Search the Community
Showing results for tags 'GPO'.
-
Hi is it possible to disable Bluetooth file transfer but sill allow Bluetooth to attach Mice, keyboards, etc. Ideal apply this via group policy. Thanks Rob
-
Hi There, Anyone here has hands-on experience on implement Bit-Locker To-Go? In my environment we use SCCM CB-1902 and MBAM server & client. We have single drive in all the client and it has been protected using MBAM agent. Now looking for encryption the removal disc \USB automatically, when it insert. How can I achieve this? Please free to ask me, if required more information. BR, Biju
-
- bitlocker
- bitlocker encryption
-
(and 4 more)
Tagged with:
-
Hi Everyone,
I'm a new Level 2 Technician as i was previously Level 1 technician and my main role was helping users troubleshoot issues on their Computer and recently had a few colleagues from Level 3 started helping me get into SCCM environment were i flourishing from their Wisdom, so found your site and started to visit this site to learn a few things and decided to register.
Thank you for visiting my page
-
Hi, starting working in a place to look after W10 builds/SCCM but the GPO are in a right mess, i am after a method (power-shell script ?) to give me a readable document of ALL the group policies. i used a similar tool to document SCCM setup. I understand i can do GPRESULT /H but i need need something from a global point of view and ideally in word format. Any Suggestions most welcome. Rob
-
Please read the full posting before answering. I've searched extensively for a GPO fix to my issue but I can't find one. I've got a lot of users that work wit IE. Under Internet Options / Programs / Default Web Browser there are two options, "Tell me if Internet Explorer is not the default web browser" and "Make default". Both are grayed out on some machines and of course, cannot be modified. On other machines the "Tell me...." option is active and can be checked and the "Make Default" is grayed out. Machines with both conditions have the SAME group policies applied to them. I have a PS script on my DC allowing me to search GPO's for specific content. However I don't know what to search for in order to find the GPO that has these settings in them. Google searches have proved fruitless in finding the GPO options that need to be changed. I'm less concerned about the "Make Default" than I am about the "Tell me...." option. Where are these settings located and what are they titled? If they are not specific settings, what registry changes can I push that allows me to activate the "tell me..." option in IE? Also, why, if the same policies are being applied (meaning they are not being blocked by security filtering), are the settings on these machines different. This is extremely frustrating and I'm really looking for a solution to this. Thanks in advance for your assistance.
-
- internet explorer
- gpo
-
(and 1 more)
Tagged with:
-
Server details: Windows Server 2012 R2 - fully updated SCCM v 1606 Console version: 5.0.8412.1205 Site version: 5.0.8412.1000 Deploy workstation: Windows 10 Enterprise v1607 Hello, I have been trying to install the SCCM Client onto my workstations for the better part of two days now, attempting to deploy it via GPO. No matter what I try, I always get the same four errors in my Windows Logs/System. They come in a list of 4 entries, right in a row At this point I'm ready to pull my hair out. I'm really really unsure what my settings should really look like. I've googled and googled these errors, and I've tried every configuration change that I can see being recommended, and I don't get any changes at all. Right now, here's how I have it set up: Group Policy with Computer Configuration-Policies-Software Settings-Software installation package that has my client.msi for the source. I have tried the client.msi file from two different locations: \\sccm_server\SMS_mysite\Client\i386\client.msi and \\domain.local\NETLOGON\. For the first one (from my sccm_server), at first there were no read permissions to the Client folder (for Everyone, or Authenticated Users, or any other blanket group), so I granted them. I got that idea from this technet discussion. I tried NETLOGON because that's how I install LAPS (which works great). Figure I might as well give it a shot. I imported both templates into the group policy. Site Assignment has my site code, retry interval set to 5, retry duration set to 1. Client Deployment Settings, I've tried LOTS of things here. I've tried leaving it not configured, I've tried different variations on CCMSetup.exe with different switches like /logon, SMSSITECODE=mysitecode, MP=sccm_server, etc. I'm very unconfident on what should ACTUALLY be here. In SCCM, under Software Update-Based Client Installation Properties, I have check marked the box for 'Enable software update-based client installation'. I have extended my AD Schema as suggested in step 14 of this guide. In fact, I followed this guide for setting up my SCCM and deploying W10 via PXE. My setup should be nearly identitcal. When I try to check my workstation for C:\Windows\system32\CCM\ for logs, the CCM folder does not exist. I've searched all over C:\Windows for any CCM files or folders, and I find none. Please, help me here. Thank you.
