. The Print Management console that is available in Windows 2003 R2 and higher can help you deploy printers "per machine" in addition to "per user".  More information about this is available at:
  http://www.czsolution.com/print-management/print-management/print-management-console.htm#DeployingPrintersByGroupPolicy
  http://technet.microsoft.com/en-us/library/cc753109%28WS.10%29.aspx
  2. As Guy mentioned, Group Policy Preferences can help set the default printer.  But there is another way to accomplish this.  The problem with the computer startup portion is that it runs before the user logs in.  And applying this script
  in the login script section would not work per computer unless you used loopback processing.  So another way to do this is to place a script that sets the default printer into the "All Users" startup folder.  Items in the "All Users"
  startup folder run for any user that logs into the computer, but it runs in the user's context.  So, this script would effectively set the default printer on a "per machine" basis.  The script method is a cruder way to approach the problem,
  but it will help get the job done.  Here are some resources on setting the default printer via script:
  http://www.intelliadmin.com/index.php/2007/08/set-default-printer-from-a-script
  http://www.computerperformance.co.uk/ezine/ezine17.htm

• Windows Server 2012 Group Policy Block USB Storage devices @ User Level Not getting applied on a Domain Client machine with Windows Server 2008 R2. Why?

  Hello,
  I have a Windows Server 2012 R2.
  I have configured the Group Policy on it to block the usage of USB - Storage Devices @ user level on the client machines. It works properly for my Windows 7 client machines but it's not working on one of the machine having Windows Server 2008 R2 installed
  on it (this machine is also a domain client in the same domain).
  I will really be thankful if anyone can suggest some solution to this issue.
  Please feel free to write back in-case I have missed anything obvious to be shared.
  Thanks!
  -Vinay Pugalia
  If a post answers your question, please click "Mark As Answer" on that post or
  "Vote as Helpful".
  Web : Inkey Solutions
  Blog : My Blog
  Email : Vinay Pugalia

  Hi,
  Any update?
  Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
  Best Regards,
  Andy Qi
  TechNet
  Subscriber Support
  If you are TechNet
  Subscription user and have any feedback on our support quality, please send your feedbackhere.
  Andy Qi
  TechNet Community Support

• Windows Server 2008 - Group policy for domain client to start/stop services installed on it

  Hello Experts
  I am a newbie to windows server administration , though did a Google  , but ended up with these question with my requirements
  I have created a new domain and 2 client/computer (A & B namely) to domain . Now A & B has tomcat server running with port 8080 , 9090 which i have installed
  domain ADMIN account .
  && now i am want to start/stop/restart services enabled for domain users  !! How do i achieve this !!
  basic question : How can i access A & B tomcat services on DOMAIN CONTROLLER server to create a GPO and that are on (A & B)
  what is the easiest way to achieve the same , (if not using GPO)???
  similarly I am looking for many features : where I want to control the permission to user on (A & B ) like : If the binaries of tomcat is available on machine say : A , if the user can install (now
  it ask for ADMIN credentials) 
  Thanks
  Mike~Ed

  Controlling services with Group Policy is done under Computer Configuration\Policies\Windows Settings\Security Settings\System Services.
  The limitation is that system services can only see the services the computer running the Group Policy management console. To access other services, you will either need to create the services on your computer (install the software the adds the service)
  or install the remote server administration toolkit (RSAT) on the computer with the service already on it.
  If my answer helped you, check out my blog:
  Deploy Happiness

• Any applicable\recommended Group Policy settings (Local & Domain) for configuring windows 8.1 "gold master image" for collection

  Happy Friday everybody -
  I'm working on implementing Microsoft RDS 2012\VDI for the folks here at work.  I've read - online - a lot of articles on VDI and RDS 2012 - and have a working model that is working somewhat satisfactorily.  I haven't seen much online about steps
  I could take in Local Group Policy on my Windows 8.1 'gold image' - or for that matter Domain level group policy - that can assist in creating a better, more reliable/robust Windows 2012 VDI environment.
  Anybody out there got any information or opinions or advice on Group Policy settings for VDI environments?
  Thanks again, everyone!
  Adrian
  anr

  Hi Adrian,
  Thank you for posting in Windows Server Forum.
  In regards to your issue you can refer beneath article for detail information.
  1. Group Policy Best Practices for VDI Environments
  2.Some Basic Group Policy Settings for VDI
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Windows 2008 R2 group policy not applied to windows 8 Workstations, but applied to XP and Win 7

