WIndows Server 2008 Broken Group Policy

Similar Messages

• How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

  Dear All,
  We are having an infrastructure setup of around 500 client computers managed through group policy.
  Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
  Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
  It would be great if you can assist me with the following query.
  How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
  Can we disable Network Tab on the left hand pane ?
  explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

  >   * explorer.exe is blocked already, but users are able to enter the
  >     Windows Explorer by clicking on the name which is visible on the
  >     Start Menu.
  You cannot block explorer.exe when you do not replace the shell - the
  desktop you see effectively IS explorer.exe...
  Your requirement sounds like you need a custom shell:
  http://gpsearch.azurewebsites.net/#2812
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Windows Server 2012 Group Policy Block USB Storage devices @ User Level Not getting applied on a Domain Client machine with Windows Server 2008 R2. Why?

  Hello,
  I have a Windows Server 2012 R2.
  I have configured the Group Policy on it to block the usage of USB - Storage Devices @ user level on the client machines. It works properly for my Windows 7 client machines but it's not working on one of the machine having Windows Server 2008 R2 installed
  on it (this machine is also a domain client in the same domain).
  I will really be thankful if anyone can suggest some solution to this issue.
  Please feel free to write back in-case I have missed anything obvious to be shared.
  Thanks!
  -Vinay Pugalia
  If a post answers your question, please click "Mark As Answer" on that post or
  "Vote as Helpful".
  Web : Inkey Solutions
  Blog : My Blog
  Email : Vinay Pugalia

  Hi,
  Any update?
  Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
  Best Regards,
  Andy Qi
  TechNet
  Subscriber Support
  If you are TechNet
  Subscription user and have any feedback on our support quality, please send your feedbackhere.
  Andy Qi
  TechNet Community Support

• Group Policy Administrative Templates not applying on Windows XP SP3 - Windows Server 2008 R2

  I have a Windows 2008 R2 domain with windows 7, and Windows XP SP3 client workstations.
  I have a group policy to deny all access to removable storage in policies/administrative templates/system in user configuration (actually its in the computer configuration as well)
  The problem is the policy is having no effect on the Windows XP machines. It works perfectly on Windows 7 machines.
  Group policy in general is working on the Windows XP machines, as I can successfully map drives, push out scheduled tasks, and push out printers. (All preferences I know and I have GP Preferences client side extensions installed).
  Its almost like the windows XP machines can't "understand" the admin templates from Windows Server 2008 R2.
  Do I need to install something on the windows XP machines? What could be the problem?

  > Its almost like the windows XP machines can't "understand" the admin
  > templates from Windows Server 2008 R2.
  Simply read the "supported on" of these settings... Vista and above
  required.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Pin Programs on the Windows 7 Taskbar & Start Menu with Group Policy (Windows Server 2008 R2)

  Dear ALL,
  I want to Pin Programs on the Windows 7 Taskbar & Start Menu with Group Policy (Windows Server 2008 R2) as per below description. Can someone please help me how to proceed and achieve this. 
  Pin the following applications to the Taskbar:
  Outlook
  Pin the following applications to the Start Menu:
  Outlook
  Excel
  Word
  Internet Explorer
  Software Center
  Regards,
  Amit Kumar Rao

  https://www.google.de/search?q=windows+7+pin+to+taskbar+vbs
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Windows Server 2008 Standard: Multiple Concerns: Inconsistent group policy update on client PC's, frequent disconnections of map drives and remote connection

  Hi this is my first time to ask a question here in this community.
  I am a system administrator here at my work and we are having some issues on some servers that we handle. Network in our office is stable and we have determined it is not a problem on the connection.
  First issue - One of our domain controller consistently drops out on our Directory Server and saying it's unavailable.
  Second issue - Unable to ping hostname but IP address works fine. (Sometimes hostname is ok but very intermittent)
  Third issue - Since connection is unstable map drives causes to disconnect
  If someone can provide any assistance on this matter it would be a great help. If screenshots needed for proper assistance would be appreciative.
  Just to add that this only happen after a power failure last April of this month and a few weeks bluescreen started to show. It is a hazy version wasn't able to get any code that may lead to a hardware failure. 
  Now our main RDC.local is also affected so we are trying to isolate this issue and exhauted my brain since we cannot determine what causes it. Need external assistance just to give us a lead on where we can get this resolved.