-
Hello, I have problem with desktop wallpaper gpo. When Desktop Wallpaer apply background wallpaper shows for a few second, and then desktop becomes blue or black,but if change desktop resolution(change and than back the same resolution) desktop wallpaper becomes that image which is deploed gpo.
-
Hello all, I've upgraded my sccm server to 2012 sp1 and deployed windows 10 all went fine and applications installed without problems on the windows 10 machine. Right now i am setting my group policy right and facing a isue of windows 10 what i think need to be turned of in a domain network. You got different Privacy policy's that can send wifi passwords, account information, Keyboard recorder ( key logger) to the microsoft servers. Where and how can i set this OFF by group policy?
- 3 replies
-
- windows 10
- group policy
-
(and 4 more)
Tagged with:
-
Hello, We actually use SCCM 2012 R2 to manage our desktops. I noticed that we can do a lot of things with the configurations items and baselines. I would like to know if there is a way to export GPOs in order to import them as configuration baselines in SCCM and also if someone is working with configuration baselines instead of GPO. In general, is there any added value to use CIs instead of GPO ? Thanks in advance
-
Hi guys, I'm new here, but I've been visiting every now and then and found a solution most of the times. I'm not an expert of GPO but I was tasked to look at a solution either ways (just joined a new team). Our security team wants to make sure that every single person in the company has to change his password every tot days. Now, that's done already, except for global accounts. Let's say _No-Expiration is a group containing all the users that I want their password not to expire. Now, what I want to achieve is to get a GPO set for all OU's which has to overwrite the Password never expires option in AD and unflag it (unless that user is a member of the above group). So I actually want to: Overrule AD Actually change the flag of the object Is this possible? Thank you
-
We are a full windows shop with Dell computers. We use GPO and a login script to map printers for specific pc's. Recently we have had more and more domain pc's installing printers that are not even in the area of this pc. The pc or user are not members of the group that should get these printers. We have checked all the GPO's we can think of, but it seems like everyday there is another pc getting these printers installed. Does anyone have an idea of what is happening here? Here is an example of the script that we are running. Option Explicit dim WshNetwork Sub printers Set WshNetwork = CreateObject("WScript.Network") WshNetwork.AddWindowsPrinterConnection \\SERVER\PR03 WshNetwork.SetDefaultPrinter \\SERVER\PR03 WshNetwork.AddWindowsPrinterConnection \\SERVER\PR02 End Sub Call printers
-
Windows 8.1 store GPO's - a quick guide of you're having issues
keety posted a question in Group Policy
Hi guys, not sure if this is the right place, but thought I'd post this up as I've spent a week trying to figure out how to get the Windows store working properly in our environment. Our environment is highly locked down because of the nature of what we do. Because of this the Windows store has been disabled. We've started trialling various Windows 8.1 devices for use as mobility solutions and it quickly became apparent that without the ModernUI apps the devices were basically very expensive laptops. Our users were after devices that had the freedom of an Ipad crossed with the functionality of a laptop, there are a whole load of ModernUI apps that offer some of this functionality (such as MDM solutions that don't require a two factor authentication etc) So there are 4 GPO's that control access to the store Computer System\internet communication settings\Turn off access to the store Windows components\store\Turn off the store Application User System\internet communication settings\Turn off access to the store Windows components\store\Turn off the Store application I configured these thinking "Great, nice and simple.." But no. What did I get? Well I either got the green windows store screen, with a spinny logo that sat there for at least a day (I was angry at this point and was about to throw it out the window so thought I'd better leave it alone) or if I actually managed to get into the store I couldn't install anything, I'd click on install and get a message popup straight away Your purchase couldn't be completed Something happened and your purchase can't be completed. Error code 0x8024500c Moving the machine into an OU with no GPO's (bar default domain policy) applied it worked. Moving back into a standard OU with our standard GPO's it broke again... ARAGGGH!!! So I spent a good 5 days