From: Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: Custom policy to disable network access to removable media
Date:
09/18/2007 03:13:36
Hello
Brendon,
Righclick
the policy entry you see and choose Show policies only or Show
configured
policies only. Then it should be possible to see it.
Best
regards
Meinolf
Weber
Disclaimer:
This posting is provided "AS IS" with no warranties, and confers
no
rights.
>
Hi everyone
>
>
We have a requirement to create a policy which disables network access
>
to
>
CDROM and floppy drives on our servers.
>
Some research indicated that the registry keys which can do this are
>
the
>
following:
>
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms
>
and Software\Microsoft\Windows
>
NT\CurrentVersion\Winlogon\AllocateFloppies respectively.
>
>
Manually changing these values to "1" has the desired effect.
>
>
I dont find an existing policy which can do this so I wrote the
>
following ADM file to cater for this:
>
>
********************************************************* CLASS
>
MACHINE
>
>
CATEGORY !!ServerBaseLine
>
>
POLICY !!DisableCDRom
>
EXPLAIN !!DisableCDRom_Explain
>
VALUENAME "AllocateCDRoms"
>
KEYNAME "Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
>
VALUEON NUMERIC 1
>
VALUEOFF NUMERIC 0
>
END POLICY
>
>
POLICY !!DisableFloppy
>
EXPLAIN !!DisableFloppy_Explain
>
VALUENAME "AllocateFloppies"
>
KEYNAME "Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
>
VALUEON NUMERIC 1
>
VALUEOFF NUMERIC 0
>
END POLICY
>
>
END CATEGORY
>
[strings]
>
DisableCDRom="Disable CDROM Drive"
>
DisableCDRom_Explain="Enable this to disable network use of the CDROM
>
drive"
>
DisableFloppy="Disable Floppy Drive"
>
DisableFloppy_Explain ="Enable this to disable network use of the
>
Floppy
>
drive"
>
ServerBaseLine="Server Baseline"
>
********************************************************
>
Importing this doesnt show the policy in the group policy snap in. It
>
only shows the category. If I change only the Key value to something
>
else, you can see the policies but obviously it wont work.
>
>
Am I doing something wrong? Some pointers please.
>
>
Thanks
>
Top
From: Billingsley
<billingsley@newsgroup.nospam>
To:
none
Subject:
Re: Create GPO to add sites for IE.
Date:
10/01/2007 13:44:14
Try:
Computer
Configuration>Administrative Templates>Windows Compnents>Internet
Explorer>Internet
Control Panel>Security Page>"Site to Zone Assignment List"
"Ed
Cheung" <EdCheung@discussions.microsoft.com> wrote in message
news:2E3C2445-E343-48A5-AF85-4A19A7A8C97F@microsoft.com...
>I
am trying to create a GPO to add some web sites to Local
Intranet->sites,
>
and Trusted sites for 1000+ PC with IE. I am looking at Computer
>
Configuration->Administrative Templates->Windows
Components->Internet
>
Explorer do not see entries related to this. Please advise.
>
>
Thanks.
>
>
Ed
Top
From: Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: Create a GPO to add exception web sites to Local intranet
& Trust
Date:
09/28/2007 04:29:03
Hello
Ed,
Go
to user configuration>windows settings>internet explorer
maintenance>security,
Security
yones and content ratings. Enable Import the current security zones
and
privacy settings, click modify settings. Here you can configure local
intranet,
trusted sites and restricted sites.
Best
regards
Meinolf
Weber
Disclaimer:
This posting is provided "AS IS" with no warranties, and confers
no
rights.
>
I am trying to create a GPO to add exception web sites to my Local
>
Intranet and Trusted sites in my IE's Internet Options. I am using my
>
GPMC and looking at the Computer Configurations, and do not see
>
entries related.
>
>
Can someone help?
>
>
Thanks.
>
>
Ed
>
Top
From: G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: Create a GPO to add exception web sites to Local intranet
& Tr
Date:
10/02/2007 15:49:41
I
think you will find it in Add/Remove Programs in Control Panel
As
a Window Component that is...
--
Regards
G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Ed
Cheung" <EdCheung@discussions.microsoft.com> wrote in message
news:61903E9D-5992-43B7-8A90-3518D4BA1F5E@microsoft.com...
>
How do I turn off enhance configuration on my server? Would you
educate
>
me?
>
>
"G Johansson" wrote:
>
>>
No
>>
>>
What I mean is to create the GPO on a completetly other machine or turn
>>
off
>>
enhanced configuration on your server while configuring this GPO.
>>
>>
--
>>
Regards G Johansson
>>
fantomen@NOSPAM.GPfaq.se
>>
http://GPfaq.se
>>
>>
>>
"Ed Cheung" <EdCheung@discussions.microsoft.com> wrote in
message
>>
news:77EB1255-6668-4FAE-8BAA-CE84696A1DA7@microsoft.com...
>>
> Do you mean preference mode? I currently do not have that
enabled.
>>
>
>>
> "G Johansson" wrote:
>>
>
>>
>> Create it on a computer/server which doesn't have enhanced
>>
>> configuration
>>
>> enabled otherwise it won't work...
>>
>>
>>
>> --
>>
>> Regards G Johansson
>>
>> fantomen@NOSPAM.GPfaq.se
>>
>> http://GPfaq.se
>>
>>
>>
>>
>>
>> "Ed Cheung" <EdCheung@discussions.microsoft.com>
wrote in message
>>
>> news:6144B118-A5C5-4D60-9DAD-3E5122D3B9D3@microsoft.com...
>>
>> > Any idea on this?? Thanks.
>>
>> >
>>
>> > "Ed Cheung" wrote:
>>
>> >
>>
>> >> When I click on "Import the current security zones
and privacy
>>
>> >> settings",
>>
>> >> I
>>
>> >> see a popup window saying "You have choosen to
import settings that
>>
>> >> are
>>
>> >> only
>>
>> >> compatible with windows server 2003, IE enhanced security
>>
>> >> configuration.
>>
>> >> These security settings will be igonre on machines where
the
>>
>> >> enhanced
>>
>> >> security configuration is not enable". Should
I continue?
>>
>> >>
>>
>> >> "Meinolf Weber" wrote:
>>
>> >>
>>
>> >> > Hello Ed,
>>
>> >> >
>>
>> >> > Go to user configuration>windows
settings>internet explorer
>>
>> >> > maintenance>security,
>>
>> >> > Security yones and content ratings. Enable Import
the current
>>
>> >> > security
>>
>> >> > zones
>>
>> >> > and privacy settings, click modify settings. Here
you can
>>
>> >> > configure
>>
>> >> > local
>>
>> >> > intranet, trusted sites and restricted sites.
>>
>> >> >
>>
>> >> > Best regards
>>
>> >> >
>>
>> >> > Meinolf Weber
>>
>> >> > Disclaimer: This posting is provided "AS
IS" with no warranties,
>>
>> >> > and
>>
>> >> > confers
>>
>> >> > no rights.
>>
>> >> >
>>
>> >> > > I am trying to create a GPO to add exception
web sites to my
>>
>> >> > > Local
>>
>> >> > > Intranet and Trusted sites in my IE's Internet
Options. I am
>>
>> >> > > using
>>
>> >> > > my
>>
>> >> > > GPMC and looking at the Computer
Configurations, and do not see
>>
>> >> > > entries related.
>>
>> >> > >
>>
>> >> > > Can someone help?
>>
>> >> > >
>>
>> >> > > Thanks.
>>
>> >> > >
>>
>> >> > > Ed
>>
>> >> > >
>>
>> >> >
>>
>> >> >
>>
>> >> >
>>
>>
>>
>>
>>
Top
From: Ed Cheung
<EdCheung@discussions.microsoft.com>
To:
none
Subject:
Re: Create a GPO to add exception web sites to Local intranet
& Tr
Date:
10/02/2007 15:44:00
How
do I turn off enhance configuration on my server? Would you educate
me?
"G
Johansson" wrote:
>
No
>
>
What I mean is to create the GPO on a completetly other machine or turn off
>
enhanced configuration on your server while configuring this GPO.
>
>
--
>
Regards G Johansson
>
fantomen@NOSPAM.GPfaq.se
>
http://GPfaq.se
>
"Ed Cheung" <EdCheung@discussions.microsoft.com> wrote in
message
>
news:77EB1255-6668-4FAE-8BAA-CE84696A1DA7@microsoft.com...
>
> Do you mean preference mode? I currently do not have that
enabled.
>
>
>
> "G Johansson" wrote:
>
>
>
>> Create it on a computer/server which doesn't have enhanced
configuration
>
>> enabled otherwise it won't work...
>
>>
>
>> --
>
>> Regards G Johansson
>
>> fantomen@NOSPAM.GPfaq.se
>
>> http://GPfaq.se
>
>>
>
>>
>
>> "Ed Cheung" <EdCheung@discussions.microsoft.com>
wrote in message
>
>> news:6144B118-A5C5-4D60-9DAD-3E5122D3B9D3@microsoft.com...
>
>> > Any idea on this?? Thanks.
>
>> >
>
>> > "Ed Cheung" wrote:
>
>> >
>
>> >> When I click on "Import the current security zones
and privacy
>
>> >> settings",
>
>> >> I
>
>> >> see a popup window saying "You have choosen to
import settings that
>
>> >> are
>
>> >> only
>
>> >> compatible with windows server 2003, IE enhanced security
>
>> >> configuration.
>
>> >> These security settings will be igonre on machines where
the enhanced
>
>> >> security configuration is not enable". Should
I continue?
>
>> >>
>
>> >> "Meinolf Weber" wrote:
>
>> >>
>
>> >> > Hello Ed,
>
>> >> >
>
>> >> > Go to user configuration>windows
settings>internet explorer
>
>> >> > maintenance>security,
>
>> >> > Security yones and content ratings. Enable Import
the current
>
>> >> > security
>
>> >> > zones
>
>> >> > and privacy settings, click modify settings. Here
you can configure
>
>> >> > local
>
>> >> > intranet, trusted sites and restricted sites.
>
>> >> >
>
>> >> > Best regards
>
>> >> >
>
>> >> > Meinolf Weber
>
>> >> > Disclaimer: This posting is provided "AS
IS" with no warranties, and
>
>> >> > confers
>
>> >> > no rights.
>
>> >> >
>
>> >> > > I am trying to create a GPO to add exception
web sites to my Local
>
>> >> > > Intranet and Trusted sites in my IE's Internet
Options. I am
>
>> >> > > using
>
>> >> > > my
>
>> >> > > GPMC and looking at the Computer Configurations,
and do not see
>
>> >> > > entries related.
>
>> >> > >
>
>> >> > > Can someone help?
>
>> >> > >
>
>> >> > > Thanks.
>
>> >> > >
>
>> >> > > Ed
>
>> >> > >
>
>> >> >
>
>> >> >
>
>> >> >
>
>>
>
>>
>
Top
From: G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: Create a GPO to add exception web sites to Local intranet
& Tr
Date:
10/02/2007 14:58:27
No
What
I mean is to create the GPO on a completetly other machine or turn off
enhanced
configuration on your server while configuring this GPO.
--
Regards
G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Ed
Cheung" <EdCheung@discussions.microsoft.com> wrote in message
news:77EB1255-6668-4FAE-8BAA-CE84696A1DA7@microsoft.com...
>
Do you mean preference mode? I currently do not have that enabled.
>
>
"G Johansson" wrote:
>
>>
Create it on a computer/server which doesn't have enhanced configuration
>>
enabled otherwise it won't work...
>>
>>
--
>>
Regards G Johansson
>>
fantomen@NOSPAM.GPfaq.se
>>
http://GPfaq.se
>>
>>
>>
"Ed Cheung" <EdCheung@discussions.microsoft.com> wrote in
message
>>
news:6144B118-A5C5-4D60-9DAD-3E5122D3B9D3@microsoft.com...
>>
> Any idea on this?? Thanks.
>>
>
>>
> "Ed Cheung" wrote:
>>
>
>>
>> When I click on "Import the current security zones and
privacy
>>
>> settings",
>>
>> I
>>
>> see a popup window saying "You have choosen to import
settings that
>>
>> are
>>
>> only
>>
>> compatible with windows server 2003, IE enhanced security
>>
>> configuration.
>>
>> These security settings will be igonre on machines where the
enhanced
>>
>> security configuration is not enable". Should I
continue?
>>
>>
>>
>> "Meinolf Weber" wrote:
>>
>>
>>
>> > Hello Ed,
>>
>> >
>>
>> > Go to user configuration>windows settings>internet
explorer
>>
>> > maintenance>security,
>>
>> > Security yones and content ratings. Enable Import the current
>>
>> > security
>>
>> > zones
>>
>> > and privacy settings, click modify settings. Here you can
configure
>>
>> > local
>>
>> > intranet, trusted sites and restricted sites.
>>
>> >
>>
>> > Best regards
>>
>> >
>>
>> > Meinolf Weber
>>
>> > Disclaimer: This posting is provided "AS IS" with
no warranties, and
>>
>> > confers
>>
>> > no rights.
>>
>> >
>>
>> > > I am trying to create a GPO to add exception web sites
to my Local
>>
>> > > Intranet and Trusted sites in my IE's Internet
Options. I am
>>
>> > > using
>>
>> > > my
>>
>> > > GPMC and looking at the Computer Configurations, and do
not see
>>
>> > > entries related.
>>
>> > >
>>
>> > > Can someone help?
>>
>> > >
>>
>> > > Thanks.
>>
>> > >
>>
>> > > Ed
>>
>> > >
>>
>> >
>>
>> >
>>
>> >
>>
>>
Top
From: Ed Cheung
<EdCheung@discussions.microsoft.com>
To:
none
Subject:
Re: Create a GPO to add exception web sites to Local intranet
& Tr
Date:
10/02/2007 14:45:01
Do
you mean preference mode? I currently do not have that enabled.
"G
Johansson" wrote:
>
Create it on a computer/server which doesn't have enhanced configuration
>
enabled otherwise it won't work...
>
>
--
>
Regards G Johansson
>
fantomen@NOSPAM.GPfaq.se
>
http://GPfaq.se
>
"Ed Cheung" <EdCheung@discussions.microsoft.com> wrote in
message
>
news:6144B118-A5C5-4D60-9DAD-3E5122D3B9D3@microsoft.com...
>
> Any idea on this?? Thanks.
>
>
>
> "Ed Cheung" wrote:
>
>
>
>> When I click on "Import the current security zones and
privacy settings",
>
>> I
>
>> see a popup window saying "You have choosen to import
settings that are
>
>> only
>
>> compatible with windows server 2003, IE enhanced security
configuration.
>
>> These security settings will be igonre on machines where the
enhanced
>
>> security configuration is not enable". Should I
continue?
>
>>
>
>> "Meinolf Weber" wrote:
>
>>
>
>> > Hello Ed,
>
>> >
>
>> > Go to user configuration>windows settings>internet
explorer
>
>> > maintenance>security,
>
>> > Security yones and content ratings. Enable Import the current
security
>
>> > zones
>
>> > and privacy settings, click modify settings. Here you can
configure
>
>> > local
>
>> > intranet, trusted sites and restricted sites.
>
>> >
>
>> > Best regards
>
>> >
>
>> > Meinolf Weber
>
>> > Disclaimer: This posting is provided "AS IS" with
no warranties, and
>
>> > confers
>
>> > no rights.
>
>> >
>
>> > > I am trying to create a GPO to add exception web sites
to my Local
>
>> > > Intranet and Trusted sites in my IE's Internet
Options. I am using
>
>> > > my
>
>> > > GPMC and looking at the Computer Configurations, and do
not see
>
>> > > entries related.
>
>> > >
>
>> > > Can someone help?
>
>> > >
>
>> > > Thanks.
>
>> > >
>
>> > > Ed
>
>> > >
>
>> >
>
>> >
>
>> >
>
>
Top
From: G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: Create a GPO to add exception web sites to Local intranet
& Tr
Date:
10/02/2007 14:05:26
Create
it on a computer/server which doesn't have enhanced configuration
enabled
otherwise it won't work...
--
Regards
G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Ed
Cheung" <EdCheung@discussions.microsoft.com> wrote in message
news:6144B118-A5C5-4D60-9DAD-3E5122D3B9D3@microsoft.com...
>
Any idea on this?? Thanks.
>
>
"Ed Cheung" wrote:
>
>>
When I click on "Import the current security zones and privacy
settings",
>>
I
>>
see a popup window saying "You have choosen to import settings that
are
>>
only
>>
compatible with windows server 2003, IE enhanced security configuration.
>>
These security settings will be igonre on machines where the enhanced
>>
security configuration is not enable". Should I continue?
