From:
jeremy
<jeremy@discussions.microsoft.com>
To:
none
Subject:
Re: pushprinterconnection.exe to users via GPO
Date:
09/19/2007
15:52:03
I
run a small, one print server domain with about 40 users and when I make
changes to my print GPOs it literally takes over an hour to propogate to my
users.
Other than that, it's been working well.
"Steven" wrote:
>
Nope that didn't work, user side script runs find but doesn't bring in
>
printers. Like i said previously it works for computers but not users. Maybe
>
problem is in users OU GPO?
>
I have both computer and user script running push,,,.exe at top Buisness
>
level OU then printer GPO's at each office OU level, all the ones applied to
>
the Office> computers OU work but not office> users OU.
>
>
RSOP show printer GPO being applied and GPO shows assigned printers under
>
users deployed printers.
>
>
Any help would be greatly appreciated.
>
--
>
Steve
>
>
>
>
"Mark Heitbrink [MVP]" wrote:
>
>
> Hi,
>
>
>
> Steven schrieb:
>
> > Anyone else out there using R2/GPO Printer User deployment successfully?
>
>
>
> I have to admit: Yes, it works here ... *argh*
>
> Works like expected, no trick at all.
>
>
>
> The only thing I always change is: I donīt place/save the scripts
>
> inside the GPO. I move them to NETLOGON.
>
> To get them run, you need to change the GPO entry and work with
>
> the DFS path of the domain. Itīs the only path allowed.
>
> -> \\domain.tld\netlogon\yourscript.bat
>
>
>
> Inside the script I work with
>
> %logonserver%\netlogon\pushprinterconnections.exe -log
>
>
>
> So, I never use the "default path" and I never use the .exe
>
> I work with Batch ...
>
>
>
> Mark
>
> --
>
> Mark Heitbrink - MVP Windows Server - Group Policy
>
>
>
> Homepage: www.gruppenrichtlinien.de - deutsch
>
> Blog: gpupdate.spaces.live.com - english
>
>
Top
From:
Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: Push Out Network Printers With A Group Policy?
Date:
09/17/2007
03:18:54
Hi,
Thomas M. schrieb:
>
[...]
>
Can a network printer be pushed out using a group policy?
Only 2003 R2 in combination with a
Vista
client can publish a printer
with a real policy (client side extension) older clients (XP,2k,2003)
need a script in addition to connect to this published printer.
http://gpupdate.spaces.live.com/blog/cns!95A4CDC36943279A!128.entry
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
Phillip Windell
<philwindell@hotmail.com>
To:
none
Subject:
Re: Proxy Tunneling from my work place?
Date:
09/27/2007
15:14:15
Homer schrieb:
>
My work place has tones of restrictions regarding Internet access so I
>
am trying to run a proxy/tunnel server at home and connect from work.
Homer,
If they are going through all that trouble to create all those Rule they are
probably serious about enforcing them. When caught the employee usually
looses there job, if it is a government job position then legal procescution
may result due to national security reasons.
The Payload of the HTTP packet still contains information about the real
site you are trying to go to in spite of the fact that you are using an
"outside" proxy,...after all,...how do you think the outside proxy knows
where you want to go? You don't actually think that the Destination IP# of
the connection is the only evidence that can be retreived, do you?
Therefore, do you think the place you work at isn't capable of examining the
traffic from your machine to know you are doing this?,...it isn't hard to
do. Heck, for that matter you don't even have to succeed,..all you have to
do is make the attempt,...in fact a failed connection will draw more
attention than a successful one because someone will be curious as to why it
failed.
By-the-way, this isn't "tunneling" anything. You are just trying to
"use a
proxy", that's all. Tunneling means something specific,..and this isn't
it.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Proxy Tunneling from my work place?
Date:
09/27/2007
14:54:56
while i agree to not help "script kiddies" people, security mustn't be based
on lack of people knowledge!
Proxy is good, proxy with filtering rules is better :)
just my 2 cents
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Mark Heitbrink [MVP]" <spam-only@gruppenrichtlinien.de> wrote in message
news:%23xk$XtOAIHA.4476@TK2MSFTNGP06.phx.gbl...
>
Hi,
>
>
Homer schrieb:
>> My work place has tones of restrictions regarding Internet access so I
>> am trying to run a proxy/tunnel server at home and connect from work.
>
>
... and thats the reason, why you hopefully will not get an answer in
>
this NG. You may ask google or HTML forums. [...]
>
>> How can I fix my problem?
>
>
Change the work place.
>
At least in the moment, where the responsible people recognize what you
>
are
>
trying to do, you will change your work place, but perhaps not, because
>
you wanted to change ...
>
>
Mark
>
--
>
Mark Heitbrink - MVP Windows Server - Group Policy
>
>
Homepage: www.gruppenrichtlinien.de - deutsch
>
Blog: gpupdate.spaces.live.com - english
Top
From:
Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: Proxy Tunneling from my work place?
Date:
09/27/2007
04:43:57
Hi,
Homer schrieb:
>
My work place has tones of restrictions regarding Internet access so I
>
am trying to run a proxy/tunnel server at home and connect from work.
... and thats the reason, why you hopefully will not get an answer in
this NG. You may ask google or HTML forums. [...]
>
How can I fix my problem?
Change the work place.
At least in the moment, where the responsible people recognize what you are
trying to do, you will change your work place, but perhaps not, because
you wanted to change ...
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
ShawnTMaloney@gmail.com
To:
none
Subject:
Re: Printers deployed through GPO not removed
Date:
09/26/2007
13:56:14
After spending a total of 9 hours on the phone with various techs...
we determined it's a bug, and think we may have found a workaround.
When I deployed the printers, I used a Vista PC, launched the GPMC.msc
console, edited the group policy and deployed the printer. The
printers deploy fine that way, but don't they don't remove when you
remove them from the GPO. It should work, and that's part of the
bug...
To work around it:
I
installed the Print management console on one of my Win2k3 Std R2
SP2 servers, connected to the Win2k3 Std SP2 print server, right click
the printer, deploy with group policy and add it to the group policy.
Open the GPMC.msc, and add pushprinterconnections.exe (I had to copy
it from a Vista PC to the domain script location) as a startup or
logon script to the GPU I am using to deploy the printer. If it's a
per machine printer deploy, add as startup, per user, add as a logon
script. I'm only deploying to
Vista
machines, so according to all the
documentation the pushprinterconnections.exe shouldn't be necessary...
and that's the second half of the bug.
Once the printer has been redeployed, open GPMC.msc, edit the GPO,
browser to deployed printers, Right click the printer to be removed,
and select remove. (In the Print Management console, there is no way
to remove the printer from the GPO... unless, you have to go through
the deploy process, add it, and before you close out the window select
remove. It wouldn't surprise me if that was the "proper" method, but
the MS techs told me to remove it using the GPMC console)
I've redeployed the tenacious printer using the Win2k3 R2 Print
management console to the original GPO. I am going to wait a week or
so before I remove it again. I'll post the results.
Top
From:
ShawnTMaloney@gmail.com
To:
none
Subject:
Re: Printers deployed through GPO not removed
Date:
09/20/2007
18:03:02
If anyone else is having this issue... I just spent 4 hours and 45
minutes on the phone with MS, and after all that, they told me it was
a
bug. They are going to do some more research, and we'll resume the
call on Monday.
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Prevent a user or group from ending a process
Date:
09/25/2007
08:40:00
Howdie!
mu1980 schrieb:
>
Yes, this process starts before anyone logs in on the computer. I've
>
thought about removing the students group from the local administrators
>
group, but it'll be a matter of determining whether that causes problems with
>
any programs running.
Give it a try. Although it might cause you initial work on the machines
and some research, it's worth the trouble. You'll be better off with
this step towards security.
For starters, you can have a look at filemon and regmon, two monitoring
tools for the filesystem and the registry:
http://www.microsoft.com/technet/sysinternals/default.mspx
You can audit which permissions an application needs to what resources
in case it fails to start under a "normal" user's context.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
mu1980
<mu1980@discussions.microsoft.com>
To:
none
Subject:
Re: Prevent a user or group from ending a process
Date:
09/25/2007
08:34:02
Thanks for the reply :)
Yes, this process starts before anyone logs in on the computer. I've
thought about removing the students group from the local administrators
group, but it'll be a matter of determining whether that causes problems with
any programs running.
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Prevent a user or group from ending a process
Date:
09/25/2007
08:11:14
Howdie!
mu1980 schrieb:
>
Is there a simple way, through Group Policy, for example, to prevent a user
>
or group from being able to stop a running process on the local computer?
>
>
We have some students hell bent on stopping Vision 6 from running so the
>
teacher in a lab can't demo or watch what they're doing.
>
>
I have blocked access to Task Manager and prevented the run/end running
>
processes items specified in Group Policy, but I'm concerned that they may
>
run a script of some kind to kill the process.
I
assume this is a service or anything that is started under a different
context than the user's. If so, take away the user's local admin rights.
As local admins they can install any third party tool they wish (procmon
for example) and stop the processes.
It's a question of user rights in my opinion. Not a question of
software-side restrictions.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
v-kzhao@online.microsoft.com
(Ken Zhao [MSFT])
To:
none
Subject:
Re: Policy Changes not reflected
Date:
09/26/2007
05:15:59
Hi Jon,
I
am just writing to see how everything is going. If you have any updates
or need any further assistance on this issue, please feel free to let me
know.
Thanks & Regards,
Ken Zhao
Microsoft Online Support
Microsoft Global
Technical
Support
Center
Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
|
X-Tomcat-ID: 50747723
|
References: <2F98DC9D-EB94-4FB9-A5C3-D996DF81143C@microsoft.com>
<O5zNOUS$HHA.3716@TK2MSFTNGP03.phx.gbl>
|
MIME-Version: 1.0
|
Content-Type: text/plain
|
Content-Transfer-Encoding: 7bit
|
From: v-kzhao@online.microsoft.com ("Ken Zhao [MSFT]")
|
Organization: Microsoft
|
Date:
Mon, 24 Sep 2007
05:33:26 GMT
|
Subject: Re: Policy Changes not reflected
|
X-Tomcat-NG: microsoft.public.windows.group_policy
|
Message-ID: <qfFBAym$HHA.4728@TK2MSFTNGHUB02.phx.gbl>
|
Newsgroups: microsoft.public.windows.group_policy
|
Lines: 141
|
Path: TK2MSFTNGHUB02.phx.gbl
|
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.group_policy:6089
|
NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
|
|
Hello Jon,
|
|
Thank you for using newsgroup!
|
|
From your post, I'd like to thanks Mathieu for his great information
|
sharing. Meanwhile, I also suggest you refer to the following article to
|
troubleshoot this issue:
|
Fixing Folder Redirection policy settings problems
|
http://technet2.microsoft.com/windowsserver/en/library/818a01e7-62c5-435f-9c
|
6f-f975e86410e61033.mspx?mfr=true
|
|
Thanks & Regards,
|
|
Ken Zhao
|
|
Microsoft Online Support
|
Microsoft Global
Technical
Support
Center
|
|
Get Secure! - www.microsoft.com/security
<http://www.microsoft.com/security>
|
====================================================
|
When responding to posts, please "Reply to Group" via your newsreader so
|
that others may learn and benefit from your issue.
|
====================================================
|
This posting is provided "AS IS" with no warranties, and confers no
rights.
|
|
|
|
|
--------------------
|
| Reply-To: "Mathieu CHATEAU" <gollum123@free.fr>
|
| From: "Mathieu CHATEAU" <gollum123@free.fr>
|
| References: <2F98DC9D-EB94-4FB9-A5C3-D996DF81143C@microsoft.com>
|
| In-Reply-To: <2F98DC9D-EB94-4FB9-A5C3-D996DF81143C@microsoft.com>
|
| Subject: Re: Policy Changes not reflected
|
| Date:
Sat, 22 Sep 2007
16:29:46 +0200
|
| Lines: 89
|
| MIME-Version: 1.0
|
| Content-Type: text/plain;
|
| format=flowed;
|
| charset="iso-8859-1";
|
| reply-type=response
|
| Content-Transfer-Encoding: 7bit
|
| X-Priority: 3
|
| X-MSMail-Priority:
Normal
|
| X-Newsreader: Microsoft Windows Mail 6.0.6000.16480
|
| X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16480
|
| Message-ID: <O5zNOUS$HHA.3716@TK2MSFTNGP03.phx.gbl>
|
| Newsgroups: microsoft.public.windows.group_policy
|
| NNTP-Posting-Host: tui75-2-82-229-178-102.fbx.proxad.net 82.229.178.102
|
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
|
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.group_policy:6074
|
| X-Tomcat-NG: microsoft.public.windows.group_policy
|
|
|
| Hello,
|
|
|
| Can you check these registry settings?
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
|
| Folders
|
| Value Name: Personal
|
| Value Type: REG_SZ
|
| Value Data: complete path to storage location
|
| Any modification from the default is recorded in the following location
|
and
|
| the preceding path is also updated:
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
|
| Shell Folders
|
| Value Name: Personal
|
| Value Type: REG_SZ
|
| Value Data: complete path to storage location
|
|
|
| can you enable logging ?
|
|
|
| In addition to logging events in the Application Event log, Folder
|
| Redirection can provide a detailed log to aid troubleshooting. To
create
|
a
|
| detailed log file for folder redirection, use the following registry
key:
|
| . HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
|
| . Set: FdeployDebugLevel = Reg_DWORD 0x0f
|
|
|
| Note:
|
| The log file can be found at: %windir%\debug\usermode\fdeploy.log
|
|
|
| --
|
| Cordialement,
|
| Mathieu CHATEAU
|
| http://lordoftheping.blogspot.com
|
|
|
|
|
| "Jon Doh" <JonDoh@nospam.postalias> wrote in message
|
| news:2F98DC9D-EB94-4FB9-A5C3-D996DF81143C@microsoft.com...
|
| > Good afternoon,
|
| >
|
| > I've got a policy in place that Redirects the My Documents and
Desktop
|
| > folders to a server share, however we now need to change the path to
a
|
new
|
| > server, I've moved the files across (to avoid having to use the "Move
|
the
|
| > contents...", which would cause a long delay when people first start
|
up)
|
| > and I've now changed the redirection path to the new location.
|
| >
|
| > However the redirection doesn't seem to be working for the My
Documents
|
| > folder (the Desktop seems fine) doing a "gpresult /v" shows the
|
following:
|
| >
|
| > Folder Redirection
|
| > ------------------
|
| > GPO:
Brighton
Users Test OU
|
| >
Setting: InstallationType: basic
|
| >
Grant Type: Not Exclusive Rights
|
| >
Move Type: Contents of Local
Directory not
|
| > moved
|
| >
Policy Removal: Leave folder in existing
location
|
| >
Redirecting Group: Everyone
|
| >
Redirected Path:
|
| > \\abcgroup\birmingham\bigtest\sam.test\desktop
|
| >
|
| > GPO: N/A
|
| >
Setting: InstallationType: basic
|
| >
Grant Type: Exclusive Rights
|
| >
Move Type: Contents of Local
Directory not
|
| > moved
|
| >
Policy Removal: Leave folder in existing
location
|
| >
Redirecting Group: Everyone
|
| >
Redirected Path:
|
\\bir-svr-file2k\bigtest\sam.test\my
|
| > documents\My Pictures
|
| >
|
| > GPO: N/A
|
| >
Setting: InstallationType: basic
|
| >
Grant Type: Exclusive Rights
|
| >
Move Type: Contents of Local
Directory not
|
| > moved
|
| >
Policy Removal: Leave folder in existing
location
|
| >
Redirecting Group: Everyone
|
| >
Redirected Path:
|
\\bir-svr-file2k\bigtest\sam.test\my
|
| > documents
|
| >
|
| > \\abcgroup\birmingham..... is the new network share,
|
\\bir-svr-file2k...
|
| > is the old share, yet this is no longer mentioned in the Group Policy
|
so I
|
| > don't know why it's shown in gpresult, or why the GPO is listed as
N/A.
|
| >
|
| > Does any one have any ideas as to why the redirection is failing?
|
| >
|
| > Many thanks,
|
| > Jon
|
| >
|
|
|
|
|
|
Top
From:
v-kzhao@online.microsoft.com
(Ken Zhao [MSFT])
To:
none
Subject:
Re: Policy Changes not reflected
Date:
09/24/2007
00:33:26
Hello Jon,
Thank you for using newsgroup!
From your post, I'd like to thanks Mathieu for his great information
sharing. Meanwhile, I also suggest you refer to the following article to
troubleshoot this issue:
Fixing Folder Redirection policy settings problems
http://technet2.microsoft.com/windowsserver/en/library/818a01e7-62c5-435f-9c
6f-f975e86410e61033.mspx?mfr=true
Thanks & Regards,
Ken Zhao
Microsoft Online Support
Microsoft Global
Technical
Support
Center
Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
|
Reply-To: "Mathieu CHATEAU" <gollum123@free.fr>
|
From: "Mathieu CHATEAU" <gollum123@free.fr>
|
References: <2F98DC9D-EB94-4FB9-A5C3-D996DF81143C@microsoft.com>
|
In-Reply-To: <2F98DC9D-EB94-4FB9-A5C3-D996DF81143C@microsoft.com>
|
Subject: Re: Policy Changes not reflected
|
Date:
Sat, 22 Sep 2007
16:29:46 +0200
|
Lines: 89
|
MIME-Version: 1.0
|
Content-Type: text/plain;
|
format=flowed;
|
charset="iso-8859-1";
|
reply-type=response
|
Content-Transfer-Encoding: 7bit
|
X-Priority: 3
|
X-MSMail-Priority:
Normal
|
X-Newsreader: Microsoft Windows Mail 6.0.6000.16480
|
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16480
|
Message-ID: <O5zNOUS$HHA.3716@TK2MSFTNGP03.phx.gbl>
|
Newsgroups: microsoft.public.windows.group_policy
|
NNTP-Posting-Host: tui75-2-82-229-178-102.fbx.proxad.net 82.229.178.102
|
Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
|
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.group_policy:6074
|
X-Tomcat-NG: microsoft.public.windows.group_policy
|
|
Hello,
|
|
Can you check these registry settings?
