Is your native module exppw.dll correctly registered?

@JasGot said in GPO question:

net accounts

Can you run "net accounts /domain" from any workstation or server connected to the same domain as the Exchange server. show the results here.

When your students first logs in, are they prompted to set their regional date and time?

@taurex said in GPO question:

From my experience, BYODs make resetting AD passwords for students a time-waster for IT. You should delegate this to non-IT staff like school librarians and teach them how to use a password reset app like Wisesoft's Password Control (with giving them appropriate permissions like only for students OU, of course) or get your software developer to create a web-based password reset kiosk for students and staff with BYODs.

We've learned since the original post, this is not an AD/OU environment. Your point about 3rd party password control is a great option for domain admins though.....

@WLS-ITGuy said in GPO question:

@JasGot Correct, only BYOD on a separate VLAN/wifi for students.

If they are not on, and are not joining AD then GPO doesn't apply.

@scottalanmiller said in Chrome Tabs with LTE?:

Asus does have a model now that looks great.

https://www.amazon.com/Chromebook-Touchscreen-Hexa-core-Military-Spec-CT100PA-YS02T/dp/B07QHFRV3M?SubscriptionId=AKIAILSHYYTFIVPWUY6Q&tag=duckduckgo-d-20&linkCode=xm2&camp=2025&creative=165953&creativeASIN=B07QHFRV3M

I'd order one now if it had GPS and LTE......

@WLS-ITGuy said in GPO question:

Correct, as they are BYOD, they have to change it in OWA. However, they get the message that they haven't hit the complexity rules. These are new users, never before created, never before logged into a machine on the network.

So they are not on; and are not joining the domain?

@scottalanmiller said in Chrome Tabs with LTE?:

There is pretty much only one Chromebook Tablet on the market at all. The Acer one for schools.

Well, that would explain why they are so hard to find. I thought I had lost my knack for research!

Are there any decent Chrome Tabs with LTE (verizon) and GPS around? (under $350.00) I have not been successful in finding any to compare. The only purpose is to run waze and Connectwise Control.

Thanks for your suggestions.....

@DustinB3403 said in Question - how to use tar to compress multiple top level folders recursively into discrete zip files:

Does it matter, the tar process is tar?

But osx is likely where this would be run from.

Because I was going to write a cmd for loop for you if it were Win, and I was going to pass if it were *nix.

What OS?

@scottalanmiller said in If you are new drop in say hello and introduce yourself please!:

Welcome @JasGOt

Darn, I missed my anniversary by 5 days!

@WLS-ITGuy said in GPO question:

@JasGot said in GPO question:

@WLS-ITGuy said in GPO question:

I just created our new incoming first year students and was testing one of them out and they cannot change their password. I looked and I do not have any GPO that says they cannot change their password. I don't have a default domain policy enabled either. I have the GPOs set in the groups.

How can I figure out what is not allowing the student to change his password?

The default policy has a minimum age of 1 day. They cannot change their password for 24 hours after you create the account or reset their password in AD.

Default policy (was testing) is actually disabled and no other GPO has password settings.

If the machine was joined prior to you changing the min password age, and you only unchecked the min password age box, then the first assignment is still there.
With GPOs you have to over-right settings to change them.

Just for grins, can you run "net accounts" from an elevated prompt on that client machine an post the results here.

It should look something like this:

@WLS-ITGuy said in GPO question:

I just created our new incoming first year students and was testing one of them out and they cannot change their password. I looked and I do not have any GPO that says they cannot change their password. I don't have a default domain policy enabled either. I have the GPOs set in the groups.

How can I figure out what is not allowing the student to change his password?

The default policy has a minimum age of 1 day. They cannot change their password for 24 hours after you create the account or reset their password in AD.

Did you get this resolved?

@JaredBusch said in Chocolatey not available after being installed through ScreenConnect:

I guess you could cycle the screenconnect client service. That should do the same.

This did it; thanks. It's the only working solution short of a reboot. I did not want to connect to the client with SC so I pushed a re-install, it was current, so it just went through the motions and restarted the services. Perfect for my needs.

@black3dynamite said in Chocolatey not available after being installed through ScreenConnect:

refreshenv

$env:ChocolateyInstall is null; which is to be expected because the env hasn't yet been re-read.

refreshenv doesn't work because that is a command that choco installed to the env path that hasn't been refreshed yet. Both commands will work great after the env is refreshed. The question is how to refresh the env before I can run the command to refresh the env?

I installed Chocolatey via powershell in a CMD push from ScreenConnect. Install ended with no errors.

But when trying to run Choco via CMD or PS withing SC, I get this error:

choco : The term 'choco' is not recognized as the name of a cmdlet, function, script file, or operable program. Check 
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Windows\TEMP\ScreenConnect\19.2.24707.7131\f5d4735e-308a-408b-ab46-1e7e110970c8run.ps1:1 char:1
+ choco install putty.install
+ ~~~~~
    + CategoryInfo          : ObjectNotFound: (choco:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

However, when running from a CMD or PS at the client console, all is fine.

The installer warns that restarting the cmd or powershell may be needed before choco will work, but how would you do this via SC cmd when the SC cmds are run as system?

What windows version is on the client? It's not 10 / 1803 or newer is it?

@wrx7m said in Any Way to Automate Adding a New Computer to an AD Group?:

I want to be able to automatically add new laptops to an AD group that will allow them access to the wifi. I haven't found a way that works.

I tried a PowerShell script in an MDT task sequence during deployment, but couldn't get it to run correctly. I was also going to try to use PowerShell in a PDQ Deploy package, but that requires RSAT to be installed on the target system.

Is there a way to have a GPO add the computer to a group when it is located in a specific OU? Or any other suggestions on how to automate this?
TIA

So when you join them to the domain, they should end up in the default computer ou. And you will have a GPO filtered on a computer group you will create.

This command will put the full CN into an environment variable called "FULL-CN"

FOR /F "Tokens=*" %a in ('dsquery computer -name %computername%') DO SET FULL-CN=%a

Use double %'s if you use this in a bat file.

Then run this:

dsmod group "CN=test,OU=employee computers, DC=abc,DC=local" -addmbr %FULL-CN%

I've tested this in a logon script (using double %'s) and it works. You can use security filtering, WMI filtering or assign scripts by username or computername to run these two command for only the computers you need to.

If I am missing something that makes this not right for you, lets see if we can find and defeat the problem and get it working.