>>
>>
"Meinolf Weber" wrote:
>>
>>
> Hello Ed,
>>
>
>>
> Go to user configuration>windows settings>internet explorer
>>
> maintenance>security,
>>
> Security yones and content ratings. Enable Import the current security
>>
> zones
>>
> and privacy settings, click modify settings. Here you can configure
>>
> local
>>
> intranet, trusted sites and restricted sites.
>>
>
>>
> Best regards
>>
>
>>
> Meinolf Weber
>>
> Disclaimer: This posting is provided "AS IS" with no
warranties, and
>>
> confers
>>
> no rights.
>>
>
>>
> > I am trying to create a GPO to add exception web sites to my
Local
>>
> > Intranet and Trusted sites in my IE's Internet Options. I
am using
>>
> > my
>>
> > GPMC and looking at the Computer Configurations, and do not see
>>
> > entries related.
>>
> >
>>
> > Can someone help?
>>
> >
>>
> > Thanks.
>>
> >
>>
> > Ed
>>
> >
>>
>
>>
>
>>
>
Top
From: Ed Cheung
<EdCheung@discussions.microsoft.com>
To:
none
Subject:
Re: Create a GPO to add exception web sites to Local intranet
& Tr
Date:
10/02/2007 13:46:02
Any
idea on this?? Thanks.
"Ed
Cheung" wrote:
>
When I click on "Import the current security zones and privacy
settings", I
>
see a popup window saying "You have choosen to import settings that
are only
>
compatible with windows server 2003, IE enhanced security
configuration.
>
These security settings will be igonre on machines where the enhanced
>
security configuration is not enable". Should I continue?
>
>
"Meinolf Weber" wrote:
>
>
> Hello Ed,
>
>
>
> Go to user configuration>windows settings>internet explorer
maintenance>security,
>
> Security yones and content ratings. Enable Import the current security
zones
>
> and privacy settings, click modify settings. Here you can configure
local
>
> intranet, trusted sites and restricted sites.
>
>
>
> Best regards
>
>
>
> Meinolf Weber
>
> Disclaimer: This posting is provided "AS IS" with no
warranties, and confers
>
> no rights.
>
>
>
> > I am trying to create a GPO to add exception web sites to my
Local
>
> > Intranet and Trusted sites in my IE's Internet Options. I
am using my
>
> > GPMC and looking at the Computer Configurations, and do not see
>
> > entries related.
>
> >
>
> > Can someone help?
>
> >
>
> > Thanks.
>
> >
>
> > Ed
>
> >
>
>
>
>
>
>
Top
From: Ed Cheung
<EdCheung@discussions.microsoft.com>
To:
none
Subject:
Re: Create a GPO to add exception web sites to Local intranet
& Tr
Date:
10/01/2007 14:54:02
When
I click on "Import the current security zones and privacy
settings", I
see
a popup window saying "You have choosen to import settings that are
only
compatible
with windows server 2003, IE enhanced security configuration.
These
security settings will be igonre on machines where the enhanced
security
configuration is not enable". Should I continue?
"Meinolf
Weber" wrote:
>
Hello Ed,
>
>
Go to user configuration>windows settings>internet explorer
maintenance>security,
>
Security yones and content ratings. Enable Import the current security
zones
>
and privacy settings, click modify settings. Here you can configure local
>
intranet, trusted sites and restricted sites.
>
>
Best regards
>
>
Meinolf Weber
>
Disclaimer: This posting is provided "AS IS" with no warranties,
and confers
>
no rights.
>
>
> I am trying to create a GPO to add exception web sites to my Local
>
> Intranet and Trusted sites in my IE's Internet Options. I am
using my
>
> GPMC and looking at the Computer Configurations, and do not see
>
> entries related.
>
>
>
> Can someone help?
>
>
>
> Thanks.
>
>
>
> Ed
>
>
>
Top
From: Ed Cheung
<EdCheung@discussions.microsoft.com>
To:
none
Subject:
Re: Create a GPO to add exception web sites to Local intranet
& Tr
Date:
10/01/2007 14:46:01
"Meinolf
Weber" wrote:
>
Hello Ed,
>
>
Go to user configuration>windows settings>internet explorer
maintenance>security,
>
Security yones and content ratings. Enable Import the current security
zones
>
and privacy settings, click modify settings. Here you can configure local
>
intranet, trusted sites and restricted sites.
>
>
Best regards
>
>
Meinolf Weber
>
Disclaimer: This posting is provided "AS IS" with no warranties,
and confers
>
no rights.
>
>
> I am trying to create a GPO to add exception web sites to my Local
>
> Intranet and Trusted sites in my IE's Internet Options. I am
using my
>
> GPMC and looking at the Computer Configurations, and do not see
>
> entries related.
>
>
>
> Can someone help?
>
>
>
> Thanks.
>
>
>
> Ed
>
>
>
Top
From: Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Create a folder
Date:
09/18/2007 08:15:03
Howdie!
Jac
schrieb:
>
Yeah but the startup script will run everytime user restart his pc ?
>
>
Is there a way to run it only one time ?
Use
the "If exist" statements to check whether the folder already
exists
-
or create a file somewhere in the filesystem when the script initially
executes.
Then check for the file and if it exists, don't execute the
script.
cheers,
Florian
--
Microsoft
MVP - Windows Server - Group Policy.
eMail:
prename [at] frickelsoft [dot] net.
blog:
http://www.frickelsoft.net/blog.
Top
From: Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: Create a folder
Date:
09/18/2007 08:12:22
Jac
schrieb:
>
Yeah but the startup script will run everytime user restart his pc ?
You
ever thaught about using "if / if not" in a script?
>
Is there a way to run it only one time ?
No,
but the command ...
if
not exist c:\folder md c:\folder
TRUE?
-> folder does not exit -> md c:\folder -> it will be created
FALSE?
-> folder exist -> nothing happens
Mark
--
Mark
Heitbrink - MVP Windows Server - Group Policy
Homepage:
www.gruppenrichtlinien.de - deutsch
Blog:
gpupdate.spaces.live.com - english
Top
From: Jac
<support@ville.blainville.qc.ca>
To:
none
Subject:
Re: Create a folder
Date:
09/18/2007 07:30:05
Yeah
but the startup script will run everytime user restart his pc ?
Is
there a way to run it only one time ?
"Mark
Heitbrink [MVP]" <spam-only@gruppenrichtlinien.de> wrote in
message
news:OpvnlQd%23HHA.3716@TK2MSFTNGP03.phx.gbl...
>
Hi,
>
>
Jac schrieb:
>>
Hi is there a way with GPO to create a folder on c driver for every
>>
computers ?
>
>
You need to use a startup script.
>
>
Mark
>
--
>
Mark Heitbrink - MVP Windows Server - Group Policy
>
>
Homepage: www.gruppenrichtlinien.de - deutsch
>
Blog: gpupdate.spaces.live.com - english
Top
From: Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: Create a folder
Date:
09/18/2007 04:13:13
Hi,
Jac
schrieb:
>
Hi is there a way with GPO to create a folder on c driver for every
>
computers ?
You
need to use a startup script.
Mark
--
Mark
Heitbrink - MVP Windows Server - Group Policy
Homepage:
www.gruppenrichtlinien.de - deutsch
Blog:
gpupdate.spaces.live.com - english
Top
From: Ann
<Ann@discussions.microsoft.com>
To:
none
Subject:
RE: Cookies
Date:
09/26/2007 11:04:01
I
failed to mention that we are using IE6.
"Ann"
wrote:
>
Is there a policy that will delete cookies? We have an upgrade to one of
our
>
applications coming up and we have to delete all cookies and temp files. I
>
don't quite understand why, but I've been tasked with finding out about the
>
cookies.
Top
From: cw1972 <cw1972@gmail.com>
To:
none
Subject:
Re: configuring primary and secondary DNS settings with group
policy
Date:
09/26/2007 10:35:41
On
26 Sep, 13:44, "Roger Abell [MVP]" <mvpNoS...@asu.edu>
wrote:
>
"cw1972" <cw1...@gmail.com> wrote in message
>
>
news:1190716150.778230.215200@n39g2000hsh.googlegroups.com...
>
>
>
>
>> And please, do not multipost.
>
>
>> Best regards
>
>
>> Meinolf Weber
>
>
> Apolgies, I thought I cross-posted, which is the accepted way of doing
>
> it - didn't think I multiposted.
>
>
You did x-post, and in so far as I can see, to a short list of well choosen
>
newsgroups. I see no etiquette issues and find your decisions
appropriate.
>
>
Roger
>
>
>
>
> Thanks to everyone for your input, it does makes sense that DNS is
>
> vital for application of GPO's now.- Hide quoted text -
>
>
- Show quoted text -
Thank
you for confirming what I thought I did, I am fairly new to
newsgroups
but am quite aware of the etiquette so didn't want to upset
people.
Top
From: Roger Abell [MVP] <mvpNoSpam@asu.edu>
To:
none
Subject:
Re: configuring primary and secondary DNS settings with group
policy
Date:
09/26/2007 07:44:11
"cw1972"
<cw1972@gmail.com> wrote in message
news:1190716150.778230.215200@n39g2000hsh.googlegroups.com...
>
>
>>
And please, do not multipost.
>>
>>
Best regards
>>
>>
Meinolf Weber
>
>
Apolgies, I thought I cross-posted, which is the accepted way of doing
>
it - didn't think I multiposted.
>
You
did x-post, and in so far as I can see, to a short list of well choosen
newsgroups.
I see no etiquette issues and find your decisions appropriate.
Roger
>
Thanks to everyone for your input, it does makes sense that DNS is
>
vital for application of GPO's now.
>
Top
From: cw1972 <cw1972@gmail.com>
To:
none
Subject:
Re: configuring primary and secondary DNS settings with group
policy
Date:
09/25/2007 05:29:10
>
>
And please, do not multipost.
>
>
Best regards
>
>
Meinolf Weber
Apolgies,
I thought I cross-posted, which is the accepted way of doing
it
- didn't think I multiposted.
Thanks
to everyone for your input, it does makes sense that DNS is
vital
for application of GPO's now.
Top
From: Roger Abell [MVP]
<mvpNoSpam@asu.edu>
To:
none
Subject:
Re: configuring primary and secondary DNS settings with group
policy
Date:
09/25/2007 05:04:32
The
DNS servers IP list can be provided for XP and later.
I
see you x-posted to some W2k NGs, so this may not help,
although
you could deliver to XP and up with W2k DCs.
Look
under Comp Cfg / Adm Templates / Network / DNS Client
where
is setting DNS Servers
"cw1972"
<cw1972@gmail.com> wrote in message
news:1190709582.706409.276240@50g2000hsm.googlegroups.com...
>
I've had a look through the Administrative Templates and other
>
settings in Group Policy, I've also had a bit of a google and only
>
found how to set the primary DNS suffix through group policy.
>
>
Is it possible to also configure the primary/secondary DNS settings
>
for domain computers using group policy?
>
>
Any help would be appreciated.
>
>
Thank you.
>
Top
From: Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: configuring primary and secondary DNS settings with group
policy
Date:
09/25/2007 04:50:02
Hi,
cw1972
schrieb:
>
Is it possible to also configure the primary/secondary DNS settings
>
for domain computers using group policy?
No.
Only by using a computer startup script in combinatoin with netsh.exe
Why?
Because
DNS is essentual for running GPOs, now you have the problem:
You
can not correct the DNS, if it wrong, because GPOs are not applied,
because
of the wrong DNS and on the other hand MS saves your work, by
disallow
you to deploy a wrong DNS, because after deploy GPOs are no
longer
functional.
It´s
aswell some kind of chicken and egg problem ...
DHCP
is the solution you are searching for.
Mark
--
Mark
Heitbrink - MVP Windows Server - Group Policy
Homepage:
www.gruppenrichtlinien.de - deutsch
Blog:
gpupdate.spaces.live.com - english
Top
From: Meinolf Weber <meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: configuring primary and secondary DNS settings with group
policy
Date:
09/25/2007 04:35:17
Hello
cw1972,
Do
you use DHCP for the clients? Then you can set it theire. With GPO it
is
not possible by default. Maybe you can create your own .adm file for that.
And
please, do not multipost.
Best
regards
Meinolf
Weber
Disclaimer:
This posting is provided "AS IS" with no warranties, and confers
no
rights.
>
I've had a look through the Administrative Templates and other
>
settings in Group Policy, I've also had a bit of a google and only
>
found how to set the primary DNS suffix through group policy.
>
>
Is it possible to also configure the primary/secondary DNS settings
>
for domain computers using group policy?
>
>
Any help would be appreciated.
>
>
Thank you.
>
Top
From: DEI <dei@nospam.com>
To:
none
Subject:
Re: Clear passwords in Internet Explorer
Date:
09/17/2007 12:49:58
what
about in group policy? Is there a setting in group policy to
accomplish
this?
"pete0085"
<pete0085@discussions.microsoft.com> wrote in message
news:7BAF1115-7365-4294-9766-11FB48F87860@microsoft.com...
>
If you are using IE 7. Internet options-general-delete-delete
passwords.
>
>
"DEI" wrote:
>
>>
I have the 'Disable AutoComplete for forms' and 'Do not allow
>>
AutoComplete
>>
to save passwords' set to enabled, but I still have users that claim they
>>
see their username in fields although it is greyed out. Is there a
way
>>
to
>>
clear the username and passwords remembered?
>>
>>
>>
Top
From: pete0085
<pete0085@discussions.microsoft.com>
To:
none
Subject:
RE: Clear passwords in Internet Explorer
Date:
09/17/2007 09:22:03
If
you are using IE 7. Internet options-general-delete-delete passwords.
"DEI"
wrote:
>
I have the 'Disable AutoComplete for forms' and 'Do not allow AutoComplete
>
to save passwords' set to enabled, but I still have users that claim they
>
see their username in fields although it is greyed out. Is there a
way to
>
clear the username and passwords remembered?
>
Top
From: DEI <dei@nospam.com>
To:
none
Subject:
Re: Clear passwords in Internet Explorer
Date:
09/17/2007 09:07:39
btw,
how come those settings do not show up in the GPMC under settings? If
I
edit the gp I see the settings, but they do not show up on the settings
tab
of GPMC.
"DEI"
<dei@nospam.com> wrote in message
news:eMJdWNT%23HHA.1204@TK2MSFTNGP03.phx.gbl...
>I
have the 'Disable AutoComplete for forms' and 'Do not allow AutoComplete
>to
save passwords' set to enabled, but I still have users that claim they
>see
their username in fields although it is greyed out. Is there a way to
>clear
the username and passwords remembered?
>
Top
From: Rob (Microsoft)
<RobMicrosoft@discussions.microsoft.com>
To:
none
Subject:
RE: Cannot change domain controller security pol!
Date:
09/17/2007 06:50:04
If
the CrashonAuditfail is set to a 2 in the registry, then clear the
security
log and reboot.
Ok
for the other part
Under
Windows\Sysvol\Sysvol\Domain\Policies\{6AC............}\Microsoft\Windows
NT\Secedit
(I think this is the correct path)
Edit
your GPTTMPL.Inf file and look for SeinteractiveLogon
Add
,*S-1-1-0 to the end of the line
Look
for SENetworklogon
Add
,*S-1-1-0 to the end of the line
Under
Windows\Sysvol\Sysvol\Domain\Policies\{6AC............}\Microsoft\Windows
NT\Secedit
(I think this is the correct path)
Rename
your GPTTMPL.INF to GPTtmpl.old
If
this is Windows 2003 then run a GPUPDATE /Force
If
this is Windows 2000 then run a Secedit Refreshpolicy Machine_Policy
/Enforce
I
hope this helps. It really sounds like you have a virus. You
may think
about
trying to promote a second DC into the environment if this doesn't work.
Is
the CrashonAuditfail a 2?
"kenny0305"
wrote:
>
Rob,
>
>
Further to my last, on restarting the machine normally, I receive service
>
control manager error messages in the system log to the effect that Logon
>
attempt with current password failed with the follwoing error: Logon
failure:
>
the user has not been granted the requested logon type at this computer.
>
>
Any way I can change this?
>
>
Kenny
>
>
"Rob (Microsoft)" wrote:
>
>
> There are a couple of things that you need to check.
>
>
>
> 1) Is DNS pointed to a DNS server that hosts your domain
>
> 2) Under HKLM\System\CCS\Control\LSA is the crashonauditfail value
2? If
>
> so, clear your security log, set the value to 1 and reboot
>
> 3) Run a Gpedit.msc and see who you have for access this computer from
a
>
> network right. If it's blank, you probably have a virus on the
box that
>
> cleared it.
>
>
>
> "kenny0305" wrote:
>
>
>
> > My W2K server has suddenly stopped me from editing group policy.