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
|
Folders
|
Value Name: Personal
|
Value Type: REG_SZ
|
Value Data: complete path to storage location
|
Any modification from the default is recorded in the following location
and
|
the preceding path is also updated:
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
|
Shell Folders
|
Value Name: Personal
|
Value Type: REG_SZ
|
Value Data: complete path to storage location
|
|
can you enable logging ?
|
|
In addition to logging events in the Application Event log, Folder
|
Redirection can provide a detailed log to aid troubleshooting. To create
a
|
detailed log file for folder redirection, use the following registry key:
|
. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
|
. Set: FdeployDebugLevel = Reg_DWORD 0x0f
|
|
Note:
|
The log file can be found at: %windir%\debug\usermode\fdeploy.log
|
|
--
|
Cordialement,
|
Mathieu CHATEAU
|
http://lordoftheping.blogspot.com
|
|
|
"Jon Doh" <JonDoh@nospam.postalias> wrote in message
|
news:2F98DC9D-EB94-4FB9-A5C3-D996DF81143C@microsoft.com...
|
> Good afternoon,
|
>
|
> I've got a policy in place that Redirects the My Documents and Desktop
|
> folders to a server share, however we now need to change the path to a
new
|
> server, I've moved the files across (to avoid having to use the "Move
the
|
> contents...", which would cause a long delay when people first start
up)
|
> and I've now changed the redirection path to the new location.
|
>
|
> However the redirection doesn't seem to be working for the My Documents
|
> folder (the Desktop seems fine) doing a "gpresult /v" shows the
following:
|
>
|
> Folder Redirection
|
> ------------------
|
> GPO:
Brighton
Users Test OU
|
>
Setting: InstallationType: basic
|
>
Grant Type: Not Exclusive Rights
|
>
Move Type: Contents of Local
Directory not
|
> moved
|
>
Policy Removal: Leave folder in existing location
|
>
Redirecting Group: Everyone
|
>
Redirected Path:
|
> \\abcgroup\birmingham\bigtest\sam.test\desktop
|
>
|
> GPO: N/A
|
>
Setting: InstallationType: basic
|
>
Grant Type: Exclusive Rights
|
>
Move Type: Contents of Local
Directory not
|
> moved
|
>
Policy Removal: Leave folder in existing location
|
>
Redirecting Group: Everyone
|
>
Redirected Path:
\\bir-svr-file2k\bigtest\sam.test\my
|
> documents\My Pictures
|
>
|
> GPO: N/A
|
>
Setting: InstallationType: basic
|
>
Grant Type: Exclusive Rights
|
>
Move Type: Contents of Local
Directory not
|
> moved
|
>
Policy Removal: Leave folder in existing location
|
>
Redirecting Group: Everyone
|
>
Redirected Path:
\\bir-svr-file2k\bigtest\sam.test\my
|
> documents
|
>
|
> \\abcgroup\birmingham..... is the new network share,
\\bir-svr-file2k...
|
> is the old share, yet this is no longer mentioned in the Group Policy
so I
|
> don't know why it's shown in gpresult, or why the GPO is listed as N/A.
|
>
|
> Does any one have any ideas as to why the redirection is failing?
|
>
|
> Many thanks,
|
> Jon
|
>
|
|
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Policy Changes not reflected
Date:
09/22/2007
09:29:46
Hello,
Can you check these registry settings?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders
Value Name: Personal
Value Type: REG_SZ
Value Data: complete path to storage location
Any modification from the default is recorded in the following location and
the preceding path is also updated:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders
Value Name: Personal
Value Type: REG_SZ
Value Data: complete path to storage location
can you enable logging ?
In addition to logging events in the Application Event log, Folder
Redirection can provide a detailed log to aid troubleshooting. To create a
detailed log file for folder redirection, use the following registry key:
.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
.
Set: FdeployDebugLevel = Reg_DWORD 0x0f
Note:
The log file can be found at: %windir%\debug\usermode\fdeploy.log
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Jon Doh" <JonDoh@nospam.postalias> wrote in message
news:2F98DC9D-EB94-4FB9-A5C3-D996DF81143C@microsoft.com...
>
Good afternoon,
>
>
I've got a policy in place that Redirects the My Documents and Desktop
>
folders to a server share, however we now need to change the path to a new
>
server, I've moved the files across (to avoid having to use the "Move the
>
contents...", which would cause a long delay when people first start up)
>
and I've now changed the redirection path to the new location.
>
>
However the redirection doesn't seem to be working for the My Documents
>
folder (the Desktop seems fine) doing a "gpresult /v" shows the following:
>
>
Folder Redirection
>
------------------
>
GPO:
Brighton Users Test OU
>
Setting: InstallationType: basic
>
Grant Type: Not Exclusive Rights
>
Move Type: Contents of Local
Directory not
>
moved
>
Policy Removal: Leave folder in existing location
>
Redirecting Group: Everyone
>
Redirected Path:
>
\\abcgroup\birmingham\bigtest\sam.test\desktop
>
>
GPO: N/A
>
Setting: InstallationType: basic
>
Grant Type: Exclusive Rights
>
Move Type: Contents of Local
Directory not
>
moved
>
Policy Removal: Leave folder in existing location
>
Redirecting Group: Everyone
>
Redirected Path: \\bir-svr-file2k\bigtest\sam.test\my
>
documents\My Pictures
>
>
GPO: N/A
>
Setting: InstallationType: basic
>
Grant Type: Exclusive Rights
>
Move Type: Contents of Local
Directory not
>
moved
>
Policy Removal: Leave folder in existing location
>
Redirecting Group: Everyone
>
Redirected Path: \\bir-svr-file2k\bigtest\sam.test\my
>
documents
>
>
\\abcgroup\birmingham..... is the new network share, \\bir-svr-file2k...
>
is the old share, yet this is no longer mentioned in the Group Policy so I
>
don't know why it's shown in gpresult, or why the GPO is listed as N/A.
>
>
Does any one have any ideas as to why the redirection is failing?
>
>
Many thanks,
>
Jon
>
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Permissions Quandry
Date:
09/22/2007
17:14:53
ok, i better understand ...
It's not again ugly hacker, just to protect themselves ;)
You may have security warning in the event log, because windows expect
exclusive access to MyDoc from the owner.
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Blackberry" <info@NoSpamIt.com> wrote in message
news:O9ovvsS$HHA.1208@TK2MSFTNGP03.phx.gbl...
>
Hi Mathieu
>
>
Many thanks for all the help today.
>
>
Its like you've been my personal helper :0)
>
>
To explain re this setup, the kids are only 3 - 7 years old and trying to
>
get them all to remember or even type in their own login would take half
>
of
>
their ICT time!
>
>
In the end we went for a generic 'per class' login and no password and
>
then
>
in the My Docs area associated to that class there are individual folders
>
for each child. This way they can't inadvertently delete or save their
>
work
>
in any other folder, but their class' work.
>
>
Just to tighten this up a bit further I wanted to set the security so that
>
the kids couldn't inadvertently delete or rename the folders, but is this
>
not possible?
>
>
We have a 'homes' drive that shows all the classes to the teacher logins
>
and
>
I wanted to give the teacher's access so that they could rename/delete
>
these
>
same files - again, is this not possible?
>
>
Thanks
>
>
>
>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>
news:%23z6R3NS$HHA.5328@TK2MSFTNGP05.phx.gbl...
>
Hello,
>
>
you shouldn't put these folders inside My Docs.
>
My docs is meant to be private and personal to users. Opening acccess of
>
My
>
docs to other users will go contrary to the MS philosophy.
>
>
You should create a network drive that will provide this setup.
>
>
If you have windows 2003, you may add ABE (Access Based Enumeration), so
>
pupil won't see folders on which they don't have right, and won't be
>
tempted to alterate them
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en
>
>
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
http://lordoftheping.blogspot.com
>
>
>
"Blackberry" <info@NoSpamIt.com> wrote in message
>
news:uVud9bQ$HHA.536@TK2MSFTNGP06.phx.gbl...
>> Hi All
>>
>> This might be a real dumbo question, but I don't know how to do it - I'm
>> thick basically :0)
>>
>> Each class in our school has their own user account as part of the
>> Win2k3/AD/GPO setup.
>>
>> When they login, their My Docs is redirected to a folder on the server,
>> usual setup nothing fancy.
>>
>> Inside the My Docs folder we have created individual folders for each
>> pupil
>> in the class.
>>
>> What I want to do is set the permissions so that the children can't
>> rename
>> or delete these pupil folders, but they can do anything they want inside
>> these folders. It's just so that the folders stay where they are, don't
>> have 'Sam Boyle999999999999999999999' names, etc Anybody who works in
>> primary schools will know the probs.
>>
>> As the pupils are classed as Domain Users and the Teachers are classed as
>> Teachers (user-defined??) and Domain Users, I also want it so that when
>> the
>> teachers login they have full control over these folders, ie they can
>> rename, delete, etc.
>>
>> So in essence I believe that the security window for these folders will
>> consist of 1 set of click boxes for domain users (ie the pupils) and one
>> set
>> of click boxes for the teachers, but I don't know what to click.
>>
>> Another thing to note is that the permissions on these folders currently
>> cascade down from the master so I believe I have to uncheck the inherit
>> box - correct?
>>
>> Is this possible?
>>
>> Thanks
>>
>>
>>
>
>
Top
From:
Al Dunbar
<AlanDrub@hotmail.com.nospaam>
To:
none
Subject:
Re: Permissions Quandry
Date:
09/22/2007
16:19:12
"Blackberry" <info@NoSpamIt.com> wrote in message
news:O9ovvsS$HHA.1208@TK2MSFTNGP03.phx.gbl...
>
Hi Mathieu
>
>
Many thanks for all the help today.
>
>
Its like you've been my personal helper :0)
>
>
To explain re this setup, the kids are only 3 - 7 years old and trying to
>
get them all to remember or even type in their own login would take half
>
of
>
their ICT time!
I
take it then that the teacher logs the computer into the (shared) class
account.
>
In the end we went for a generic 'per class' login and no password
If it is the students logging in, then surely some of them will figure out
how to log in to the other class' accounts - no need to even guess a
password.
>
and then
>
in the My Docs area associated to that class there are individual folders
>
for each child. This way they can't inadvertently delete or save their
>
work
>
in any other folder, but their class' work.
But they can save their work in the folder of a classmate, or even delete
his or her files, inadvertently or otherwise.
>
Just to tighten this up a bit further I wanted to set the security so that
>
the kids couldn't inadvertently delete or rename the folders, but is this
>
not possible?
Probably possible, but your arrangement is fraught with problems if there is
no protection on the content of those folders.
/Al
>
We have a 'homes' drive that shows all the classes to the teacher logins
>
and
>
I wanted to give the teacher's access so that they could rename/delete
>
these
>
same files - again, is this not possible?
>
>
Thanks
>
>
>
>
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
>
news:%23z6R3NS$HHA.5328@TK2MSFTNGP05.phx.gbl...
>
Hello,
>
>
you shouldn't put these folders inside My Docs.
>
My docs is meant to be private and personal to users. Opening acccess of
>
My
>
docs to other users will go contrary to the MS philosophy.
>
>
You should create a network drive that will provide this setup.
>
>
If you have windows 2003, you may add ABE (Access Based Enumeration), so
>
pupil won't see folders on which they don't have right, and won't be
>
tempted to alterate them
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en
>
>
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
http://lordoftheping.blogspot.com
>
>
>
"Blackberry" <info@NoSpamIt.com> wrote in message
>
news:uVud9bQ$HHA.536@TK2MSFTNGP06.phx.gbl...
>> Hi All
>>
>> This might be a real dumbo question, but I don't know how to do it - I'm
>> thick basically :0)
>>
>> Each class in our school has their own user account as part of the
>> Win2k3/AD/GPO setup.
>>
>> When they login, their My Docs is redirected to a folder on the server,
>> usual setup nothing fancy.
>>
>> Inside the My Docs folder we have created individual folders for each
>> pupil
>> in the class.
>>
>> What I want to do is set the permissions so that the children can't
>> rename
>> or delete these pupil folders, but they can do anything they want inside
>> these folders. It's just so that the folders stay where they are, don't
>> have 'Sam Boyle999999999999999999999' names, etc Anybody who works in
>> primary schools will know the probs.
>>
>> As the pupils are classed as Domain Users and the Teachers are classed as
>> Teachers (user-defined??) and Domain Users, I also want it so that when
>> the
>> teachers login they have full control over these folders, ie they can
>> rename, delete, etc.
>>
>> So in essence I believe that the security window for these folders will
>> consist of 1 set of click boxes for domain users (ie the pupils) and one
>> set
>> of click boxes for the teachers, but I don't know what to click.
>>
>> Another thing to note is that the permissions on these folders currently
>> cascade down from the master so I believe I have to uncheck the inherit
>> box - correct?
>>
>> Is this possible?
>>
>> Thanks
>>
>>
>>
>
>
Top
From:
Blackberry <info@NoSpamIt.com>
To:
none
Subject:
Re: Permissions Quandry
Date:
09/22/2007
10:14:00
Hi Mathieu
Many thanks for all the help today.
Its like you've been my personal helper :0)
To explain re this setup, the kids are only 3 - 7 years old and trying to
get them all to remember or even type in their own login would take half of
their ICT time!
In the end we went for a generic 'per class' login and no password and then
in the My Docs area associated to that class there are individual folders
for each child. This way they can't inadvertently delete or save their
work
in any other folder, but their class' work.
Just to tighten this up a bit further I wanted to set the security so that
the kids couldn't inadvertently delete or rename the folders, but is this
not possible?
We have a 'homes' drive that shows all the classes to the teacher logins and
I
wanted to give the teacher's access so that they could rename/delete these
same files - again, is this not possible?
Thanks
"Mathieu CHATEAU" <gollum123@free.fr> wrote in message
news:%23z6R3NS$HHA.5328@TK2MSFTNGP05.phx.gbl...
Hello,
you shouldn't put these folders inside My Docs.
My docs is meant to be private and personal to users. Opening acccess of My
docs to other users will go contrary to the MS philosophy.
You should create a network drive that will provide this setup.
If you have windows 2003, you may add ABE (Access Based Enumeration), so
pupil won't see folders on which they don't have right, and won't be
tempted to alterate them
http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Blackberry" <info@NoSpamIt.com> wrote in message
news:uVud9bQ$HHA.536@TK2MSFTNGP06.phx.gbl...
>
Hi All
>
>
This might be a real dumbo question, but I don't know how to do it - I'm
>
thick basically :0)
>
>
Each class in our school has their own user account as part of the
>
Win2k3/AD/GPO setup.
>
>
When they login, their My Docs is redirected to a folder on the server,
>
usual setup nothing fancy.
>
>
Inside the My Docs folder we have created individual folders for each
>
pupil
>
in the class.
>
>
What I want to do is set the permissions so that the children can't rename
>
or delete these pupil folders, but they can do anything they want inside
>
these folders. It's just so that the folders stay where they are, don't
>
have 'Sam Boyle999999999999999999999' names, etc Anybody who works in
>
primary schools will know the probs.
>
>
As the pupils are classed as Domain Users and the Teachers are classed as
>
Teachers (user-defined??) and Domain Users, I also want it so that when
>
the
>
teachers login they have full control over these folders, ie they can
>
rename, delete, etc.
>
>
So in essence I believe that the security window for these folders will
>
consist of 1 set of click boxes for domain users (ie the pupils) and one
>
set
>
of click boxes for the teachers, but I don't know what to click.
>
>
Another thing to note is that the permissions on these folders currently
>
cascade down from the master so I believe I have to uncheck the inherit
>
box - correct?
>
>
Is this possible?
>
>
Thanks
>
>
>
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Permissions Quandry
Date:
09/22/2007
09:18:23
Hello,
you shouldn't put these folders inside My Docs.
My docs is meant to be private and personal to users. Opening acccess of My
docs to other users will go contrary to the MS philosophy.
You should create a network drive that will provide this setup.
If you have windows 2003, you may add ABE (Access Based Enumeration), so
pupil won't see folders on which they don't have right, and won't be
tempted to alterate them
http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Blackberry" <info@NoSpamIt.com> wrote in message
news:uVud9bQ$HHA.536@TK2MSFTNGP06.phx.gbl...
>
Hi All
>
>
This might be a real dumbo question, but I don't know how to do it - I'm
>
thick basically :0)
>
>
Each class in our school has their own user account as part of the
>
Win2k3/AD/GPO setup.
>
>
When they login, their My Docs is redirected to a folder on the server,
>
usual setup nothing fancy.
>
>
Inside the My Docs folder we have created individual folders for each
>
pupil
>
in the class.
>
>
What I want to do is set the permissions so that the children can't rename
>
or delete these pupil folders, but they can do anything they want inside
>
these folders. It's just so that the folders stay where they are, don't
>
have 'Sam Boyle999999999999999999999' names, etc Anybody who works in
>
primary schools will know the probs.