  Hi Ryan,
  Before going further, would you please let me confirm something more? Thanks for your understanding.
  1. For first issue, would you please let me know OS edition information of the problematic DC? Was it Windows Server 2008 R2 or Windows Server 2012 or any other?
  à
  One of our domain controller consistently drops out on our Directory Server and saying it's unavailable.
  Would you please let me know the complete error message or provide a screenshot of it?
  (Please hide all protected or private information.) Meanwhile, please log on the problematic DC and check if find relevant events or errors in Event Viewer.
  2. For the second issue, it seems to be a DNS issue. Did you run
  ipconfig /flushdns and ipconfig /registerdns command? Any find? Meanwhile, please use
  ipconfig /all to display full TCP/IP configuration and check. Or you can post the
  ipconfig result here. It may help us to go further analyze. By the way, would you please let me know error message that you can get when be unable to ping via hostname?
  3.
  àSince connection is unstable map drives causes to disconnect
  May be a cause.
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• I can not update a Windows Server 2008 R2 with Software Update Group in SCCM2012

  Hi all,
  I got some problems with update deployments these days.
  I try to configure SCCM2012 to update 1 Windows Server 2008 R2 (with Hyper-V / This server is in a cluster)
  Actually i've 4 other Hyper-V servers and i would like to add one more in the cluster called Hyper-V5. To do that i need that all Hyper-V servers use the same Windows Updates.
  I created a collection for my Hyper-V servers and then a Software Update Group with all needed updates (checked the list of another HV-Server).
  I did a deployment on this collection using this new Software Update Group.
  I checked the Sofwtare Center's logs on the Hyper-V5 server and i saw that synchronization has a successfull state.
  But there is no updates installed or displayed in Sofwtare Center.
  Here is some screenshots : Oh no i can't post image because ... "Body text cannot contain images or links until we are able to verify your account." waiting to be verified since months.
  Thanks for your help.

  Hi,
  Have you try to run Software Updates Scan Cycle and Software Updates Deployment Evaluation Cycle Actions on the client? Please check ScanAgent.log and PolicyAgent.log to see whether the client received the updates deployment policy.
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Windows 2008 R2 group policy not applied to windows 8 Workstations, but applied to XP and Win 7

  I have a Windows 2008 R2 Domain Controllers and have a Policy to put a specify wallpaper, eventuality i have to change the Wallpaper, this setting applied sucesfully in Windows xp and Windows 7 workstations, but not applied in Windows 8 workstations even
  if i run gpupdate /forcé,
  Best Regards,
  Thank you

  Hi,
  Thanks for posting in the forum.
  Before going further, would you please let me know how did you configure the Group Policy setting to deploy the wallpaper? Have you configured some settings to limit the scope the GPO applying?
  If all Windows 8 machines failed to receive the GPO settings? In order to narrow down the cause of the issue, I suggest we could try to collect the following information for troubleshooting.
  GPMC.log
  ==================
  a. On domain controller, click Start ->Run, type GPMC.MSC, it will load the GPMC console.
  b. Right click on "Group Policy Result" and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select the proper
  user in the wizard)
  c. Right click 
  the resulting group policy result and click the "Save Report…" => save report to save the report to a HTML file.
  Once we get the report, please check if the settings have been applied to the target correctly.
  In addition, would you please let me know whether you have imported the latest Windows 8 Administrative Templates to the Windows Server 2008 DC? If not, please try to download and import it.
  Then try to configure the wallpaper GPO settings again to see if it could help.
  For details, please refer to the following articles.
  Administrative Templates (.admx) for Windows 8 and Windows Server 2012
  http://www.microsoft.com/en-us/download/details.aspx?id=36991
  Set Desktop Background via Group Policy in Windows 7, Windows 8 in a Server 2008 or Server 2012 Domain
  http://dizzyit.com/2013/04/14/set-desktop-background-group-policy-windows-7-windows-8-server-2008-server-2012-domain/
  Hope this helps.
  Best Regards,
  Andy Qi
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Andy Qi
  TechNet Community Support

• How to configure ipsec policy on windows server 2008 r2 to permit local machine only access to gateway,one other server and it's local ip?