I receive a
>
> > message saying I dont have permission to perform this operation,
access
>
> > denied. I am logging in with the default network admin account
which should
>
> > work. I have tried to reset the GpTmpl files as per article
226243 in help
>
> > and support, but still cannot change anything. I am also
prevented from
>
> > running microsoft exchange administrator with an error message
"an
>
> > unexpected, unknown error has occurred. MAPI or an unspecified
service
>
> > provider. ID no: 00000000-0000-00000000.
>
> >
>
> > The exchange problem confronted me after 3 weeks off and all
others swear
>
> > they have not touched anything. Please help before I have to
completely
>
> > rebuild our server!
Top
From: kenny0305
<kenny0305@discussions.microsoft.com>
To:
none
Subject:
RE: Cannot change domain controller security pol!
Date:
09/17/2007 04:08:01
Rob,
Further
to my last, on restarting the machine normally, I receive service
control
manager error messages in the system log to the effect that Logon
attempt
with current password failed with the follwoing error: Logon failure:
the
user has not been granted the requested logon type at this computer.
Any
way I can change this?
Kenny
"Rob
(Microsoft)" wrote:
>
There are a couple of things that you need to check.
>
>
1) Is DNS pointed to a DNS server that hosts your domain
>
2) Under HKLM\System\CCS\Control\LSA is the crashonauditfail value 2?
If
>
so, clear your security log, set the value to 1 and reboot
>
3) Run a Gpedit.msc and see who you have for access this computer from a
>
network right. If it's blank, you probably have a virus on the box
that
>
cleared it.
>
>
"kenny0305" wrote:
>
>
> My W2K server has suddenly stopped me from editing group policy. I
receive a
>
> message saying I dont have permission to perform this operation,
access
>
> denied. I am logging in with the default network admin account which
should
>
> work. I have tried to reset the GpTmpl files as per article 226243 in
help
>
> and support, but still cannot change anything. I am also prevented
from
>
> running microsoft exchange administrator with an error message
"an
>
> unexpected, unknown error has occurred. MAPI or an unspecified service
>
> provider. ID no: 00000000-0000-00000000.
>
>
>
> The exchange problem confronted me after 3 weeks off and all others
swear
>
> they have not touched anything. Please help before I have to
completely
>
> rebuild our server!
Top
From: kenny0305
<kenny0305@discussions.microsoft.com>
To:
none
Subject:
RE: Cannot change domain controller security pol!
Date:
09/17/2007 04:04:00
Rob,
This
is the only server in the domain, so it does host the DNS server. I
have
made sure the the HKLM key value is set to 1 to no avail. I cannot run
gpedit.msc
as I get the same error message as before telling me I do not have
permission
to change the group policy. I cannot copy any files from the
computer
to removable media. All windows come up as restricted sites. I am at
a
loss. Please help.
Kenny
"Rob
(Microsoft)" wrote:
>
There are a couple of things that you need to check.
>
>
1) Is DNS pointed to a DNS server that hosts your domain
>
2) Under HKLM\System\CCS\Control\LSA is the crashonauditfail value 2?
If
>
so, clear your security log, set the value to 1 and reboot
>
3) Run a Gpedit.msc and see who you have for access this computer from a
>
network right. If it's blank, you probably have a virus on the box
that
>
cleared it.
>
>
"kenny0305" wrote:
>
>
> My W2K server has suddenly stopped me from editing group policy. I
receive a
>
> message saying I dont have permission to perform this operation,
access
>
> denied. I am logging in with the default network admin account which
should
>
> work. I have tried to reset the GpTmpl files as per article 226243 in
help
>
> and support, but still cannot change anything. I am also prevented
from
>
> running microsoft exchange administrator with an error message
"an
>
> unexpected, unknown error has occurred. MAPI or an unspecified service
>
> provider. ID no: 00000000-0000-00000000.
>
>
>
> The exchange problem confronted me after 3 weeks off and all others
swear
>
> they have not touched anything. Please help before I have to
completely
>
> rebuild our server!
Top
From: Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: can't add a user or group to access this computer from the
networ
Date:
09/25/2007 09:30:09
BestSysEng
schrieb:
>
I'm tryng to add "Everyone" to the "access this computer
from the network"
>
properties on a Test Domain Controller, but "Add User or
Group..." is grayed
>
out.
Because
it is defined in the Default Domain Controllers Policy, thats why
you
can´t edit it in the "Local Security Policy".
Mark
--
Mark
Heitbrink - MVP Windows Server - Group Policy
Homepage:
www.gruppenrichtlinien.de - deutsch
Blog:
gpupdate.spaces.live.com - english
Top
From: Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Can I use GPO to set User cannot change password?
Date:
09/25/2007 15:15:14
Howdie!
PS
schrieb:
>
What do I need to audit? How would I do that?
I
run out of time, so that's what my personal search came up with:
http://www.ftponline.com/wss/2004_08/magazine/columns/windowstips/
You
can try to find a howto yourself, just search for "audit account
changes"
or something similar to that. That was my search string, however.
cheers,
Florian
--
Microsoft
MVP - Windows Server - Group Policy.
eMail:
prename [at] frickelsoft [dot] net.
blog:
http://www.frickelsoft.net/blog.
Top
From: PS <nospam@kynetix.com>
To:
none
Subject:
Re: Can I use GPO to set User cannot change password?
Date:
09/25/2007 11:35:02
Thanks
Florian.
What
do I need to audit? How would I do that?
"Florian
Frommherz [MVP]" <florian@PLEASELEAVETHISOUT.frickelsoft.net>
wrote
in
message news:eteDAU3$HHA.4956@TK2MSFTNGP06.phx.gbl...
Howdie!
PS
schrieb:
>
When I set up new user accounts on our domain I check the "User cannot
>
change password"
>
>
I noticed today that even though I've done this to all accounts when I
>
check
>
them again later they are all set back to unchecked.
>
>
I suspect this must be something to do with Group Policy. But I've looked
>
everywhere in GP and can't see a setting for this.
No
- you can't do that via Group Policy. If the accounts get altered
after
you created them, it could be a script that changes them. You
maybe
need to audit changes in order to see what's behind.
cheers,
Florian
--
Microsoft
MVP - Windows Server - Group Policy.
eMail:
prename [at] frickelsoft [dot] net.
blog:
http://www.frickelsoft.net/blog.
Top
From: Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Can I use GPO to set User cannot change password?
Date:
09/25/2007 08:06:42
Howdie!
PS
schrieb:
>
When I set up new user accounts on our domain I check the "User cannot
>
change password"
>
>
I noticed today that even though I've done this to all accounts when I
check
>
them again later they are all set back to unchecked.
>
>
I suspect this must be something to do with Group Policy. But I've looked
>
everywhere in GP and can't see a setting for this.
No
- you can't do that via Group Policy. If the accounts get altered
after
you created them, it could be a script that changes them. You
maybe
need to audit changes in order to see what's behind.
cheers,
Florian
--
Microsoft
MVP - Windows Server - Group Policy.
eMail:
prename [at] frickelsoft [dot] net.
blog:
http://www.frickelsoft.net/blog.
Top
From: Darren Mar-Elia
<dmanonymous@microsoft.com>
To:
none
Subject:
Re: Can i restart a lot of pc's
Date:
09/17/2007 20:55:13
You
might also want to check out SpecOps' GPUpdate tool
(http://www.specopssoft.com/products/specopsgpupdate/).
Among other things,
it
can restart systems from AD Users and Computers.
Darren
--
Darren
Mar-Elia
MS-MVP-Windows
Server--Group Policy
Script
Group Policy Settings with the GPExpert Scripting Toolkit for
PowerShell!
Find
out more at http://www.sdmsoftware.com/products2.php
Visit
the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information
Hub:
FAQs,
Training Videos, Whitepapers and Utilities for all things Group
Policy-related
"jdh415s"
<jdh415s@discussions.microsoft.com> wrote in message
news:DA85C370-873C-4FAE-958A-34669235C3B5@microsoft.com...
>I
just created a batch file that does a "shutdown -r -t 60 -m
\\ipaddress".
>
I included all the addresses I needed and set this up to run as a
>
scheduled
>
task on one of my servers.
>
>
"sammy" wrote:
>
>>
On Aug 24, 8:54 am, "MSExchangeStudent"
>>
<exchangestud...@newsgroups.com> wrote:
>>
> hi
>>
>
>>
> Can i restart a lot of pc's at the same time with a GPO? and how?
>>
>
>>
> or must i use Windows Scheduled Utitlity and schedule a reboot
>>
>
>>
> Craig
>>
>>
I believe you can with the line-mode command, shutdown.
>>
It has a switch for restarting (-r) and a GUI (using -i) that
>>
presumably
>>
allows you to add as many computers as you want to the list to
>>
shutdown.
>>
>>
If that doesn't work, then you could script the shutdown command to
>>
work
>>
on a list of remote hosts
>>
>>
Top
From: jdh415s
<jdh415s@discussions.microsoft.com>
To:
none
Subject:
Re: Can i restart a lot of pc's
Date:
09/17/2007 17:28:03
I
just created a batch file that does a "shutdown -r -t 60 -m
\\ipaddress".
I
included all the addresses I needed and set this up to run as a scheduled
task
on one of my servers.
"sammy"
wrote:
>
On Aug 24, 8:54 am, "MSExchangeStudent"
>
<exchangestud...@newsgroups.com> wrote:
>
> hi
>
>
>
> Can i restart a lot of pc's at the same time with a GPO? and how?
>
>
>
> or must i use Windows Scheduled Utitlity and schedule a reboot
>
>
>
> Craig
>
>
I believe you can with the line-mode command, shutdown.
>
It has a switch for restarting (-r) and a GUI (using -i) that
>
presumably
>
allows you to add as many computers as you want to the list to
>
shutdown.
>
>
If that doesn't work, then you could script the shutdown command to
>
work
>
on a list of remote hosts
>
>
Top
From: Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Blocking unwanted Software installation on network
Date:
09/27/2007 11:40:39
Howdie!
bassjace
schrieb:
>
Hi,
>
I have been looking for a way to stop end users on my network from
>
installing unwanted software on client PC's. Taking away Local Admin rights
>
stops programs like Adaware from running as they need Admin rights to run
and
>
we have other software that is requiring the Admin rights as well within
the
>
company.
That
is the way to go. Take away their local admin rights and enable
failing
software to run without admin priviledges (by using monitoring
tools
like filemon and regmon and granting the software/the users
write/read
access to resources it/they needs).
You
simply misunderstand the role of an administrator. They can and need
to
control the machine in any way they like. Even if you put a software
in place
(or any other technical barrier), admins can circumvent it, if
they
know how and if they are willing to.
cheers,
Florian
--
Microsoft
MVP - Windows Server - Group Policy.
eMail:
prename [at] frickelsoft [dot] net.
blog:
http://www.frickelsoft.net/blog.
Top
From: G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: blocking applications
Date:
09/27/2007 14:23:42
Either
disable the add-on inside of IE or maybe blocking the extension file
wmpdxm.dll
should work...
--
Regards
G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Thank
you" <Thankyou@discussions.microsoft.com> wrote in message
news:53E64315-6BBE-4284-92B1-6ADFCCA8136D@microsoft.com...
>I
have blocked wmplayer.exe from running through group policy.
>
>
So start>>programs>>wmplayer
>
>
you receive the message
>
This operation has been cancelled due to restrictions in effect on this
>
computer. Please contact your system administrator.
>
>
>
However if I open up ie and goto a radio station I can then launch
>
wmplayer
>
bypassing the grpPolicy and start accessing the inet radio.
>
>
Is this a known issue or is their a better way to eliminate the internet
>
radio.
>
>
Blocking port 554 which is to be used for the rtsp protocol does nothing
>
http://en.wikipedia.org/wiki/Real_Time_Streaming_Protocol
>
>
>
any help woul dbe great,
>
>
windows 2k dc
>
win2k-winXP Client O/S
>
>
Top
From: Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: Block media files through GPO
Date:
09/26/2007 14:45:32
Hello
MittonE not Spam),
With
third party tools, like sanctuary device control you can block ports,
give
them only read or write or whatever to every hardware port. AND it is
possible
to allow or deny specific file access.
For
watching movies you need media player or tools like powerdvd. So if they
aren
installed you can set rights for the starting .exe with GPO. But if
your
users are local admin they can remove this configuration and can also
install
additional software. And sometimes it is also possible to install
some
programs, even if you are a normal user.
Best
regards
Meinolf
Weber
Disclaimer:
This posting is provided "AS IS" with no warranties, and confers
no
rights.
>
Hi
>
We've got DVD readers in all our PC's in our office.
>
We have found that certain of our callcentre agents watch DVD's and
>
other movies at night when on shift.
>
>
I was wondering if there is a way of blocking this through GPO or any
>
other way but not removing the DVD from My Computer. They should still
>
be able to read other CD's and listen to music but just no Movie
>
files.
>
>
Has anyone ever had to do something like this?
>
>
Thanks
>
Top
From: Rayasiom
<Rayasiom@discussions.microsoft.com>
To:
none
Subject:
Re: Block access to certain websites
Date:
09/27/2007 03:22:02
Hi Florian
- thank you for your comments and input.
We
are currently running Group Policy Management Microsoft Corporation Ver
1.0.2
with Microsoft Management Console 3.0 ver 5.2 which I think is this
GPMC
that you are referring to as the download centre refers to the same
executables.
At
the end of the day it may just be a lot less hassle and aggravation to
buy
some sort of software to that will deal with the problem.
"Florian
Frommherz [MVP]" wrote:
>
Howdie!
>
>
Rayasiom schrieb:
>
> I have finally managed to block access to messenger and live messenger
by
>
> using the Path and Hash in the Additional Rules under Software
Restriction
>
> Policies.
>
>
Keep in mind that, as soon as there's an update for the messenger, it
>
can be possible that your rule will no longer be of value (since the
>
hash "consists" of values like the filesize and so on.
>
>
> I have seen that it is possible to block various sites using the HOSTS
file
>
> on each computer - but that is not how I want to do it. I want to be
able to
>
> control it all from the server.
>
> We have the SBS 2003 SE and I do not want to do any upgrade to Premium
or
>
> ISA as this SE should have the capability to do something if it gives
you the
>
> option to put Approved Sites in.
>
>
That is the only valuable approach - I don't mean upgrading to ISA but
>
looking for a proxy that will restrict access to the internet. You
>
cannot lock down the computer in a way that people cannot access
>
websites (at least not with reasonable effort). Just image people
>
execute another browser than IE (I remember a Firefox version that runs
>
from a USB thumb device) - and your restrictions would be useless.
>
>
cheers,
>
>
Florian
>
--
>
Microsoft MVP - Windows Server - Group Policy.
>
eMail: prename [at] frickelsoft [dot] net.
>
blog: http://www.frickelsoft.net/blog.
>
Top
From: Florian Frommherz [MVP] <florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Block access to certain websites
Date:
09/26/2007 12:06:36
Howdie!
Rayasiom
schrieb:
>
Ok - I have NOT been able to block access to messenger and Live Messenger
>
because the Windows Live Toolbar has been added which allows Live Messenger
>
to be accessed!!!!!!!!!! I have tried to add the msntb.dll to the hash and
>
path rule but no luck - does anyone know how to stop this menace to
society??
You
need to add the very same .dll or .exe file in order to successfully
block
the file. A file of another version of file size will result in a
different
hash. You'll best download GPMC and install it on a target
client
machine and administer the policy from there.
cheers,
Florian
--
Microsoft
MVP - Windows Server - Group Policy.
eMail:
prename [at] frickelsoft [dot] net.
blog:
http://www.frickelsoft.net/blog.
Top
From: Rayasiom
<Rayasiom@discussions.microsoft.com>
To:
none
Subject:
RE: Block access to certain websites
Date:
09/26/2007 11:58:03
Ok
- I have NOT been able to block access to messenger and Live Messenger
because
the Windows Live Toolbar has been added which allows Live Messenger
to
be accessed!!!!!!!!!! I have tried to add the msntb.dll to the hash and
path
rule but no luck - does anyone know how to stop this menace to society??
"Rayasiom"
wrote:
>
I have finally managed to block access to messenger and live messenger by
>
using the Path and Hash in the Additional Rules under Software Restriction
>
Policies.
>
My problem now is that there are certain websites that also need blocking.
>
I have tried adding these sites to Internet Explorer
>
Maintenance\Security\Security Zones and Content Rating - Approved Sites,
but
>
this has absolutely no affect.
>
I have seen that it is possible to block various sites using the HOSTS file
>
on each computer - but that is not how I want to do it. I want to be able
to
>
control it all from the server.
>
We have the SBS 2003 SE and I do not want to do any upgrade to Premium or
>
ISA as this SE should have the capability to do something if it gives you
the
>
option to put Approved Sites in.
Top
From: Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Block access to certain websites
Date:
09/26/2007 11:57:41
Howdie!