>
>
As the pupils are classed as Domain Users and the Teachers are classed as
>
Teachers (user-defined??) and Domain Users, I also want it so that when
>
the
>
teachers login they have full control over these folders, ie they can
>
rename, delete, etc.
>
>
So in essence I believe that the security window for these folders will
>
consist of 1 set of click boxes for domain users (ie the pupils) and one
>
set
>
of click boxes for the teachers, but I don't know what to click.
>
>
Another thing to note is that the permissions on these folders currently
>
cascade down from the master so I believe I have to uncheck the inherit
>
box - correct?
>
>
Is this possible?
>
>
Thanks
>
>
>
Top
From:
BJ Daniels
<BJDaniels@discussions.microsoft.com>
To:
none
Subject:
Re: NTFS permissions not being applied - a GP not being applied
Date:
09/24/2007
14:12:04
yes - it was in a sub-OU, but should have been applied. I even tried
adding
the setting to a GPO that was being applied. strange.
thanks
"Mark Heitbrink [MVP]" wrote:
>
Hi,
>
>
BJ Daniels schrieb:
>
> when i use gpresults - it lists all the other group policies, but not this
>
> one (not even as NOT APPLIED).
>
>
- you linked the GPO to the OU, where the computer object is inside?
>
-> The Target (your computer) is in the scope of the GPO?
>
>
Mark
>
--
>
Mark Heitbrink - MVP Windows Server - Group Policy
>
>
Homepage: www.gruppenrichtlinien.de - deutsch
>
Blog: gpupdate.spaces.live.com - english
>
Top
From:
Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: NTFS permissions not being applied - a GP not being applied
Date:
09/22/2007
09:43:47
Hi,
BJ Daniels schrieb:
>
when i use gpresults - it lists all the other group policies, but not this
>
one (not even as NOT APPLIED).
-
you linked the GPO to the OU, where the computer object is inside?
-> The Target (your computer) is in the scope of the GPO?
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
BJ Daniels
<BJDaniels@discussions.microsoft.com>
To:
none
Subject:
Re: NTFS permissions not being applied - a GP not being applied
Date:
09/21/2007
14:50:03
i
ran them on my domain controller - and though there seems to be a systemlog
issue (which i will lookup) - all the connectivity seems fine.
"Mathieu CHATEAU" wrote:
>
looks like a DC issue
>
dcdiag
>
netdiag
>
would help
>
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
http://lordoftheping.blogspot.com
>
>
>
"BJ Daniels" <BJDaniels@discussions.microsoft.com> wrote in message
>
news:0AE51A63-4856-4A90-93C1-533EC8361611@microsoft.com...
>
>i have an app that isn't running - the error is that users need wrtie
>
> permissions to c:\windows\temp
>
>
>
> I make a new GP with one setting, to set ntfs permissions on that folder
>
> with domain users having Modify. Needless to say, it doesn't work.
>
>
>
> when i use gpresults - it lists all the other group policies, but not this
>
> one (not even as NOT APPLIED).
>
>
>
> Any suggestions?
>
>
>
> I have even put the NTFS setting into a GP that was applied, but they
>
> still
>
> didn't change on the client. grr.
>
>
>
> when i run gp resutls - i do see the following
>
>
>
> Component Status hide
>
> Component Name Status Last Process Time
>
> Group Policy Infrastructure Failed
9/21/2007
2:27:31 PM
>
> Group Policy Infrastructure failed due to the error listed below.
>
>
>
> The system cannot find the file specified.
>
>
>
> Note: Due to the GP Core failure, none of the other Group Policy
>
> components
>
> processed their policy. Consequently, status information for the other
>
> components is not available.
>
>
>
> Additional information may have been logged. Review the Policy Events tab
>
> in
>
> the console or the application event log for events between
9/21/2007
>
>
2:27:31
>
> PM and
9/21/2007
2:27:31 PM.
>
>
>
> EFS recovery (N/A)
9/20/2007
3:57:10 AM
>
> Registry (N/A)
9/21/2007
12:01:41 PM
>
> Security (N/A)
9/20/2007
3:57:10 AM
>
>
>
>
>
> any suggestions would be appreciated.
>
>
>
> thanks
>
> bj
>
>
>
>
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: NTFS permissions not being applied - a GP not being applied
Date:
09/21/2007
14:13:54
looks like a DC issue
dcdiag
netdiag
would help
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"BJ Daniels" <BJDaniels@discussions.microsoft.com> wrote in message
news:0AE51A63-4856-4A90-93C1-533EC8361611@microsoft.com...
>i have an app that isn't running - the error is that users need wrtie
>
permissions to c:\windows\temp
>
>
I make a new GP with one setting, to set ntfs permissions on that folder
>
with domain users having Modify. Needless to say, it doesn't work.
>
>
when i use gpresults - it lists all the other group policies, but not this
>
one (not even as NOT APPLIED).
>
>
Any suggestions?
>
>
I have even put the NTFS setting into a GP that was applied, but they
>
still
>
didn't change on the client. grr.
>
>
when i run gp resutls - i do see the following
>
>
Component Status hide
>
Component Name Status Last Process Time
>
Group Policy Infrastructure Failed
9/21/2007
2:27:31 PM
>
Group Policy Infrastructure failed due to the error listed below.
>
>
The system cannot find the file specified.
>
>
Note: Due to the GP Core failure, none of the other Group Policy
>
components
>
processed their policy. Consequently, status information for the other
>
components is not available.
>
>
Additional information may have been logged. Review the Policy Events tab
>
in
>
the console or the application event log for events between
9/21/2007
>
2:27:31
>
PM and
9/21/2007
2:27:31 PM.
>
>
EFS recovery (N/A)
9/20/2007
3:57:10 AM
>
Registry (N/A)
9/21/2007
12:01:41 PM
>
Security (N/A)
9/20/2007
3:57:10 AM
>
>
>
any suggestions would be appreciated.
>
>
thanks
>
bj
>
Top
From:
G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: need solution on Run only Allowed Windows Applications
Date:
09/25/2007
15:45:41
Are you really running *.dll files?
This is for exe-files that you want to run and you don't need to specify
dll-files for those programs...
Note that this is not the best solution to stop your users from running
programs, you should look at SRP instead...
--
Regards G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Pruthivi" <Pruthivi@discussions.microsoft.com> wrote in message
news:0D705765-D2A4-4982-BE49-E487A6C5751A@microsoft.com...
>
Hi
>
>
>
My company wants me to deploy a gpo for wokstations to run only specifed
>
application,
>
>
We are having the windows 2003 server environment and I found that
>
provision
>
in GPO " User Configuration\Administrative Templates\System\Run only
>
Allowed
>
Windows Applications.
>
>
But the GUI mode allowing us to add only one dll file at a time, where as
>
I
>
need to add around 8800 dll files to reach my company requirment.
>
>
Can anybady help me out with a solution which can allow me to add the
>
objects in bulk !!
>
>
>
Pruthivi
>
>
Top
From:
kj [SBS MVP]
<KevinJ.SBS@SPAMFREE.gmail.com>
To:
none
Subject:
Re: Multiple home page IE7 using GPO
Date:
09/17/2007
13:53:47
George wrote:
>
Thank you guys. I read about the registry. Secondary pages are in
>
binary form or somthing like that. Also, from what I understand, it
>
will only work if you use IEK and create a custom installation file
>
for IE7
One of the Micosoft guys recently wrote up a method. As I recall he
suggested setting up IE with the correct homepages then copying the regitry
key hex values for your GPO settings.
>
>
"Florian Frommherz [MVP]" wrote:
>
>> Howdie!
>>
>> George schrieb:
>>> How do I set multiple home pages in IE7 using GPO?
>>
>> It seems like you can't. I tried that myself some time ago but wasn't
>> able to get that working. There's a registry value named "Secondary
>> Start Pages" which looks promising but doesn't really contain any
>> values (at least for me - no matter what I try).
>>
>> cheers,
>>
>> Florian
>> --
>> Microsoft MVP - Windows Server - Group Policy.
>> eMail: prename [at] frickelsoft [dot] net.
>> blog: http://www.frickelsoft.net/blog.
--
/kj
Top
From:
George
<George@discussions.microsoft.com>
To:
none
Subject:
Re: Multiple home page IE7 using GPO
Date:
09/17/2007
08:42:01
Thank you guys. I read about the registry. Secondary pages are in binary form
or somthing like that. Also, from what I understand, it will only work if you
use IEK and create a custom installation file for IE7
"Florian Frommherz [MVP]" wrote:
>
Howdie!
>
>
George schrieb:
>
> How do I set multiple home pages in IE7 using GPO?
>
>
It seems like you can't. I tried that myself some time ago but wasn't
>
able to get that working. There's a registry value named "Secondary
>
Start Pages" which looks promising but doesn't really contain any values
>
(at least for me - no matter what I try).
>
>
cheers,
>
>
Florian
>
--
>
Microsoft MVP - Windows Server - Group Policy.
>
eMail: prename [at] frickelsoft [dot] net.
>
blog: http://www.frickelsoft.net/blog.
>
Top
From:
Anthony
<anthony.spam@spammedout.com>
To:
none
Subject:
Re: mapping dfs drives
Date:
09/20/2007
16:12:54
Hi Frank,
You can map a DFS path the same way as a UNC path. You just need a logon
script to do it. The great thing about DFS is that it creates a logical view
of data, so you may not even need to map three folders. You could just set
up a
Network Place
for \\xyz.com\fs and let them browse
Anthony,
http://www.airdesk.com
"frank" <frank@discussions.microsoft.com> wrote in message
news:A02AC40B-A78B-4107-A3A9-15A9DBC980B5@microsoft.com...
>
We about top implment a dfs in our enviroment and we want the user to map
>
to
>
three drives:
>
>
X:\\xyz.com\fs\employee_folder\username
>
y: \\xyz.com\fs\departments
>
z: \\xyz.com\fs\public
>
>
>
We have windows 2003 STD version of the gpo we like to do with gpo for
>
future mapping and restrictions
>
>
>
please help
>
>
>
Frank
Top
From:
Roger Abell [MVP]
<mvpNoSpam@asu.edu>
To:
none
Subject:
Re: log on locally
Date:
09/26/2007
07:50:35
It is not a simple and clear-cut yes or no.
Member servers and domain controllers default to different
settings, and what one needs to allow depends on how the
machine is used. In general, local login is limited to the
fewest accounts that must have that capability. However,
for an example, if IIS is extended to allow web authors to
connect in some ways for content publishing those web authors
must have local login rights (even though they only authenticate
over the network to manage the web content). In other words,
it is situational. You need to use judgement based on how the
machine is being used. But as a general rule, local login is
reduced to the minimum needed (which can include some of
the local accounts used for background processes).
Whether local login is needed for terminal services depends
on the OS version, XP and later in time have a user right that
is specific for terminal services logins, but W2k does not and
uses the local login right.
Roger
"DEI" <dei@nospam.com> wrote in message
news:utAwk%233$HHA.5164@TK2MSFTNGP05.phx.gbl...
>
I'm sorry, I'm referring to the many problems it could cause if you enable
>
'Log on Locally'. Did I read right that if I don't enable it users, by
>
default, cannot log into a server locally? This has no affect on terminal
>
services at all either, correct? I just want to assure no one but admins
>
can log onto the console of the server.
>
>
>
"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
>
news:%23xHQrQz$HHA.3848@TK2MSFTNGP05.phx.gbl...
>> The KB you reference mentions many policies and user rights.
>> You subject mentions one user right.
>> Your question is about some policy.
>>
>> What are you asking?
>>
>> The KB warns that when one alters the user rights and/or the
>> policies it mentions, you do need to know what you are doing.
>> It is common to alter these since these are all key settings that
>> are used to control the security and exposure profile of systems.
>>
>> Roger
>>
>> "DEI" <dei@nospam.com> wrote in message
>> news:%2373XNEr$HHA.5164@TK2MSFTNGP05.phx.gbl...
>>> I've read the kb article http://support.microsoft.com/kb/823659 about
>>> ramifications of enabling this policy. Reading this I get the feeling
>>> it's better not to enable this policy at all? What would be the
benefit
>>> of enabling it?
>>>
>>> thanks!
>>>
>>
>>
>
>
Top
From:
DEI <dei@nospam.com>
To:
none
Subject:
Re: log on locally
Date:
09/25/2007
09:23:34
I'm sorry, I'm referring to the many problems it could cause if you enable
'Log on Locally'. Did I read right that if I don't enable it users, by
default, cannot log into a server locally? This has no affect on terminal
services at all either, correct? I just want to assure no one but admins
can log onto the console of the server.
"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:%23xHQrQz$HHA.3848@TK2MSFTNGP05.phx.gbl...
>
The KB you reference mentions many policies and user rights.
>
You subject mentions one user right.
>
Your question is about some policy.
>
>
What are you asking?
>
>
The KB warns that when one alters the user rights and/or the
>
policies it mentions, you do need to know what you are doing.
>
It is common to alter these since these are all key settings that
>
are used to control the security and exposure profile of systems.
>
>
Roger
>
>
"DEI" <dei@nospam.com> wrote in message
>
news:%2373XNEr$HHA.5164@TK2MSFTNGP05.phx.gbl...
>> I've read the kb article http://support.microsoft.com/kb/823659 about
>> ramifications of enabling this policy. Reading this I get the feeling
>> it's better not to enable this policy at all? What would be the benefit
>> of enabling it?
>>
>> thanks!
>>
>
>
Top
From:
Roger Abell [MVP]
<mvpNoSpam@asu.edu>
To:
none
Subject:
Re: log on locally
Date:
09/25/2007
00:22:26
The KB you reference mentions many policies and user rights.
You subject mentions one user right.
Your question is about some policy.
What are you asking?
The KB warns that when one alters the user rights and/or the
policies it mentions, you do need to know what you are doing.
It is common to alter these since these are all key settings that
are used to control the security and exposure profile of systems.
Roger
"DEI" <dei@nospam.com> wrote in message
news:%2373XNEr$HHA.5164@TK2MSFTNGP05.phx.gbl...
>
I've read the kb article http://support.microsoft.com/kb/823659 about
>
ramifications of enabling this policy. Reading this I get the feeling
>
it's better not to enable this policy at all? What would be the benefit
>
of enabling it?
>
>
thanks!
>
Top
From:
Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: Locked Out! Despite Having The Right Password!
Date:
09/24/2007
11:14:15
Hello sqlny1a@gmail.com,
Woeld be nice if you describe the problem and also check for errors in the
event viewer. Is it a workstation, server or domain controller where you
try to login?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
>
Help!
>
All of a sudden I can no longer login to my Admin account.
>
I get an error message to the effect that account have been locked out
>
due to 3 unsuccessful attempts.
>
>
Several hours later I try again and I was able to get in except that I
>
got another message to the effect that the security log is full. I
>
emptied the security log and created another admin account.
>
>
I'm still finding a problem logging in with both of them.
>
>
Any idea as to how can this happen and also how do I resolve it.
>
>
Thank you very much
>
>
Mike
>
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Laptop Users IE Configuration
Date:
09/27/2007
00:32:17
Howdie!
DustyMiller schrieb:
>
I have a group of users that have laptops and desktops, i want to be able to
>
set via GP so that any users that logs onto a laptop gets user configuration
>
settings applied. If i sett user settings and then have the policy apply to a
>
laptop machine the user settings will not get applied, and loopback mode
>
soent apply here (i dont think)
The computer will only apply the computer configuration settings you
specify within a Group Policy. You need to use Loopback Processing Mode:
http://www.frickelsoft.net/blog/?p=22
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: IE7 PERSONALIZING SETTINGS WINDOW PROBLEM ON NETWORK....
Date:
10/01/2007
11:19:28
Howdie!
JamesP schrieb:
>
Thanks, I do already have this set,but it doesn't seem to stop it
>
appearing.........
You did asure the policy got applied? What does rsop.msc say?
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
JamesP
<JamesP@discussions.microsoft.com>
To:
none
Subject:
Re: IE7 PERSONALIZING SETTINGS WINDOW PROBLEM ON NETWORK....
Date:
09/30/2007
18:39:00
Thanks, I do already have this set,but it doesn't seem to stop it
appearing.........
James
"G Johansson" wrote:
>
How about USER\Administrative Templates\Windows Components\Internet
>
Explorer\Prevent performance of first Run customize settings.
>
>
--
>
Regards G Johansson
>
fantomen@NOSPAM.GPfaq.se
>
http://GPfaq.se
>
>
>
"JamesP" <JamesP@discussions.microsoft.com> wrote in message
>
news:AF7A5C5E-D210-41E2-A308-D49872A4482F@microsoft.com...
>
> Hi, We have a large AD / GPO controlled network with mandatory profiles.
>
> Since using IE7 across our site, users always see the "Personalizing
>
> Settings" window when logging in. Obviously, this is a bit of a chore
and
>
> slows things down! I know that removing the stub in the local machine
>
> registry can stop this; but is there any ADM or setting in policy that
>
> could
>
> stop the "personalizin settings" from appearing...?
>
>
>
> Thanks (hopefully)
>
>
>
> James
>
>
Top
From:
JamesP
<JamesP@discussions.microsoft.com>
To:
none
Subject:
Re: IE7 PERSONALIZING SETTINGS WINDOW PROBLEM ON NETWORK....
Date:
09/30/2007
18:37:00
Thanks, I do already have this set - it doesn't seem to stop it appearing
though.....