  I have applied IPsec policy on local machine(ip address:10.82.138.76) with windows server 2008 ent r2 installed,only permit local machine to comunicate with itself,one other server(ip address:10.82.138.77) and the gateway device(ip address:10.82.138.1).After
  i asigned this policy,i can ping the gateway (ip address:10.82.138.1),and the other server(ip address:10.82.138.77),but i can't ping local machine itself(ip address:10.82.138.76),could anybody tell me why and how to solve this problem?When i applied the same
  policy to windows server 2003 ent,i can ping the local machine ip address.

  Hi,
  Thanks for your post.
  First, try to ping the loopback address 127.0.0.1. If the loopback test succeeds but you cannot ping the local IP address, please post the unedited
  ipconfig /all and route print of the problematic computer.
  For test purpose, you may refer to the following lab step by step guide to deployment Tunnel Mode IPsec. Hope it helps.
  Windows Firewall and IPsec Policy Deployment Step-by-Step Guide
  http://technet.microsoft.com/en-us/library/cc732400(v=ws.10)
  Connection Security and IPsec
  http://technet.microsoft.com/en-us/library/cc771593(v=ws.10).aspx
  Connection Security Rule Wizard: Tunnel Endpoints Page - Client-to-Gateway
  http://technet.microsoft.com/en-us/library/dd759083
  Best Regards,
  Aiden
  Aiden Cao
  TechNet Community Support

• Group Chat feature in Office Communications Server 2007 R2 does not work in Windows Server 2008 R2 domains

     Hello to all, there are two confliting articles about this topic:
     1-
  http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(v=ws.10).aspx#BKMK_Whatsnew : this one says that it does not work "The Group Chat feature in Office Communications Server 2007 R2 does not work in Windows
  Server 2008 R2 domains". This article was updated in 2013.
     2-
  http://technet.microsoft.com/en-us/library/ee692314(office.13).aspx: this other article says that it will function "Office Communications Server 2007 R2 Group Chat will function in a Windows Server 2008 R2 forest". This article was updated in
  2010 and was refered by the first one.
     What is the correct support position for Group Chat feature in Office Communications Server 2007 R2 and Windows Server 2008 R2 domains?
     Regards, EEOC.

  Hi,
  I notice the following sentence in the link below “Office Communications Server 2007 R2, Group Chat will not function in a Windows Server 2008 R2 forest or when Group Chat member servers are joined to a Windows Server 2008 R2 domain.
  We know of an issue with changes in Windows 2008 R2 that requires a Group Chat Client and Group Chat Admin Tools hotfix. The Group Chat Client and Group Chat Admin Tools hotfixes are currently scheduled for mid-April 2010.”
  http://blogs.technet.com/b/nexthop/archive/2010/11/06/supportability-for-office-communications-server-2007-r2-and-windows-server-2008-r2.aspx
  So in my opinion, if you update to the latest version of Windows Server 2008 R2, OCS Server 2007 R2 and Group Chat Client, Group Chat Admin Tools to the latest version, it should work.
  However, the best method for you is make a lab to test the problem firstly.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Domain group validation hangs during ECC 6.0 install on windows server 2008

  Hello to the group.
  We are installing ECC 6.0 R3 on a windows server 2008 system (with SQL 2008) and the install is hanging in the user/group creation steps. Specifically, the install is able to create a group at the domain level but hangs when it tries to verify that group.
  What's funny is the system is able to create two local domain groups without any issues.
  Have any of you run into this same issue? We've tried updating sapinst and restarting the install process using a known good domain admin account (we are also creating a ticket to SAP support).
  Thanks for any help!
  J. Haynes

  > This is actually a Domain based install.
  ok
  > So far after 12 hours the install is still hung. So we are looking at both network and issues with the AD related DLLS.
  You can doubleclick on the orange icon (the sapinst backend process) next to the clock on the desktop and scroll down. There you may find a hint why it's taking so long.
  Maybe you have a wrong/missing DNS server entry so the server is unable to find the domain controller, maybe the firewall is enabled and blocking asynchronous answers.
  Markus

• Problem installing Windows Server 2008 R2 Service Pack 1 Multilingual User Interface Language Packs

  I downloaded Windows6.1-KB2483139-x64-en-US.exe but when I ran it on my Windows Server 2008 R2 SP1 (as Administrator) it does not run properly.  I noticed it created a new cabinet file named "lp" briefly, then deleted it.  Nothing else
  appears on the screen.  
  My goal is to install Chinese display fonts on my server.  Please help.