trawling through the hundred's of GPO's, turning them all on and off individually using local group policy...the event log was filled with errors... googling the above error message or any of the event log errors produced the sum total of f'all (go google that error and see what you get).. I'd followed all the tips I could find about getting the store working (re registering the appx store app, resetting the store cache, even redoign our build with a fresh wim from the Microsoft volume licensing site) I was about to throw the towel in and contact Microsoft when I had a brainwave.... When the error message was appearing, it was appearing instantly, there was no waiting around 2 mins for a time out, no thinking about it, just BANG! Get lost,you're not having this app! That, I figured meant it knew it wasn't allowed to go to wherever it was going so it didn't even bother... So what do I stop Windows from talking to on the internet... what don't I need windows to talk to on the internet because we handle it all using System Centre... Windows updates!!! BINGO! Computer Windows components\Windows update\Do not connect to any windows update internet locations The blinking description even mentions (Enabling this policy will disable that functionality, and may cause connection to public services such as the Windows Store to stop working.) that enabling this policy wills top the store from working! ARRRGGGHHHHH!! If anyone's interested in how (in a restricted environment) we're locking down the store (this is a proof of concept for 50 users so we're not going down the Intune or sideloading road yet), we're allowing access to the store and then using applocker to block the apps. We have one deny rule in blocking all apps and then put in exceptions for the apps we want to allow. It's fiddly building up the list but it works and our users and internal security team are happy! Anyway, as I said, I thought I'd put this here in case anyone else is having the same issues (as I know the site gets crawled by google).. I'm off to the pub now for a couple of cheeky beers....- 1 reply
-
- 1
-
- windows 8.1
- windows store
-
(and 1 more)
Tagged with:
-
Hello, Does anyone know of a way that the options function can be greyed out or removed from the software center? Or is the only way to control these functions done through Group Policy? We are about to push out SCCM client to all workstations at my company soon and i'm concerned about users managing their own desktops via this method. Anyone had similar issues? Thanks
- 2 replies
-
- software center
- power management
-
(and 2 more)
Tagged with:
-
Hello we are in the process of testing out Windows 8 to roll out to our employees and we are running into a small issue. Our UAC is turned off for all users which is causing issues with the apps not being able to launch. This GPO is a carry over from Windows 7. Is there anyway we can keep UAC turned off and also allow apps to be launched? thanks, Luis D
-
Hi, this is my 1st post, and I'm a complete noob to SCCM and Bitlocker. I'm currently using Server 2008 R2, with SCCM 2012 SP1. I've followed various guides online for deploying BitLocker, and have managed to do so successfully....but, In many guides, when created the GPO on the DC for BitLocker, I don't have the option for selecting 'used space only' or 'full disk encryption' Is this option only available with Win8 or Server 2012? I have also read up on using MBAM with SCCM, but I cannot find where you download this from. Any help would be much appreciated. thanks, mdc111
-
Hey guys, Going over my new sccm solution, and got a little issue. For servers, i do not want the Application Catalog, and after a talk with some other guys here, we decided we really don't need the Silverlight client for anything else. So i was thinking of installing the SCCM client without the silverlight(since this is only a requirement for App Catalog), as a manual process, this is easy "/Skipprereq silverlight.exe", but due to network policys and ports being locked down, i'm doing a GPO installation of the client. I do not have too much experience with gpo deployments, and i'm truggleing with finding a way to pass parameters there. Is that not possible? Will i need to use a MST file maby for this? any of you have any tips how to do this efficiently? //Eirik
-