"G Johansson" wrote:
>
How about USER\Administrative Templates\Windows Components\Internet
>
Explorer\Prevent performance of first Run customize settings.
>
>
--
>
Regards G Johansson
>
fantomen@NOSPAM.GPfaq.se
>
http://GPfaq.se
>
>
>
"JamesP" <JamesP@discussions.microsoft.com> wrote in message
>
news:AF7A5C5E-D210-41E2-A308-D49872A4482F@microsoft.com...
>
> Hi, We have a large AD / GPO controlled network with mandatory profiles.
>
> Since using IE7 across our site, users always see the "Personalizing
>
> Settings" window when logging in. Obviously, this is a bit of a chore
and
>
> slows things down! I know that removing the stub in the local machine
>
> registry can stop this; but is there any ADM or setting in policy that
>
> could
>
> stop the "personalizin settings" from appearing...?
>
>
>
> Thanks (hopefully)
>
>
>
> James
>
>
Top
From:
G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: IE7 PERSONALIZING SETTINGS WINDOW PROBLEM ON NETWORK....
Date:
09/30/2007
15:38:39
How about USER\Administrative Templates\Windows Components\Internet
Explorer\Prevent performance of first Run customize settings.
--
Regards G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"JamesP" <JamesP@discussions.microsoft.com> wrote in message
news:AF7A5C5E-D210-41E2-A308-D49872A4482F@microsoft.com...
>
Hi, We have a large AD / GPO controlled network with mandatory profiles.
>
Since using IE7 across our site, users always see the "Personalizing
>
Settings" window when logging in. Obviously, this is a bit of a chore and
>
slows things down! I know that removing the stub in the local machine
>
registry can stop this; but is there any ADM or setting in policy that
>
could
>
stop the "personalizin settings" from appearing...?
>
>
Thanks (hopefully)
>
>
James
Top
From:
v-kzhao@online.microsoft.com
(Ken Zhao [MSFT])
To:
none
Subject:
RE: IE7 GPO - setting home pages
Date:
09/18/2007
02:28:59
Hi Apollo,
I
am just writing to see how everything is going. If you have any updates
or need any further assistance on this issue, please feel free to let me
know.
Thanks & Regards,
Ken Zhao
Microsoft Online Support
Microsoft Global
Technical
Support
Center
Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
|
X-Tomcat-ID: 48617793
|
References: <Ogp5BJg9HHA.980@TK2MSFTNGP06.phx.gbl>
|
MIME-Version: 1.0
|
Content-Type: text/plain
|
Content-Transfer-Encoding: 7bit
|
From: v-kzhao@online.microsoft.com ("Ken Zhao [MSFT]")
|
Organization: Microsoft
|
Date:
Fri, 14 Sep 2007
03:41:10 GMT
|
Subject: RE: IE7 GPO - setting home pages
|
X-Tomcat-NG: microsoft.public.windows.group_policy
|
Message-ID: <mxxjhEo9HHA.6140@TK2MSFTNGHUB02.phx.gbl>
|
Newsgroups: microsoft.public.windows.group_policy
|
Lines: 70
|
Path: TK2MSFTNGHUB02.phx.gbl
|
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.group_policy:5845
|
NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
|
|
Hello Apollo,
|
|
Thank you for using newsgroup!
|
|
Based on my knowledge, you may add multiple home pages, which use the new
|
tab-browsing feature in Internet Explorer Administration Kit 7 (IEAK 7).
|
For more related information, please refer to:
|
Internet Explorer Administration Kit 7 Download and Release Documentation
|
http://technet.microsoft.com/en-us/ie/bb219543.aspx
|
|
Internet Explorer Administration Kit and Group Policy in IE7
|
http://blogs.msdn.com/ie/archive/2006/02/21/536353.aspx
|
|
Based on my test, if you add the secondary home page in IE7, it will add
|
the following registry key:
|
|
Windows Registry Editor Version 5.00
|
[HKEY_CURRENT_USERS\ Software\Microsoft\Internet Explorer\Main]
|
"Default_Page_URL"="http://www.google.com;http://www.live.com"
|
"Secondary Start
|
Pages"=hex(7):77,00,77,00,77,00,2e,00,73,00,69,00,6e,00,61,00,\
|
2e,00,63,00,6f,00,6d,00,2e,00,63,00,6e,00,00,00,00,00
|
|
This HEX is based on your web site you want to add. You may test it on a
|
client and find the HEX value and then deploy the registry key change to
|
all clients.
|
|
Thanks & Regards,
|
|
Ken Zhao
|
|
Microsoft Online Support
|
Microsoft Global
Technical
Support
Center
|
|
Get Secure! - www.microsoft.com/security
<http://www.microsoft.com/security>
|
====================================================
|
When responding to posts, please "Reply to Group" via your newsreader so
|
that others may learn and benefit from your issue.
|
====================================================
|
This posting is provided "AS IS" with no warranties, and confers no
rights.
|
|
|
|
|
--------------------
|
| From: "Apollo" <apollo@newsgroup.nospam>
|
| Subject: IE7 GPO - setting home pages
|
| Date: Thu,
13 Sep 2007
13:33:15 +0100
|
| Lines: 13
|
| X-Priority: 3
|
| X-MSMail-Priority:
Normal
|
| X-Newsreader: Microsoft Outlook Express 6.00.3790.0
|
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
|
| Message-ID: <Ogp5BJg9HHA.980@TK2MSFTNGP06.phx.gbl>
|
| Newsgroups: microsoft.public.windows.group_policy
|
| NNTP-Posting-Host: host81-148-55-226.in-addr.btopenworld.com
81.148.55.226
|
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
|
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.group_policy:5818
|
| X-Tomcat-NG: microsoft.public.windows.group_policy
|
|
|
| Hi,
|
|
|
| I've been tasked to set the home page to our intranet site and a second
|
home
|
| page to google.Have achived the first via: User conf | Windows Settings
|
|
IE
|
| Maintenance | URLs | Important URLs
|
| here I have tried to set https://intranet.co.uk; www.google.co.uk
however
|
| this does not work.
|
| I have downloaded the IE7 GPO ADM file (oct 2006) but this has no
setting
|
| for the multiple home pages. Please advise....
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: IE7 - windows internet explorer
Date:
09/19/2007
00:38:41
Howdie!
EGA schrieb:
>
I get the following popmessage when clicking on some URL links: "The webpage
>
you are viewing is trying to close the window. Do you want to close the
>
window.
>
>
Can you please tell me how to disable it from appearing???
That is a built-in function and can't be disabled as of my knowledge.
You could try to add the webpage in question to the "Trusted Zone" - but
that will only work for known webpages and you won't add them all to the
"Trusted Zones" of course.
That's a security feature to protect you from un-wanted browser closings
made by "bad" java script code.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: IE Proxy settings via GP causing an issue
Date:
09/22/2007
10:52:16
Howdie Jason!
Jason_G schrieb:
>
Is there a way to permit IE or Windows to revert back to a "non-proxy"
>
setting when the user is not connected to the corporate lan?
WPAD is the only way to do that:
http://www.microsoft.com/technet/isa/2004/help/SRSP1_CnfWPAD.mspx
http://www.microsoft.com/technet/isa/2004/plan/automaticdiscovery.mspx
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: IE Proxy settings via GP causing an issue
Date:
09/22/2007
09:09:57
Hello,
i
don't think that you can do this. But you can provide proxy configuration
through DHCP or isa firewall
looking gor wpad may help
Description of WinSock Proxy Auto Detect Support
http://support.microsoft.com/kb/260210/en-us
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Jason_G" <jason.goldring@gmail.com> wrote in message
news:1190468778.392800.138680@50g2000hsm.googlegroups.com...
>
Greetings;
>
We recently deployed a group policy on a test OU to set Internet
>
Explorer to connect through a proxy server. This worked out well,
>
until some of the users took their notebooks home found that the proxy
>
settings remained enabled even though they were connected to their
>
home network.
>
>
Is there a way to permit IE or Windows to revert back to a "non-proxy"
>
setting when the user is not connected to the corporate lan?
>
>
>
Thanks!
>
Jason.
>
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: IE only
Date:
09/26/2007
11:51:23
Howdie!
sihfmis schrieb:
>
I am looking for the easiest way to setup a group where all the group members
>
see is IE. What would be the simplist approach?
What do you mean by "see"? IE as the only shortcut on the desktop? IE as
the only application to be allowed for running?
You could work with "Software Restriction Policy" in order to lock down
machines and prevent the starting of applications and define
iexplore.exe as the default user shell (or something like that).
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: How to remove Start/Programs?
Date:
09/29/2007
15:41:08
The real thing is what are you trying to protect from ?
You may just uninstall them from add/remove. This is the cleanest way
--
Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr
"Pearl" <Pearl@discussions.microsoft.com> wrote in message
news:1B033027-7B08-4466-B6C2-758369D9D542@microsoft.com...
>
yes. that's what I need to remove. Everything else appears to have
>
worked
>
but when I login as the User, he can click Start/Programs and then he
>
see's
>
Internet Explorer, Outlook Express and Accessores and one or two more
>
items.
>
All of the items will launch. If there is a way to NOT make them work,
>
that
>
will be a good alternative, too.
>
>
"Mathieu CHATEAU" wrote:
>
>> and they still get the common program folders in the start menu ?
>>
>> Are you sure that what you want to get rid off is in Documents and
>> Settings\All Users\Start Menu\Programs ?
>>
>>
>> --
>> Cordialement,
>> Mathieu CHATEAU
>> http://lordoftheping.blogspot.com
>>
>>
>> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>> news:70593E3C-5348-4BDE-912D-CEDC8D05F49A@microsoft.com...
>> > yes. I performed Resultant Set of Polices and the loopback and Remove
>> > common
>> > Programs was enabled.
>> >
>> > "Mathieu CHATEAU" wrote:
>> >
>> >> rsop.msc allow you to get the list of all settings applied to a
>> >> user+computer. This is the final result, so you can use it to debug
>> >> hidden
>> >> setting or be sure settings effectively applied
>> >>
>> >>
>> >>
>> >> --
>> >> Cordialement,
>> >> Mathieu CHATEAU
>> >> http://lordoftheping.blogspot.com
>> >>
>> >>
>> >> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>> >> news:F598C7EC-1120-4556-B95F-3CFF6D4C74A5@microsoft.com...
>> >> > right. the loopback is applied. Never used RSOP.msc before.
What
>> >> > is
>> >> > it?
>> >> >
>> >> > "Mathieu CHATEAU" wrote:
>> >> >
>> >> >> How do you apply this ? Do you use a loopback ?
>> >> >> can you issue a rsop.msc ?
>> >> >>
>> >> >>
>> >> >> --
>> >> >> Cordialement,
>> >> >> Mathieu CHATEAU
>> >> >> http://lordoftheping.blogspot.com
>> >> >>
>> >> >>
>> >> >> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>> >> >> news:1FAE70D8-F759-4726-82EC-EEB803DF8F6B@microsoft.com...
>> >> >> > Thanks but that did not work, either.
>> >> >> >
>> >> >> > "Mathieu CHATEAU" wrote:
>> >> >> >
>> >> >> >> Hello,
>> >> >> >>
>> >> >> >> this may help:
>> >> >> >> USER
>> >> >> >> Administrative Templates\
>> >> >> >> Start Menu and Taskbar
>> >> >> >> Remove common program groups from Start Menu
>> >> >> >>
>> >> >> >>
>> >> >> >> --
>> >> >> >> Cordialement,
>> >> >> >> Mathieu CHATEAU
>> >> >> >> http://lordoftheping.blogspot.com
>> >> >> >>
>> >> >> >>
>> >> >> >> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>> >> >> >> news:EA49478B-49CE-47AE-9F8E-52DEAB46D9E8@microsoft.com...
>> >> >> >> >I think I am almost at the point where my security admin is
>> >> >> >> >happy
>> >> >> >> >with
>> >> >> >> >the
>> >> >> >> > way the remote connections to our Terminal Server are setup.
>> >> >> >> > However,
>> >> >> >> > he
>> >> >> >> > would like us to REMOVE the "Program" group from the Start
>> >> >> >> > menu.
>> >> >> >> > He
>> >> >> >> > is
>> >> >> >> > mainly concerned about the use of the Internet Explorer,
>> >> >> >> > Outlook
>> >> >> >> > Express
>> >> >> >> > and
>> >> >> >> > Accessories features in Programs. I've read the
articles on
>> >> >> >> > how
>> >> >> >> > to
>> >> >> >> > lockdown
>> >> >> >> > the desktop and thought that the remove All Programs from
>> >> >> >> > Startup
>> >> >> >> > would
>> >> >> >> > do
>> >> >> >> > it
>> >> >> >> > but it did not. How do I remove PROGRAMS group from the
START
>> >> >> >> > menu?
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>>
>>
Top
From:
Pearl
<Pearl@discussions.microsoft.com>
To:
none
Subject:
Re: How to remove Start/Programs?
Date:
09/29/2007
15:27:00
yes. that's what I need to remove. Everything else appears to have
worked
but when I login as the User, he can click Start/Programs and then he see's
Internet Explorer, Outlook Express and Accessores and one or two more items.
All of the items will launch. If there is a way to NOT make them work,
that
will be a good alternative, too.
"Mathieu CHATEAU" wrote:
>
and they still get the common program folders in the start menu ?
>
>
Are you sure that what you want to get rid off is in Documents and
>
Settings\All Users\Start Menu\Programs ?
>
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
http://lordoftheping.blogspot.com
>
>
>
"Pearl" <Pearl@discussions.microsoft.com> wrote in message
>
news:70593E3C-5348-4BDE-912D-CEDC8D05F49A@microsoft.com...
>
> yes. I performed Resultant Set of Polices and the loopback and Remove
>
> common
>
> Programs was enabled.
>
>
>
> "Mathieu CHATEAU" wrote:
>
>
>
>> rsop.msc allow you to get the list of all settings applied to a
>
>> user+computer. This is the final result, so you can use it to debug
>
>> hidden
>
>> setting or be sure settings effectively applied
>
>>
>
>>
>
>>
>
>> --
>
>> Cordialement,
>
>> Mathieu CHATEAU
>
>> http://lordoftheping.blogspot.com
>
>>
>
>>
>
>> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>
>> news:F598C7EC-1120-4556-B95F-3CFF6D4C74A5@microsoft.com...
>
>> > right. the loopback is applied. Never used RSOP.msc before.
What is
>
>> > it?
>
>> >
>
>> > "Mathieu CHATEAU" wrote:
>
>> >
>
>> >> How do you apply this ? Do you use a loopback ?
>
>> >> can you issue a rsop.msc ?
>
>> >>
>
>> >>
>
>> >> --
>
>> >> Cordialement,
>
>> >> Mathieu CHATEAU
>
>> >> http://lordoftheping.blogspot.com
>
>> >>
>
>> >>
>
>> >> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>
>> >> news:1FAE70D8-F759-4726-82EC-EEB803DF8F6B@microsoft.com...
>
>> >> > Thanks but that did not work, either.
>
>> >> >
>
>> >> > "Mathieu CHATEAU" wrote:
>
>> >> >
>
>> >> >> Hello,
>
>> >> >>
>
>> >> >> this may help:
>
>> >> >> USER
>
>> >> >> Administrative Templates\
>
>> >> >> Start Menu and Taskbar
>
>> >> >> Remove common program groups from Start Menu
>
>> >> >>
>
>> >> >>
>
>> >> >> --
>
>> >> >> Cordialement,
>
>> >> >> Mathieu CHATEAU
>
>> >> >> http://lordoftheping.blogspot.com
>
>> >> >>
>
>> >> >>
>
>> >> >> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>
>> >> >> news:EA49478B-49CE-47AE-9F8E-52DEAB46D9E8@microsoft.com...
>
>> >> >> >I think I am almost at the point where my security admin is happy
>
>> >> >> >with
>
>> >> >> >the
>
>> >> >> > way the remote connections to our Terminal Server are setup.
>
>> >> >> > However,
>
>> >> >> > he
>
>> >> >> > would like us to REMOVE the "Program" group from the Start menu.
>
>> >> >> > He
>
>> >> >> > is
>
>> >> >> > mainly concerned about the use of the Internet Explorer, Outlook
>
>> >> >> > Express
>
>> >> >> > and
>
>> >> >> > Accessories features in Programs. I've read the articles
on how
>
>> >> >> > to
>
>> >> >> > lockdown
>
>> >> >> > the desktop and thought that the remove All Programs from Startup
>
>> >> >> > would
>
>> >> >> > do
>
>> >> >> > it
>
>> >> >> > but it did not. How do I remove PROGRAMS group from the START
>
>> >> >> > menu?
>
>> >> >>
>
>> >> >>
>
>> >>
>
>> >>
>
>>
>
>>
>
>
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: How to remove Start/Programs?
Date:
09/29/2007
12:12:51
and they still get the common program folders in the start menu ?
Are you sure that what you want to get rid off is in Documents and
Settings\All Users\Start Menu\Programs ?
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Pearl" <Pearl@discussions.microsoft.com> wrote in message
news:70593E3C-5348-4BDE-912D-CEDC8D05F49A@microsoft.com...
>
yes. I performed Resultant Set of Polices and the loopback and Remove
>
common
>
Programs was enabled.