  Hi,
  First of all, if you want Chinese display language, you need to choose chinese in the drop down list on the download page. Here's a direct link in case you need it.
  http://www.microsoft.com/en-us/download/details.aspx?id=2634(chinese simplified...)
  Windows6.1-KB2483139-x64-zh-CN.exe is the file name for the Chinese simplified language pack.
  1. The exefile extracts the file cabinet lp.cab which is the file you need to import the language pack.
  2. Start lpksetup.exe and Point out the cab-file you just extracted.
  If you want to do it with cmdline, you can do it with dism in an elevated command prompt as well:
  Dism /online /Add-Package /PackagePath:C:\test\lp.cab
  Note that you still need to create a policy or change default language in some way for your users.
  Read more on the topic on:
  http://technet.microsoft.com/en-us/library/dd744278(v=ws.10).aspx (adding)
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/7f019a90-8e48-4bc3-a9d2-e3c531354d04/how-to-use-group-policy-to-define-terminal-users-display-language-in-2008r2-terminal-servers (creating
  gpo)
  Microsoft Certified Trainer
  MCSE: Desktop, Server, Private Cloud, Messaging
  Blog: http://365lab.net

• To install Remote Desktop Services User CAL on Windows Server 2008 R2 Enterprise Edition with SP1

  Dear Sir,
  Presently we have installed Windows Server 2008 R2 Enterprise Edition with SP 1. And now i would like to install Remote Desktop Services User CAL on this server. I have 25 digit product key of Windows Server
  2008 R2 Remote Desktop Services User CAL (20). Downloaded this product key from our MSDN Subscriptions.
  Kindly suggest me how to install (CAL server with product key that i have) and configure remote desktop services on my above existing server also how to point other server with my CAL server.
  Thanks

  Hi,
  1. Install Remote Desktop Session Host and Remote Desktop Licensing Role Services using Server Manager.
  2. Open RD Licensing Manager (licmgr.exe), Activate your server, then install your license
  3. In RD Session Host Configuration (tsconfig.msc), set the Licensing mode to Per User and Specify your RD Licensing server name (itself).  If you want you may configure these two settings via group policy setting instead.  The path of the
  group policy settings is Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Licensing
  4. You may point other RDSH servers to your RD Licensing server using RD Session Host Configuration or via group policy as mentioned above.
  5. Optionally you may consider installing other Remote Desktop Role Services such as RD Gateway, RD Web Access, RD Connection Broker, etc.
  -TP

• Windows Server 2008 R2 Windows 7 folder redirection not working

  Hi, 
  I've got a Windows Server 2008 R2 environment and I'm trying to get folder redirection working on Windows 7 clients. I've configured the group policy on the DC and it's suppose to redirect the user desktop to a folder sitting on another server. 
  What I've discovered is that any files in that folder aren't being copied down and they aren't visible to the user. I can connect to the folder via its UNC path and when I run a gpresult the GPO is showing that it's applying. 
  Am I missing something? Shouldn't the files be copied down since I've redirected the desktop? Here are the settings I've used: 
  Share Permissions
  Local Administrators: Owner
  Domain Admins: Read/write
  Everyone: Read
  NTFS
  Local Administrators: Full Control on This Folder, subfolders and files. 
  SYSTEM: Same as above. 
  Domain admin: Same as above. 
  Everyone: Traverse folder, execute file, list folder, read data, read attributes and read extended attributes to This Folder only. 
  GPO Settings: 
  Under User Configuration -> Policies -> Windows Settings -> Folder Redirection -> Desktop
  Setting is Basic - Redirect everyone's folder to the same location. 
  Target folder location - Redirect to the following location
  Root path: FQDN\Shared folder name
  GPO is linked to the OU I want to test with and there is a user account in it. 
  Any tips would be appreciated. 
  Thanks. 

