ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. gpo
    Log in to post
    • All categories
    • gjacobse

      Windows 10 Taskbar GPO
      IT Discussion • win10 windows 10 gpo taskbar remove default • • gjacobse

      16
      2
      Votes
      16
      Posts
      502
      Views

      dbeato

      @dustinb3403 This only work for new user profiles and works okay .

    • WrCombs

      Solved Group Policy Blocked O365?
      IT Discussion • o365 group chat wrcombs gpo • • WrCombs

      8
      0
      Votes
      8
      Posts
      258
      Views

      WrCombs

      @dustinb3403 said in Group Policy Blocked O365?:

      @wrcombs That would be the culprit.

      Disable it for the user workstation and run gpupdate /force

      Thanks Dustin, this fixed it last night. I just was ready to get out of here.

    • DustinB3403

      GPO to create scheduled task to run netlogon batch script
      IT Discussion • windows gpo server scheduled tasks • • DustinB3403

      3
      1
      Votes
      3
      Posts
      436
      Views

      DustinB3403

      @G-I-Jones said in GPO to create scheduled task to run netlogon batch script:

      Did you ever figure this out?

      No and the person who was working on it has been OOO all day, so its not a priority either.

    • Ambarishrh

      SOLVED: Unable to get rid of windows update group policy
      IT Discussion • windows update group policy gpo windows 10 • • Ambarishrh

      3
      0
      Votes
      3
      Posts
      502
      Views

      Dashrender

      Jared ran into a simliar'ish problem recently... There is a thread around here somewhere.

    • wrx7m

      Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server
      IT Discussion • gpo group policy gpp ou windows security filtering • • wrx7m

      19
      0
      Votes
      19
      Posts
      798
      Views

      Obsolesce

      @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

      @Obsolesce said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

      @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

      t only applies the setting when linked to the OU of the user

      We'll according to that screenshot, it IS a user setting.

      Yeah. I want all users or a group of users who login to the RD00 server (and only this server) to have this GPP modifying HKCU to apply. Is it even possible?

      Yes, it's possible.

      Ensure the GPO is applying to the user. For example, if User1 is in the Company > Users OU, then make sure that GPO is either in Company or Users OU and the Users OU is inheriting the GPO. Verify with RSOP and gpresult that user is getting the policy.

      I think, but it's been awhile since I did much with AD GP... (like you are in the screenshot) use item-level targeting to the server name.

      Test it by having one of the in-scope users log on to a difference server, run gpresult and see if it's applying, then try it on the targeted server and see if it applies then.

    • wrx7m

      Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?
      IT Discussion • windows windows server windows server 2016 rds remote desktop server gpo windows updates windows update • • wrx7m

      11
      0
      Votes
      11
      Posts
      3386
      Views

      wrx7m

      @black3dynamite said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?:

      @wrx7m said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?:

      @black3dynamite said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?:

      @wrx7m Is that a computer configuration or user configuration policy? Try applying the rules to only non-admins groups.

      Yeah, it is at the computer level. I would like to do it via user config but I only want them to apply to users on the RD servers. I need to figure out the proper way to structure AD/GPOs to not screw up everything else.

      I am guessing creating another OU as a sub container and move the RD servers into.

      Edit: Since it isn't GPP, there isn't any item level targeting, so I can't do it that way.

      If you can make those changes directly in the registry, maybe can allow you to use GPP and item level targeting.

      Hmmm. That makes sense. Let me mull it over.

    • anthonyh

      Active Directory - Finding Source Of Repeated Lockouts
      IT Discussion • active directory gpo group policy • • anthonyh

      17
      1
      Votes
      17
      Posts
      620
      Views

      anthonyh

      A quick update for y'all that are watching/participating in this thread (thank you, by the way!).

      Late Friday I realized where the lockouts where coming from. We have a Windows VM that has a suite of applications that folks need to use every blue moon or so, and they access the VM via RDP. Of course, users don't log out, they just close the RDP client (I am going to fix this). The user in question had an old logon session on this VM. Killing the user's session (I just rebooted the VM) seems to have done the trick.

      Now the goal is to better position myself for the next time this happens. I also figure it's probably not a bad idea to have more visibility on account lockouts and where they are coming from in general.