>
>
"Mathieu CHATEAU" wrote:
>
>> rsop.msc allow you to get the list of all settings applied to a
>> user+computer. This is the final result, so you can use it to debug
>> hidden
>> setting or be sure settings effectively applied
>>
>>
>>
>> --
>> Cordialement,
>> Mathieu CHATEAU
>> http://lordoftheping.blogspot.com
>>
>>
>> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>> news:F598C7EC-1120-4556-B95F-3CFF6D4C74A5@microsoft.com...
>> > right. the loopback is applied. Never used RSOP.msc before.
What is
>> > it?
>> >
>> > "Mathieu CHATEAU" wrote:
>> >
>> >> How do you apply this ? Do you use a loopback ?
>> >> can you issue a rsop.msc ?
>> >>
>> >>
>> >> --
>> >> Cordialement,
>> >> Mathieu CHATEAU
>> >> http://lordoftheping.blogspot.com
>> >>
>> >>
>> >> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>> >> news:1FAE70D8-F759-4726-82EC-EEB803DF8F6B@microsoft.com...
>> >> > Thanks but that did not work, either.
>> >> >
>> >> > "Mathieu CHATEAU" wrote:
>> >> >
>> >> >> Hello,
>> >> >>
>> >> >> this may help:
>> >> >> USER
>> >> >> Administrative Templates\
>> >> >> Start Menu and Taskbar
>> >> >> Remove common program groups from Start Menu
>> >> >>
>> >> >>
>> >> >> --
>> >> >> Cordialement,
>> >> >> Mathieu CHATEAU
>> >> >> http://lordoftheping.blogspot.com
>> >> >>
>> >> >>
>> >> >> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>> >> >> news:EA49478B-49CE-47AE-9F8E-52DEAB46D9E8@microsoft.com...
>> >> >> >I think I am almost at the point where my security admin is happy
>> >> >> >with
>> >> >> >the
>> >> >> > way the remote connections to our Terminal Server are setup.
>> >> >> > However,
>> >> >> > he
>> >> >> > would like us to REMOVE the "Program" group from the Start menu.
>> >> >> > He
>> >> >> > is
>> >> >> > mainly concerned about the use of the Internet Explorer, Outlook
>> >> >> > Express
>> >> >> > and
>> >> >> > Accessories features in Programs. I've read the articles
on how
>> >> >> > to
>> >> >> > lockdown
>> >> >> > the desktop and thought that the remove All Programs from Startup
>> >> >> > would
>> >> >> > do
>> >> >> > it
>> >> >> > but it did not. How do I remove PROGRAMS group from the START
>> >> >> > menu?
>> >> >>
>> >> >>
>> >>
>> >>
>>
>>
Top
From:
Pearl
<Pearl@discussions.microsoft.com>
To:
none
Subject:
Re: How to remove Start/Programs?
Date:
09/29/2007
12:01:02
yes. I performed Resultant Set of Polices and the loopback and Remove
common
Programs was enabled.
"Mathieu CHATEAU" wrote:
>
rsop.msc allow you to get the list of all settings applied to a
>
user+computer. This is the final result, so you can use it to debug hidden
>
setting or be sure settings effectively applied
>
>
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
http://lordoftheping.blogspot.com
>
>
>
"Pearl" <Pearl@discussions.microsoft.com> wrote in message
>
news:F598C7EC-1120-4556-B95F-3CFF6D4C74A5@microsoft.com...
>
> right. the loopback is applied. Never used RSOP.msc before.
What is it?
>
>
>
> "Mathieu CHATEAU" wrote:
>
>
>
>> How do you apply this ? Do you use a loopback ?
>
>> can you issue a rsop.msc ?
>
>>
>
>>
>
>> --
>
>> Cordialement,
>
>> Mathieu CHATEAU
>
>> http://lordoftheping.blogspot.com
>
>>
>
>>
>
>> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>
>> news:1FAE70D8-F759-4726-82EC-EEB803DF8F6B@microsoft.com...
>
>> > Thanks but that did not work, either.
>
>> >
>
>> > "Mathieu CHATEAU" wrote:
>
>> >
>
>> >> Hello,
>
>> >>
>
>> >> this may help:
>
>> >> USER
>
>> >> Administrative Templates\
>
>> >> Start Menu and Taskbar
>
>> >> Remove common program groups from Start Menu
>
>> >>
>
>> >>
>
>> >> --
>
>> >> Cordialement,
>
>> >> Mathieu CHATEAU
>
>> >> http://lordoftheping.blogspot.com
>
>> >>
>
>> >>
>
>> >> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>
>> >> news:EA49478B-49CE-47AE-9F8E-52DEAB46D9E8@microsoft.com...
>
>> >> >I think I am almost at the point where my security admin is happy
>
>> >> >with
>
>> >> >the
>
>> >> > way the remote connections to our Terminal Server are setup.
>
>> >> > However,
>
>> >> > he
>
>> >> > would like us to REMOVE the "Program" group from the Start menu.
He
>
>> >> > is
>
>> >> > mainly concerned about the use of the Internet Explorer, Outlook
>
>> >> > Express
>
>> >> > and
>
>> >> > Accessories features in Programs. I've read the articles on
how to
>
>> >> > lockdown
>
>> >> > the desktop and thought that the remove All Programs from Startup
>
>> >> > would
>
>> >> > do
>
>> >> > it
>
>> >> > but it did not. How do I remove PROGRAMS group from the START
menu?
>
>> >>
>
>> >>
>
>>
>
>>
>
>
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: How to remove Start/Programs?
Date:
09/29/2007
11:36:07
rsop.msc allow you to get the list of all settings applied to a
user+computer. This is the final result, so you can use it to debug hidden
setting or be sure settings effectively applied
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Pearl" <Pearl@discussions.microsoft.com> wrote in message
news:F598C7EC-1120-4556-B95F-3CFF6D4C74A5@microsoft.com...
>
right. the loopback is applied. Never used RSOP.msc before.
What is it?
>
>
"Mathieu CHATEAU" wrote:
>
>> How do you apply this ? Do you use a loopback ?
>> can you issue a rsop.msc ?
>>
>>
>> --
>> Cordialement,
>> Mathieu CHATEAU
>> http://lordoftheping.blogspot.com
>>
>>
>> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>> news:1FAE70D8-F759-4726-82EC-EEB803DF8F6B@microsoft.com...
>> > Thanks but that did not work, either.
>> >
>> > "Mathieu CHATEAU" wrote:
>> >
>> >> Hello,
>> >>
>> >> this may help:
>> >> USER
>> >> Administrative Templates\
>> >> Start Menu and Taskbar
>> >> Remove common program groups from Start Menu
>> >>
>> >>
>> >> --
>> >> Cordialement,
>> >> Mathieu CHATEAU
>> >> http://lordoftheping.blogspot.com
>> >>
>> >>
>> >> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>> >> news:EA49478B-49CE-47AE-9F8E-52DEAB46D9E8@microsoft.com...
>> >> >I think I am almost at the point where my security admin is happy
>> >> >with
>> >> >the
>> >> > way the remote connections to our Terminal Server are setup.
>> >> > However,
>> >> > he
>> >> > would like us to REMOVE the "Program" group from the Start menu.
He
>> >> > is
>> >> > mainly concerned about the use of the Internet Explorer, Outlook
>> >> > Express
>> >> > and
>> >> > Accessories features in Programs. I've read the articles on
how to
>> >> > lockdown
>> >> > the desktop and thought that the remove All Programs from Startup
>> >> > would
>> >> > do
>> >> > it
>> >> > but it did not. How do I remove PROGRAMS group from the START
menu?
>> >>
>> >>
>>
>>
Top
From:
Pearl
<Pearl@discussions.microsoft.com>
To:
none
Subject:
Re: How to remove Start/Programs?
Date:
09/29/2007
11:06:01
right. the loopback is applied. Never used RSOP.msc before.
What is it?
"Mathieu CHATEAU" wrote:
>
How do you apply this ? Do you use a loopback ?
>
can you issue a rsop.msc ?
>
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
http://lordoftheping.blogspot.com
>
>
>
"Pearl" <Pearl@discussions.microsoft.com> wrote in message
>
news:1FAE70D8-F759-4726-82EC-EEB803DF8F6B@microsoft.com...
>
> Thanks but that did not work, either.
>
>
>
> "Mathieu CHATEAU" wrote:
>
>
>
>> Hello,
>
>>
>
>> this may help:
>
>> USER
>
>> Administrative Templates\
>
>> Start Menu and Taskbar
>
>> Remove common program groups from Start Menu
>
>>
>
>>
>
>> --
>
>> Cordialement,
>
>> Mathieu CHATEAU
>
>> http://lordoftheping.blogspot.com
>
>>
>
>>
>
>> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>
>> news:EA49478B-49CE-47AE-9F8E-52DEAB46D9E8@microsoft.com...
>
>> >I think I am almost at the point where my security admin is happy with
>
>> >the
>
>> > way the remote connections to our Terminal Server are setup. However,
>
>> > he
>
>> > would like us to REMOVE the "Program" group from the Start menu. He
is
>
>> > mainly concerned about the use of the Internet Explorer, Outlook
>
>> > Express
>
>> > and
>
>> > Accessories features in Programs. I've read the articles on how
to
>
>> > lockdown
>
>> > the desktop and thought that the remove All Programs from Startup would
>
>> > do
>
>> > it
>
>> > but it did not. How do I remove PROGRAMS group from the START menu?
>
>>
>
>>
>
>
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: How to remove Start/Programs?
Date:
09/29/2007
03:25:41
How do you apply this ? Do you use a loopback ?
can you issue a rsop.msc ?
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Pearl" <Pearl@discussions.microsoft.com> wrote in message
news:1FAE70D8-F759-4726-82EC-EEB803DF8F6B@microsoft.com...
>
Thanks but that did not work, either.
>
>
"Mathieu CHATEAU" wrote:
>
>> Hello,
>>
>> this may help:
>> USER
>> Administrative Templates\
>> Start Menu and Taskbar
>> Remove common program groups from Start Menu
>>
>>
>> --
>> Cordialement,
>> Mathieu CHATEAU
>> http://lordoftheping.blogspot.com
>>
>>
>> "Pearl" <Pearl@discussions.microsoft.com> wrote in message
>> news:EA49478B-49CE-47AE-9F8E-52DEAB46D9E8@microsoft.com...
>> >I think I am almost at the point where my security admin is happy with
>> >the
>> > way the remote connections to our Terminal Server are setup. However,
>> > he
>> > would like us to REMOVE the "Program" group from the Start menu. He
is
>> > mainly concerned about the use of the Internet Explorer, Outlook
>> > Express
>> > and
>> > Accessories features in Programs. I've read the articles on how
to
>> > lockdown
>> > the desktop and thought that the remove All Programs from Startup would
>> > do
>> > it
>> > but it did not. How do I remove PROGRAMS group from the START menu?
>>
>>
Top
From:
Pearl
<Pearl@discussions.microsoft.com>
To:
none
Subject:
Re: How to remove Start/Programs?
Date:
09/28/2007
18:20:00
Thanks but that did not work, either.
"Mathieu CHATEAU" wrote:
>
Hello,
>
>
this may help:
>
USER
>
Administrative Templates\
>
Start Menu and Taskbar
>
Remove common program groups from Start Menu
>
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
http://lordoftheping.blogspot.com
>
>
>
"Pearl" <Pearl@discussions.microsoft.com> wrote in message
>
news:EA49478B-49CE-47AE-9F8E-52DEAB46D9E8@microsoft.com...
>
>I think I am almost at the point where my security admin is happy with the
>
> way the remote connections to our Terminal Server are setup. However, he
>
> would like us to REMOVE the "Program" group from the Start menu. He is
>
> mainly concerned about the use of the Internet Explorer, Outlook Express
>
> and
>
> Accessories features in Programs. I've read the articles on how to
>
> lockdown
>
> the desktop and thought that the remove All Programs from Startup would do
>
> it
>
> but it did not. How do I remove PROGRAMS group from the START menu?
>
>
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: How to remove Start/Programs?
Date:
09/28/2007
16:51:34
Hello,
this may help:
USER
Administrative Templates\
Start Menu and Taskbar
Remove common program groups from Start Menu
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Pearl" <Pearl@discussions.microsoft.com> wrote in message
news:EA49478B-49CE-47AE-9F8E-52DEAB46D9E8@microsoft.com...
>I think I am almost at the point where my security admin is happy with the
>
way the remote connections to our Terminal Server are setup. However, he
>
would like us to REMOVE the "Program" group from the Start menu. He is
>
mainly concerned about the use of the Internet Explorer, Outlook Express
>
and
>
Accessories features in Programs. I've read the articles on how to
>
lockdown
>
the desktop and thought that the remove All Programs from Startup would do
>
it
>
but it did not. How do I remove PROGRAMS group from the START menu?
Top
From:
jdh415s
<jdh415s@discussions.microsoft.com>
To:
none
Subject:
Re: How to copy files to local workstation with GPO
Date:
09/17/2007
17:20:02
I
copy files using Robocopy and it is very easy. Robocopy is a little
command line utility found in the 2003 Support Tools. I just created a
small
batch file so it is a lot easier than a script.
"Meinolf Weber" wrote:
>
Hello Dan,
>
>
Theire is no "copy" GPO available. You have to use some scripting. If you
>
describe more in detail, maybe it is possible to find a solution for your
>
problem.
>
>
Best regards
>
>
Meinolf Weber
>
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
>
no rights.
>
>
> I am wondering if it is possible to copy files (and overwrite existing
>
> files) from a network location to a workstation using GPO, without
>
> using a script file?
>
>
>
>
>
Top
From:
Anthony
<anthony.spam@spammedout.com>
To:
none
Subject:
Re: How does GP check for software installation
Date:
09/18/2007
09:46:36
The GPO can not directly check if the software is installed. It only knows
whether the policy has been run already. You have a few choices:
-
create a group for the computer that do or do not have the application;
then apply or deny the policy to that group; but this gives you a mixed
environment of applications installed by policy and others not
-
uninstall the application then install it all by GP;
-
install the application everywhere by GP and see if when the application
runs it exits with success if the application is installed; note that this
depends on the application behaviour not the GP
You just need to choose the least bad option for your situation,
Anthony
http://www.airdesk.co.uk
"Shankomatic" <Shankomatic@discussions.microsoft.com> wrote in message
news:5F4A54A7-5CC0-437E-9328-D2D482BA1E72@microsoft.com...
>
What method does GP use to validate if a software package is already
>
installed?
>
>
I have an app that is installed of about half of my PC's in the base
>
build.
>
I need to deploy this app to remainder of the PC's. If I create a GPO
>
with
>
using the same MSI as the initial install the GPO wants to install this on
>
the machines that already have the software. How can I stop the machines
>
that already have an install from reinstalling the softwaare?
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Hotfix deployment
Date:
09/25/2007
08:48:48
Howdie!
Olivier schrieb:
>
I want to implement a Microsoft Premier Support hotfix on all my WinXP
>
machines. Whats the best way to do it? Is this possible via group policy or
>
WSUS? If so, how.
Depending on in what "format" the patch comes, you can deploy it via
Group Policy. If it's an MSI file, you can deploy it via Group Policy
"natively".
If it's an exe, you can either use a startup script to call the EXE for
installing or Group Policy ZAP files:
http://support.microsoft.com/kb/231747
WSUS is only for Microsoft approved patches from Microsoft Update. As of
my knowledge, you cannot deploy it that way.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
v-kzhao@online.microsoft.com
(Ken Zhao [MSFT])
To:
none
Subject:
Re: Homepage set via domain GPO not working on new Lenovo desktops
Date:
10/01/2007
02:37:44
Hi,
I
am just writing to see how everything is going. If you have any updates
or need any further assistance on this issue, please feel free to let me
know.