Hi I have a problem that I have been trying to resolve, and am not having much luck so far - hopefully someone has an idea. In my infrastructure I have a bunch of printer queues that are published in AD, but they are orphaned as the printer server that they were associated with died unexpectedly, and we did not have chance to remove these published queues in print manager. If a user tries to add a new network printer, via the directory, an error is thrown that the printer cannot be connected to (obviously) Now I know that the printer pruner service that runs in AD should clean these queues as the print server is no longer available. But this is not happening. I have been into the DC GPO, and enabled the pruning service (even though "not configured" is enabled) I have reduced the time and number of retries before the printers are pruned The printer server is not in ADUC I have looked through our ADUC with ADSIEdit, and the server is not listed anywhere, so I cannot remove the queues via ADSIEdit The server is not in DNS or DHCP reservations I cannot add the printer server in printer manager Other fix's MS provide include making sure that the pruner has permissions to the printer queue - but I cant do this, as the propertied don't open, as the object does not really exist. It looks like the objects are in the AD database somewhere, but I have no idea where, or how to remove them. Domain functional level : 2003 4 x AD DC's 1 x Printer server 1 x dead printer server which has caused this issue Thanks in advance if anyone has any ideas of where to go. Warren
-
Hi All We have few new Windows 8 computers added to the network. They are missing some fonts which we use specifically for some forms and all. Our DC's are running Windows Server 2008 R2. Please can any of you guide me on how to deploy fonts to Windows 8 using GPO. Some queries i) Is it possible to deploy through Computer Configuration. (users logging in will not be having admin rights) ii) After all computers get the font, if in case i remove the GPO, will the font get removed? (I guess NO) Please also let me know how to disable simple file sharing wizard through GPO. Thanks & Waiting for your replies. AJ
-
- Deploy Fonts
- Windows 8
-
(and 2 more)
Tagged with:
-
For those not familiar with the Security Compliance Manager, SCM is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage your computers, traditional data center, and private cloud using Group Policy and Microsoft System Center Configuration Manager. In addition to Windows 7 SP1, Windows Vista SP2, Windows XP SP3, Office 2010 SP1, and Internet Explorer 8, SCM 2.5 now offer additional baselines for Exchange Server 2007 and Exchange Server 2010. Updated configuration baselines now include Windows 7 SP1, Windows Vista SP2, , Windows XP SP3, Microsoft Office 2010 SP1, and Internet Explorer 8. SCM 2 provides ready-to-deploy policies and DCM configuration packs that are tested and fully supported. Our product baselines are based on Microsoft security guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats. Key Features Include: Integration with the System Center 2012 IT GRC Process Pack for Service Manager—Beta: Product configurations are integrated into the IT GRC Process Management Packs to provide oversight and reporting of your compliance activities. Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project. Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature. Updated security guides: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important. Compare against industry best practices: Analyze your configurations against prebuilt baselines for the latest versions of Windows client and server operating systems, Microsoft Office applications, and Internet Explorer. Source: http://blogs.technet...a-download.aspx Download and more information: http://technet.micro...s/cc835245.aspx
-
Event ID: 1032271724 Language(s): English. Product(s): Windows Server. Audience(s): IT Generalist. This webcast is a compilation of lessons learned, grounded in real customer experience in deploying and using Group Policy. With guidance from Microsoft Consulting, Product Support, and customers themselves, this webcast provides new perspectives on how you can deploy and manage Group Policy effectively. It covers both tried-and-tested best practices, and the occasionally obscure but invaluable snippet that might just save your day! Presenter: Matt Hester, TechNet Presenter, Microsoft Corporation Matt Hester is a TechNet Presenter on the Microsoft Seminar Sales Team (SST). Previously Matt was a Messaging and Collaboration Technology Specialist. Matt has several years' experience with Microsoft core infrastructures products (Windows, Active Directory, Exchange, etc.) and is a Microsoft Exchange Server Insider. He has additional expertise in the business value of technology including using Meta and Gartner tools. Register now to view this on-demand webcast, download a .wmv of the webcast, and download a copy of the presentation. You will be directed to the on-demand webcast and also shortly receive a confirmation email with links to the downloads. View other sessions fromGroup Policy: Explore Fundamentals and Advanced Concepts.