All Questions
Tagged with windows group-policy
735
questions
1
vote
1
answer
33
views
Change of the keyboard language and operating system language on users' computers using GPO (Windows Server)
I am responsible for managing a fleet of computers in my organization, and I would like to know how to configure the change of keyboard language and operating system language on users' computers using ...
1
vote
1
answer
46
views
Windows Group Policy Management - Session host limit group policy doesn't work as expected
I have created a group policy to end the sessions which are disconnected automatically & the settings of RDP session timeouts are located in the following GPO section Computer Configuration -> ...
- 11
7
votes
2
answers
484
views
How does group policy know when the network subsystem is ready?
I'm trying to troubleshoot some group policy startup processing issues on domain joined, remote computers that establish a Zscaler/VPN connection at startup and before logon. This causes a short delay ...
- 3,648
1
vote
0
answers
27
views
Domain administrator unable to connect via remote desktop after group policy deployment
The network I administer has two virtualized Windows Server DC and a handful of Windows clients. I wanted to enable remote desktop on all computers (some had it, some hadn't) via group policy and so I ...
- 11
0
votes
1
answer
241
views
Logon Message Powershell Script Runs But Does Not Launch Prompt
I'm trying to setup a login prompt according to https://aws.amazon.com/blogs/desktop-and-application-streaming/generate-logon-messages-for-security-and-compliance-in-amazon-windows-workspaces/ because ...
1
vote
0
answers
157
views
PowerShell - Failure to load built-in modules due to software restrictions
Yesterday, I was working with PowerShellEditorServices to develop a tool. Internally, it uses named pipes to communicate between the client and server. They are both running locally.
At some point, ...
- 131
0
votes
1
answer
54
views
How to create and manage a new DCOM object via batch or powershell
Win+R. dcomcnfg > I need to register a new dll using this tool as a COM. I can do this manually. But I have a lot of WS.
regsvr32 is not enough. The COM App need to exist in dcomcnfg
So, can it be ...
- 3
0
votes
0
answers
40
views
After setting the windows 10 gpo "DenyUnspecified" and "DenyRemovableDevice", and configure AllowDeviceIDs device is visible but cannot be removed
I need to allow only specific usb media on my windows 10 Host (21h1).
The gpo configuration:
GPO_LocalMachineRegistryKeySet "Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions&...
0
votes
0
answers
81
views
Turn off Focus assist via GPO not working as expected
Is there a standardized way to turn off focus assist centrally since i am trying to display balloon tips and toast notifications for applications and windows updates being deployed from sccm software ...
- 51
0
votes
2
answers
105
views
applying a GPO to all users for a specific server
first time writer here.
My situation is as follows:
we have an active directory, that is more or less organized. All users are in a single OU, and working on a Terminalserver (WINS 2012R2), lets call ...
- 11
0
votes
0
answers
115
views
UAC elevation via Local Admin "pin auth" not present for Azure AD Joined Windows 11
Is there any way to elevate via local admin pin in UAC prompt for non-admin Azure AD user on Windows joined to Azure Active Directory by making a change in group policy or registry to achieve desired ...
- 101
0
votes
1
answer
66
views
How do I tell what changes did the group policy made?
I have a situation where someone within a client's SecOps team made a GPO change but is not fessing up to it because it caused a pretty big outage.
From the Windows Event Logs on the affected server, ...
- 219
0
votes
0
answers
32
views
what windows policy settings are minimally required to get true/false response from isUserVerifyingPlatformAuthenticatorAvailable()
In a corporate setting there are Windows Group Policies restricting the use of FIDO Platform authenticators (e.g. Windows Hello (for Business) on Microsoft Windows devices)
Using the ...
- 1,471
-1
votes
1
answer
180
views
assign AD GPO to a specific set of computers: what mechanism?
(In exploratory mode: not sure what is the right question to ask, and how to ask it. Also, new to AD GPOs: please forgive lack of clarity in the question.)
Question: how do I assign an Active ...
- 304
0
votes
2
answers
68
views
Group Policy can't be overruled
I have 2 different GPOs in this example, one is directly under the Domain - Global GPO - and one is burried down in an User OU - Custom GPO.
In my Global GPO I have set the Setting "Local Area ...
0
votes
0
answers
117
views
Network drives not shown on some users. Explorer need to be restarted
we have windows domain, with a gpo where the drives are mapped, one of the users just one, has the problem the drives are not shown or disappears after a time. Strangely if you use any other programms ...