Rayasiom
schrieb:
>
I have finally managed to block access to messenger and live messenger by
>
using the Path and Hash in the Additional Rules under Software Restriction
>
Policies.
Keep
in mind that, as soon as there's an update for the messenger, it
can
be possible that your rule will no longer be of value (since the
hash
"consists" of values like the filesize and so on.
>
I have seen that it is possible to block various sites using the HOSTS file
>
on each computer - but that is not how I want to do it. I want to be able
to
>
control it all from the server.
>
We have the SBS 2003 SE and I do not want to do any upgrade to Premium or
>
ISA as this SE should have the capability to do something if it gives you
the
>
option to put Approved Sites in.
That
is the only valuable approach - I don't mean upgrading to ISA but
looking
for a proxy that will restrict access to the internet. You
cannot
lock down the computer in a way that people cannot access
websites
(at least not with reasonable effort). Just image people
execute
another browser than IE (I remember a Firefox version that runs
from
a USB thumb device) - and your restrictions would be useless.
cheers,
Florian
--
Microsoft
MVP - Windows Server - Group Policy.
eMail:
prename [at] frickelsoft [dot] net.
blog:
http://www.frickelsoft.net/blog.
Top
From: Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Assigning printers to computers thru GP
Date:
09/21/2007 01:37:56
Howdie!
Jim
in Cleveland schrieb:
>
Is there a way to assign a default printer to a computer thru GP?
Here's the
>
scenario: I work in a library. We're using Windows 2003 server
and XP on
>
client machines. We have a user log in for our Adult department
called
>
adult. This covers multiple areas of the library. So if someone
logs in as
>
adult on the 1st floor, I'd like those computers to default to a certain
>
printer in that area. If they log in on the 2nd floor, I would like
that
>
printer as the default for those computers in that area. We are using
>
mandatory roaming profiles. Is there such a setting? Or do I
have to use a
>
script?
I'd
use a script to do that:
http://support.microsoft.com/kb/314486
You'd
need to seperate those computers by their floor etc, so putting
them
in different OUs. Checking for computername or something like this
could
also be possible.
cheers,
Florian
--
Microsoft
MVP - Windows Server - Group Policy.
eMail:
prename [at] frickelsoft [dot] net.
blog:
http://www.frickelsoft.net/blog.
Top
From: Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Assigning printers to computers thru GP
Date:
09/21/2007 01:16:14
Hello,
is
it Windows 2003 R2 ? It add deployement printer through GPO.
As
it is mandatory profile, you may also manually set them once
--
Cordialement,
Mathieu
CHATEAU
http://lordoftheping.blogspot.com
"Jim
in Cleveland" <JiminCleveland@discussions.microsoft.com> wrote
in
message
news:00732923-6F31-4951-B24B-596406442308@microsoft.com...
>
Is there a way to assign a default printer to a computer thru GP?
Here's
>
the
>
scenario: I work in a library. We're using Windows 2003 server
and XP on
>
client machines. We have a user log in for our Adult department
called
>
adult. This covers multiple areas of the library. So if someone
logs in
>
as
>
adult on the 1st floor, I'd like those computers to default to a certain
>
printer in that area. If they log in on the 2nd floor, I would like
that
>
printer as the default for those computers in that area. We are using
>
mandatory roaming profiles. Is there such a setting? Or do I
have to use
>
a
>
script?
Top
From: Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Assign software GPO
Date:
09/28/2007 16:43:41
You
may have a look here on command line parameter to deploy acrobat reader:
http://www.appdeploy.com/packages/detail.asp?id=915
When
assigning to computers, it will install after next reboot
More
resources:
Assigning
and Publishing Software
http://technet2.microsoft.com/windowsserver/en/library/d3d52f5d-45ab-4be9-a040-28ffe09bc8f81033.mspx?mfr=true
Best
practices for Group Policy Software Installation
http://technet2.microsoft.com/windowsserver/en/library/5f065962-a6e3-422a-8db7-20a57f40f9f51033.mspx?mfr=true
--
Cordialement,
Mathieu
CHATEAU
http://lordoftheping.blogspot.com
"Vlad"
<Vlad@discussions.microsoft.com> wrote in message
news:577DA0D0-2B5C-44DF-9849-EFEADC934C80@microsoft.com...
>
Thank you, Mathie!
>
>
I tried use computer assign, but somehow its does not work. For user its
>
worked just first time without removing old version.
>
>
I will go through docs and will try again
>
Vlad
>
>
"Mathieu CHATEAU" wrote:
>
>>
Hello,
>>
>>
How to use Group Policy to remotely install software in Windows Server
>>
2003
>>
http://support.microsoft.com/kb/816102/en-us
>>
>>
I think that assigned software should go through computer GPO , not user.
>>
Else users will need admins privilege to install.
>>
This KB show that you assign software through computer, bu publish to
>>
user
>>
through the user's GPO part.
>>
>>
>>
Best practices for Group Policy Software Installation
>>
http://technet2.microsoft.com/windowsserver/en/library/5f065962-a6e3-422a-8db7-20a57f40f9f51033.mspx?mfr=true
>>
>>
>>
>>
--
>>
Cordialement,
>>
Mathieu CHATEAU
>>
http://lordoftheping.blogspot.com
>>
>>
>>
"Vlad" <Vlad@discussions.microsoft.com> wrote in message
>>
news:E515ADAE-3F67-409B-9CAD-8139ACDCEE97@microsoft.com...
>>
> Hi!
>>
> I try to assign application Adobe 8.1 to user configuration and in
same
>>
> time
>>
> to remove execting 7.1. Problem is I do not have GPO which installs
7.1
>>
> and
>>
> for my understanding I have to have it in order to update.
>>
>
>>
> Could someone please show me a light how can I achieve it?
>>
>
>>
> Thank you
>>
>
>>
> Vlad
>>
>>
Top
From: Vlad
<Vlad@discussions.microsoft.com>
To:
none
Subject:
Re: Assign software GPO
Date:
09/28/2007 16:30:03
Thank
you, Mathie!
I
tried use computer assign, but somehow its does not work. For user its
worked
just first time without removing old version.
I
will go through docs and will try again
Vlad
"Mathieu
CHATEAU" wrote:
>
Hello,
>
>
How to use Group Policy to remotely install software in Windows Server 2003
>
http://support.microsoft.com/kb/816102/en-us
>
>
I think that assigned software should go through computer GPO , not user.
>
Else users will need admins privilege to install.
>
This KB show that you assign software through computer, bu publish to user
>
through the user's GPO part.
>
Best practices for Group Policy Software Installation
>
http://technet2.microsoft.com/windowsserver/en/library/5f065962-a6e3-422a-8db7-20a57f40f9f51033.mspx?mfr=true
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
http://lordoftheping.blogspot.com
>
"Vlad" <Vlad@discussions.microsoft.com> wrote in message
>
news:E515ADAE-3F67-409B-9CAD-8139ACDCEE97@microsoft.com...
>
> Hi!
>
> I try to assign application Adobe 8.1 to user configuration and in
same
>
> time
>
> to remove execting 7.1. Problem is I do not have GPO which installs
7.1
>
> and
>
> for my understanding I have to have it in order to update.
>
>
>
> Could someone please show me a light how can I achieve it?
>
>
>
> Thank you
>
>
>
> Vlad
>
>
Top
From: Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Assign software GPO
Date:
09/28/2007 16:20:09
Hello,
How
to use Group Policy to remotely install software in Windows Server 2003
http://support.microsoft.com/kb/816102/en-us
I
think that assigned software should go through computer GPO , not user.
Else
users will need admins privilege to install.
This
KB show that you assign software through computer, bu publish to user
through
the user's GPO part.
Best
practices for Group Policy Software Installation
http://technet2.microsoft.com/windowsserver/en/library/5f065962-a6e3-422a-8db7-20a57f40f9f51033.mspx?mfr=true
--
Cordialement,
Mathieu
CHATEAU
http://lordoftheping.blogspot.com
"Vlad"
<Vlad@discussions.microsoft.com> wrote in message
news:E515ADAE-3F67-409B-9CAD-8139ACDCEE97@microsoft.com...
>
Hi!
>
I try to assign application Adobe 8.1 to user configuration and in same
>
time
>
to remove execting 7.1. Problem is I do not have GPO which installs 7.1
>
and
>
for my understanding I have to have it in order to update.
>
>
Could someone please show me a light how can I achieve it?
>
>
Thank you
>
>
Vlad
Top
From: G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: Assign DHCP user class with group policy
Date:
09/27/2007 14:19:15
You
can always run the script inside of a GPO but as you said I think you
should
be able to set it somewhere in the registry.
How
about setting the value and then searching the registry for it?
--
Regards
G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Stolzman"
<Stolzman@discussions.microsoft.com> wrote in message
news:695397C1-91BC-44FE-AAE5-1B8E89CAAEBC@microsoft.com...
>I
want to assign computers in an OU to a user class using group policy,
>
instead of having to run the command "ipconfig /setclassid
adapter_name
>
class_id" on each computer. I have seen this written up
somewhere, but
>
can't
>
seem to find it
Top
From: Anthony
<anthony.spam@spammedout.com>
To:
none
Subject:
Re: Applying group policy based on network subnet?
Date:
09/26/2007 09:29:32
CW,
That's
not it. Think of a loopback policy being: "On this computer, ignore
whatever
policies normally apply to the user, and apply the one's here
instead".
So:
-
Create a policy in the OU where the Citrix servers are
-
In the Computer Configuration part, specify a loopback
-
In the User Configuration, specify the user settings you want.
The
normal user polices will be ignored. I don't use the "merge" as
it
creates
too much additional complexity.
Hope
that helps,
Anthony,
http://www.airdesk.com
"cw1972"
<cw1972@gmail.com> wrote in message
news:1190797540.615231.212070@d55g2000hsg.googlegroups.com...
>>
Hum, by re-reading the issue, neither am I. I haven't had that issue so
>>
far. We'll see if the OP posts back...
>>
>
>
Site based GPOs, while a good idea, will not work for my needs here -
>
though they are on different subnets (.10.xx to .25.xx), they connect
>
to the Citrix server on the .33.xx subnet via a VPN tunnel to us here
>
on the .33.xx subnet.
>
>
I think the Loopback Policy is where I need to be heading - and as I
>
understand it, if I apply a policy to their OU that has the 'Users
>
Group Policy loopback processing mode' set to 'replace' and they log
>
on from a terminal (which has no local policy) they will get the AD
>
GPO applied, but if they log on from their Desktop machine here on the
>
33 subnet (which does have a local policy) then their local policy
>
will be used instead of the AD one, thereby not receiving the
>
Redirects and Lockdowns - which is what I want.
>
>
The MS pages and the GPO's Explain tab is tough to get my head around
>
though - I need to do some testing to check my theory.
>
>
Thanks everyone for the help so far though.
>
>
cw
>
Top
From: cw1972 <cw1972@gmail.com>
To:
none
Subject:
Re: Applying group policy based on network subnet?
Date:
09/26/2007 04:05:40
>
Hum, by re-reading the issue, neither am I. I haven't had that issue so
>
far. We'll see if the OP posts back...
>
Site
based GPOs, while a good idea, will not work for my needs here -
though
they are on different subnets (.10.xx to .25.xx), they connect
to
the Citrix server on the .33.xx subnet via a VPN tunnel to us here
on
the .33.xx subnet.
I
think the Loopback Policy is where I need to be heading - and as I
understand
it, if I apply a policy to their OU that has the 'Users
Group
Policy loopback processing mode' set to 'replace' and they log
on
from a terminal (which has no local policy) they will get the AD
GPO
applied, but if they log on from their Desktop machine here on the
33
subnet (which does have a local policy) then their local policy
will
be used instead of the AD one, thereby not receiving the
Redirects
and Lockdowns - which is what I want.
The
MS pages and the GPO's Explain tab is tough to get my head around
though
- I need to do some testing to check my theory.
Thanks
everyone for the help so far though.
cw
Top
From: Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Applying group policy based on network subnet?
Date:
09/25/2007 15:08:29
Howdie
Anthony!
Anthony
schrieb:
>
I'm just not sure that's going to work for redirected folders and Citrix
>
access, though.
Hum,
by re-reading the issue, neither am I. I haven't had that issue so
far.
We'll see if the OP posts back...
cheers,
Florian
--
Microsoft
MVP - Windows Server - Group Policy.
eMail:
prename [at] frickelsoft [dot] net.
blog:
http://www.frickelsoft.net/blog.
Top
From: cw1972 <cw1972@gmail.com>
To:
none
Subject:
Re: Applying group policy based on network subnet?
Date:
09/25/2007 10:18:46
On
25 Sep, 14:12, "Florian Frommherz [MVP]"
<flor...@PLEASELEAVETHISOUT.frickelsoft.net>
wrote:
>
Howdie!
>
>
cw1972 schrieb:
>
>
> Hello,
>
>
> I have a group of roaming users, who mainly log on to the LAN on a
>
> 192.168.33.xx subnet, but these users also log on via Citrix at our
>
> remote sites 192.168.10.xx - 192.168.25.xx which are not part of
our
>
> domain, but do log on with an AD account through Citrix.
>
>
> What I'm wanting is to give them redirected desktops/start menus when
>
> they log on from a non 192.168.33.xx subnet, but not have the policy
>
> applied when they do log on from a 192.168.33.xx subnet.
>
>
Just as Roger mentioned, you need to create Sites in "Active Directory
>
Sites and Services" for those special subnets. That lets you then
define
>
Group Policy for these sites. Group Policies linked to sites will only
>
apply to objects locaed at the sites.
>
>
cheers,
>
>
Florian
>
--
>
Microsoft MVP - Windows Server - Group Policy.
>
eMail: prename [at] frickelsoft [dot] net.
>
blog:http://www.frickelsoft.net/blog.
Thanks
everyone for your information and suggestions, it has given me
a
lot to think about my active directory design and structure.
Top
From: Anthony
<anthony.spam@spammedout.com>
To:
none
Subject:
Re: Applying group policy based on network subnet?
Date:
09/25/2007 10:05:03
I'm
just not sure that's going to work for redirected folders and Citrix
access,
though.
Anthony,
http://www.airdesk.co.uk
"Florian
Frommherz [MVP]" <florian@PLEASELEAVETHISOUT.frickelsoft.net>
wrote
in
message news:eoxubX3$HHA.4984@TK2MSFTNGP06.phx.gbl...
>
Howdie!
>
>
cw1972 schrieb:
>>
Hello,
>>
>>
I have a group of roaming users, who mainly log on to the LAN on a
>>
192.168.33.xx subnet, but these users also log on via Citrix at our
>>
remote sites 192.168.10.xx - 192.168.25.xx which are not part of our
>>
domain, but do log on with an AD account through Citrix.
>>
>>
What I'm wanting is to give them redirected desktops/start menus when
>>
they log on from a non 192.168.33.xx subnet, but not have the policy
>>
applied when they do log on from a 192.168.33.xx subnet.
>
>
Just as Roger mentioned, you need to create Sites in "Active Directory
>
Sites and Services" for those special subnets. That lets you then
define
>
Group Policy for these sites. Group Policies linked to sites will only
>
apply to objects locaed at the sites.
>
>
cheers,
>
>
Florian
>
--
>
Microsoft MVP - Windows Server - Group Policy.
>
eMail: prename [at] frickelsoft [dot] net.
>
blog: http://www.frickelsoft.net/blog.
Top
From: Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Applying group policy based on network subnet?
Date:
09/25/2007 08:12:56
Howdie!
cw1972
schrieb:
>
Hello,
>
>
I have a group of roaming users, who mainly log on to the LAN on a
>
192.168.33.xx subnet, but these users also log on via Citrix at our
>
remote sites 192.168.10.xx - 192.168.25.xx which are not part of our
>
domain, but do log on with an AD account through Citrix.
>
>
What I'm wanting is to give them redirected desktops/start menus when
>
they log on from a non 192.168.33.xx subnet, but not have the policy
>
applied when they do log on from a 192.168.33.xx subnet.
Just
as Roger mentioned, you need to create Sites in "Active Directory
Sites
and Services" for those special subnets. That lets you then define
Group
Policy for these sites. Group Policies linked to sites will only
apply
to objects locaed at the sites.
cheers,
Florian
--
Microsoft
MVP - Windows Server - Group Policy.
eMail:
prename [at] frickelsoft [dot] net.
blog:
http://www.frickelsoft.net/blog.
Top
From: Roger Abell [MVP]
<mvpNoSpam@asu.edu>
To:
none
Subject:
Re: Applying group policy based on network subnet?
Date:
09/25/2007 05:06:44
To
control GPO application by subnet one needs to define sites
and
use site linked GPOs
"cw1972"
<cw1972@gmail.com> wrote in message
news:1190709856.639349.303940@57g2000hsv.googlegroups.com...