Thanks & Regards,
Ken Zhao
Microsoft Online Support
Microsoft Global
Technical
Support
Center
Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
|
X-Tomcat-ID: 129947982
|
References: <e#PRHS5$HHA.3900@TK2MSFTNGP02.phx.gbl>
<#H5n4L7$HHA.4496@TK2MSFTNGP06.phx.gbl>
<4EE1ABBD-3ED5-467A-A5CD-EB702557AA76@microsoft.com>
<2zUXxQCAIHA.240@TK2MSFTNGHUB02.phx.gbl>
<#faEZ1IAIHA.5488@TK2MSFTNGP05.phx.gbl>
|
MIME-Version: 1.0
|
Content-Type: text/plain
|
Content-Transfer-Encoding: 7bit
|
From: v-kzhao@online.microsoft.com ("Ken Zhao [MSFT]")
|
Organization: Microsoft
|
Date: Thu,
27 Sep 2007
09:06:45 GMT
|
Subject: Re: Homepage set via domain GPO not working on new Lenovo
desktops
|
X-Tomcat-NG: microsoft.public.windows.group_policy
|
Message-ID: <mLLdMXOAIHA.5972@TK2MSFTNGHUB02.phx.gbl>
|
Newsgroups: microsoft.public.windows.group_policy
|
Lines: 183
|
Path: TK2MSFTNGHUB02.phx.gbl
|
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.group_policy:6197
|
NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
|
|
Hello,
|
|
From your reply, the registry key has been changed automatically. I
suspect
|
there are some Lenovo applications to affect this. To isolate the
influence
|
of additional applications, please boot the system into a Clean Boot
|
environment to see whether this problem continues:
|
|
310560: How to troubleshoot by using the System Configuration utility in
|
Windows XP
|
http://support.microsoft.com/kb/310560
|
|
Thanks & Regards,
|
|
Ken Zhao
|
|
Microsoft Online Support
|
Microsoft Global
Technical
Support
Center
|
|
Get Secure! - www.microsoft.com/security
<http://www.microsoft.com/security>
|
====================================================
|
When responding to posts, please "Reply to Group" via your newsreader so
|
that others may learn and benefit from your issue.
|
====================================================
|
This posting is provided "AS IS" with no warranties, and confers no
rights.
|
|
|
|
|
|
--------------------
|
| From: "Fat Frog" <FatFrog@newsgroup.nospam>
|
| References: <e#PRHS5$HHA.3900@TK2MSFTNGP02.phx.gbl>
|
<#H5n4L7$HHA.4496@TK2MSFTNGP06.phx.gbl>
|
<4EE1ABBD-3ED5-467A-A5CD-EB702557AA76@microsoft.com>
|
<2zUXxQCAIHA.240@TK2MSFTNGHUB02.phx.gbl>
|
| Subject: Re: Homepage set via domain GPO not working on new Lenovo
|
desktops
|
| Date:
Wed, 26 Sep 2007
18:33:58 -0400
|
| Lines: 142
|
| X-Priority: 3
|
| X-MSMail-Priority:
Normal
|
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
|
| X-RFC2646: Format=Flowed; Original
|
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
|
| Message-ID: <#faEZ1IAIHA.5488@TK2MSFTNGP05.phx.gbl>
|
| Newsgroups: microsoft.public.windows.group_policy
|
| NNTP-Posting-Host: gateway.jabil.com 198.51.174.14
|
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
|
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.group_policy:6189
|
| X-Tomcat-NG: microsoft.public.windows.group_policy
|
|
|
| I have run the rsop.msc, and it shows that my GPO has indeed been
|
applied,
|
| but did not take effect.
|
|
|
| Both HKCU and HKLM were showing the Lenovo URL initially. So I changed
|
them
|
| to that of my site; and additionally I set the key "Default_Page_URL"
|
under
|
| HKLM to my site's too.
|
|
|
| After I log on with a new user account (delete its local profile and
log
|
| back on), the keys that I changed under HKLM stayed, but the "Start
Page"
|
| key under HKCU is changed back to Lenovo again. (That's annoying).
|
|
|
| (I tested and created a new "default user" profile with my own Start
|
Page,
|
| it works with any new user logons, but I don't want to do it this way,
|
which
|
| requires copying the profile on each new machine, and everyone's "My
|
| Documents" folder will show this account name. I called Lenovo, and
they
|
| want to charge me $100 for a problem that they created to begin with.
|
That's
|
| disgusting.)
|
|
|
| Regards,
|
| TL
|
|
|
|
|
| ""Ken Zhao [MSFT]"" <v-kzhao@online.microsoft.com> wrote in message
|
| news:2zUXxQCAIHA.240@TK2MSFTNGHUB02.phx.gbl...
|
| > Hello,
|
| >
|
| > Thank you for using newsgroup!
|
| >
|
| > From your post, first, you may run "gpresult /z >c:\gpresult.txt" to
|
check
|
| > if the policy has been applied. Or you may use rsop.msc to check the
|
| > current policies applied on the user profile.
|
| >
|
| > Meanwhile, you may check the following registry key to see if it has
|
been
|
| > set to your homepage:
|
| > HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
|
| > HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start
Page
|
| >
|
| > Thanks & Regards,
|
| >
|
| > Ken Zhao
|
| >
|
| > Microsoft Online Support
|
| > Microsoft Global
Technical
Support
Center
|
| >
|
| > Get Secure! - www.microsoft.com/security
|
| > <http://www.microsoft.com/security>
|
| > ====================================================
|
| > When responding to posts, please "Reply to Group" via your newsreader
so
|
| > that others may learn and benefit from your issue.
|
| > ====================================================
|
| > This posting is provided "AS IS" with no warranties, and confers no
|
| > rights.
|
| >
|
| >
|
| >
|
| >
|
| > --------------------
|
| > | Thread-Topic: Homepage set via domain GPO not working on new Lenovo
|
| > desktops
|
| > | thread-index: Acf/4Bw7Fb0Hj3AKTMOsl1cV85jxvA==
|
| > | X-WBNR-Posting-Host: 207.46.192.207
|
| > | From: =?Utf-8?B?RmF0IEZyb2c=?= <FatFrog@newsgroup.nospam>
|
| > | References: <e#PRHS5$HHA.3900@TK2MSFTNGP02.phx.gbl>
|
| > <#H5n4L7$HHA.4496@TK2MSFTNGP06.phx.gbl>
|
| > | Subject: Re: Homepage set via domain GPO not working on new Lenovo
|
| > desktops
|
| > | Date:
Tue, 25 Sep 2007
18:54:01
-0700
|
| > | Lines: 44
|
| > | Message-ID: <4EE1ABBD-3ED5-467A-A5CD-EB702557AA76@microsoft.com>
|
| > | MIME-Version: 1.0
|
| > | Content-Type: text/plain;
|
| > | charset="Utf-8"
|
| > | Content-Transfer-Encoding: 7bit
|
| > | X-Newsreader: Microsoft CDO for Windows 2000
|
| > | Content-Class: urn:content-classes:message
|
| > | Importance: normal
|
| > | Priority: normal
|
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
|
| > | Newsgroups: microsoft.public.windows.group_policy
|
| > | Path: TK2MSFTNGHUB02.phx.gbl
|
| > | Xref: TK2MSFTNGHUB02.phx.gbl
|
microsoft.public.windows.group_policy:6162
|
| > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
|
| > | X-Tomcat-NG: microsoft.public.windows.group_policy
|
| > |
|
| > | Thanks for the suggestion. Yes, all the computers are located under
|
the
|
| > same
|
| > | "workstation" OU. When I apply "Process even if the GPOs have not
|
| > changed",
|
| > | will this refresh every computer browser's homepage? I only want to
do
|
| > this
|
| > | to the new computers.
|
| > |
|
| > | Regards,
|
| > | TL.
|
| > |
|
| > |
|
| > | "Florian Frommherz [MVP]" wrote:
|
| > |
|
| > | > Howdie!
|
| > | >
|
| > | > Fat Frog schrieb:
|
| > | > > I have set homepage via domain GPO and it's always been working
|
when
|
| > a new
|
| > | > > user logs on to a computer for the first time when the profile
is
|
| > created.
|
| > | > > (Of course the user can change it later.)
|
| > | > >
|
| > | > > But the new Lenovo desktop computers that we put on the network
do
|
| > not seem
|
| > | > > to get this policy. When a new user logs on, the homepage is
|
Lenovo
|
| > US
|
| > | > > website; and I verified on the local policy (User Configuration
/
|
| > Windows
|
| > | > > Settings / IE Maintenance / URLs) that it is blank.
|
| > | >
|
| > | > You could asure that the policy applies to the workstations? Are
|
they
|
| > in
|
| > | > the same OU other machines reside? You can check that with
rsop.msc
|
| > | >
|
| > | > > Could the Lenovo URL come from the default user profile? And
why
|
GPO
|
| > has no
|
| > | > > effect over the local policy after i did "gpupdate /force"?
|
| > | >
|
| > | > I've seen third party applications that change the default
homepage
|
| > | > periodically. Give the following policy a try:
|
| > | >
|
| > | > CompConf\AdmTemp\System\Group Policy\"Internet Explorer
Maintenance
|
| > | > policy processing" - "Process even if the Group Policy objects
have
|
| > | > not changed"
|
| > | >
|
| > | > cheers,
|
| > | >
|
| > | > Florian
|
| > | > --
|
| > | > Microsoft MVP - Windows Server - Group Policy.
|
| > | > eMail: prename [at] frickelsoft [dot] net.
|
| > | > blog: http://www.frickelsoft.net/blog.
|
| > | >
|
| > |
|
| >
|
|
|
|
|
|
|
|
Top
From:
v-kzhao@online.microsoft.com
(Ken Zhao [MSFT])
To:
none
Subject:
Re: Homepage set via domain GPO not working on new Lenovo desktops
Date:
09/27/2007
04:06:45
Hello,
From your reply, the registry key has been changed automatically. I suspect
there are some Lenovo applications to affect this. To isolate the influence
of additional applications, please boot the system into a Clean Boot
environment to see whether this problem continues:
310560: How to troubleshoot by using the System Configuration utility in
Windows XP
http://support.microsoft.com/kb/310560
Thanks & Regards,
Ken Zhao
Microsoft Online Support
Microsoft Global
Technical
Support
Center
Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
|
From: "Fat Frog" <FatFrog@newsgroup.nospam>
|
References: <e#PRHS5$HHA.3900@TK2MSFTNGP02.phx.gbl>
<#H5n4L7$HHA.4496@TK2MSFTNGP06.phx.gbl>
<4EE1ABBD-3ED5-467A-A5CD-EB702557AA76@microsoft.com>
<2zUXxQCAIHA.240@TK2MSFTNGHUB02.phx.gbl>
|
Subject: Re: Homepage set via domain GPO not working on new Lenovo
desktops
|
Date:
Wed, 26 Sep 2007
18:33:58 -0400
|
Lines: 142
|
X-Priority: 3
|
X-MSMail-Priority:
Normal
|
X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
|
X-RFC2646: Format=Flowed; Original
|
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
|
Message-ID: <#faEZ1IAIHA.5488@TK2MSFTNGP05.phx.gbl>
|
Newsgroups: microsoft.public.windows.group_policy
|
NNTP-Posting-Host: gateway.jabil.com 198.51.174.14
|
Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
|
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.group_policy:6189
|
X-Tomcat-NG: microsoft.public.windows.group_policy
|
|
I have run the rsop.msc, and it shows that my GPO has indeed been
applied,
|
but did not take effect.
|
|
Both HKCU and HKLM were showing the Lenovo URL initially. So I changed
them
|
to that of my site; and additionally I set the key "Default_Page_URL"
under
|
HKLM to my site's too.
|
|
After I log on with a new user account (delete its local profile and log
|
back on), the keys that I changed under HKLM stayed, but the "Start Page"
|
key under HKCU is changed back to Lenovo again. (That's annoying).
|
|
(I tested and created a new "default user" profile with my own Start
Page,
|
it works with any new user logons, but I don't want to do it this way,
which
|
requires copying the profile on each new machine, and everyone's "My
|
Documents" folder will show this account name. I called Lenovo, and they
|
want to charge me $100 for a problem that they created to begin with.
That's
|
disgusting.)
|
|
Regards,
|
TL
|
|
|
""Ken Zhao [MSFT]"" <v-kzhao@online.microsoft.com> wrote in message
|
news:2zUXxQCAIHA.240@TK2MSFTNGHUB02.phx.gbl...
|
> Hello,
|
>
|
> Thank you for using newsgroup!
|
>
|
> From your post, first, you may run "gpresult /z >c:\gpresult.txt" to
check
|
> if the policy has been applied. Or you may use rsop.msc to check the
|
> current policies applied on the user profile.
|
>
|
> Meanwhile, you may check the following registry key to see if it has
been
|
> set to your homepage:
|
> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
|
> HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
|
>
|
> Thanks & Regards,
|
>
|
> Ken Zhao
|
>
|
> Microsoft Online Support
|
> Microsoft Global
Technical
Support
Center
|
>
|
> Get Secure! - www.microsoft.com/security
|
> <http://www.microsoft.com/security>
|
> ====================================================
|
> When responding to posts, please "Reply to Group" via your newsreader so
|
> that others may learn and benefit from your issue.
|
> ====================================================
|
> This posting is provided "AS IS" with no warranties, and confers no
|
> rights.
|
>
|
>
|
>
|
>
|
> --------------------
|
> | Thread-Topic: Homepage set via domain GPO not working on new Lenovo
|
> desktops
|
> | thread-index: Acf/4Bw7Fb0Hj3AKTMOsl1cV85jxvA==
|
> | X-WBNR-Posting-Host: 207.46.192.207
|
> | From: =?Utf-8?B?RmF0IEZyb2c=?= <FatFrog@newsgroup.nospam>
|
> | References: <e#PRHS5$HHA.3900@TK2MSFTNGP02.phx.gbl>
|
> <#H5n4L7$HHA.4496@TK2MSFTNGP06.phx.gbl>
|
> | Subject: Re: Homepage set via domain GPO not working on new Lenovo
|
> desktops
|
> | Date:
Tue, 25 Sep 2007
18:54:01 -0700
|
> | Lines: 44
|
> | Message-ID: <4EE1ABBD-3ED5-467A-A5CD-EB702557AA76@microsoft.com>
|
> | MIME-Version: 1.0
|
> | Content-Type: text/plain;
|
> | charset="Utf-8"
|
> | Content-Transfer-Encoding: 7bit
|
> | X-Newsreader: Microsoft CDO for Windows 2000
|
> | Content-Class: urn:content-classes:message
|
> | Importance: normal
|
> | Priority: normal
|
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
|
> | Newsgroups: microsoft.public.windows.group_policy
|
> | Path: TK2MSFTNGHUB02.phx.gbl
|
> | Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.group_policy:6162
|
> | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
|
> | X-Tomcat-NG: microsoft.public.windows.group_policy
|
> |
|
> | Thanks for the suggestion. Yes, all the computers are located under
the
|
> same
|
> | "workstation" OU. When I apply "Process even if the GPOs have not
|
> changed",
|
> | will this refresh every computer browser's homepage? I only want to do
|
> this
|
> | to the new computers.
|
> |
|
> | Regards,
|
> | TL.
|
> |
|
> |
|
> | "Florian Frommherz [MVP]" wrote:
|
> |
|
> | > Howdie!
|
> | >
|
> | > Fat Frog schrieb:
|
> | > > I have set homepage via domain GPO and it's always been working
when
|
> a new
|
> | > > user logs on to a computer for the first time when the profile is
|
> created.
|
> | > > (Of course the user can change it later.)
|
> | > >
|
> | > > But the new Lenovo desktop computers that we put on the network do
|
> not seem
|
> | > > to get this policy. When a new user logs on, the homepage is
Lenovo
|
> US
|
> | > > website; and I verified on the local policy (User Configuration /
|
> Windows
|
> | > > Settings / IE Maintenance / URLs) that it is blank.
|
> | >
|
> | > You could asure that the policy applies to the workstations? Are
they
|
> in
|
> | > the same OU other machines reside? You can check that with rsop.msc
|
> | >
|
> | > > Could the Lenovo URL come from the default user profile? And why
GPO
|
> has no
|
> | > > effect over the local policy after i did "gpupdate /force"?
|
> | >
|
> | > I've seen third party applications that change the default homepage
|
> | > periodically. Give the following policy a try:
|
> | >
|
> | > CompConf\AdmTemp\System\Group Policy\"Internet Explorer Maintenance
|
> | > policy processing" - "Process even if the Group Policy objects have
|
> | > not changed"
|
> | >
|
> | > cheers,
|
> | >
|
> | > Florian
|
> | > --
|
> | > Microsoft MVP - Windows Server - Group Policy.
|
> | > eMail: prename [at] frickelsoft [dot] net.
|
> | > blog: http://www.frickelsoft.net/blog.
|
> | >
|
> |
|
>
|
|
|
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Homepage set via domain GPO not working on new Lenovo desktops
Date:
09/27/2007
00:18:28
Howdie!
Fat Frog schrieb:
>
Thanks for the suggestion. Yes, all the computers are located under the same
>
"workstation" OU. When I apply "Process even if the GPOs have not changed",
>
will this refresh every computer browser's homepage? I only want to do this
>
to the new computers.
Yes, that would re-apply the whole IE policies - and re-apply the
pre-set home page. That'd be working once, if you can seperate the
problematic workstations from the good ones. That would work out for short.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Fat Frog
<FatFrog@newsgroup.nospam>
To:
none
Subject:
Re: Homepage set via domain GPO not working on new Lenovo desktops
Date:
09/26/2007
17:33:58
I
have run the rsop.msc, and it shows that my GPO has indeed been applied,
but did not take effect.
Both HKCU and HKLM were showing the Lenovo URL initially. So I changed them
to that of my site; and additionally I set the key "Default_Page_URL" under
HKLM to my site's too.
After I log on with a new user account (delete its local profile and log
back on), the keys that I changed under HKLM stayed, but the "Start Page"
key under HKCU is changed back to Lenovo again. (That's annoying).
(I tested and created a new "default user" profile with my own Start Page,
it works with any new user logons, but I don't want to do it this way, which
requires copying the profile on each new machine, and everyone's "My
Documents" folder will show this account name. I called Lenovo, and they
want to charge me $100 for a problem that they created to begin with. That's
disgusting.)
Regards,
TL
""Ken Zhao [MSFT]"" <v-kzhao@online.microsoft.com> wrote in message
news:2zUXxQCAIHA.240@TK2MSFTNGHUB02.phx.gbl...
>
Hello,
>
>
Thank you for using newsgroup!
>
>
From your post, first, you may run "gpresult /z >c:\gpresult.txt" to check
>
if the policy has been applied. Or you may use rsop.msc to check the
>
current policies applied on the user profile.
>
>
Meanwhile, you may check the following registry key to see if it has been
>
set to your homepage:
>
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
>
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
>
>
Thanks & Regards,
>
>
Ken Zhao
>
>
Microsoft Online Support
>
Microsoft Global
Technical
Support
Center
>
>
Get Secure! - www.microsoft.com/security
>
<http://www.microsoft.com/security>
>
====================================================
>
When responding to posts, please "Reply to Group" via your newsreader so
>
that others may learn and benefit from your issue.