0
votes
0
answers
128
views
Smart Card authentication Windows 11 order
How can I configure so smartcard login is the first choice when logging in?
Our domain is using smart card login for users and LAPS for administration of our workstation which means I cannot enforce ...
0
votes
1
answer
231
views
Event 1202 when trying to run a scheduled task GPO under NT Authority\System
I'm trying to get a barcode font installed on machines for a enterprise application. The GPO is being served from a Windows Server 2019 Standard version 1809 OS build 17763.4252 server. The GPO in ...
0
votes
0
answers
57
views
Can I use a group in a root domain to filter application of a group policy object from this root domain for a computer in a child domain?
I have a root domain (root.local) with a child domain (child.root.local).
I have a Group Policy Object in the root domain, e.g. GPO_root
In the child domain I have a computer, computer_child. Is is ...
- 1
0
votes
1
answer
2k
views
Best method for enabling bitlocker via GPO/scripting
I'm working on getting bitlocker deployed across an organization and am getting hung up on how I'm expected to actually enable it. We're using on-site AD on Server2012 (will be moving to 2022 this ...
- 229
1
vote
0
answers
48
views
Microsoft Active Directory Admin - Discriminate usable USB Disk devices
good morning, I have been trying for a while through policy management or other microsoft media to restrict the use of USB removable disks. I know that through Active Direcory I can enable and disable ...
- 11
1
vote
1
answer
2k
views
Deploy Printers GPO not working after PrintNightmare restrictions
I am trying to use a GPO to deploy printers to Windows 10 workstaions in our domain. On a Windows Server 2016 DC, the policy that I am using is under Computer Configuration->Policies->Windows ...
1
vote
0
answers
398
views
Wsus gpo applied but not used
On my server, I have a GPO dedicated to enabling wsus in the environment but is some time that on the server the gpo are processed correctly and in gpresult and rsop are all ok, here is a screen:
.
...
- 46
0
votes
0
answers
223
views
Windows GPO Youtube restricted mode not applied in the browser on some machines
I have created a group policy to set youtube restricted mode in Edge and Chrome on a Windows server 2022 domain controller. On my test machine (W10 Pro ENG) the policies are applied and seem to work ...
- 1
0
votes
0
answers
108
views
Active directory failing to deploy a converted MSI file to clients via GPO
I have been struggling with deploying a Kaspersky network agent to my clients that are part of the work Domain.
I have performed the below steps;
Joined the client to the domain
Ping the name of the ...
- 3
0
votes
0
answers
847
views
Struggling to deploy files to %appdata% subfolders with GPO
I have a few minor MSOffice projects which require files to exist in various subfolders of %appdata%, and I'm trying to deploy these to a test OU but have been unable to push the files to their ...
0
votes
0
answers
575
views
GPO VBS Script does not run at startup
I need to setup a GPO that execute a VBS script at Startup.
I already create a script and test it without GPO and works perfectly, but when I do gpupdate /force and restart computer, nothing changes.
...
0
votes
0
answers
141
views
Windows 2019: Audit policy being overwritten by "something"
I have similar problem as it was described in thread below:
Audit policy being overwritten by "something"
unfortunately deletion of audit.csv did not help
let me summarize problem:
we are ...
0
votes
2
answers
130
views
Preventing software installation without AppLocker
In the light of recent news we are seeking wisdom on how to block Oracle Java from installing on all domain-joined Windows computers. The major headache is that the organisation doesn't use AppLocker.
...
0
votes
0
answers
77
views
GPO Registry and Startup Scripts failing to apply
I've been working on a relatively simple GPO to lock down some machines that will act as "kiosks". All the policies/preferences etc that I've set have worked fine except for registry changes ...
- 1
0
votes
2
answers
1k
views
Activate and specify logon script without user interaction
I would like to remotely activate a logon script to computers (Win10 and 11) not connected to a domain.
I can already remotely deploy software/script/files as admin, for example: I can deploy a logon....
- 3
-1
votes
1
answer
4k
views
Group Policy - Issues with DFSR, NETLOGON/SYSVOL?
We have an issue where some computers don't seem to be picking up all of their GPO's. When looking in group policy management editor we see many many "red x", "file not found" GPOs ...
- 240
0
votes
1
answer
2k
views
GPO Update: Missing GP In sysvol
I'm having a bit of trouble. I'm created a group policy to create a short to the desktop with a url link. I've done this in the pass without any issues, but now, i'm getting an error that one of the ...