>
Hello,
>
>
I have a group of roaming users, who mainly log on to the LAN on a
>
192.168.33.xx subnet, but these users also log on via Citrix at our
>
remote sites 192.168.10.xx - 192.168.25.xx which are not part of our
>
domain, but do log on with an AD account through Citrix.
>
>
What I'm wanting is to give them redirected desktops/start menus when
>
they log on from a non 192.168.33.xx subnet, but not have the policy
>
applied when they do log on from a 192.168.33.xx subnet.
>
>
Am I making sense? Is this possible at all?
>
>
Any help would be much appreciated.
>
>
Many thanks.
>
Top
From: Anthony
<anthony.spam@spammedout.com>
To:
none
Subject:
Re: Applying group policy based on network subnet?
Date:
09/25/2007 04:12:59
For
Citrix use, give them a separate Terminal Services profile. For the
Citrix
servers, apply a loopback policy that does the redirect.
Hope
that helps,
Anthony,
http://www.airdesk.co.uk
"cw1972"
<cw1972@gmail.com> wrote in message
news:1190709856.639349.303940@57g2000hsv.googlegroups.com...
>
Hello,
>
>
I have a group of roaming users, who mainly log on to the LAN on a
>
192.168.33.xx subnet, but these users also log on via Citrix at our
>
remote sites 192.168.10.xx - 192.168.25.xx which are not part of our
>
domain, but do log on with an AD account through Citrix.
>
>
What I'm wanting is to give them redirected desktops/start menus when
>
they log on from a non 192.168.33.xx subnet, but not have the policy
>
applied when they do log on from a 192.168.33.xx subnet.
>
>
Am I making sense? Is this possible at all?
>
>
Any help would be much appreciated.
>
>
Many thanks.
>
Top
From: Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Allowing user to modify their Network connections
Date:
09/22/2007 10:46:49
Howdie!
Blackberry
schrieb:
>
The problem I have is that the teachers want to use their laptops on their
>
networks (wireless and wired) at home and I therefore need to let them have
>
access to the network connections/configurations so that they can change
>
their ips, subnets, ssids, etc.
Windows
XP has a builtin-group called "Network Operators" - what about
putting
the teachers into that local Group? You could use the
"Restricted
Groups" feature for that:
http://www.frickelsoft.net/blog/?p=13
cheers,
Florian
--
Microsoft
MVP - Windows Server - Group Policy.
eMail:
prename [at] frickelsoft [dot] net.
blog:
http://www.frickelsoft.net/blog.
Top
From: Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Allowing user to modify their Network connections
Date:
09/22/2007 06:57:41
wifi
should work without any privilege other than standard.
Maybe
they try to set static at home ?
You
should investigate more before changing anything
--
Cordialement,
Mathieu
CHATEAU
http://lordoftheping.blogspot.com
"Blackberry"
<info@NoSpamIt.com> wrote in message
news:ejvYL6Q$HHA.3400@TK2MSFTNGP03.phx.gbl...
>
Hi Mathieu
>
>
Many thanks for the prompt and detailed reply.
>
>
We use DHCP in school and I believe they use DHCP at home, so I think
>
their
>
main issue is setting the Wireless stuff up, ie SSID, etc.
>
>
It looks like the settings you have suggested would cover that - correct?
>
>
Thanks
>
>
>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>
news:%23Og51eQ$HHA.5980@TK2MSFTNGP04.phx.gbl...
>
Hello,
>
>
the good way is to have DHCP on your network.
>
>
Else:
>
USER
>
Administrative Templates\
>
Network\
>
Network Connections
>
>
Prohibit access to properties of a LAN connection
>
Prohibit TCP/IP advanced configuration
>
Prohibit access to properties of components of a LAN connection
>
>
Determines whether users can change the properties of a LAN connection.
>
This setting determines whether the Properties menu item is enabled, and
>
thus, whether the Local Area Connection Properties dialog box is available
>
to users. If you enable this setting (and enable the Enable Network
>
Connections settings for Administrators setting), the Properties menu
>
items
>
are disabled for all users, and users cannot open the Local Area
>
Connection
>
Properties dialog box. Important: If the Enable Network Connections
>
settings for Administrators is disabled or not configured, this setting
>
will
>
not apply to administrators on post-Windows 2000 computers. If you
>
disable
>
this setting or do not configure it, a Properties menu item appears when
>
users right-click the icon representing a LAN connection. Also, when users
>
select the connection, Properties is enabled on the File menu. Note:
This
>
setting takes precedence over settings that manipulate the availability of
>
features inside the Local Area Connection Properties dialog box. If this
>
setting is enabled, nothing within the properties dialog box for a LAN
>
connection is available to users. Note: Nonadministrators have the
right
>
to
>
view the properties dialog box for a connection but not to make changes,
>
regardless of this setting.
>
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
http://lordoftheping.blogspot.com
>
>
>
"Blackberry" <info@NoSpamIt.com> wrote in message
>
news:OGcbeXQ$HHA.700@TK2MSFTNGP05.phx.gbl...
>>
Hi All
>>
>>
I have a Win2k3 server setup at a school using AD/GPO to administer
>>
things.
>>
>>
I have two sets of users, pupils and teachers, and I've tried to lock
>>
things
>>
down as much as possible really on both accounts where practical.
>>
>>
The problem I have is that the teachers want to use their laptops on
>>
their
>>
networks (wireless and wired) at home and I therefore need to let them
>>
have
>>
access to the network connections/configurations so that they can change
>>
their ips, subnets, ssids, etc.
>>
>>
As a test I added network administrators to the staff's account (ie they
>>
were network admins and domain users) and although they could get to the
>>
network properties main window it wouldn't let them into the tcp/ip
>>
config
>>
part to change stuff.
>>
>>
I don't want to make them domain admins as I believe this will allow them
>>
to
>>
install and uninstall software (they always try and do this!!!) so is
>>
there
>>
anyway round this?
>>
>>
I would have thought that assigning them as network admins would do the
>>
trick, what else does a network admin need to do???, but is it possible
>>
that
>>
another GPO param is stopping them from doing the job?
>>
>>
Thanks
>>
>>
>
>
Top
From: Blackberry <info@NoSpamIt.com>
To:
none
Subject:
Re: Allowing user to modify their Network connections
Date:
09/22/2007 06:46:30
Hi
Mathieu
Many
thanks for the prompt and detailed reply.
We
use DHCP in school and I believe they use DHCP at home, so I think their
main
issue is setting the Wireless stuff up, ie SSID, etc.
It
looks like the settings you have suggested would cover that - correct?
Thanks
"Mathieu
CHATEAU" <gollum123@free.fr> wrote in message
news:%23Og51eQ$HHA.5980@TK2MSFTNGP04.phx.gbl...
Hello,
the
good way is to have DHCP on your network.
Else:
USER
Administrative
Templates\
Network\
Network
Connections
Prohibit
access to properties of a LAN connection
Prohibit
TCP/IP advanced configuration
Prohibit
access to properties of components of a LAN connection
Determines
whether users can change the properties of a LAN connection.
This
setting determines whether the Properties menu item is enabled, and
thus,
whether the Local Area Connection Properties dialog box is available
to
users. If you enable this setting (and enable the Enable Network
Connections
settings for Administrators setting), the Properties menu items
are
disabled for all users, and users cannot open the Local Area Connection
Properties
dialog box. Important: If the Enable Network Connections
settings
for Administrators is disabled or not configured, this setting will
not
apply to administrators on post-Windows 2000 computers. If you
disable
this
setting or do not configure it, a Properties menu item appears when
users
right-click the icon representing a LAN connection. Also, when users
select
the connection, Properties is enabled on the File menu. Note: This
setting
takes precedence over settings that manipulate the availability of
features
inside the Local Area Connection Properties dialog box. If this
setting
is enabled, nothing within the properties dialog box for a LAN
connection
is available to users. Note: Nonadministrators have the right to
view
the properties dialog box for a connection but not to make changes,
regardless
of this setting.
--
Cordialement,
Mathieu
CHATEAU
http://lordoftheping.blogspot.com
"Blackberry"
<info@NoSpamIt.com> wrote in message
news:OGcbeXQ$HHA.700@TK2MSFTNGP05.phx.gbl...
>
Hi All
>
>
I have a Win2k3 server setup at a school using AD/GPO to administer
>
things.
>
>
I have two sets of users, pupils and teachers, and I've tried to lock
>
things
>
down as much as possible really on both accounts where practical.
>
>
The problem I have is that the teachers want to use their laptops on their
>
networks (wireless and wired) at home and I therefore need to let them
>
have
>
access to the network connections/configurations so that they can change
>
their ips, subnets, ssids, etc.
>
>
As a test I added network administrators to the staff's account (ie they
>
were network admins and domain users) and although they could get to the
>
network properties main window it wouldn't let them into the tcp/ip config
>
part to change stuff.
>
>
I don't want to make them domain admins as I believe this will allow them
>
to
>
install and uninstall software (they always try and do this!!!) so is
>
there
>
anyway round this?
>
>
I would have thought that assigning them as network admins would do the
>
trick, what else does a network admin need to do???, but is it possible
>
that
>
another GPO param is stopping them from doing the job?
>
>
Thanks
>
>
Top
From: Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Allowing user to modify their Network connections
Date:
09/22/2007 05:59:43
Hello,
the
good way is to have DHCP on your network.
Else:
USER
Administrative
Templates\
Network\
Network
Connections
Prohibit
access to properties of a LAN connection
Prohibit
TCP/IP advanced configuration
Prohibit
access to properties of components of a LAN connection
Determines
whether users can change the properties of a LAN connection.
This
setting determines whether the Properties menu item is enabled, and
thus,
whether the Local Area Connection Properties dialog box is available
to
users. If you enable this setting (and enable the Enable Network
Connections
settings for Administrators setting), the Properties menu items
are
disabled for all users, and users cannot open the Local Area Connection
Properties
dialog box. Important: If the Enable Network Connections
settings
for Administrators is disabled or not configured, this setting will
not
apply to administrators on post-Windows 2000 computers. If you
disable
this
setting or do not configure it, a Properties menu item appears when
users
right-click the icon representing a LAN connection. Also, when users
select
the connection, Properties is enabled on the File menu. Note: This
setting
takes precedence over settings that manipulate the availability of
features
inside the Local Area Connection Properties dialog box. If this
setting
is enabled, nothing within the properties dialog box for a LAN
connection
is available to users. Note: Nonadministrators have the right to
view
the properties dialog box for a connection but not to make changes,
regardless
of this setting.
--
Cordialement,
Mathieu
CHATEAU
http://lordoftheping.blogspot.com
"Blackberry"
<info@NoSpamIt.com> wrote in message
news:OGcbeXQ$HHA.700@TK2MSFTNGP05.phx.gbl...
>
Hi All
>
>
I have a Win2k3 server setup at a school using AD/GPO to administer
>
things.
>
>
I have two sets of users, pupils and teachers, and I've tried to lock
>
things
>
down as much as possible really on both accounts where practical.
>
>
The problem I have is that the teachers want to use their laptops on their
>
networks (wireless and wired) at home and I therefore need to let them
>
have
>
access to the network connections/configurations so that they can change
>
their ips, subnets, ssids, etc.
>
>
As a test I added network administrators to the staff's account (ie they
>
were network admins and domain users) and although they could get to the
>
network properties main window it wouldn't let them into the tcp/ip config
>
part to change stuff.
>
>
I don't want to make them domain admins as I believe this will allow them
>
to
>
install and uninstall software (they always try and do this!!!) so is
>
there
>
anyway round this?
>
>
I would have thought that assigning them as network admins would do the
>
trick, what else does a network admin need to do???, but is it possible
>
that
>
another GPO param is stopping them from doing the job?
>
>
Thanks
>
>
Top
From: G Johansson <fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
10/02/2007 14:04:27
I
have seen that but I would hope for it to be released until maybe a SP for
Office...
But
I wouldn't use the migrator for Office 2007 adm's anyway since I think
they
are far too complex for that tool...
--
Regards
G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Mathieu
CHATEAU" <gollum123@free.fr> wrote in message
news:eF0FcNHBIHA.3400@TK2MSFTNGP03.phx.gbl...
>
Looks like people already asked them:
>
http://blogs.technet.com/grouppolicy/archive/2007/07/11/are-you-waiting-for-office-2007-system-admx-files.aspx
>
>
You can use admx migrator anyway:
>
http://www.microsoft.com/downloads/details.aspx?familyid=0F1EEC3D-10C4-4B5F-9625-97C2F731090C&displaylang=en
>
>
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
English blog: http://lordoftheping.blogspot.com
>
French blog: http://www.lotp.fr
>
>
>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>
news:872B4C37-8AA3-4A2E-BD7F-EFE58750BC30@microsoft.com...
>>
Since MS released the admx-format I don't really want to use the old
>>
adm-format. :-S
>>
I can't understand why they didn't create admx-files for Office 2007 for
>>
example...
>>
>>
--
>>
Regards G Johansson
>>
fantomen@NOSPAM.GPfaq.se
>>
http://GPfaq.se
>>
>>
>>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>>
news:OYpTUiGBIHA.5752@TK2MSFTNGP02.phx.gbl...
>>>
if you are more than one admin, you would keep a unique storage
>>>
reference location for ADM, so to always use the same ADM Version, that
>>>
you edit from vista, XP, or DC directly.
>>>
>>>
I will try with my vista to get a recent picture ;)
>>>
>>>
--
>>>
Cordialement,
>>>
Mathieu CHATEAU
>>>
English blog: http://lordoftheping.blogspot.com
>>>
French blog: http://www.lotp.fr
>>>
>>>
>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>
news:OTUXLeGBIHA.1208@TK2MSFTNGP03.phx.gbl...
>>>>
True
>>>>
>>>>
Unless you are using Vista since Vista won't add the adm-files to the
>>>>
GPO at SYSVOL and therefore it gives you all adm-files in your local
>>>>
inf-folder automatically when you create a new GPO.
>>>>
>>>>
--
>>>>
Regards G Johansson
>>>>
fantomen@NOSPAM.GPfaq.se
>>>>
http://GPfaq.se
>>>>
>>>>
>>>>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>>>>
news:ON2xYzFBIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>>>
again, overloading GPO with unused ADM is bad.
>>>>>
You would remove them on GPO if they are present but not used (and
>>>>>
WSUS too for example).
>>>>>
The less, the better
>>>>>
>>>>>
--
>>>>>
Cordialement,
>>>>>
Mathieu CHATEAU
>>>>>
English blog: http://lordoftheping.blogspot.com
>>>>>
French blog: http://www.lotp.fr
>>>>>
>>>>>
>>>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>>>
news:eJCx8UFBIHA.4752@TK2MSFTNGP04.phx.gbl...
>>>>>>
Maybe we mean two different things.
>>>>>>
>>>>>>
If I for example download all Office 2007 adm-files and put them in
>>>>>>
C:\Windows\Inf and I open a new GPO I can see all these settings
>>>>>>
automatically added into Administrative Templates\Classic
>>>>>>
Administrative Templates (ADM) without needing to add them manually
>>>>>>
as I would need in XP.
>>>>>>
>>>>>>
--
>>>>>>
Regards G Johansson
>>>>>>
fantomen@NOSPAM.GPfaq.se
>>>>>>
http://GPfaq.se
>>>>>>
>>>>>>
>>>>>>
"Darren Mar-Elia" <dmanonymous@microsoft.com> wrote in
message
>>>>>>
news:OkWe4QEBIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>>>>
Actually, ADM files in Vista are not automatically added--only ADMX
>>>>>>>
files are--but that's beside the issue :)
>>>>>>>
>>>>>>>
--
>>>>>>>
Darren Mar-Elia
>>>>>>>
MS-MVP-Windows Server--Group Policy
>>>>>>>
>>>>>>>
Script Group Policy Settings with the GPExpert Scripting Toolkit for
>>>>>>>
PowerShell!
>>>>>>>
Find out more at http://www.sdmsoftware.com/products2.php
>>>>>>>
>>>>>>>
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
>>>>>>>
Information Hub:
>>>>>>>
FAQs, Training Videos, Whitepapers and Utilities for all things
>>>>>>>
Group
>>>>>>>
Policy-related
>>>>>>>
>>>>>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>>>>>
news:OdhmRJ3AIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>>>>>>
If you would be using Vista then all adm-files would be
>>>>>>>>
automaticaly added into your GPO's. Pre-Vista machines you need to
>>>>>>>>
add them yourself...