    • wrx7m

      Any Way to Automate Adding a New Computer to an AD Group?
      IT Discussion • windows 10 windows server ad active directory gpo mdt powershell ps pdq deploy ou task sequence • • wrx7m

      32
      0
      Votes
      32
      Posts
      3688
      Views

      F

      @marcinozga said in Any Way to Automate Adding a New Computer to an AD Group?:

      @flaxking said in Any Way to Automate Adding a New Computer to an AD Group?:

      @marcinozga said in Any Way to Automate Adding a New Computer to an AD Group?:

      Ansible can do that. https://docs.ansible.com/ansible/latest/modules/win_domain_group_membership_module.html#win-domain-group-membership-module
      You can add new PCs to domain, and change their group membership, you just need to know computer names in advance.

      Which is just a layer on top of Powershell. The Active Directory Powershell module is still required.

      It's not required, or that module is included already in Windows 10 by default. Because I haven't had to install it on any machine I managed with Ansible.

      "win_domain_group_membership requires the ActiveDirectory PS module to be installed"
      https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/windows/win_domain_group_membership.ps1

      They have it in the documentation as well "This must be run on a host that has the ActiveDirectory powershell module installed."
      https://docs.ansible.com/ansible/latest/modules/win_domain_group_module.html

    • WLS-ITGuy

      GPO issue
      IT Discussion • mapped drive gpo • • WLS-ITGuy

      32
      0
      Votes
      32
      Posts
      564
      Views

      Dashrender

      @WLS-ITGuy said in GPO issue:

      @Dashrender said in GPO issue:

      I would change this up by applying your GPOs to the OU above these WLS OUs, then set filters to only apply to the users you want.

      So in the case of the Library, you've already created a security group, so you'll grant permissions to that group.

      Then you'll need to create a WLS-Faculty security group and do the same with it's GPO.

      So the GPOs would be at 'domain level' not in the OU level...Like this?

      Then I apply the security groups from there? That makes sense.

      yeah - you could do it at the domain level - I personally wouldn't. I'd make a new OU, and put your WLS-faculity and WLS-Library in that new OU.. then apply your GPOs to that new one you created. But that's just me.

    • wrx7m

      Server 2016 - Force Default Update Server to WSUS Server Via GPO
      IT Discussion • windows windows server 2016 wsus windows update windows updates gpo pswindowsupdate powershell • • wrx7m

      4
      2
      Votes
      4
      Posts
      5830
      Views

      dbeato

      @wrx7m said in Server 2016 - Force Default Update Server to WSUS Server Via GPO:

      @dbeato said in Server 2016 - Force Default Update Server to WSUS Server Via GPO:

      This would have happened on Server 2012 R2 as well, dual scan has been around and causes a lot of problems as you noted.

      It is strange that I didn't have these issues in 2012 R2. I essentially copied the same GPO for 2012 R2 and made some minor changes to it to convert it for 2016. My 2012 R2 show the correct default service.

      Weird, I have various Server 2016and now 2019 with WSUS and while dual scan was an issue for me on Server 2012/ 2012 R2 not anymore.

    • Grey

      GPO for compatibility mode
      IT Discussion • internet explorer internet explorer 11 gpo group policy windows • • Grey

      8
      3
      Votes
      8
      Posts
      342
      Views

      Dashrender

      @dbeato said in GPO for compatibility mode:

      @Grey said in GPO for compatibility mode:

      A previous admin created a gpo to alter and add an entry under the hive HKEY_CURRENT_USER in Key path Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range66 which forces a single entry for compatibility mode. I've spent a lot of time testing and, while the setting is to apply once and not again, it doesn't seem to allow a user to add more sites to compatibility mode and keep that addition after a reboot.

      Has anyone successfully created a GPO for IE11 to enable CM for users to add items, while also pushing a list of our own? Is there a best method around for achieving this goal?

      I have not, I only keep adding it through GPO (In the medical field which they have many sites as this).

      Ditto - Just have to keep adding them via GPO. So glad we barely use IE 11 anymore.

    • M

      Windows 10 ignoring display sleep inactivity settings
      IT Discussion • gpo windows 10 server 2016 sleep powercfg • • manxam

      8
      1
      Votes
      8
      Posts
      3005
      Views

      Dashrender

      In my case I wanted to kill sleep altogether.

      c:\windows\system32\powercfg.exe -change -monitor-timeout-ac 0 c:\windows\system32\powercfg.exe -change -monitor-timeout-dc 0 c:\windows\system32\powercfg.exe -change -disk-timeout-ac 0 c:\windows\system32\powercfg.exe -change -disk-timeout-dc 0 c:\windows\system32\powercfg.exe -change -standby-timeout-ac 0 c:\windows\system32\powercfg.exe -change -standby-timeout-dc 0 c:\windows\system32\powercfg.exe -change -hibernate-timeout-ac 0 c:\windows\system32\powercfg.exe -change -hibernate-timeout-dc 0
    • wrx7m

      GPP - Deploying Printers To AD Group
      IT Discussion • gpo gpp server 2012 r2 printers • • wrx7m

      30
      0
      Votes
      30
      Posts
      1472
      Views

      wrx7m

      @obsolesce Right, I am having to add a group of computers to the printers' security permissions with allow printing enabled to get the GPP to actually deploy the printer to the user.