>
====================================================
>
This posting is provided "AS IS" with no warranties, and confers no
>
rights.
>
>
>
>
>
--------------------
>
| Thread-Topic: Homepage set via domain GPO not working on new Lenovo
>
desktops
>
| thread-index: Acf/4Bw7Fb0Hj3AKTMOsl1cV85jxvA==
>
| X-WBNR-Posting-Host: 207.46.192.207
>
| From: =?Utf-8?B?RmF0IEZyb2c=?= <FatFrog@newsgroup.nospam>
>
| References: <e#PRHS5$HHA.3900@TK2MSFTNGP02.phx.gbl>
>
<#H5n4L7$HHA.4496@TK2MSFTNGP06.phx.gbl>
>
| Subject: Re: Homepage set via domain GPO not working on new Lenovo
>
desktops
>
| Date:
Tue, 25 Sep 2007
18:54:01 -0700
>
| Lines: 44
>
| Message-ID: <4EE1ABBD-3ED5-467A-A5CD-EB702557AA76@microsoft.com>
>
| MIME-Version: 1.0
>
| Content-Type: text/plain;
>
| charset="Utf-8"
>
| Content-Transfer-Encoding: 7bit
>
| X-Newsreader: Microsoft CDO for Windows 2000
>
| Content-Class: urn:content-classes:message
>
| Importance: normal
>
| Priority: normal
>
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
>
| Newsgroups: microsoft.public.windows.group_policy
>
| Path: TK2MSFTNGHUB02.phx.gbl
>
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.group_policy:6162
>
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
>
| X-Tomcat-NG: microsoft.public.windows.group_policy
>
|
>
| Thanks for the suggestion. Yes, all the computers are located under the
>
same
>
| "workstation" OU. When I apply "Process even if the GPOs have not
>
changed",
>
| will this refresh every computer browser's homepage? I only want to do
>
this
>
| to the new computers.
>
|
>
| Regards,
>
| TL.
>
|
>
|
>
| "Florian Frommherz [MVP]" wrote:
>
|
>
| > Howdie!
>
| >
>
| > Fat Frog schrieb:
>
| > > I have set homepage via domain GPO and it's always been working when
>
a new
>
| > > user logs on to a computer for the first time when the profile is
>
created.
>
| > > (Of course the user can change it later.)
>
| > >
>
| > > But the new Lenovo desktop computers that we put on the network do
>
not seem
>
| > > to get this policy. When a new user logs on, the homepage is Lenovo
>
US
>
| > > website; and I verified on the local policy (User Configuration /
>
Windows
>
| > > Settings / IE Maintenance / URLs) that it is blank.
>
| >
>
| > You could asure that the policy applies to the workstations? Are they
>
in
>
| > the same OU other machines reside? You can check that with rsop.msc
>
| >
>
| > > Could the Lenovo URL come from the default user profile? And why GPO
>
has no
>
| > > effect over the local policy after i did "gpupdate /force"?
>
| >
>
| > I've seen third party applications that change the default homepage
>
| > periodically. Give the following policy a try:
>
| >
>
| > CompConf\AdmTemp\System\Group Policy\"Internet Explorer Maintenance
>
| > policy processing" - "Process even if the Group Policy objects have
>
| > not changed"
>
| >
>
| > cheers,
>
| >
>
| > Florian
>
| > --
>
| > Microsoft MVP - Windows Server - Group Policy.
>
| > eMail: prename [at] frickelsoft [dot] net.
>
| > blog: http://www.frickelsoft.net/blog.
>
| >
>
|
>
Top
From:
v-kzhao@online.microsoft.com
(Ken Zhao [MSFT])
To:
none
Subject:
Re: Homepage set via domain GPO not working on new Lenovo desktops
Date:
09/26/2007
05:00:51
Hello,
Thank you for using newsgroup!
From your post, first, you may run "gpresult /z >c:\gpresult.txt" to check
if the policy has been applied. Or you may use rsop.msc to check the
current policies applied on the user profile.
Meanwhile, you may check the following registry key to see if it has been
set to your homepage:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
Thanks & Regards,
Ken Zhao
Microsoft Online Support
Microsoft Global
Technical
Support
Center
Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
|
Thread-Topic: Homepage set via domain GPO not working on new Lenovo
desktops
|
thread-index: Acf/4Bw7Fb0Hj3AKTMOsl1cV85jxvA==
|
X-WBNR-Posting-Host: 207.46.192.207
|
From: =?Utf-8?B?RmF0IEZyb2c=?= <FatFrog@newsgroup.nospam>
|
References: <e#PRHS5$HHA.3900@TK2MSFTNGP02.phx.gbl>
<#H5n4L7$HHA.4496@TK2MSFTNGP06.phx.gbl>
|
Subject: Re: Homepage set via domain GPO not working on new Lenovo
desktops
|
Date:
Tue, 25 Sep 2007
18:54:01 -0700
|
Lines: 44
|
Message-ID: <4EE1ABBD-3ED5-467A-A5CD-EB702557AA76@microsoft.com>
|
MIME-Version: 1.0
|
Content-Type: text/plain;
|
charset="Utf-8"
|
Content-Transfer-Encoding: 7bit
|
X-Newsreader: Microsoft CDO for Windows 2000
|
Content-Class: urn:content-classes:message
|
Importance: normal
|
Priority: normal
|
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
|
Newsgroups: microsoft.public.windows.group_policy
|
Path: TK2MSFTNGHUB02.phx.gbl
|
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.group_policy:6162
|
NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
|
X-Tomcat-NG: microsoft.public.windows.group_policy
|
|
Thanks for the suggestion. Yes, all the computers are located under the
same
|
"workstation" OU. When I apply "Process even if the GPOs have not
changed",
|
will this refresh every computer browser's homepage? I only want to do
this
|
to the new computers.
|
|
Regards,
|
TL.
|
|
|
"Florian Frommherz [MVP]" wrote:
|
|
> Howdie!
|
>
|
> Fat Frog schrieb:
|
> > I have set homepage via domain GPO and it's always been working when
a
new
|
> > user logs on to a computer for the first time when the profile is
created.
|
> > (Of course the user can change it later.)
|
> >
|
> > But the new Lenovo desktop computers that we put on the network do
not seem
|
> > to get this policy. When a new user logs on, the homepage is Lenovo
US
|
> > website; and I verified on the local policy (User Configuration /
Windows
|
> > Settings / IE Maintenance / URLs) that it is blank.
|
>
|
> You could asure that the policy applies to the workstations? Are they
in
|
> the same OU other machines reside? You can check that with rsop.msc
|
>
|
> > Could the Lenovo URL come from the default user profile? And why GPO
has no
|
> > effect over the local policy after i did "gpupdate /force"?
|
>
|
> I've seen third party applications that change the default homepage
|
> periodically. Give the following policy a try:
|
>
|
> CompConf\AdmTemp\System\Group Policy\"Internet Explorer Maintenance
|
> policy processing" - "Process even if the Group Policy objects have
|
> not changed"
|
>
|
> cheers,
|
>
|
> Florian
|
> --
|
> Microsoft MVP - Windows Server - Group Policy.
|
> eMail: prename [at] frickelsoft [dot] net.
|
> blog: http://www.frickelsoft.net/blog.
|
>
|
Top
From:
Fat Frog
<FatFrog@newsgroup.nospam>
To:
none
Subject:
Re: Homepage set via domain GPO not working on new Lenovo desktops
Date:
09/25/2007
20:54:01
Thanks for the suggestion. Yes, all the computers are located under the same
"workstation" OU. When I apply "Process even if the GPOs have not changed",
will this refresh every computer browser's homepage? I only want to do this
to the new computers.
Regards,
TL.
"Florian Frommherz [MVP]" wrote:
>
Howdie!
>
>
Fat Frog schrieb:
>
> I have set homepage via domain GPO and it's always been working when a new
>
> user logs on to a computer for the first time when the profile is created.
>
> (Of course the user can change it later.)
>
>
>
> But the new Lenovo desktop computers that we put on the network do not seem
>
> to get this policy. When a new user logs on, the homepage is Lenovo
US
>
> website; and I verified on the local policy (User Configuration / Windows
>
> Settings / IE Maintenance / URLs) that it is blank.
>
>
You could asure that the policy applies to the workstations? Are they in
>
the same OU other machines reside? You can check that with rsop.msc
>
>
> Could the Lenovo URL come from the default user profile? And why GPO has no
>
> effect over the local policy after i did "gpupdate /force"?
>
>
I've seen third party applications that change the default homepage
>
periodically. Give the following policy a try:
>
>
CompConf\AdmTemp\System\Group Policy\"Internet Explorer Maintenance
>
policy processing" - "Process even if the Group Policy objects have
>
not changed"
>
>
cheers,
>
>
Florian
>
--
>
Microsoft MVP - Windows Server - Group Policy.
>
eMail: prename [at] frickelsoft [dot] net.
>
blog: http://www.frickelsoft.net/blog.
>
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Homepage set via domain GPO not working on new Lenovo desktops
Date:
09/25/2007
15:30:35
Howdie!
Fat Frog schrieb:
>
I have set homepage via domain GPO and it's always been working when a new
>
user logs on to a computer for the first time when the profile is created.
>
(Of course the user can change it later.)
>
>
But the new Lenovo desktop computers that we put on the network do not seem
>
to get this policy. When a new user logs on, the homepage is Lenovo
US
>
website; and I verified on the local policy (User Configuration / Windows
>
Settings / IE Maintenance / URLs) that it is blank.
You could asure that the policy applies to the workstations? Are they in
the same OU other machines reside? You can check that with rsop.msc
>
Could the Lenovo URL come from the default user profile? And why GPO has no
>
effect over the local policy after i did "gpupdate /force"?
I've seen third party applications that change the default homepage
periodically. Give the following policy a try:
CompConf\AdmTemp\System\Group Policy\"Internet Explorer Maintenance
policy processing" - "Process even if the Group Policy objects have
not changed"
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: Homepage set via domain GPO not working on new Lenovo desktops
Date:
09/25/2007
15:29:27
Maybe Lenovo put in a *.ins file which also sends config-information to IE
so maybe a search would help you sort it out!?!?
--
Regards G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Fat Frog" <FatFrog@newsgroup.nospam> wrote in message
news:e%23PRHS5$HHA.3900@TK2MSFTNGP02.phx.gbl...
>I have set homepage via domain GPO and it's always been working when a new
>user logs on to a computer for the first time when the profile is created.
>(Of course the user can change it later.)
>
>
But the new Lenovo desktop computers that we put on the network do not
>
seem to get this policy. When a new user logs on, the homepage is Lenovo
>
US
website; and I verified on the local policy (User Configuration /
>
Windows Settings / IE Maintenance / URLs) that it is blank.
>
>
Could the Lenovo URL come from the default user profile? And why GPO has
>
no effect over the local policy after i did "gpupdate /force"?
>
>
Thanks and regards,
>
TL
>
Top
From:
ScaryAdams
<onescaryfuc@hotmail.com>
To:
none
Subject:
Re: HiSec Template
Date:
09/19/2007
04:07:37
On Sep 11,
2:18 pm,
"Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
>
"ScaryAdams" <onescary...@hotmail.com> wrote in message
>
>
news:1189510607.654383.92410@w3g2000hsg.googlegroups.com...
>
>
> Guys n Gals,
>
>
> Could anyone tell me what part of the HiSec Template would be removing
>
> domain user accounts that I add to the Local Administrators Group on a
>
> server?
>
>
> Many thanks,
>
> Ryan
>
>
Assuming you mean the hisecws workstation sample template,
>
then you are dealing with the Restricted Group definition for the
>
Administrators group.
>
>
Please note that those old templates were initially intended to be
>
examples, and their use as is is not recommended. Rather one
>
should get the security guides with their newer templates, and
>
even then, use them as samples from which you develop templates
>
that "fit" your needs.
>
>
Roger
Cheers Roger thank you very much!
Take it easy
Top
From:
Joe
<Joe@discussions.microsoft.com>
To:
none
Subject:
RE: GroupPolicy Folder missing on XP Pro
Date:
09/24/2007
09:32:04
Does this mean that this folder is not required for Group Policy enforcement?
My policies would not work until I created these folders. We certainly
don't run gpedit on all machines before they are placed on the network.
Thanks,
Joe
"reza" wrote:
>
This folder does not actually exist on a computer until you first open the
>
Group Policy Object Editor (type gpedit.msc in the Run Window) to edit Local
>
Group Policy on that machine.
>
>
Note that this folder is hidden.
Top
From:
reza
<reza@discussions.microsoft.com>
To:
none
Subject:
RE: GroupPolicy Folder missing on XP Pro
Date:
09/20/2007
20:34:01
This folder does not actually exist on a computer until you first open the
Group Policy Object Editor (type gpedit.msc in the Run Window) to edit Local
Group Policy on that machine.
Note that this folder is hidden.
Top
From:
Roger Abell [MVP]
<mvpNoSpam@asu.edu>
To:
none
Subject:
Re: Group Policy Results
Date:
09/25/2007
04:59:41
Which kind of GP results? Let's assume real rather than modeled.
Then your in-use account could lack group membership on the target machine.
"Scott Micale" <hrm_admin@news.postalias> wrote in message
news:OGjwrmq$HHA.1212@TK2MSFTNGP05.phx.gbl...
>I am trying to run Group Policy Results wizard and I am doing it from the
>DC. I put in the computer name of the system I am trying to run the
wizard
>on and I keep getting a Group Policy Error, details: Access is denied.
>Says I don't have permission to perform this operation.
>
>
Any ideas why I can't run this?
>
Top
From:
Thomas M.
<NoEmailReplies@Please.com>
To:
none
Subject:
Re: Group Policy Inheritance
Date:
09/21/2007
18:45:15
"Florian Frommherz [MVP]" <florian@PLEASELEAVETHISOUT.frickelsoft.net> wrote
in message news:OEzjbAS%23HHA.484@TK2MSFTNGP06.phx.gbl...
>
Howdie!
>
>
Thomas M. schrieb:
>> However, the webcast is based on Windows 2003 Server, whereas I believe
>> that my DC is running Windows 2000 Server. Would that explain the
>> discrepancy that I am seeing between the webcast and what is happening in
>> my
>
>
No. That is not the reason. They work similar.
>
>> environment? If not, what are the possible reasons that the child OU
>> would not inherit the GPO from the parent OU, knowing that Block
>> Inheritance is turned off?
>
>
Is it possible that you have made contradicting settings in the Group
>
Policies in the subOU? What leads you to the thought inheritance doesn't
>
work?
Sorry that it has taken me so long to reply to your question. At the
moment, I do not has the necessary permissions to answer your first
question. I've been given the permissions to just one specific group
policy
until I am able to complete the training necessary to get access to all
group policies (which will happen next week). So, I can's say one way or
the other if there are conflicting policies, but I suspect not.
As for your second question, I am using the Restricted Groups policy to push
down the local Administrators group. I linked the policy to the EFS
Workstations container, and on those workstations the employees now have
just standard user permissions (the desired result of the policy).
However,
the machines in the child OU are not getting the policy. The child OU
*does* have one group policy linked to it, so there is the potential for a
conflict, but I am unable to edit that policy so I can't say for sure. I
have talked to another administrator who can edit the policy, and he says
that there are no conflicts (but I'd still like to check for myself). That
being said, I don't think any other GPOs do anything with the Restricted
Groups policy. So I've been thinking less in terms of a policy conflict
and
more in terms of an inheritance problem.
I
did Enforce enable the policy today (in case there is a conflict with
another GPO), but didn't get the chance to check with the users to see if
that fixed the issue. I don't believe that we have any other enforced
policies, so enforcing my policy should tell me if the problem is with a
conflicting GPO (because my enforced policy would win if that is the case).
--Tom
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Group Policy Inheritance
Date:
09/17/2007
06:43:59
Howdie!
Thomas M. schrieb:
>
However, the webcast is based on Windows 2003 Server, whereas I believe that
>
my DC is running Windows 2000 Server. Would that explain the discrepancy
>
that I am seeing between the webcast and what is happening in my
No. That is not the reason. They work similar.
>
environment? If not, what are the possible reasons that the child OU would
>
not inherit the GPO from the parent OU, knowing that Block Inheritance is
>
turned off?
Is it possible that you have made contradicting settings in the Group
Policies in the subOU? What leads you to the thought inheritance doesn't
work?
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Shark
<Shark@discussions.microsoft.com>
To:
none
Subject:
RE: Group Policy - Date Format
Date:
10/01/2007 12:23:02
Do you fix the problem I got an similary problem....
"Simone" wrote:
>
Hello,
>
>
I work for a company that hosts an application for its clients. All the
>
client access this application via RDP. We have a custom ADM that sets the
>
date to either British or US date format ie dd/mm/yyyy or mm/dd/yyyy.
>
However this doesnt seem to be working for one client in particular - even if
>
its enforced.
>
>
The problem is that their dates won't change to British format even though
>
everything on their local PC is set to that date format and the group policy
>
on the server is set to British. Their regional settings are set to UAE
>
because they have Arabic keyboards and they can't change that to anything
>
else and I think that's where it's falling over....even though they change
>
the date format under the advanced tab to British.
>
>
We have the group policy setting that takes the machines locale setting with
>
them disabled - and im pretty much out of ideas.
>
>
We're using windows 2003 STD Sp2, clients are using win xp to connect.