>>>>>>>>
>>>>>>>>
But I'm not understanding why you would like to add the adm-files
>>>>>>>>
for Office 12 into all your GPO's
>>>>>>>>
>>>>>>>>
--
>>>>>>>>
Regards G Johansson
>>>>>>>>
fantomen@NOSPAM.GPfaq.se
>>>>>>>>
http://GPfaq.se
>>>>>>>>
>>>>>>>>
>>>>>>>>
"NZSchoolTech" <nzschooltech@education.nz> wrote in message
>>>>>>>>
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>>>>>>I
recently obtained the ADM files for Office 2003 and Office 2007
>>>>>>>>>and
want to use them to deploy to all users via Active Directory
>>>>>>>>>Users
and Computers. However, the only instructions I can find for
>>>>>>>>>adding
these templates to the Group Policy Editor are to open a GPO
>>>>>>>>>and
then right click Administrative Templates to get to the
>>>>>>>>>Add/Remove
dialog.
>>>>>>>>>
>>>>>>>>>
When I followed this the new settings were available in the GPE,
>>>>>>>>>
but only for the GPO I had open at the time.
>>>>>>>>>
>>>>>>>>>
I want to be able to put in the new ADM files so that the settings
>>>>>>>>>
are accessible for all the GPOs in the domain but it seems the
>>>>>>>>>
only way to do this is to open up every GPO and then add the
>>>>>>>>>
templates to it. Is there a way to make these template available
>>>>>>>>>
to all my GPOs so I don't have to add them to every one.
>>>>>>>>>
>>>>>>>>>
--
>>>>>>>>>
--
>>>>>>>>>
NZSchoolTech
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Top
From: G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
10/02/2007 14:03:31
LOL
Fantastic
idea to give more job to system admins in the world... :-)
--
Regards
G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Darren
Mar-Elia" <dmanonymous@microsoft.com> wrote in message
news:eIpxIBIBIHA.1212@TK2MSFTNGP05.phx.gbl...
>
Ha. Mostly because the Office product group does whatever they want,
>
whenever they want :-). Witness how they broke GPSI installation of Office
>
2007.
>
>
--
>
Darren Mar-Elia
>
MS-MVP-Windows Server--Group Policy
>
>
Script Group Policy Settings with the GPExpert Scripting Toolkit for
>
PowerShell!
>
Find out more at http://www.sdmsoftware.com/products2.php
>
>
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
>
Information Hub:
>
FAQs, Training Videos, Whitepapers and Utilities for all things Group
>
Policy-related
>
>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>
news:872B4C37-8AA3-4A2E-BD7F-EFE58750BC30@microsoft.com...
>>
Since MS released the admx-format I don't really want to use the old
>>
adm-format. :-S
>>
I can't understand why they didn't create admx-files for Office 2007 for
>>
example...
>>
>>
--
>>
Regards G Johansson
>>
fantomen@NOSPAM.GPfaq.se
>>
http://GPfaq.se
>>
>>
>>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>>
news:OYpTUiGBIHA.5752@TK2MSFTNGP02.phx.gbl...
>>>
if you are more than one admin, you would keep a unique storage
>>>
reference location for ADM, so to always use the same ADM Version, that
>>>
you edit from vista, XP, or DC directly.
>>>
>>>
I will try with my vista to get a recent picture ;)
>>>
>>>
--
>>>
Cordialement,
>>>
Mathieu CHATEAU
>>>
English blog: http://lordoftheping.blogspot.com
>>>
French blog: http://www.lotp.fr
>>>
>>>
>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>
news:OTUXLeGBIHA.1208@TK2MSFTNGP03.phx.gbl...
>>>>
True
>>>>
>>>>
Unless you are using Vista since Vista won't add the adm-files to the
>>>>
GPO at SYSVOL and therefore it gives you all adm-files in your local
>>>>
inf-folder automatically when you create a new GPO.
>>>>
>>>>
--
>>>>
Regards G Johansson
>>>>
fantomen@NOSPAM.GPfaq.se
>>>>
http://GPfaq.se
>>>>
>>>>
>>>>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>>>>
news:ON2xYzFBIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>>>
again, overloading GPO with unused ADM is bad.
>>>>>
You would remove them on GPO if they are present but not used (and
>>>>>
WSUS too for example).
>>>>>
The less, the better
>>>>>
>>>>>
--
>>>>>
Cordialement,
>>>>>
Mathieu CHATEAU
>>>>>
English blog: http://lordoftheping.blogspot.com
>>>>>
French blog: http://www.lotp.fr
>>>>>
>>>>>
>>>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>>>
news:eJCx8UFBIHA.4752@TK2MSFTNGP04.phx.gbl...
>>>>>>
Maybe we mean two different things.
>>>>>>
>>>>>>
If I for example download all Office 2007 adm-files and put them in
>>>>>>
C:\Windows\Inf and I open a new GPO I can see all these settings
>>>>>>
automatically added into Administrative Templates\Classic
>>>>>>
Administrative Templates (ADM) without needing to add them manually
>>>>>>
as I would need in XP.
>>>>>>
>>>>>>
--
>>>>>>
Regards G Johansson
>>>>>>
fantomen@NOSPAM.GPfaq.se
>>>>>>
http://GPfaq.se
>>>>>>
>>>>>>
>>>>>>
"Darren Mar-Elia" <dmanonymous@microsoft.com> wrote in
message
>>>>>>
news:OkWe4QEBIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>>>>
Actually, ADM files in Vista are not automatically added--only ADMX
>>>>>>>
files are--but that's beside the issue :)
>>>>>>>
>>>>>>>
--
>>>>>>>
Darren Mar-Elia
>>>>>>>
MS-MVP-Windows Server--Group Policy
>>>>>>>
>>>>>>>
Script Group Policy Settings with the GPExpert Scripting Toolkit for
>>>>>>>
PowerShell!
>>>>>>>
Find out more at http://www.sdmsoftware.com/products2.php
>>>>>>>
>>>>>>>
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
>>>>>>>
Information Hub:
>>>>>>>
FAQs, Training Videos, Whitepapers and Utilities for all things
>>>>>>>
Group
>>>>>>>
Policy-related
>>>>>>>
>>>>>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>>>>>
news:OdhmRJ3AIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>>>>>>
If you would be using Vista then all adm-files would be
>>>>>>>>
automaticaly added into your GPO's. Pre-Vista machines you need to
>>>>>>>>
add them yourself...
>>>>>>>>
>>>>>>>>
But I'm not understanding why you would like to add the adm-files
>>>>>>>>
for Office 12 into all your GPO's
>>>>>>>>
>>>>>>>>
--
>>>>>>>>
Regards G Johansson
>>>>>>>>
fantomen@NOSPAM.GPfaq.se
>>>>>>>>
http://GPfaq.se
>>>>>>>>
>>>>>>>>
>>>>>>>>
"NZSchoolTech" <nzschooltech@education.nz> wrote in message
>>>>>>>>
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>>>>>>I
recently obtained the ADM files for Office 2003 and Office 2007
>>>>>>>>>and
want to use them to deploy to all users via Active Directory
>>>>>>>>>Users
and Computers. However, the only instructions I can find for
>>>>>>>>>adding
these templates to the Group Policy Editor are to open a GPO
>>>>>>>>>and
then right click Administrative Templates to get to the
>>>>>>>>>Add/Remove
dialog.
>>>>>>>>>
>>>>>>>>>
When I followed this the new settings were available in the GPE,
>>>>>>>>>
but only for the GPO I had open at the time.
>>>>>>>>>
>>>>>>>>>
I want to be able to put in the new ADM files so that the settings
>>>>>>>>>
are accessible for all the GPOs in the domain but it seems the
>>>>>>>>>
only way to do this is to open up every GPO and then add the
>>>>>>>>>
templates to it. Is there a way to make these template available
>>>>>>>>>
to all my GPOs so I don't have to add them to every one.
>>>>>>>>>
>>>>>>>>>
--
>>>>>>>>>
--
>>>>>>>>>
NZSchoolTech
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Top
From: Darren Mar-Elia
<dmanonymous@microsoft.com>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
10/01/2007 18:10:38
Ha.
Mostly because the Office product group does whatever they want,
whenever
they want :-). Witness how they broke GPSI installation of Office
2007.
--
Darren
Mar-Elia
MS-MVP-Windows
Server--Group Policy
Script
Group Policy Settings with the GPExpert Scripting Toolkit for
PowerShell!
Find
out more at http://www.sdmsoftware.com/products2.php
Visit
the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information
Hub:
FAQs,
Training Videos, Whitepapers and Utilities for all things Group
Policy-related
"G
Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
news:872B4C37-8AA3-4A2E-BD7F-EFE58750BC30@microsoft.com...
>
Since MS released the admx-format I don't really want to use the old
>
adm-format. :-S
>
I can't understand why they didn't create admx-files for Office 2007 for
>
example...
>
>
--
>
Regards G Johansson
>
fantomen@NOSPAM.GPfaq.se
>
http://GPfaq.se
>
>
>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>
news:OYpTUiGBIHA.5752@TK2MSFTNGP02.phx.gbl...
>>
if you are more than one admin, you would keep a unique storage reference
>>
location for ADM, so to always use the same ADM Version, that you edit
>>
from vista, XP, or DC directly.
>>
>>
I will try with my vista to get a recent picture ;)
>>
>>
--
>>
Cordialement,
>>
Mathieu CHATEAU
>>
English blog: http://lordoftheping.blogspot.com
>>
French blog: http://www.lotp.fr
>>
>>
>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>
news:OTUXLeGBIHA.1208@TK2MSFTNGP03.phx.gbl...
>>>
True
>>>
>>>
Unless you are using Vista since Vista won't add the adm-files to the
>>>
GPO at SYSVOL and therefore it gives you all adm-files in your local
>>>
inf-folder automatically when you create a new GPO.
>>>
>>>
--
>>>
Regards G Johansson
>>>
fantomen@NOSPAM.GPfaq.se
>>>
http://GPfaq.se
>>>
>>>
>>>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>>>
news:ON2xYzFBIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>>
again, overloading GPO with unused ADM is bad.
>>>>
You would remove them on GPO if they are present but not used (and WSUS
>>>>
too for example).
>>>>
The less, the better
>>>>
>>>>
--
>>>>
Cordialement,
>>>>
Mathieu CHATEAU
>>>>
English blog: http://lordoftheping.blogspot.com
>>>>
French blog: http://www.lotp.fr
>>>>
>>>>
>>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>>
news:eJCx8UFBIHA.4752@TK2MSFTNGP04.phx.gbl...
>>>>>
Maybe we mean two different things.
>>>>>
>>>>>
If I for example download all Office 2007 adm-files and put them in
>>>>>
C:\Windows\Inf and I open a new GPO I can see all these settings
>>>>>
automatically added into Administrative Templates\Classic
>>>>>
Administrative Templates (ADM) without needing to add them manually as
>>>>>
I would need in XP.
>>>>>
>>>>>
--
>>>>>
Regards G Johansson
>>>>>
fantomen@NOSPAM.GPfaq.se
>>>>>
http://GPfaq.se
>>>>>
>>>>>
>>>>>
"Darren Mar-Elia" <dmanonymous@microsoft.com> wrote in
message
>>>>>
news:OkWe4QEBIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>>>
Actually, ADM files in Vista are not automatically added--only ADMX
>>>>>>
files are--but that's beside the issue :)
>>>>>>
>>>>>>
--
>>>>>>
Darren Mar-Elia
>>>>>>
MS-MVP-Windows Server--Group Policy
>>>>>>
>>>>>>
Script Group Policy Settings with the GPExpert Scripting Toolkit for
>>>>>>
PowerShell!
>>>>>>
Find out more at http://www.sdmsoftware.com/products2.php
>>>>>>
>>>>>>
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
>>>>>>
Information Hub:
>>>>>>
FAQs, Training Videos, Whitepapers and Utilities for all things Group
>>>>>>
Policy-related
>>>>>>
>>>>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>>>>
news:OdhmRJ3AIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>>>>>
If you would be using Vista then all adm-files would be automaticaly
>>>>>>>
added into your GPO's. Pre-Vista machines you need to add them
>>>>>>>
yourself...
>>>>>>>
>>>>>>>
But I'm not understanding why you would like to add the adm-files
>>>>>>>
for Office 12 into all your GPO's
>>>>>>>
>>>>>>>
--
>>>>>>>
Regards G Johansson
>>>>>>>
fantomen@NOSPAM.GPfaq.se
>>>>>>>
http://GPfaq.se
>>>>>>>
>>>>>>>
>>>>>>>
"NZSchoolTech" <nzschooltech@education.nz> wrote in message
>>>>>>>
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>>>>>I
recently obtained the ADM files for Office 2003 and Office 2007
>>>>>>>>and
want to use them to deploy to all users via Active Directory
>>>>>>>>Users
and Computers. However, the only instructions I can find for
>>>>>>>>adding
these templates to the Group Policy Editor are to open a GPO
>>>>>>>>and
then right click Administrative Templates to get to the
>>>>>>>>Add/Remove
dialog.
>>>>>>>>
>>>>>>>>
When I followed this the new settings were available in the GPE,
>>>>>>>>
but only for the GPO I had open at the time.
>>>>>>>>
>>>>>>>>
I want to be able to put in the new ADM files so that the settings
>>>>>>>>
are accessible for all the GPOs in the domain but it seems the only
>>>>>>>>
way to do this is to open up every GPO and then add the templates
>>>>>>>>
to it. Is there a way to make these template available to all my
>>>>>>>>
GPOs so I don't have to add them to every one.
>>>>>>>>
>>>>>>>>
--
>>>>>>>>
--
>>>>>>>>
NZSchoolTech
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Top
From: Darren Mar-Elia
<dmanonymous@microsoft.com>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
10/01/2007 18:09:48
No,
you're correct and I completely forgot about that feature. I was
thinking
about the Add/Remove Templates thing in Vista.
--
Darren
Mar-Elia
MS-MVP-Windows
Server--Group Policy
Script
Group Policy Settings with the GPExpert Scripting Toolkit for
PowerShell!
Find
out more at http://www.sdmsoftware.com/products2.php
Visit
the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information
Hub:
FAQs,
Training Videos, Whitepapers and Utilities for all things Group
Policy-related
"G
Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
news:eJCx8UFBIHA.4752@TK2MSFTNGP04.phx.gbl...
>
Maybe we mean two different things.
>
>
If I for example download all Office 2007 adm-files and put them in
>
C:\Windows\Inf and I open a new GPO I can see all these settings
>
automatically added into Administrative Templates\Classic Administrative
>
Templates (ADM) without needing to add them manually as I would need in
>
XP.
>
>
--
>
Regards G Johansson
>
fantomen@NOSPAM.GPfaq.se
>
http://GPfaq.se
>
>
>
"Darren Mar-Elia" <dmanonymous@microsoft.com> wrote in
message
>
news:OkWe4QEBIHA.4836@TK2MSFTNGP06.phx.gbl...
>>
Actually, ADM files in Vista are not automatically added--only ADMX files
>>
are--but that's beside the issue :)
>>
>>
--
>>
Darren Mar-Elia
>>
MS-MVP-Windows Server--Group Policy
>>
>>
Script Group Policy Settings with the GPExpert Scripting Toolkit for
>>
PowerShell!
>>
Find out more at http://www.sdmsoftware.com/products2.php
>>
>>
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
>>
Information Hub:
>>
FAQs, Training Videos, Whitepapers and Utilities for all things Group
>>
Policy-related
>>
>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>
news:OdhmRJ3AIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>
If you would be using Vista then all adm-files would be automaticaly
>>>
added into your GPO's. Pre-Vista machines you need to add them
>>>
yourself...
>>>
>>>
But I'm not understanding why you would like to add the adm-files for
>>>
Office 12 into all your GPO's
>>>
>>>
--
>>>
Regards G Johansson
>>>
fantomen@NOSPAM.GPfaq.se
>>>
http://GPfaq.se
>>>
>>>
>>>
"NZSchoolTech" <nzschooltech@education.nz> wrote in message
>>>
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>I
recently obtained the ADM files for Office 2003 and Office 2007 and
>>>>want
to use them to deploy to all users via Active Directory Users and
>>>>Computers.
However, the only instructions I can find for adding these
>>>>templates
to the Group Policy Editor are to open a GPO and then right
>>>>click
Administrative Templates to get to the Add/Remove dialog.
>>>>
>>>>
When I followed this the new settings were available in the GPE, but
>>>>
only for the GPO I had open at the time.
>>>>
>>>>
I want to be able to put in the new ADM files so that the settings are
>>>>
accessible for all the GPOs in the domain but it seems the only way to
>>>>
do this is to open up every GPO and then add the templates to it. Is
>>>>
there a way to make these template available to all my GPOs so I don't
>>>>
have to add them to every one.