      UNC pathing to the printer by a member of the PrintersChecksUsers (while the user is logged in) allows them to install and print to the printer.

      The GPO shows as applied in the RSOP, but with item level targeting, I don't see any info on why it wasn't actually installed/applied. Maybe it shows it somewhere else.

      The key is the shared printer's security tab on the print server, itself. That is where I have to allow the specific group of computers, as well as the specific group of users. I need both, the computers and users groups to have at least printing allowed.

    • wrx7m

      Solved [Solved] Windows 10 (1703) - Task Manager UAC
      IT Discussion • uac windows 10 gpo task manager • • wrx7m

      7
      1
      Votes
      7
      Posts
      5414
      Views

      wrx7m

      I finally found the GPO setting that caused this issue-

      Computer Configuration>Policies>Windows Settings>Security Settings>Local Policies>User Rights Assignment

      Load and unload device drivers - Enabled with Everyone and NT Authority\Authenticated Users listed.

      I had to change it to Not configured.

      0_1528315769936_2b6b6a24-bede-47d1-bd4d-3df40eb2c368-image.png

    • DustinB3403

      Network Printer Removal - GPO Configured
      IT Discussion • gpo windows windows 7 windows 8.1 windows 10 printers • • DustinB3403

      1
      1
      Votes
      1
      Posts
      557
      Views

      No one has replied

    • gjacobse

      Deleting a GPO
      IT Discussion • gpo group policy printer printers printer deployment • • gjacobse

      15
      0
      Votes
      15
      Posts
      805
      Views

      DustinB3403

      @scottalanmiller said in Deleting a GPO:

      @rojoloco said in Deleting a GPO:

      @dave247 I have a few ideas about who they are specifically... but after they decided to be a bunch of dicks about anyone here posting links to their site that shall not be named, they created an account here to spy, presumably. Lot of former 🌶 folks here... Lots of 🖕 🖕 🖕 🖕 🖕 for their informers.

      It's a public site, doesn't take much for someone to inform, lol. It's a bit like tattling on a billboard.

      That sounds a lot like calling out your Husband by doing this to his ride.

      cheating2_small.jpg

    • EddieJennings

      Updating ADMX Templates
      IT Discussion • admx template group policy gpo dfs-r • • EddieJennings

      9
      0
      Votes
      9
      Posts
      734
      Views

      dbeato

      As long as it is on the SysVol\Policies\PolicyDefinitions folder then you should be fine.

    • dbeato

      KnowBe4 Second Chance with Outlook 2010
      IT Discussion • knowbe4 second chance gpo • • dbeato

      2
      3
      Votes
      2
      Posts
      473
      Views

      zachary715

      @dbeato First I've heard of this service (speaking of Second Chance, not KnowBe4). Definitely going to check it out.

    • gjacobse

      Unsolved Flushing GPOs
      IT Discussion • server server 2008 server 2012 r2 server 2016 server2012 server2012r2 gpo group policy • • gjacobse

      13
      0
      Votes
      13
      Posts
      1182
      Views

      thwr

      @thwr said in Flushing GPOs:

      @dbeato said in Flushing GPOs:

      You need to setup the settings to Delete or changed to not configured, wait until it applies and then delete the GPOs after confirming they are not applied any longer.

      Get-Content c:\temp\gpos.txt | foreach { Get-GPO -Name "$_" | Remove-GPO }

      http://jeffwouters.nl/index.php/2013/08/remove-group-policy-objects-through-powershell/

      I bet you could do something like this to set all GPOs to "on delete remove from client" too

      This assumes a txt file with all GPO names. You could also just use Get-GPO

    • wrx7m

      Desktop Migration - Windows 7 Pro to Windows 10 Enterprise
      IT Discussion • windows 10 enterprise windows 7 pro mdt wds gpo ltsb migration • • wrx7m

      12
      1
      Votes
      12
      Posts
      1179
      Views

      wrx7m

      @dashrender It is SA