|
Disable Interactive Logon to a Group of users in an OU
I have need to block our Service accounts (which are all located in there own
OU) the ability to logon to any machine in the domain. How can this been done
thru group policy.?
I don’t want to put the account in a policy individually, as I want any new
account in the OU to automatically have the denied interactive logon to all
machines.
Note the Domain is 2008
Thanks in advanc...
|
2 |
12/18/2008 7:01:17 AM |
|
|
Apply only security updates
We are a small 2003 AD shop with 20 xp client workstations. Is there a way
thru GPO to apply only security updates? - we dont want all other updates.
We dont have windows update server running internally-
Any suggestions appreciated
Carlo
...
|
2 |
12/18/2008 6:53:45 AM |
|
|
mapping mydocs
We would like to map users my docs to our file server, i already have folders
set for them that i did manually if i map them to this same location will it
affect the folders already there ?(ie change security,delete contents) if i
remember correctly you can have the folders setup automatically with the user
names but what if the folders are already there ?
server 2003 clients are all xp ...
|
5 |
12/18/2008 6:52:48 AM |
|
|
Changing all domain PC's local Admin password?
As subject, we have an AD domain running Windows 2003 R2 server with
primarily Windows XP workstations, with a few Vista machines.
I'd like to change the passwords of the local Administrator accounts on
all of these machines, however there are a few caveats:
I only want to do it on machines where the current password is
"whateverphrase" as there are some machines with unique admin pass...
|
3 |
12/17/2008 7:45:08 PM |
|
|
Group policy broke RPC?
I have an issue here that is affecting about half of my workstations (about
150). Network connections disappear and and dialup/vpn connections
dissapear completely. Windows firewall doesnt work etc etc etc. Basic
network connectivity works fine but nothing else.
Setting the RPC service to LocalSystem and rebooting the machine fixes the
problem but obviously i dont want to have to do t...
|
2 |
12/16/2008 8:24:51 PM |
|
|
GP Corrupt Helprver 2003
Well, I've had some good experience with recovering GP. When running
gpedit.msc, some of the ontries come up in different languages, and/or
control characters that show up as the normal squares. When I mean different
languages, I mean French, Arabic, Spanish, Italian and German all in one GP
view. Ive done a secedit replacement of the GP, replaced gpedit.msc file
itself and still shows i...
|
4 |
12/16/2008 2:50:01 PM |
|
|
Sysvol the DC is getting rebooted,
Please help me on this.
Domain: AD001
Domain Controllers: DC1,DC2,DC3,DC4 and DC5
All are Windows 2003 Standard Edition with SP1
(OS on C:Drive and SYSVOL on H:Drive)
Member servers on Domain: M1,M2.....
When I am renaming any file on Sysvol the DC is getting rebooted,For
example
I have logged in to DC2 and from Run I am accessing SYSVOL through UNc
as
\\AD001\SYSVOL\AD001\Poli...
|
2 |
12/16/2008 9:45:29 AM |
|
|
Profiles
Don't know if this is the correct newsgroup but I'll start here. I have a
single forest single domain Windows Server 2003 EE AD environment. Is there a
way (with or without GP) to eliminate the profiles that are created under
C:\Documents and Settings? What I want to achieve is a mandatory student
read-only profile on the XP workstations. This will save me a lot of
unnecessary grief. Tha...
|
6 |
12/16/2008 1:18:26 AM |
|
|
Printer GPO
Hi
I have AD with one DC W2K8 (native W2K3)
and OLD 12 Wiindows XP/SP2 PCs
and NEW 2 Windows XP/SP3 PCs.
There is Printer Server on DC and GPO
push printers to PCs. Function
PushPrinterConnections.exe -LOG
is used in GPO. On 12 old PCs it is OK
and working, incluging ppcMachine log file.
On new PC, there no printers appeared
and no trace for log file.
It is interestin...
|
4 |
12/15/2008 2:02:11 PM |
|
|
Group policy effective in Win 2003
Hi,
Have a Domain controller wherein the Default Domain controller policy is
unconfigured. I have configured 2 OU's and respective group policy for each
OU as below.
Network Domain
Director OU Director Group Policy.
User OU User Group Policy
Now I have configured screen saver timeout for Director OU as 60min and
User OU as 5min but the users...
|
7 |
12/15/2008 11:24:52 AM |
|
|
Block installs from IE6 IE7
Is there a gpo config so I can block malicious software from being installed
over IE6 and IE7?
A user recently had a popup telling her she was vulnerable to spyware- she
did everything she could to avoid it
from loading, ctr-alt-del - no luck- it began to install untill she pulled
the network cable. We have
Symantec NAV, windows defender and spysweeper on that PC and nothing stopped
i...
|
2 |
12/15/2008 7:00:11 AM |
|
|
IE7 error
Hi, everyone
I used GPO to deploy IE 7 which is made by IEAK 7 and then install to one
computer (Windows XP sp2). When users open email from Outlook Express and
then print it. The text is small one not normal. I tried to change the
following area
1. Internet Explorer's text font
2. Outlook Express's text font
3. Outlook Express | option | Read | Medium to Large
However, the result...
|
1 |
12/15/2008 6:46:46 AM |
|
|
Manually delete duplicate software allocations in GPO
I had trouble adding an MSI to a GPO (it didn't have a security tab and the
package wouldn't show in the list). I worked out this was because the author
has put a leading space on the ProductName of the MSI. I modified this and
successfully added it. Now 10 entries for the same MSI appear int the policy
which would have been caused when I was trying to add it with the leading
space and a...
|
3 |
12/13/2008 5:20:01 PM |
|
|
IE7 - Group Policy Management Console showing strange values
Hi!