>>>>
>>>>
--
>>>>
--
>>>>
NZSchoolTech
>>>
>>
>
Top
From: Mathieu CHATEAU <gollum123@free.fr>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
10/01/2007 16:38:05
Looks
like people already asked them:
http://blogs.technet.com/grouppolicy/archive/2007/07/11/are-you-waiting-for-office-2007-system-admx-files.aspx
You
can use admx migrator anyway:
http://www.microsoft.com/downloads/details.aspx?familyid=0F1EEC3D-10C4-4B5F-9625-97C2F731090C&displaylang=en
--
Cordialement,
Mathieu
CHATEAU
English
blog: http://lordoftheping.blogspot.com
French
blog: http://www.lotp.fr
"G
Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
news:872B4C37-8AA3-4A2E-BD7F-EFE58750BC30@microsoft.com...
>
Since MS released the admx-format I don't really want to use the old
>
adm-format. :-S
>
I can't understand why they didn't create admx-files for Office 2007 for
>
example...
>
>
--
>
Regards G Johansson
>
fantomen@NOSPAM.GPfaq.se
>
http://GPfaq.se
>
>
>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>
news:OYpTUiGBIHA.5752@TK2MSFTNGP02.phx.gbl...
>>
if you are more than one admin, you would keep a unique storage reference
>>
location for ADM, so to always use the same ADM Version, that you edit
>>
from vista, XP, or DC directly.
>>
>>
I will try with my vista to get a recent picture ;)
>>
>>
--
>>
Cordialement,
>>
Mathieu CHATEAU
>>
English blog: http://lordoftheping.blogspot.com
>>
French blog: http://www.lotp.fr
>>
>>
>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>
news:OTUXLeGBIHA.1208@TK2MSFTNGP03.phx.gbl...
>>>
True
>>>
>>>
Unless you are using Vista since Vista won't add the adm-files to the
>>>
GPO at SYSVOL and therefore it gives you all adm-files in your local
>>>
inf-folder automatically when you create a new GPO.
>>>
>>>
--
>>>
Regards G Johansson
>>>
fantomen@NOSPAM.GPfaq.se
>>>
http://GPfaq.se
>>>
>>>
>>>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>>>
news:ON2xYzFBIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>>
again, overloading GPO with unused ADM is bad.
>>>>
You would remove them on GPO if they are present but not used (and WSUS
>>>>
too for example).
>>>>
The less, the better
>>>>
>>>>
--
>>>>
Cordialement,
>>>>
Mathieu CHATEAU
>>>>
English blog: http://lordoftheping.blogspot.com
>>>>
French blog: http://www.lotp.fr
>>>>
>>>>
>>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>>
news:eJCx8UFBIHA.4752@TK2MSFTNGP04.phx.gbl...
>>>>>
Maybe we mean two different things.
>>>>>
>>>>>
If I for example download all Office 2007 adm-files and put them in
>>>>>
C:\Windows\Inf and I open a new GPO I can see all these settings
>>>>>
automatically added into Administrative Templates\Classic
>>>>>
Administrative Templates (ADM) without needing to add them manually as
>>>>>
I would need in XP.
>>>>>
>>>>>
--
>>>>>
Regards G Johansson
>>>>>
fantomen@NOSPAM.GPfaq.se
>>>>>
http://GPfaq.se
>>>>>
>>>>>
>>>>>
"Darren Mar-Elia" <dmanonymous@microsoft.com> wrote in
message
>>>>>
news:OkWe4QEBIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>>>
Actually, ADM files in Vista are not automatically added--only ADMX
>>>>>>
files are--but that's beside the issue :)
>>>>>>
>>>>>>
--
>>>>>>
Darren Mar-Elia
>>>>>>
MS-MVP-Windows Server--Group Policy
>>>>>>
>>>>>>
Script Group Policy Settings with the GPExpert Scripting Toolkit for
>>>>>>
PowerShell!
>>>>>>
Find out more at http://www.sdmsoftware.com/products2.php
>>>>>>
>>>>>>
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
>>>>>>
Information Hub:
>>>>>>
FAQs, Training Videos, Whitepapers and Utilities for all things Group
>>>>>>
Policy-related
>>>>>>
>>>>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>>>>
news:OdhmRJ3AIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>>>>>
If you would be using Vista then all adm-files would be automaticaly
>>>>>>>
added into your GPO's. Pre-Vista machines you need to add them
>>>>>>>
yourself...
>>>>>>>
>>>>>>>
But I'm not understanding why you would like to add the adm-files
>>>>>>>
for Office 12 into all your GPO's
>>>>>>>
>>>>>>>
--
>>>>>>>
Regards G Johansson
>>>>>>>
fantomen@NOSPAM.GPfaq.se
>>>>>>>
http://GPfaq.se
>>>>>>>
>>>>>>>
>>>>>>>
"NZSchoolTech" <nzschooltech@education.nz> wrote in message
>>>>>>>
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>>>>>I
recently obtained the ADM files for Office 2003 and Office 2007
>>>>>>>>and
want to use them to deploy to all users via Active Directory
>>>>>>>>Users
and Computers. However, the only instructions I can find for
>>>>>>>>adding
these templates to the Group Policy Editor are to open a GPO
>>>>>>>>and
then right click Administrative Templates to get to the
>>>>>>>>Add/Remove
dialog.
>>>>>>>>
>>>>>>>>
When I followed this the new settings were available in the GPE,
>>>>>>>>
but only for the GPO I had open at the time.
>>>>>>>>
>>>>>>>>
I want to be able to put in the new ADM files so that the settings
>>>>>>>>
are accessible for all the GPOs in the domain but it seems the only
>>>>>>>>
way to do this is to open up every GPO and then add the templates
>>>>>>>>
to it. Is there a way to make these template available to all my
>>>>>>>>
GPOs so I don't have to add them to every one.
>>>>>>>>
>>>>>>>>
--
>>>>>>>>
--
>>>>>>>>
NZSchoolTech
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Top
From: G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
10/01/2007 15:31:11
Since
MS released the admx-format I don't really want to use the old
adm-format.
:-S
I
can't understand why they didn't create admx-files for Office 2007 for
example...
--
Regards
G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Mathieu
CHATEAU" <gollum123@free.fr> wrote in message
news:OYpTUiGBIHA.5752@TK2MSFTNGP02.phx.gbl...
>
if you are more than one admin, you would keep a unique storage reference
>
location for ADM, so to always use the same ADM Version, that you edit
>
from vista, XP, or DC directly.
>
>
I will try with my vista to get a recent picture ;)
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
English blog: http://lordoftheping.blogspot.com
>
French blog: http://www.lotp.fr
>
>
>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>
news:OTUXLeGBIHA.1208@TK2MSFTNGP03.phx.gbl...
>>
True
>>
>>
Unless you are using Vista since Vista won't add the adm-files to the GPO
>>
at SYSVOL and therefore it gives you all adm-files in your local
>>
inf-folder automatically when you create a new GPO.
>>
>>
--
>>
Regards G Johansson
>>
fantomen@NOSPAM.GPfaq.se
>>
http://GPfaq.se
>>
>>
>>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>>
news:ON2xYzFBIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>
again, overloading GPO with unused ADM is bad.
>>>
You would remove them on GPO if they are present but not used (and WSUS
>>>
too for example).
>>>
The less, the better
>>>
>>>
--
>>>
Cordialement,
>>>
Mathieu CHATEAU
>>>
English blog: http://lordoftheping.blogspot.com
>>>
French blog: http://www.lotp.fr
>>>
>>>
>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>
news:eJCx8UFBIHA.4752@TK2MSFTNGP04.phx.gbl...
>>>>
Maybe we mean two different things.
>>>>
>>>>
If I for example download all Office 2007 adm-files and put them in
>>>>
C:\Windows\Inf and I open a new GPO I can see all these settings
>>>>
automatically added into Administrative Templates\Classic
>>>>
Administrative Templates (ADM) without needing to add them manually as
>>>>
I would need in XP.
>>>>
>>>>
--
>>>>
Regards G Johansson
>>>>
fantomen@NOSPAM.GPfaq.se
>>>>
http://GPfaq.se
>>>>
>>>>
>>>>
"Darren Mar-Elia" <dmanonymous@microsoft.com> wrote in
message
>>>>
news:OkWe4QEBIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>>
Actually, ADM files in Vista are not automatically added--only ADMX
>>>>>
files are--but that's beside the issue :)
>>>>>
>>>>>
--
>>>>>
Darren Mar-Elia
>>>>>
MS-MVP-Windows Server--Group Policy
>>>>>
>>>>>
Script Group Policy Settings with the GPExpert Scripting Toolkit for
>>>>>
PowerShell!
>>>>>
Find out more at http://www.sdmsoftware.com/products2.php
>>>>>
>>>>>
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
>>>>>
Information Hub:
>>>>>
FAQs, Training Videos, Whitepapers and Utilities for all things Group
>>>>>
Policy-related
>>>>>
>>>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>>>
news:OdhmRJ3AIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>>>>
If you would be using Vista then all adm-files would be automaticaly
>>>>>>
added into your GPO's. Pre-Vista machines you need to add them
>>>>>>
yourself...
>>>>>>
>>>>>>
But I'm not understanding why you would like to add the adm-files for
>>>>>>
Office 12 into all your GPO's
>>>>>>
>>>>>>
--
>>>>>>
Regards G Johansson
>>>>>>
fantomen@NOSPAM.GPfaq.se
>>>>>>
http://GPfaq.se
>>>>>>
>>>>>>
>>>>>>
"NZSchoolTech" <nzschooltech@education.nz> wrote in message
>>>>>>
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>>>>I
recently obtained the ADM files for Office 2003 and Office 2007 and
>>>>>>>want
to use them to deploy to all users via Active Directory Users
>>>>>>>and
Computers. However, the only instructions I can find for adding
>>>>>>>these
templates to the Group Policy Editor are to open a GPO and then
>>>>>>>right
click Administrative Templates to get to the Add/Remove dialog.
>>>>>>>
>>>>>>>
When I followed this the new settings were available in the GPE, but
>>>>>>>
only for the GPO I had open at the time.
>>>>>>>
>>>>>>>
I want to be able to put in the new ADM files so that the settings
>>>>>>>
are accessible for all the GPOs in the domain but it seems the only
>>>>>>>
way to do this is to open up every GPO and then add the templates to
>>>>>>>
it. Is there a way to make these template available to all my GPOs
>>>>>>>
so I don't have to add them to every one.
>>>>>>>
>>>>>>>
--
>>>>>>>
--
>>>>>>>
NZSchoolTech
>>>>>>
>>>>>
>>>>
>>>
>>
>
Top
From: Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
10/01/2007 15:20:55
if
you are more than one admin, you would keep a unique storage reference
location
for ADM, so to always use the same ADM Version, that you edit from
vista,
XP, or DC directly.
I
will try with my vista to get a recent picture ;)
--
Cordialement,
Mathieu
CHATEAU
English
blog: http://lordoftheping.blogspot.com
French
blog: http://www.lotp.fr
"G
Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
news:OTUXLeGBIHA.1208@TK2MSFTNGP03.phx.gbl...
>
True
>
>
Unless you are using Vista since Vista won't add the adm-files to the GPO
>
at SYSVOL and therefore it gives you all adm-files in your local
>
inf-folder automatically when you create a new GPO.
>
>
--
>
Regards G Johansson
>
fantomen@NOSPAM.GPfaq.se
>
http://GPfaq.se
>
>
>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>
news:ON2xYzFBIHA.2268@TK2MSFTNGP04.phx.gbl...
>>
again, overloading GPO with unused ADM is bad.
>>
You would remove them on GPO if they are present but not used (and WSUS
>>
too for example).
>>
The less, the better
>>
>>
--
>>
Cordialement,
>>
Mathieu CHATEAU
>>
English blog: http://lordoftheping.blogspot.com
>>
French blog: http://www.lotp.fr
>>
>>
>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>
news:eJCx8UFBIHA.4752@TK2MSFTNGP04.phx.gbl...
>>>
Maybe we mean two different things.
>>>
>>>
If I for example download all Office 2007 adm-files and put them in
>>>
C:\Windows\Inf and I open a new GPO I can see all these settings
>>>
automatically added into Administrative Templates\Classic Administrative
>>>
Templates (ADM) without needing to add them manually as I would need in
>>>
XP.
>>>
>>>
--
>>>
Regards G Johansson
>>>
fantomen@NOSPAM.GPfaq.se
>>>
http://GPfaq.se
>>>
>>>
>>>
"Darren Mar-Elia" <dmanonymous@microsoft.com> wrote in
message
>>>
news:OkWe4QEBIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>
Actually, ADM files in Vista are not automatically added--only ADMX
>>>>
files are--but that's beside the issue :)
>>>>
>>>>
--
>>>>
Darren Mar-Elia
>>>>
MS-MVP-Windows Server--Group Policy
>>>>
>>>>
Script Group Policy Settings with the GPExpert Scripting Toolkit for
>>>>
PowerShell!
>>>>
Find out more at http://www.sdmsoftware.com/products2.php
>>>>
>>>>
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
>>>>
Information Hub:
>>>>
FAQs, Training Videos, Whitepapers and Utilities for all things Group
>>>>
Policy-related
>>>>
>>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>>
news:OdhmRJ3AIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>>>
If you would be using Vista then all adm-files would be automaticaly
>>>>>
added into your GPO's. Pre-Vista machines you need to add them
>>>>>
yourself...
>>>>>
>>>>>
But I'm not understanding why you would like to add the adm-files for
>>>>>
Office 12 into all your GPO's
>>>>>
>>>>>
--
>>>>>
Regards G Johansson
>>>>>
fantomen@NOSPAM.GPfaq.se
>>>>>
http://GPfaq.se
>>>>>
>>>>>
>>>>>
"NZSchoolTech" <nzschooltech@education.nz> wrote in message
>>>>>
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>>>I
recently obtained the ADM files for Office 2003 and Office 2007 and
>>>>>>want
to use them to deploy to all users via Active Directory Users and
>>>>>>Computers.
However, the only instructions I can find for adding these
>>>>>>templates
to the Group Policy Editor are to open a GPO and then right
>>>>>>click
Administrative Templates to get to the Add/Remove dialog.
>>>>>>
>>>>>>
When I followed this the new settings were available in the GPE, but
>>>>>>
only for the GPO I had open at the time.
>>>>>>
>>>>>>
I want to be able to put in the new ADM files so that the settings
>>>>>>
are accessible for all the GPOs in the domain but it seems the only
>>>>>>
way to do this is to open up every GPO and then add the templates to
>>>>>>
it. Is there a way to make these template available to all my GPOs so
>>>>>>
I don't have to add them to every one.
>>>>>>
>>>>>>
--
>>>>>>
--
>>>>>>
NZSchoolTech
>>>>>
>>>>
>>>
>>
>
Top
From: G Johansson <fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
10/01/2007 15:13:32
True
Unless
you are using Vista since Vista won't add the adm-files to the GPO at
SYSVOL
and therefore it gives you all adm-files in your local inf-folder
automatically
when you create a new GPO.
--
Regards
G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Mathieu
CHATEAU" <gollum123@free.fr> wrote in message
news:ON2xYzFBIHA.2268@TK2MSFTNGP04.phx.gbl...
>
again, overloading GPO with unused ADM is bad.
>
You would remove them on GPO if they are present but not used (and WSUS
>
too for example).
>
The less, the better
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
English blog: http://lordoftheping.blogspot.com
>
French blog: http://www.lotp.fr
>
>
>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>
news:eJCx8UFBIHA.4752@TK2MSFTNGP04.phx.gbl...
>>
Maybe we mean two different things.
>>
>>
If I for example download all Office 2007 adm-files and put them in
>>
C:\Windows\Inf and I open a new GPO I can see all these settings
>>
automatically added into Administrative Templates\Classic Administrative
>>
Templates (ADM) without needing to add them manually as I would need in
>>
XP.
>>
>>
--
>>
Regards G Johansson
>>
fantomen@NOSPAM.GPfaq.se
>>
http://GPfaq.se
>>
>>
>>
"Darren Mar-Elia" <dmanonymous@microsoft.com> wrote in
message
>>
news:OkWe4QEBIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>
Actually, ADM files in Vista are not automatically added--only ADMX
>>>
files are--but that's beside the issue :)
>>>
>>>
--
>>>
Darren Mar-Elia
>>>
MS-MVP-Windows Server--Group Policy
>>>
>>>
Script Group Policy Settings with the GPExpert Scripting Toolkit for
>>>
PowerShell!
>>>
Find out more at http://www.sdmsoftware.com/products2.php
>>>
>>>
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
>>>
Information Hub:
>>>
FAQs, Training Videos, Whitepapers and Utilities for all things Group
>>>
Policy-related
>>>
>>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>>
news:OdhmRJ3AIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>>
If you would be using Vista then all adm-files would be automaticaly
>>>>
added into your GPO's. Pre-Vista machines you need to add them
>>>>
yourself...
