ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Tags
    3. group policy
    Log in to post
    • All categories
    • OksanaO

      Compliance in Remote Work: Group Policy and Microsoft Intune

      Watching Ignoring Scheduled Pinned Locked Moved Starwind starwind microsoft intune group policy
      1
      0 Votes
      1 Posts
      393 Views
      No one has replied
    • AmbarishrhA

      SOLVED: Unable to get rid of windows update group policy

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion windows update group policy gpo windows 10
      3
      0 Votes
      3 Posts
      1k Views
      DashrenderD

      Jared ran into a simliar'ish problem recently... There is a thread around here somewhere.

    • JaredBuschJ

      Cannot access USB drive

      Watching Ignoring Scheduled Pinned Locked Moved Unsolved IT Discussion intune group policy local
      32
      0 Votes
      32 Posts
      4k Views
      M

      @Super-Sundae : Can you run Sysinternal's RegMon and patch another machine with InTune? That way you can capture the changes.
      Perhaps running SysMon at the same time in case it makes changes to file permissions would help..

      If you can find out what the policy changes then you should be able to revert on both machines. Hopefully 🙂

    • wrx7mW

      Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion gpo group policy gpp ou windows security filtering
      19
      0 Votes
      19 Posts
      2k Views
      ObsolesceO

      @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

      @Obsolesce said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

      @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

      t only applies the setting when linked to the OU of the user

      We'll according to that screenshot, it IS a user setting.

      Yeah. I want all users or a group of users who login to the RD00 server (and only this server) to have this GPP modifying HKCU to apply. Is it even possible?

      Yes, it's possible.

      Ensure the GPO is applying to the user. For example, if User1 is in the Company > Users OU, then make sure that GPO is either in Company or Users OU and the Users OU is inheriting the GPO. Verify with RSOP and gpresult that user is getting the policy.

      I think, but it's been awhile since I did much with AD GP... (like you are in the screenshot) use item-level targeting to the server name.

      Test it by having one of the in-scope users log on to a difference server, run gpresult and see if it's applying, then try it on the targeted server and see if it applies then.

    • anthonyhA

      Active Directory - Finding Source Of Repeated Lockouts

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion active directory gpo group policy
      17
      1 Votes
      17 Posts
      2k Views
      anthonyhA

      A quick update for y'all that are watching/participating in this thread (thank you, by the way!).

      Late Friday I realized where the lockouts where coming from. We have a Windows VM that has a suite of applications that folks need to use every blue moon or so, and they access the VM via RDP. Of course, users don't log out, they just close the RDP client (I am going to fix this). The user in question had an old logon session on this VM. Killing the user's session (I just rebooted the VM) seems to have done the trick.

      Now the goal is to better position myself for the next time this happens. I also figure it's probably not a bad idea to have more visibility on account lockouts and where they are coming from in general.

    • GreyG

      GPO for compatibility mode

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion internet explorer internet explorer 11 gpo group policy windows
      8
      3 Votes
      8 Posts
      1k Views
      DashrenderD

      @dbeato said in GPO for compatibility mode:

      @Grey said in GPO for compatibility mode:

      A previous admin created a gpo to alter and add an entry under the hive HKEY_CURRENT_USER in Key path Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range66 which forces a single entry for compatibility mode. I've spent a lot of time testing and, while the setting is to apply once and not again, it doesn't seem to allow a user to add more sites to compatibility mode and keep that addition after a reboot.

      Has anyone successfully created a GPO for IE11 to enable CM for users to add items, while also pushing a list of our own? Is there a best method around for achieving this goal?

      I have not, I only keep adding it through GPO (In the medical field which they have many sites as this).

      Ditto - Just have to keep adding them via GPO. So glad we barely use IE 11 anymore.