  A.
  Share Permissions
  Local Administrators: Owner
  Domain Admins: Read/write
  Everyone: Read
  Perhaps here is too strong limit.
  B. Try to use audit.
  Rgds
  Milos

• Download issue when Windows 7 Pro joins a Windows Server 2008 Active Directory

  Hi,
  I purchased 2 new Dell OptiPlex 3010 desktop computers that came with Windows 7 Professional operating system with SP1. 
  There were no Microsoft updates installed yet.  After I added one of these Dell computers to the Windows Server 2008 Active Directory, I was not able to download several items. 
  Below are several examples:
  1) I downloaded the Norton anti-virus installation file.  This file is not the full installation of Norton; it is more of a file where you execute it and it will download the full installation from the Internet like from their Norton web
  site.  So when I executed this installation file, it does not download the full installation files. 
  It just hung at the screen saying “Downloading” and it will finally stop with an error (don’t remember the error message).
  Note: If I have the full Norton installation file then I am able to install it on this computer with no problems.
  2) I downloaded the Adobe Reader installation file.  This file is not the full installation of Adobe Reader; it is more of a file where you execute it and it will download the full installation from the Internet like from their Adobe web
  site.  So when I executed this installation file, it hung at the downloading part and then it will error out with a “Actionlist Not Found” message.
  Note: If I have the full Adobe Reader installation file then I am able to install it on this computer with no problems.
  3) I installed Microsoft Office 2010 Standard version on this computer. 
  I configured Microsoft Outlook to retrieve emails from my email provider (pop and smtp settings). 
  After configuring Microsoft Outlook, I was able to send emails through Microsoft Outlook successfully (and very quickly), but he was unable to retrieve my emails. The progress bar for the Receiving in the "Outlook Send/Receive Progress" box
  shows no progress. The Progress bar is not moving. There is a message at the bottom of Microsoft Outlook stating "Receiving message 1 of 6 (x.xx KB of x.xx MB)" and it is very slow. My new emails were not being retrieved at all. 
  I tried various pop and smtp servers that was available for my email provider, but all had the same effect.
  4) I can access certain web sites (e.g.
  www.yahoo.com, www.cnn.com) while I cannot access other web sites like
  www.usatoday.com, my web hosting email site.
  Note: I had a Dell computer with Windows XP Professional operating system and this computer does not have any of the above issues.
  The above are only a few examples that I have experienced. 
  If I removed this Dell OptiPlex 3010 computer from the Windows Server 2008 Active Directory then I still experience the same issue.
  So as another test, I setup the other new Dell OptiPlex 3010 with the same Windows 7 Professional OS with SP1. 
  This time, I did not join the Windows Server 2008 Active Directory and I was able to successfully download the full Norton installation files, download the full Adobe Reader installation files, download my emails from Microsoft Outlook 2010, etc. 
  But once I joined this computer to the Windows Server 2008 Active Directory then I am not able to download these files and emails at all.
  It seems like there might be some group policy or a security setting that is preventing these downloads so I disabled the group policy on the Windows Server 2008 AD and Windows 7 Profession OS, but it didn’t resolve the issue.
   I disabled all of the firewall programs on this Windows 7 Professional OS, but it still did not resolve the issue.
  Since the Windows Server 2008 AD did not have DHCP installed, I installed DHCP and setup a scope. 
  Then configured the Windows 7 Professional OS to obtain an IP address, but it didn’t resolve the issue.
  If I move this Windows 7 Professional computer to another network where it did not have any Active Directory; it just had a wireless router serving DHCP then everything works on the Windows 7 Pro computer.
  Any ideas what is the root cause when a Windows 7 Professional computer join a Windows Server 2008 AD?
  Thanks,
  wl_tech

  Hi,
  Could you please tell some information for the AD environment and how it connect to the internet?
  Regarding 3rd party installlers didn't work as expected, please also seek help in their offical website.
  For outlook not receiving emails, could you please take a look in
  Event Viewer and see if there are any special errors logged there?
  And when trying to access the website like
  www.usatoday.com, any special errors IE showed out?
  Best regards
  Michael Shao
  TechNet Community Support