ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. group policy
    Log in to post
    • All categories
    • Oksana

      Compliance in Remote Work: Group Policy and Microsoft Intune
      Starwind • starwind microsoft intune group policy • • Oksana

      1
      0
      Votes
      1
      Posts
      111
      Views

      No one has replied

    • Ambarishrh

      SOLVED: Unable to get rid of windows update group policy
      IT Discussion • windows update group policy gpo windows 10 • • Ambarishrh

      3
      0
      Votes
      3
      Posts
      502
      Views

      Dashrender

      Jared ran into a simliar'ish problem recently... There is a thread around here somewhere.

    • JaredBusch

      Unsolved Cannot access USB drive
      IT Discussion • intune group policy local • • JaredBusch

      32
      0
      Votes
      32
      Posts
      1484
      Views

      M

      @Super-Sundae : Can you run Sysinternal's RegMon and patch another machine with InTune? That way you can capture the changes.
      Perhaps running SysMon at the same time in case it makes changes to file permissions would help..

      If you can find out what the policy changes then you should be able to revert on both machines. Hopefully 🙂

    • wrx7m

      Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server
      IT Discussion • gpo group policy gpp ou windows security filtering • • wrx7m

      19
      0
      Votes
      19
      Posts
      798
      Views

      Obsolesce

      @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

      @Obsolesce said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

      @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server:

      t only applies the setting when linked to the OU of the user

      We'll according to that screenshot, it IS a user setting.

      Yeah. I want all users or a group of users who login to the RD00 server (and only this server) to have this GPP modifying HKCU to apply. Is it even possible?

      Yes, it's possible.

      Ensure the GPO is applying to the user. For example, if User1 is in the Company > Users OU, then make sure that GPO is either in Company or Users OU and the Users OU is inheriting the GPO. Verify with RSOP and gpresult that user is getting the policy.

      I think, but it's been awhile since I did much with AD GP... (like you are in the screenshot) use item-level targeting to the server name.

      Test it by having one of the in-scope users log on to a difference server, run gpresult and see if it's applying, then try it on the targeted server and see if it applies then.

    • anthonyh

      Active Directory - Finding Source Of Repeated Lockouts
      IT Discussion • active directory gpo group policy • • anthonyh

      17
      1
      Votes
      17
      Posts
      620
      Views

      anthonyh

      A quick update for y'all that are watching/participating in this thread (thank you, by the way!).

      Late Friday I realized where the lockouts where coming from. We have a Windows VM that has a suite of applications that folks need to use every blue moon or so, and they access the VM via RDP. Of course, users don't log out, they just close the RDP client (I am going to fix this). The user in question had an old logon session on this VM. Killing the user's session (I just rebooted the VM) seems to have done the trick.

      Now the goal is to better position myself for the next time this happens. I also figure it's probably not a bad idea to have more visibility on account lockouts and where they are coming from in general.

    • Grey

      GPO for compatibility mode
      IT Discussion • internet explorer internet explorer 11 gpo group policy windows • • Grey

      8
      3
      Votes
      8
      Posts
      342
      Views

      Dashrender

      @dbeato said in GPO for compatibility mode:

      @Grey said in GPO for compatibility mode:

      A previous admin created a gpo to alter and add an entry under the hive HKEY_CURRENT_USER in Key path Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range66 which forces a single entry for compatibility mode. I've spent a lot of time testing and, while the setting is to apply once and not again, it doesn't seem to allow a user to add more sites to compatibility mode and keep that addition after a reboot.

      Has anyone successfully created a GPO for IE11 to enable CM for users to add items, while also pushing a list of our own? Is there a best method around for achieving this goal?

      I have not, I only keep adding it through GPO (In the medical field which they have many sites as this).

      Ditto - Just have to keep adding them via GPO. So glad we barely use IE 11 anymore.