    • NerdyDadN

      Need to block a User GP for certain Machines

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion group policy domain windows server 2016 windows server 2008 r2
      9
      5 Votes
      9 Posts
      956 Views
      pmonchoP

      @NerdyDad

      You can use Loopback Processing also.

      https://blogs.technet.microsoft.com/askds/2013/02/08/circle-back-to-loopback/

    • CCWTechC

      Desktop photo for all PC's in the domain

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion group policy windows
      45
      2 Votes
      45 Posts
      4k Views
      I

      Thank you for the help. By posting the screenshots, I realized I had a typo in the file extension. .png vs .jpg
      Once I double checked them all it now works.

    • EddieJenningsE

      Logging Domain user authentication failures

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion audit policy windows domain server 2012 active directory active directory domain group policy
      5
      0 Votes
      5 Posts
      1k Views
      travisdh1T

      @eddiejennings said in Logging Domain user authentication failures:

      @travisdh1 said in Logging Domain user authentication failures:

      @eddiejennings No OSSEC, Wazuh, or some other security monitoring available? All of them monitor logins by default that I've looked at. Should be easy to customize a report for whatever you need.

      I haven't had to set this up in a Windows environment yet, so I'm also curious as to what you end up doing.

      We do have ExtraHop; however, it's not capturing all the traffic it should (and another team is in charge of its configuration), so using auditing on the domain controllers is a bit of a stop-gap measure.

      Ah. What an ..... effective use of resources.

      Good luck, ExtraHop is very nice, but like every other tool, it's useless untill deployed properly.

    • gjacobseG

      Deleting a GPO

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion gpo group policy printer printers printer deployment
      15
      0 Votes
      15 Posts
      1k Views
      DustinB3403D

      @scottalanmiller said in Deleting a GPO:

      @rojoloco said in Deleting a GPO:

      @dave247 I have a few ideas about who they are specifically... but after they decided to be a bunch of dicks about anyone here posting links to their site that shall not be named, they created an account here to spy, presumably. Lot of former 🌶 folks here... Lots of 🖕 🖕 🖕 🖕 🖕 for their informers.

      It's a public site, doesn't take much for someone to inform, lol. It's a bit like tattling on a billboard.

      That sounds a lot like calling out your Husband by doing this to his ride.

      cheating2_small.jpg

    • EddieJenningsE

      Updating ADMX Templates

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion admx template group policy gpo dfs-r
      9
      0 Votes
      9 Posts
      1k Views
      dbeatoD

      As long as it is on the SysVol\Policies\PolicyDefinitions folder then you should be fine.

    • gjacobseG

      Flushing GPOs

      Watching Ignoring Scheduled Pinned Locked Moved Unsolved IT Discussion server server 2008 server 2012 r2 server 2016 server2012 server2012r2 gpo group policy
      13
      0 Votes
      13 Posts
      2k Views
      thwrT

      @thwr said in Flushing GPOs:

      @dbeato said in Flushing GPOs:

      You need to setup the settings to Delete or changed to not configured, wait until it applies and then delete the GPOs after confirming they are not applied any longer.

      Get-Content c:\temp\gpos.txt | foreach { Get-GPO -Name "$_" | Remove-GPO }

      http://jeffwouters.nl/index.php/2013/08/remove-group-policy-objects-through-powershell/

      I bet you could do something like this to set all GPOs to "on delete remove from client" too

      This assumes a txt file with all GPO names. You could also just use Get-GPO

    • GreyG

      GPO Path?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion windows server gpo group policy
      12
      0 Votes
      12 Posts
      2k Views
      GreyG

      @Tim_G said in GPO Path?:

      @Grey said in GPO Path?:

      So, what's the current method to add a single trusted site to my intranet zone in GPO, eh? And where do I modify all of the trusted sites/zones and activex now?

      I was answering the above question. Of course these will say not configured, because you haven't configured them yet.

      That's the thing though; there is configuration from the previous IT Team.
      CRwvU7j.png
      I should be able to edit that and I just can't. The path shown isn't there for me.