  I have a Windows 2008 R2 Domain Controllers and have a Policy to put a specify wallpaper, eventuality i have to change the Wallpaper, this setting applied sucesfully in Windows xp and Windows 7 workstations, but not applied in Windows 8 workstations even
  if i run gpupdate /forcé,
  Best Regards,
  Thank you

  Hi,
  Thanks for posting in the forum.
  Before going further, would you please let me know how did you configure the Group Policy setting to deploy the wallpaper? Have you configured some settings to limit the scope the GPO applying?
  If all Windows 8 machines failed to receive the GPO settings? In order to narrow down the cause of the issue, I suggest we could try to collect the following information for troubleshooting.
  GPMC.log
  ==================
  a. On domain controller, click Start ->Run, type GPMC.MSC, it will load the GPMC console.
  b. Right click on "Group Policy Result" and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select the proper
  user in the wizard)
  c. Right click 
  the resulting group policy result and click the "Save Report…" => save report to save the report to a HTML file.
  Once we get the report, please check if the settings have been applied to the target correctly.
  In addition, would you please let me know whether you have imported the latest Windows 8 Administrative Templates to the Windows Server 2008 DC? If not, please try to download and import it.
  Then try to configure the wallpaper GPO settings again to see if it could help.
  For details, please refer to the following articles.
  Administrative Templates (.admx) for Windows 8 and Windows Server 2012
  http://www.microsoft.com/en-us/download/details.aspx?id=36991
  Set Desktop Background via Group Policy in Windows 7, Windows 8 in a Server 2008 or Server 2012 Domain
  http://dizzyit.com/2013/04/14/set-desktop-background-group-policy-windows-7-windows-8-server-2008-server-2012-domain/
  Hope this helps.
  Best Regards,
  Andy Qi
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Andy Qi
  TechNet Community Support

• Windows 8.1 Group Policy based Wireless Profiles do not appear to be working

  I'm wondering if anyone else out there has run into the same issue as I am seeing.  The environment is all Server 2012(not R2), with Windows 8.1 clients.  
  I configure a GPO that is linked to the entire domain/authenticated users and contains a Windows Vista and Later wireless network profile.  Let's call it "GPO_Wireless.  It is configured to automatically connect it to a specific SSID, the
  encryption settings are unimportant, as I've tried numerous approaches.  In our case, we're trying to do EAP-TLS with the NPS role.  We have the CA rolled out, NPS has a proper cert, and the clients are auto-enrolling for both Computer and User certs.
   This is all verified as working.  We've also tried straight password authentication.
  I refresh group policy on a Windows 8.1 client and see that Computer Policy "GPO_Wireless" is being applied to the client.  I restart the computer, but it does not connect to the wireless network.
  I run "netsh wlan show profiles" and under "Group Policy Profiles(read only)" it is blank.
  I run gpresult /r /scope computer again, and it shows "GPO_Wireless" is being applied.
  The last note is that Windows 7 clients can connect to the wireless just fine.

  Hi，
  For the client side, I would like to know if the windows 7 as you mentioned used the same Group Police like Windows 8.1.
  Meanwhile, I suggest you try using script as a workaround.
  Regards,
  Kelvin hsu
  TechNet Community Support

• Windows 2008 R2 - Group Policy Preference - folder option "Open with" Access denied

  Similar to this post:
  social.technet.microsoft.com/Forums/en-US/d42a81bc-96de-4af3-bc41-079e88e6ea4a
  We have Citrix terminal servers running Windows 2008 R2 and attempting to force PDF files to open with Acrobat versus PDF editing software we have installed for a small subset of users.  So I created a Group Policy Preference and added a OpenWith item
  to the Folder Options to use Acrobat as the default and linked it to a Users OU.  However, if I run gpresult the OpenWith setting fails with error code 0x80070005.  You can change it to not run in the user's security context which eliminates the
  error but then it won't actually do anything.
  The problem seems to be that when a user sets another program as their default via Windows Explorer the permissions on HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice get changed so that the user is specifically
  denied the ability to set that key.  Remove the special permissions added and the group policy succeeds and changes it back to the default ... until the user changes it back (intentionally or otherwise) and the permissions are changed again.
  Any ideas here?

  > Any ideas here?
  We use GPP Registry to achieve this goal, so we do not run into that
  issue (we unchecked "run in users context", so privs are not an issue)
  But I agree, this really should work as intended...
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))