    • NerdyDad

      Need to block a User GP for certain Machines
      IT Discussion • group policy domain windows server 2016 windows server 2008 r2 • • NerdyDad

      9
      5
      Votes
      9
      Posts
      338
      Views

      P

      @NerdyDad

      You can use Loopback Processing also.

      https://blogs.technet.microsoft.com/askds/2013/02/08/circle-back-to-loopback/

    • CCWTech

      Desktop photo for all PC's in the domain
      IT Discussion • group policy windows • • CCWTech

      45
      2
      Votes
      45
      Posts
      2227
      Views

      I

      Thank you for the help. By posting the screenshots, I realized I had a typo in the file extension. .png vs .jpg
      Once I double checked them all it now works.

    • EddieJennings

      Logging Domain user authentication failures
      IT Discussion • audit policy windows domain server 2012 active directory active directory domain group policy • • EddieJennings

      5
      0
      Votes
      5
      Posts
      1030
      Views

      travisdh1

      @eddiejennings said in Logging Domain user authentication failures:

      @travisdh1 said in Logging Domain user authentication failures:

      @eddiejennings No OSSEC, Wazuh, or some other security monitoring available? All of them monitor logins by default that I've looked at. Should be easy to customize a report for whatever you need.

      I haven't had to set this up in a Windows environment yet, so I'm also curious as to what you end up doing.

      We do have ExtraHop; however, it's not capturing all the traffic it should (and another team is in charge of its configuration), so using auditing on the domain controllers is a bit of a stop-gap measure.

      Ah. What an ..... effective use of resources.

      Good luck, ExtraHop is very nice, but like every other tool, it's useless untill deployed properly.

    • gjacobse

      Deleting a GPO
      IT Discussion • gpo group policy printer printers printer deployment • • gjacobse

      15
      0
      Votes
      15
      Posts
      805
      Views

      DustinB3403

      @scottalanmiller said in Deleting a GPO:

      @rojoloco said in Deleting a GPO:

      @dave247 I have a few ideas about who they are specifically... but after they decided to be a bunch of dicks about anyone here posting links to their site that shall not be named, they created an account here to spy, presumably. Lot of former 🌶 folks here... Lots of 🖕 🖕 🖕 🖕 🖕 for their informers.

      It's a public site, doesn't take much for someone to inform, lol. It's a bit like tattling on a billboard.

      That sounds a lot like calling out your Husband by doing this to his ride.

      cheating2_small.jpg

    • EddieJennings

      Updating ADMX Templates
      IT Discussion • admx template group policy gpo dfs-r • • EddieJennings

      9
      0
      Votes
      9
      Posts
      734
      Views

      dbeato

      As long as it is on the SysVol\Policies\PolicyDefinitions folder then you should be fine.

    • gjacobse

      Unsolved Flushing GPOs
      IT Discussion • server server 2008 server 2012 r2 server 2016 server2012 server2012r2 gpo group policy • • gjacobse

      13
      0
      Votes
      13
      Posts
      1182
      Views

      thwr

      @thwr said in Flushing GPOs:

      @dbeato said in Flushing GPOs:

      You need to setup the settings to Delete or changed to not configured, wait until it applies and then delete the GPOs after confirming they are not applied any longer.

      Get-Content c:\temp\gpos.txt | foreach { Get-GPO -Name "$_" | Remove-GPO }

      http://jeffwouters.nl/index.php/2013/08/remove-group-policy-objects-through-powershell/

      I bet you could do something like this to set all GPOs to "on delete remove from client" too

      This assumes a txt file with all GPO names. You could also just use Get-GPO

    • Grey

      GPO Path?
      IT Discussion • windows server gpo group policy • • Grey

      12
      0
      Votes
      12
      Posts
      1458
      Views

      Grey

      @Tim_G said in GPO Path?:

      @Grey said in GPO Path?:

      So, what's the current method to add a single trusted site to my intranet zone in GPO, eh? And where do I modify all of the trusted sites/zones and activex now?

      I was answering the above question. Of course these will say not configured, because you haven't configured them yet.

      That's the thing though; there is configuration from the previous IT Team.
      CRwvU7j.png
      I should be able to edit that and I just can't. The path shown isn't there for me.