- 1
0
votes
0
answers
338
views
Restrict RDP access via Username but Allowed via Computer
Can anyone help me with my configuration? So I need to configure RDP access restrictions for certain users and machines. I've managed to do this by creating a GPO rule on Allow log on through Terminal ...
- 11
0
votes
1
answer
1k
views
Can not reset User's Password and Cannot create user in Active directory
We have 3 Domain Controllers. DC1( Central DC) , DC2 (ADC) , DC3 (ADC)
FSMO roles are shown below
Schema master -DC1
Domain naming master -DC1
PDC -DC3
RID pool manager -DC3
Infrastructure master -DC2
...
1
vote
2
answers
175
views
How to find out & set policy in Window Server 2016. To search in security event viewer for users accidentally delete shared network folder?
I am trying to set GPO so that I can search user in event viewer who accidentally deleted the share drive in the network.
What other event IDs list can I search so that I know which category it ...
- 25
1
vote
2
answers
1k
views
"Apply once and do not reapply": how it works & how to reapply a second time
How does the PC know/determine to apply the GPO (Group Policy Object) Preference item only once?
Is there a way you can reapply it a second or subsequent times?
- 639
0
votes
0
answers
360
views
GPO printers deployed but only one printer actually shows up
I've set up two printers to be deployed via GPO (using "Deployed Printers" option under "Policies").
On my laptop only one actually shows up. In other words - the GPO clearly is ...
- 381
1
vote
1
answer
1k
views
How to compare Local Group Policy of two distinct Windows Server 2016 machines?
I want to compare group policies of two different machines, what is the proper way to do this?
From what I researched I found how to apply the same GP on another machine
,But I want to see what ...
- 113
0
votes
1
answer
296
views
Why Get-GPResultantSetOfPolicy doesn't show all the settings
I'm trying to verify GPO settings on the Windows Server 2019 machine. To do this, I export GPO settings using PowerShell Get-GPResultantSetOfPolicy command:
Get-GPResultantSetOfPolicy -ReportType Xml -...
1
vote
1
answer
1k
views
How to restrict NTLM V1 to select servers?
The domain I'm working on currently has NTLM V1 enabled for Domain Controllers. I've done some tests and discovered that only a few application servers require NTLM V1. Unfortunately I have to allow ...
- 111
2
votes
1
answer
3k
views
Why is the GroupPolicy module not found even when RSAT is installed?
I'm trying to use the Get-GPO PowerShell module. So I installed RSAT first, but the GroupPolicy module is still missing:
PS C:\Users\admin\Desktop> Install-WindowsFeature RSAT
Success Restart ...
- 757
0
votes
1
answer
683
views
Applocker - Publisher rule not working
In a bit to reduce the number of Applocker Packaged apps rules now that we are using the private store. We're looking into publisher only rules (right now, we have 1 rule per microsoft store ...
- 105
0
votes
1
answer
3k
views
Working on Printers GPO
Please bear with me, when it comes to printers, I'm probably about as useful as a bull in a china shop on top of the fact I Inherited a pretty chaotic setup that I am overhauling.
I have a printer ...
1
vote
2
answers
3k
views
Edge Enterprise Mode Site List: "Error: No URL or invalid URL for EMIE Sitelist."
When trying to configure the Enterprise Mode Site List, the configured list is not being honored. Looking at the edge://compat/iediagnostic page in Edge, the "Effective site list URL" has an ...
- 23.1k
0
votes
1
answer
178
views
Policies in Windows update
I have a laptop that is telling me there are policies set on the device from group policy. This is the only PC that is showing me those policies, I even kicked this laptop out of my domain and I'm ...
0
votes
2
answers
26k
views
Run a PowerShell script once on all computers as admin via GPO without changing execution policy
I have a PowerShell script that I need to run once on all computers in my Active Directory domain. A large number of computers are off at any given time, so a GPO would allow us to ensure that it ...
- 11
1
vote
0
answers
399
views
Export Local Group Policy Settings to Another Computer
I have a problem that can solve, a client of mine have access free laptop for young people to research job or do paperwork. Those laptop cannot be on the domain. The administration of those computer ...
- 11
0
votes
0
answers
34
views
Printing on hardened windows clients
I have inherited hardened clients with a lot of policies applied to them. There is an application running on this clients, that should show the windows printing dialog, but it does not pop up.
There ...
1
vote
1
answer
2k
views
DNS suffix works only when no subdomains are added
We have a DNS suffix for our domain ourdomain.local and it works whenever we have one additional DNS component e.g. test1.ourdomain.local or graphs.ourdomain.local, so that means we only have to type ...
- 31