    • vhinzsanchezV

      Windows Offline Files query

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion windows windows server windows server 2008 windows offline folders group policy
      37
      4 Votes
      37 Posts
      4k Views
      vhinzsanchezV

      @Dashrender said in Windows Offline Files query:

      I'm guessing those 8 people didn't make any offline updates to files in that folder, so Windows never checked to see if there were new versions.

      They have Read-Only access to the network folder. Another group is tasked of updating it.

    • scottalanmillerS

      Rolling Out Scale Driver Updates with Group Policy on Windows Server 2012 R2

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion group policy scale scale hc3 pv drivers gpo windows windows server
      7
      6 Votes
      7 Posts
      2k Views
      scottalanmillerS

      @scotth said in Rolling Out Scale Driver Updates with Group Policy on Windows Server 2012 R2:

      @scottalanmiller said in Rolling Out Scale Driver Updates with Group Policy on Windows Server 2012 R2:

      @scotth said in Rolling Out Scale Driver Updates with Group Policy on Windows Server 2012 R2:

      We are just starting to plan our hardware refresh. I'm seriously considering Scale. I like the info that I've seen so far.

      We love ours, it has been great.

      I'm still pulling down information..... I need a vibrant DR plan in place or decided on before I commit to a platform. It always seems to be overlooked as an afterthought.

      Common approach is to get something like a Synology or a ReadyNAS and use the Scale HC3 built in snapshot and export backup functionality to push full image backups on a schedule out to the NAS.

    • DustinB3403D

      GPO Push a single file to a specific set of users

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion server 2008 r2 group policy
      13
      0 Votes
      13 Posts
      2k Views
      DashrenderD

      Boy I remember when I came to the understanding that MS really wanted you to build completely separate GPs for users vs devices...

    • scottalanmillerS

      Group Policy and VPNs

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion windows group policy vpn
      11
      3 Votes
      11 Posts
      2k Views
      NerdyDadN

      We use Cisco Any Connect that authenticates against AD, but is not tied to any kind of GPS and it works for us just fine. Except for deployment, I see no need in using GPS.

      If we use GPS for anything, it's with RADIUS for our wireless network. That works in one location but not the other. And this is only because both locations have different wireless systems and in how each system implements RADIUS and authenticates a laptop against an OU.

    • scottalanmillerS

      Best Way to Deploy EXE Packages via Group Policy

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion group policy windows windows system administration
      8
      0 Votes
      8 Posts
      6k Views
      scottalanmillerS

      @coliver said in Best Way to Deploy EXE Packages via Group Policy:

      @coliver said in Best Way to Deploy EXE Packages via Group Policy:

      If the EXE has a silent installer flag I would run it as a startup or login task the first time. Just add a check in there to see if it has already been installed.

      Meant to say I would put it on a share and have a startup script execute it with the silent flag. Drop a installcomplete.txt file somewhere on the local disk and query for that at startup.

      Cool, that's the direction that I was headed.

    • steveS

      Mike Davis: Windows Group Policy

      Watching Ignoring Scheduled Pinned Locked Moved MangoCon mike davis group policy mangocon mangocon 2016 youtube
      1
      2 Votes
      1 Posts
      763 Views
      No one has replied
    • Mike DavisM

      What should be in Powershell 101 and Group Policy 101 Sessions at MangoCon 2016?

      Watching Ignoring Scheduled Pinned Locked Moved MangoCon powershell windows server group policy mangocon mangocon 2016 mangocon sessions
      6
      2 Votes
      6 Posts
      2k Views
      DashrenderD

      @Mike-Davis said in What should be in Powershell 101 and Group Policy 101 Sessions at MangoCon 2016?:

      In the WPA2-Enterprise deployment session, I'll hit on how you push the cert and SSID to your domain joined devices to have the connect automatically to your WPA2-Enterprise SSID.

      I like this idea.

    • 1
    • 2
    • 1 / 2