    • vhinzsanchez

      Windows Offline Files query
      IT Discussion • windows windows server windows server 2008 windows offline folders group policy • • vhinzsanchez

      37
      4
      Votes
      37
      Posts
      2799
      Views

      vhinzsanchez

      @Dashrender said in Windows Offline Files query:

      I'm guessing those 8 people didn't make any offline updates to files in that folder, so Windows never checked to see if there were new versions.

      They have Read-Only access to the network folder. Another group is tasked of updating it.

    • scottalanmiller

      Rolling Out Scale Driver Updates with Group Policy on Windows Server 2012 R2
      IT Discussion • group policy scale scale hc3 pv drivers gpo windows windows server • • scottalanmiller

      7
      6
      Votes
      7
      Posts
      1887
      Views

      scottalanmiller

      @scotth said in Rolling Out Scale Driver Updates with Group Policy on Windows Server 2012 R2:

      @scottalanmiller said in Rolling Out Scale Driver Updates with Group Policy on Windows Server 2012 R2:

      @scotth said in Rolling Out Scale Driver Updates with Group Policy on Windows Server 2012 R2:

      We are just starting to plan our hardware refresh. I'm seriously considering Scale. I like the info that I've seen so far.

      We love ours, it has been great.

      I'm still pulling down information..... I need a vibrant DR plan in place or decided on before I commit to a platform. It always seems to be overlooked as an afterthought.

      Common approach is to get something like a Synology or a ReadyNAS and use the Scale HC3 built in snapshot and export backup functionality to push full image backups on a schedule out to the NAS.

    • DustinB3403

      GPO Push a single file to a specific set of users
      IT Discussion • server 2008 r2 group policy • • DustinB3403

      13
      0
      Votes
      13
      Posts
      1150
      Views

      Dashrender

      Boy I remember when I came to the understanding that MS really wanted you to build completely separate GPs for users vs devices...

    • scottalanmiller

      Group Policy and VPNs
      IT Discussion • windows group policy vpn • • scottalanmiller

      11
      3
      Votes
      11
      Posts
      1289
      Views

      NerdyDad

      We use Cisco Any Connect that authenticates against AD, but is not tied to any kind of GPS and it works for us just fine. Except for deployment, I see no need in using GPS.

      If we use GPS for anything, it's with RADIUS for our wireless network. That works in one location but not the other. And this is only because both locations have different wireless systems and in how each system implements RADIUS and authenticates a laptop against an OU.

    • scottalanmiller

      Best Way to Deploy EXE Packages via Group Policy
      IT Discussion • group policy windows windows system administration • • scottalanmiller

      8
      0
      Votes
      8
      Posts
      5140
      Views

      scottalanmiller

      @coliver said in Best Way to Deploy EXE Packages via Group Policy:

      @coliver said in Best Way to Deploy EXE Packages via Group Policy:

      If the EXE has a silent installer flag I would run it as a startup or login task the first time. Just add a check in there to see if it has already been installed.

      Meant to say I would put it on a share and have a startup script execute it with the silent flag. Drop a installcomplete.txt file somewhere on the local disk and query for that at startup.

      Cool, that's the direction that I was headed.

    • steve

      Mike Davis: Windows Group Policy
      MangoCon • mike davis group policy mangocon mangocon 2016 youtube • • steve

      1
      2
      Votes
      1
      Posts
      604
      Views

      No one has replied

    • Mike Davis

      What should be in Powershell 101 and Group Policy 101 Sessions at MangoCon 2016?
      MangoCon • powershell windows server group policy mangocon mangocon 2016 mangocon sessions • • Mike Davis

      6
      2
      Votes
      6
      Posts
      1406
      Views

      Dashrender

      @Mike-Davis said in What should be in Powershell 101 and Group Policy 101 Sessions at MangoCon 2016?:

      In the WPA2-Enterprise deployment session, I'll hit on how you push the cert and SSID to your domain joined devices to have the connect automatically to your WPA2-Enterprise SSID.

      I like this idea.