>>>>
>>>>
But I'm not understanding why you would like to add the adm-files for
>>>>
Office 12 into all your GPO's
>>>>
>>>>
--
>>>>
Regards G Johansson
>>>>
fantomen@NOSPAM.GPfaq.se
>>>>
http://GPfaq.se
>>>>
>>>>
>>>>
"NZSchoolTech" <nzschooltech@education.nz> wrote in message
>>>>
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>>I
recently obtained the ADM files for Office 2003 and Office 2007 and
>>>>>want
to use them to deploy to all users via Active Directory Users and
>>>>>Computers.
However, the only instructions I can find for adding these
>>>>>templates
to the Group Policy Editor are to open a GPO and then right
>>>>>click
Administrative Templates to get to the Add/Remove dialog.
>>>>>
>>>>>
When I followed this the new settings were available in the GPE, but
>>>>>
only for the GPO I had open at the time.
>>>>>
>>>>>
I want to be able to put in the new ADM files so that the settings are
>>>>>
accessible for all the GPOs in the domain but it seems the only way to
>>>>>
do this is to open up every GPO and then add the templates to it. Is
>>>>>
there a way to make these template available to all my GPOs so I don't
>>>>>
have to add them to every one.
>>>>>
>>>>>
--
>>>>>
--
>>>>>
NZSchoolTech
>>>>
>>>
>>
>
Top
From: Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
10/01/2007 13:55:53
again,
overloading GPO with unused ADM is bad.
You
would remove them on GPO if they are present but not used (and WSUS too
for
example).
The
less, the better
--
Cordialement,
Mathieu
CHATEAU
English
blog: http://lordoftheping.blogspot.com
French
blog: http://www.lotp.fr
"G
Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
news:eJCx8UFBIHA.4752@TK2MSFTNGP04.phx.gbl...
>
Maybe we mean two different things.
>
>
If I for example download all Office 2007 adm-files and put them in
>
C:\Windows\Inf and I open a new GPO I can see all these settings
>
automatically added into Administrative Templates\Classic Administrative
>
Templates (ADM) without needing to add them manually as I would need in
>
XP.
>
>
--
>
Regards G Johansson
>
fantomen@NOSPAM.GPfaq.se
>
http://GPfaq.se
>
>
>
"Darren Mar-Elia" <dmanonymous@microsoft.com> wrote in
message
>
news:OkWe4QEBIHA.4836@TK2MSFTNGP06.phx.gbl...
>>
Actually, ADM files in Vista are not automatically added--only ADMX files
>>
are--but that's beside the issue :)
>>
>>
--
>>
Darren Mar-Elia
>>
MS-MVP-Windows Server--Group Policy
>>
>>
Script Group Policy Settings with the GPExpert Scripting Toolkit for
>>
PowerShell!
>>
Find out more at http://www.sdmsoftware.com/products2.php
>>
>>
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
>>
Information Hub:
>>
FAQs, Training Videos, Whitepapers and Utilities for all things Group
>>
Policy-related
>>
>>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>>
news:OdhmRJ3AIHA.2268@TK2MSFTNGP04.phx.gbl...
>>>
If you would be using Vista then all adm-files would be automaticaly
>>>
added into your GPO's. Pre-Vista machines you need to add them
>>>
yourself...
>>>
>>>
But I'm not understanding why you would like to add the adm-files for
>>>
Office 12 into all your GPO's
>>>
>>>
--
>>>
Regards G Johansson
>>>
fantomen@NOSPAM.GPfaq.se
>>>
http://GPfaq.se
>>>
>>>
>>>
"NZSchoolTech" <nzschooltech@education.nz> wrote in message
>>>
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>>I
recently obtained the ADM files for Office 2003 and Office 2007 and
>>>>want
to use them to deploy to all users via Active Directory Users and
>>>>Computers.
However, the only instructions I can find for adding these
>>>>templates
to the Group Policy Editor are to open a GPO and then right
>>>>click
Administrative Templates to get to the Add/Remove dialog.
>>>>
>>>>
When I followed this the new settings were available in the GPE, but
>>>>
only for the GPO I had open at the time.
>>>>
>>>>
I want to be able to put in the new ADM files so that the settings are
>>>>
accessible for all the GPOs in the domain but it seems the only way to
>>>>
do this is to open up every GPO and then add the templates to it. Is
>>>>
there a way to make these template available to all my GPOs so I don't
>>>>
have to add them to every one.
>>>>
>>>>
--
>>>>
--
>>>>
NZSchoolTech
>>>
>>
>
Top
From: G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
10/01/2007 13:02:28
Maybe
we mean two different things.
If
I for example download all Office 2007 adm-files and put them in
C:\Windows\Inf
and I open a new GPO I can see all these settings
automatically
added into Administrative Templates\Classic Administrative
Templates
(ADM) without needing to add them manually as I would need in XP.
--
Regards
G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Darren
Mar-Elia" <dmanonymous@microsoft.com> wrote in message
news:OkWe4QEBIHA.4836@TK2MSFTNGP06.phx.gbl...
>
Actually, ADM files in Vista are not automatically added--only ADMX files
>
are--but that's beside the issue :)
>
>
--
>
Darren Mar-Elia
>
MS-MVP-Windows Server--Group Policy
>
>
Script Group Policy Settings with the GPExpert Scripting Toolkit for
>
PowerShell!
>
Find out more at http://www.sdmsoftware.com/products2.php
>
>
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
>
Information Hub:
>
FAQs, Training Videos, Whitepapers and Utilities for all things Group
>
Policy-related
>
>
"G Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
>
news:OdhmRJ3AIHA.2268@TK2MSFTNGP04.phx.gbl...
>>
If you would be using Vista then all adm-files would be automaticaly
>>
added into your GPO's. Pre-Vista machines you need to add them
>>
yourself...
>>
>>
But I'm not understanding why you would like to add the adm-files for
>>
Office 12 into all your GPO's
>>
>>
--
>>
Regards G Johansson
>>
fantomen@NOSPAM.GPfaq.se
>>
http://GPfaq.se
>>
>>
>>
"NZSchoolTech" <nzschooltech@education.nz> wrote in message
>>
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>>>I
recently obtained the ADM files for Office 2003 and Office 2007 and
>>>want
to use them to deploy to all users via Active Directory Users and
>>>Computers.
However, the only instructions I can find for adding these
>>>templates
to the Group Policy Editor are to open a GPO and then right
>>>click
Administrative Templates to get to the Add/Remove dialog.
>>>
>>>
When I followed this the new settings were available in the GPE, but
>>>
only for the GPO I had open at the time.
>>>
>>>
I want to be able to put in the new ADM files so that the settings are
>>>
accessible for all the GPOs in the domain but it seems the only way to
>>>
do this is to open up every GPO and then add the templates to it. Is
>>>
there a way to make these template available to all my GPOs so I don't
>>>
have to add them to every one.
>>>
>>>
--
>>>
--
>>>
NZSchoolTech
>>
>
Top
From: Darren Mar-Elia
<dmanonymous@microsoft.com>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
10/01/2007 11:00:41
Actually,
ADM files in Vista are not automatically added--only ADMX files
are--but
that's beside the issue :)
--
Darren
Mar-Elia
MS-MVP-Windows
Server--Group Policy
Script
Group Policy Settings with the GPExpert Scripting Toolkit for
PowerShell!
Find
out more at http://www.sdmsoftware.com/products2.php
Visit
the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information
Hub:
FAQs,
Training Videos, Whitepapers and Utilities for all things Group
Policy-related
"G
Johansson" <fantomen@NOSPAM.GPfaq.se> wrote in message
news:OdhmRJ3AIHA.2268@TK2MSFTNGP04.phx.gbl...
>
If you would be using Vista then all adm-files would be automaticaly added
>
into your GPO's. Pre-Vista machines you need to add them yourself...
>
>
But I'm not understanding why you would like to add the adm-files for
>
Office 12 into all your GPO's
>
>
--
>
Regards G Johansson
>
fantomen@NOSPAM.GPfaq.se
>
http://GPfaq.se
>
>
>
"NZSchoolTech" <nzschooltech@education.nz> wrote in message
>
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>>I
recently obtained the ADM files for Office 2003 and Office 2007 and want
>>to
use them to deploy to all users via Active Directory Users and
>>Computers.
However, the only instructions I can find for adding these
>>templates
to the Group Policy Editor are to open a GPO and then right
>>click
Administrative Templates to get to the Add/Remove dialog.
>>
>>
When I followed this the new settings were available in the GPE, but only
>>
for the GPO I had open at the time.
>>
>>
I want to be able to put in the new ADM files so that the settings are
>>
accessible for all the GPOs in the domain but it seems the only way to do
>>
this is to open up every GPO and then add the templates to it. Is there a
>>
way to make these template available to all my GPOs so I don't have to
>>
add them to every one.
>>
>>
--
>>
--
>>
NZSchoolTech
>
Top
From: G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
09/30/2007 09:58:09
If
you would be using Vista then all adm-files would be automaticaly added
into
your GPO's. Pre-Vista machines you need to add them yourself...
But
I'm not understanding why you would like to add the adm-files for Office
12
into all your GPO's
--
Regards
G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"NZSchoolTech"
<nzschooltech@education.nz> wrote in message
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>I
recently obtained the ADM files for Office 2003 and Office 2007 and want
>to
use them to deploy to all users via Active Directory Users and
>Computers.
However, the only instructions I can find for adding these
>templates
to the Group Policy Editor are to open a GPO and then right click
>Administrative
Templates to get to the Add/Remove dialog.
>
>
When I followed this the new settings were available in the GPE, but only
>
for the GPO I had open at the time.
>
>
I want to be able to put in the new ADM files so that the settings are
>
accessible for all the GPOs in the domain but it seems the only way to do
>
this is to open up every GPO and then add the templates to it. Is there a
>
way to make these template available to all my GPOs so I don't have to add
>
them to every one.
>
>
--
>
--
>
NZSchoolTech
Top
From: Mathieu CHATEAU <gollum123@free.fr>
To:
none
Subject:
Re: Adding new ADM templates to Group Policy Edito
Date:
09/30/2007 04:45:01
Hello,
You
don't need and shouldn't add all ADM to all GPO. That's useless and make
GPO
bigger. Moreover, it may become more complicated to get which gpo change
settings.
Best
practices even recommend to remove the builtin that's aren't needed in
a
GPO, like WSUS if you do not use it in a specific GPO.
MS
recommend to make small GPO, that only set around 10 settings, and only
set
an area like only WSUS, only IE settings, only Office settings. Then you
can
easily link these small GPO to many OU
--
Cordialement,
Mathieu
CHATEAU
English
blog: http://lordoftheping.blogspot.com
French
blog: http://www.lotp.fr
"NZSchoolTech"
<nzschooltech@education.nz> wrote in message
news:eugAxCyAIHA.4836@TK2MSFTNGP06.phx.gbl...
>I
recently obtained the ADM files for Office 2003 and Office 2007 and want
>to
use them to deploy to all users via Active Directory Users and
>Computers.
However, the only instructions I can find for adding these
>templates
to the Group Policy Editor are to open a GPO and then right click
>Administrative
Templates to get to the Add/Remove dialog.
>
>
When I followed this the new settings were available in the GPE, but only
>
for the GPO I had open at the time.
>
>
I want to be able to put in the new ADM files so that the settings are
>
accessible for all the GPOs in the domain but it seems the only way to do
>
this is to open up every GPO and then add the templates to it. Is there a
>
way to make these template available to all my GPOs so I don't have to add
>
them to every one.
>
>
--
>
--
>
NZSchoolTech
Top
From: Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Adding entry to PATH System Variable (merging, not
replacingexist
Date:
09/27/2007 00:30:33
Howdie!
M8ng0
schrieb:
>
I was wondering if there was a way via GPO, ADM, or even script, that I
could
>
add an entry to a number of systems existing System PATH. I know
where the
>
setting is in the registry, but thus far have only found methods to replace
>
the PATH entry instead of append to it. I am limited in my knowledge
of
>
scripting and ADM creation, so be specific if you can.
The
path variable is located in the registry, at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment
as REG_SZ, so you could change it with an ADM
template
file.
As
you want to add an entry rather than change the existing, you'd have
to
stick with scripting. You could try the tool setx.exe from the
Support
Tools:
http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=en
Maybe
if you're lucky, something like
setx.exe
-path %PATH%,"C:\newPath" (untested!)
will
work.
cheers,
Florian
--
Microsoft
MVP - Windows Server - Group Policy.
eMail:
prename [at] frickelsoft [dot] net.
blog:
http://www.frickelsoft.net/blog.
Top
From: Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Account Lockout and Laptops
Date:
09/17/2007 16:19:20
Hello,
it's
not wrong, the account is locked out in AD, but as it already ot it's
session
opened, it can unlock the desktop.
Network
access only works where he went before (valid tgt ticket).
He
won't be able to access anymore network ressource after 10 hours
(default)
Kerberos
Explained
http://technet.microsoft.com/en-us/library/Bb742516.aspx
--
Cordialement,
Mathieu
CHATEAU
http://lordoftheping.blogspot.com
<chalkley@gmail.com>
wrote in message
news:1190060223.952127.241310@g4g2000hsf.googlegroups.com...
>
Okay I got a weird one,
>
>
In my domain policy I have where three invalid password attempts
>
result in a forever lockout. and this works great on all my desktops.
>
>
but on my laptops a user can lock the computer, put in a wrong
>
password four times and get a account in lockedout message, then put
>
in the correct password and get back in. Not only get back into the
>
laptop but also access files on the network.
>
>
But I check AD and sure enuogh the user is getting locked out.
>
>
Now after being locked out, if the laptop in rebooted, then it will
>
correctly keep them locked out.
>
>
What could be wrong?
>
Top
From: v-kzhao@online.microsoft.com (Ken
Zhao [MSFT])
To:
none
Subject:
Re: JunkMailImportLists in Outlook .adm is not working
Date:
09/17/2007 03:58:02
Thanks
Mark.
From
your post,
Thanks
& Regards,
Ken
Zhao
Microsoft
Online Support
Microsoft
Global Technical Support Center
Get
Secure! - www.microsoft.com/security
<http://www.microsoft.com/security>
====================================================
When
responding to posts, please "Reply to Group" via your newsreader
so
that
others may learn and benefit from your issue.
====================================================
This
posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
|
Date: Wed, 12 Sep 2007 21:11:20 +0200
|
From: "Mark Heitbrink [MVP]" <spam-only@gruppenrichtlinien.de>
|
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.5)
Gecko/20060719
Thunderbird/1.5.0.5 Mnenhy/0.7.4.0
|
MIME-Version: 1.0
|
Subject: Re: "JunkMailImportLists" in Outlook .adm is not working
|
References: <#5xOFsJ9HHA.2752@TK2MSFTNGP06.phx.gbl>
<OIb5a#K9HHA.3400@TK2MSFTNGP03.phx.gbl>
<e#QwTRM9HHA.3400@TK2MSFTNGP03.phx.gbl>
<vDobHhP9HHA.5204@TK2MSFTNGHUB02.phx.gbl>
|
In-Reply-To: <vDobHhP9HHA.5204@TK2MSFTNGHUB02.phx.gbl>
|
Content-Type: text/plain; charset=ISO-8859-1
|
Content-Transfer-Encoding: 7bit
|
Message-ID: <uP8Z1CX9HHA.5684@TK2MSFTNGP05.phx.gbl>
|
Newsgroups: microsoft.public.windows.group_policy
|
NNTP-Posting-Host: pD9E73AF8.dip0.t-ipconnect.de 217.231.58.248
|
Lines: 1
|
Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
|
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.group_policy:5793
|
X-Tomcat-NG: microsoft.public.windows.group_policy
|
|
Ken,
|
|
Ken Zhao [MSFT] schrieb:
|
> You may use Group Policy Object (GPO) Editor to set a user logon
script.
|
> The script will modify the registry of clients [...]
|
|
NO!
|
|
Even if tons of MS KB article mention options like that, a registry value
|
should always be deployed by an ADM or a Security Template (if
|
applicapable) but NEVER as a "regedit /s" in Login Script.
|
Thats disgusting.
|
You are posting in .group_policy and not .windows98.reghack :-)
|
|
To fall back into my mostliked sarcasm:
|
Forget about all CSEs, the CSE Scripts, is the only one needed, you can:
| -
regedit /s (instead of ADM)
| -
msiexec /i file.msi /qn (instead of App)
| -
secedit /configure /db ... (instead of Security)
| -
WPAD + regedit /s (instead of IE Maintainance)
|
etc.
|
|
Just my 2 cents and allday anger about "Edit the registry by
script"
|
in MS KB *argh*
|
|
Mark
|
--
|
Mark Heitbrink - MVP Windows Server - Group Policy
|
|
Homepage: www.gruppenrichtlinien.de - deutsch
|
Blog: gpupdate.spaces.live.com - english
|
Top
|