Due a recent IE7 security issue[1], I would like to increase the
security level of the "Internet zone" to "High" on all machines by
using group policies. I already have a group policy object (GPO) "IE7"
linked to the domain.
Now I configure my local IE7 (Vista x64) just as it should be (in
particular: Internet=High), start "Group Policy Management" and edit
the "IE7" policy.
I na...
|
1 |
12/12/2008 2:11:11 PM |
|
|
Vista: hide "Windows Mail" start menu icon via policy?
Hello,
I have, probably much like every one else, an icon titled "Windows
Mail" on the Vista Start Menu _above_ the pinned items area. I cannot
get it to go away.
I have searched the file system via Explorer and via cmd prompt, in
the user profile folder, in "all users", in "default", using both
visible and hidden folder searching and I've deleted every *.lnk
related to Windows Mail. I...
|
1 |
12/12/2008 12:43:36 PM |
|
|
get IP by gpinventory
Hi,
I'm trying to get information from all my client PCs, and when I gather the
IP address, gpinventory gave me System.String[] result. I know it is because
the IP address are stored in array, but can I get the first IP address of the
result? As most of the workstations only have 1 IP.
Thanks in advance...
|
1 |
12/12/2008 3:03:00 AM |
|
|
server 2008 disable admin account policy
I have a GPO at the domain level to disable the built in Administrator
account on client computers. It is working flawlessly on all the XP and
Server 2003 computers. I noticed it is not working as it should on the W2K8
servers. If i look in the winlogon.log file i find "Administrator account is
not allowed to be disabled." if i create a second local admin account and do
a gpupdate th...
|
6 |
12/11/2008 6:06:54 PM |
|
|
Resetting Group Policy on a Member Server in a DMZ
Hello, I administer a Windows 2003 network, and we use Group Policy and WSUS
to keep all clients and servers up-to-date. We have an Outlook Web Access
Server on our DMZ, and despite opening lots of different ports on our
firewall, I have been unable to apply Group Policy properly to this machine.
Because of this, I have decided to use Local Group Policy to get Windows
Updates directly ...
|
3 |
12/11/2008 4:31:03 PM |
|
|
assigning software in Win 2003
Hi,
I have a default domain controller policy for screen saver, passwords and
etc which is working fine. Now recently under this policy itself added
software 7zip.msi to be assigned to all user. But the software is not
getting installed on any machine. I assigned the software by full UNC name
and followed the exact procedure. The software distribution folder is shared
to all read only b...
|
5 |
12/11/2008 11:36:15 AM |
|
|
Block Specified Websites on XP Clients with Group Policy, Server 2
Hi,
We received a new directive from the top that certain websites need to be
blocked on all employee work computers (XP sp2). Can this be accomplished
with Group Policy? Our AD servers are 2003 R2 sp1. We only allow IE 6&7 on
the computers.
Thanks!
Steve
...
|
2 |
12/10/2008 10:20:17 PM |
|
|
Block GPO
Hello,
I have a couple of GPOs which are being applied while my user logs onto
Citrix. Is there a way to specify in an GPO that is should not be applied
on "Citrix Server A".
Im trying to decrease logon time on my Citrix servers by blocking certain
GPOs from running.
Thank you,
D
...
|
5 |
12/10/2008 10:17:41 PM |
|
|
IE7 and Pop Up Blocker GPO
Hello everyone
I am currently trying to disallow my users from turning off the pop-up
Blocker in IE7.
I tried turning enabling the Use Pop-up Blocker under "computer
configuration ==> Administrative Template ==> Windows Component ==>
Internet Explorer ==> Internet Control Panel ==> Security Page ==>
Internet Zone ==> Use Pop-up Blocker."
Unfortunately that did not help....
|
3 |
12/10/2008 10:06:43 PM |
|
|
Group Policy Preference Error
Hi Team,
I am using a GPO to copy a BMP file (wallpaper) from DC and store it in the
C:\windows\ and then link the BMP file as the desktop wallpaper. After
creating the GPO I encountered the following error message in the Event
Viewer on the local workstation:
Log Name: Application
Source: Group Policy Files
Date: 12/01/2008 12:00:52 PM
Event ID: 8194
Tas...
|
8 |
12/10/2008 4:15:43 PM |
|
|
User Logon Script never executed
Hi all,
I've made a GROUP POLICY with two scripts:
- Computer Configuration Level: shutdown script
- User Configuration Level: Logon script
the shutdown script is executed every time I shut down my PC.
The logon script is NEVER executed when I log on with my user (my user is in
the "Domain Users" group).
The logon script creates a simple blank text file.
If I execute it normal...
|
2 |
12/10/2008 11:21:59 AM |
|
|
firewall
the firewall policy has me baffled.
There are 3 areas.. domain, private and public..
I find my computer is constantly deciding which are they are in.
Therefore my rules are not applying.
How does this work ?...
|
7 |
12/9/2008 1:16:10 PM |