>
>
I look forward to any useful suggestions :)
Top
From:
Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: Group Policy - Date Format
Date:
09/27/2007 04:45:26
Hi,
Simone schrieb:
>
I work for a company that hosts an application for its clients. All the
>
client access this application via RDP. We have a custom ADM that sets the
>
date to either British or US date format ie dd/mm/yyyy or mm/dd/yyyy.
>
However this doesnt seem to be working for one client in particular
You have enabled LoopBack Processing on the TerminalServer GPO?
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
moncho
<moncho@NOspmanywhere.com>
To:
none
Subject:
Re: GPO to lockdown desktop
Date:
09/29/2007 06:57:43
Pearl wrote:
>
My security admin wants me to lockdown a Terminal Server session so that the
>
users can not even see the My Computer, Control Panel, Network Places icon
>
and even not be able to reboot the Terminal Server. In fact, what his
>
ultimate objective is : lockdown the desktop so that all that the user can
>
see is the desktop with only ONE application icon. In fact, he'd like the
>
session to activate the application when the user logs in and not allow the
>
user to do anything except use the application and not even get to the
>
desktop. Is there a way to do this?
***This is only if you want the users to have access to the desktop
also. Follow what Florian stated if you just want one program to start.
First, put your TS servers in their own OU.
I
like, others have their own preferences, to create two different GPO's
for TS servers, a TSComputerSettings and TSUserSettings.
Create a separate Global Security Group and add the users that will
access the TS servers to this group.
Setup Loopback processing in the TSComputerSettings in replace mode.
Setup the rest of the lock settings in TSUserSettings. Remove
authenticated users from this GPO and add the security group you
created. This will make sure the settings you create to not affect
the Admin's.
For the TSUserSettings, have at it. I created many settings and there
are to many to mention them individually. I have it setup so they
have two icons on their desktop, the Start Button and the Log Off
button. The users cannot right click anywhere and have very limited
access.
moncho
Top
From:
Pearl
<Pearl@discussions.microsoft.com>
To:
none
Subject:
Re: GPO to lockdown desktop
Date:
09/28/2007 07:36:03
many thanks. very helpful info
"Mark Heitbrink [MVP]" wrote:
>
Hi,
>
>
Pearl schrieb:
>
> My security admin wants me to lockdown a Terminal Server session [...]
>
>
Start here:
>
"Locking Down Windows Server 2003 Terminal Server Sessions"
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=7f272fff-9a6e-40c7-b64e-7920e6ae6a0d&DisplayLang=en
>
>
"How to Lock Down a Windows 2000 Terminal Server Session"
>
http://support.microsoft.com/default.aspx?scid=kb;en-us;q278295
>
>
and of course:
>
"Group Policy Common Scenarios Using GPMC"
>
http://www.microsoft.com/downloads/details.aspx?familyid=354b9f45-8aa6-4775-9208-c681a7043292&displaylang=en
>
>
The easiest way should be to use an alternate Shell, not explorer.exe
>
like nu2menu or others.
>
>
Mark
>
--
>
Mark Heitbrink - MVP Windows Server - Group Policy
>
>
Homepage: www.gruppenrichtlinien.de - deutsch
>
Blog: gpupdate.spaces.live.com - english
>
Top
From:
Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: GPO to lockdown desktop
Date:
09/28/2007 06:42:35
Hi,
Pearl schrieb:
>
My security admin wants me to lockdown a Terminal Server session [...]
Start here:
"Locking Down Windows Server 2003 Terminal Server Sessions"
http://www.microsoft.com/downloads/details.aspx?FamilyID=7f272fff-9a6e-40c7-b64e-7920e6ae6a0d&DisplayLang=en
"How to Lock Down a Windows 2000 Terminal Server Session"
http://support.microsoft.com/default.aspx?scid=kb;en-us;q278295
and of course:
"Group Policy Common Scenarios Using GPMC"
http://www.microsoft.com/downloads/details.aspx?familyid=354b9f45-8aa6-4775-9208-c681a7043292&displaylang=en
The easiest way should be to use an alternate Shell, not explorer.exe
like nu2menu or others.
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: GPO to lockdown desktop
Date:
09/28/2007 00:46:03
Howdie!
Pearl schrieb:
>
My security admin wants me to lockdown a Terminal Server session so that the
>
users can not even see the My Computer, Control Panel, Network Places icon
>
and even not be able to reboot the Terminal Server. In fact, what his
>
ultimate objective is : lockdown the desktop so that all that the user can
>
see is the desktop with only ONE application icon. In fact, he'd like the
>
session to activate the application when the user logs in and not allow the
>
user to do anything except use the application and not even get to the
>
desktop. Is there a way to do this?
I'm not a Terminal Services guru, but on the Terminal Server, you can try:
User Configuration\Administrative Templates\Windows Components\Terminal
Services\"Start a program on connection"
Link this GPO to the Terminal Servers OU and enable "Loopback processing
mode":
http://www.frickelsoft.net/blog/?p=22
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: GPO Screen Saver
Date:
09/19/2007 06:56:27
Howdie!
Calin Leu schrieb:
>
I need to implement a GPO to impose "On resume password protect" for the
>
screen saver on the users' machines.
>
>
I would need a little help on finding this policy and how to implement it.
Have a look at the following node:
User Configuration\Administrative Templates\Control Panel\Display -
there are three policies:
"Screen Saver"
"Screen Saver timeout" and
"Password Protect the screen saver"
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
tg30
<tg30@discussions.microsoft.com>
To:
none
Subject:
Re: GPO for?
Date:
09/20/2007 13:40:02
Thank you. I had looked at those, just not close enough. I will play with
them and see which one best suits me. Thanks again for the help, and quick
response.
"Mathieu CHATEAU" wrote:
>
Hello,
>
>
USER
>
Administrative Templates\
>
Desktop
>
Don't save settings at exit
>
Prevents users from saving certain changes to the desktop. If you enable
>
this setting, users can change the desktop, but some changes, such as the
>
position of open windows or the size and position of the taskbar, are not
>
saved when users log off. However, shortcuts placed on the desktop are
>
always saved.
>
>
USER
>
Administrative Templates\
>
Desktop
>
Prohibit adjusting desktop toolbars
>
Prevents users from adjusting the length of desktop toolbars. Also, users
>
cannot reposition items or toolbars on docked toolbars. This setting does
>
not prevent users from adding or removing toolbars on the desktop. Note:
If
>
users have adjusted their toolbars, this setting prevents them from
>
restoring the default configuration. Also, see the Prevent adding,
>
dragging, dropping and closing the Taskbar's toolbars setting.
>
>
>
USER
>
Administrative Templates\
>
Desktop\
>
Active Desktop
>
Prohibit changes
>
Prevents the user from enabling or disabling Active Desktop or changing the
>
Active Desktop configuration. This is a comprehensive setting that locks
>
down the configuration you establish by using other policies in this folder.
>
This setting removes the Web tab from Display in Control Panel. As a result,
>
users cannot enable or disable Active Desktop. If Active Desktop is already
>
enabled, users cannot add, remove, or edit Web content or disable, lock, or
>
synchronize Active Desktop components.
>
>
>
>
--
>
Cordialement,
>
Mathieu CHATEAU
>
http://lordoftheping.blogspot.com
>
>
>
"tg30" <tg30@discussions.microsoft.com> wrote in message
>
news:E96E9478-48C3-4684-86C8-01D073AF758A@microsoft.com...
>
> Is there anyway to keep clients from rearranging their desktop icons with
>
> GPO? I have looked through the policies but have been unable to find one
>
> that
>
> will enforce this. Thank you for any suggestions.
>
>
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: GPO for?
Date:
09/20/2007 12:56:14
Hello,
USER
Administrative Templates\
Desktop
Don't save settings at exit
Prevents users from saving certain changes to the desktop. If you enable
this setting, users can change the desktop, but some changes, such as the
position of open windows or the size and position of the taskbar, are not
saved when users log off. However, shortcuts placed on the desktop are
always saved.
USER
Administrative Templates\
Desktop
Prohibit adjusting desktop toolbars
Prevents users from adjusting the length of desktop toolbars. Also, users
cannot reposition items or toolbars on docked toolbars. This setting does
not prevent users from adding or removing toolbars on the desktop. Note:
If
users have adjusted their toolbars, this setting prevents them from
restoring the default configuration. Also, see the Prevent adding,
dragging, dropping and closing the Taskbar's toolbars setting.
USER
Administrative Templates\
Desktop\
Active Desktop
Prohibit changes
Prevents the user from enabling or disabling Active Desktop or changing the
Active Desktop configuration. This is a comprehensive setting that locks
down the configuration you establish by using other policies in this folder.
This setting removes the Web tab from Display in Control Panel. As a result,
users cannot enable or disable Active Desktop. If Active Desktop is already
enabled, users cannot add, remove, or edit Web content or disable, lock, or
synchronize Active Desktop components.
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"tg30" <tg30@discussions.microsoft.com> wrote in message
news:E96E9478-48C3-4684-86C8-01D073AF758A@microsoft.com...
>
Is there anyway to keep clients from rearranging their desktop icons with
>
GPO? I have looked through the policies but have been unable to find one
>
that
>
will enforce this. Thank you for any suggestions.
Top
From:
Harry Johnston
<harry@scms.waikato.ac.nz>
To:
none
Subject:
Re: GPO doesn't take effect on the clients
Date:
09/17/2007 20:33:06
MMASH wrote:
>
I have rebooted the client machines couple of times, even tried the group
>
policy refresh did not worked.
>
I went through the Group policy for WSUS n number of times, it looks ok.
>
Reaaly do not know why that alert is not poping up.
It might be worth checking that the group policy really has registered correctly
by looking in the registry. The subkey to look at is
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
and the value ElevateNonAdmins should be of the type REG_DWORD and have the
value 1.
... your users are in the Users security group, I presume?
You should also make sure the user group policy "Remove access to use all
Windows Update features" isn't set. I don't know the registry key for this
one,
just look in the group policy: User Configuration, Administrative Templates,
Windows Components, Windows Update.
Are there any clues in WindowsUpdate.log?
Harry.
Top
From:
MMASH
<MMASH@discussions.microsoft.com>
To:
none
Subject:
Re: GPO doesn't take effect on the clients
Date:
09/17/2007 18:22:01
I
have rebooted the client machines couple of times, even tried the group
policy refresh did not worked.
I
went through the Group policy for WSUS n number of times, it looks ok.
Reaaly do not know why that alert is not poping up.
"Harry Johnston" wrote:
>
MMASH wrote:
>
>
> [...] I would like my all client machines show the alert in task bar
>
> saying "updates are ready to install".
>
>
That is exactly what this group policy setting does:
>
>
>> If you want non-administrative users to have access to install the updates
>
>> manually, you can set the group policy "Allow non-administrators to receive
>
>> update notifications". Be aware this also allows them to hide updates
so they
>
>> will not be installed even when the scheduled time comes along.
>
>
Did you restart the client after applying the group policy change?
(Actually
>
all you really need to do is refresh group policy with gpupdate and then restart
>
the WUA service, but restarting the client is easier.)
>
>
Harry.
>
Top
From:
Andrew Austwick
<AndrewAustwick@discussions.microsoft.com>
To:
none
Subject:
Re: GPO to delete temporary Internet Files
Date:
09/18/2007 07:48:01
Hi Mark
Thanks, that has worked
Andrew
"Mark Heitbrink [MVP]" wrote:
>
Hi,
>
>
Andrew Austwick schrieb:
>
> Is there a GPO that will delete temporary Internet files for Windows XP SP2,
>
> and IE 6, when a user closed IE?
>
>
--- ie.adm ---
>
CLASS USER
>
>
CATEGORY "IE Settings"
>
POLICY "Delete TempIE files on exit of IE"
>
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache"
>
VALUENAME "Persistent"
>
VALUEON NUMERIC 0 VALUEOFF NUMERIC 1
>
END POLICY
>
END CATEGORY
>
>
--- ie.adm ---
>
Mark
>
>
--
>
Mark Heitbrink - MVP Windows Server - Group Policy
>
>
Homepage: www.gruppenrichtlinien.de - deutsch
>
Blog: gpupdate.spaces.live.com - english
>
Top
From:
Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: GPO to delete temporary Internet Files
Date:
09/18/2007 04:12:37
Hi,
Andrew Austwick schrieb:
>
Is there a GPO that will delete temporary Internet files for Windows XP SP2,
>
and IE 6, when a user closed IE?
--- ie.adm ---
CLASS USER
CATEGORY "IE Settings"
POLICY "Delete TempIE files on exit of IE"
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache"
VALUENAME "Persistent"
VALUEON NUMERIC 0 VALUEOFF NUMERIC 1
END POLICY
END CATEGORY
--- ie.adm ---
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: GP software install overwrites patches
Date:
09/20/2007 00:18:00
Howdie!
Dave K. schrieb:
>
Is there a way to resolve this? I need to keep the "healing" aspect of the
>
Gp while allowing me to apply patches. I don't want to have to create a
>
transform package every time I want to apply patches and update my GP for
>
Office 2003 SP2.
You don't need to create a transform package. The patch is given in a
.msp format, isn't it? If not, you might extract the patch's setup.exe
with the switch "/a" which will unpack all files within the setup.
Once you've done this, you can update the files on your Software
Installation share so that all users will automatically get the changes
in the Service Pack. Use the .msp patch like this:
msiexec /a <original office .msi> /p <extracted .msp file> or something
similar to this. Once the files have been updated (both the original
.MSI and some other source files will be changed) be sure to right-click
your Software Installation package and choose "Redeploy application".
This will roll out Office with Service Pack 2 slipstreamed to your clients.
I
do not recommend using two different deployment methods for software.
Most of the time, things get messed up - especially if you deploy the
software with one application and update it with another. Try to stick
with one deployment strategy as far as you can. If you can do it with
Group Policy (both installation and patching) - use it.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
MSExchangeStudent
<exchangestudent@newsgroups.com>
To:
none
Subject:
Re: GP prevent user 2 c printer
Date:
09/21/2007 08:32:42
"Mark Heitbrink [MVP]" <spam-only@gruppenrichtlinien.de> wrote in message
news:uwBrTvE$HHA.3800@TK2MSFTNGP03.phx.gbl...
>
Hi,
>
>
MSExchangeStudent schrieb:
>> I have a GP that prevent users to add a printer so obviously if i want to
>> install a printer i need to log off and on as the admin. When i do that i
>> can install the printer succesfully but when i log back on as the user i
>> cannot see the printer.
>
>
Right, because network printers are connected as an user, so they are
>
stored in HKCU. Local Printer are stored in HKLM
>
>
>
So the solution is:
>
User are allowed to connect to printer in the network. Printeres are
>
secured by permission (Everyone = Print, is not the desired setting)
>
Local printers canīt be installed by users, because they are not allowed
>
to write to HKLM as a user.
OK understand that but the same scenario's goes for me when i work with
network printers. Then they are able to access the settings of the printer
which is a problem. So the ideal is to leave the GPO so that they cannot
access the network printer. Am i right if i assume that?
The GP will need to remain if i want them not to change the settings of the
network printers.
>
>
With other words: There is no need for your policy.
>
>
Mark
>
--
>
Mark Heitbrink - MVP Windows Server - Group Policy
>
>
Homepage: www.gruppenrichtlinien.de - deutsch
>
Blog: gpupdate.spaces.live.com - english
Top
From:
Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: GP prevent user 2 c printer
Date:
09/21/2007 07:34:58
Hi,
MSExchangeStudent schrieb:
>
I have a GP that prevent users to add a printer so obviously if i want to
>
install a printer i need to log off and on as the admin. When i do that i
>
can install the printer succesfully but when i log back on as the user i
>
cannot see the printer.
Right, because network printers are connected as an user, so they are
stored in HKCU. Local Printer are stored in HKLM
So the solution is:
User are allowed to connect to printer in the network. Printeres are
secured by permission (Everyone = Print, is not the desired setting)
Local printers canīt be installed by users, because they are not allowed
to write to HKLM as a user.
With other words: There is no need for your policy.
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: GP prevent user 2 c printer
Date:
09/21/2007 06:49:51
Hello MSExchangeStudent,
You gave the answer yourself, the GPO is preventing the access, so reconfigure
the GPO.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
>
Hi Meinolf
>
>
Thanks for replying - BTW just got a call now from a technician that
>
wants to setup a mail account for the user and cannot because GPO
>
prevents the domain users to access the Control Panel. The technician
>
is logged on as the domain user to setup his mail account in Control
>
Panel > Mail icon.
>
>
Any way around this?
>
>
Craig
>
>
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>
news:ff16fb66587c88c9ca66ccb5cc71@msnews.microsoft.com...
>
>> Hello MSExchangeStudent,
>>
>> Did you set the printer as default printer after adding it to the
>> machine?
>>
>> Making the user admin, NO, you are right.
>>
>> If the reason is only that the user changes the printer
>> configuration, then configure the security settings from the printer
>> for domain users with print and only give domain admins manage
>> printers right.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>>> Hi all
>>>
>>> I have a GP that prevent users to add a printer so obviously if i
>>> want to install a printer i need to log off and on as the admin.
>>> When i do that i can install the printer succesfully but when i log
>>> back on as the user i cannot see the printer. How do i overcome this
>>>
>>> BTW , what i then did was to make the user a domain admin and i
>>> could instll the printer but obviously that is the wrong way. I also
>>> do not want to disable the GPO as they delete and change settings in
>>> their printer setup.
>>>
>>> craig
>>> Win xp pro and Win 2003 Server
Top
From:
MSExchangeStudent
<exchangestudent@newsgroups.com>
To:
none
Subject:
Re: GP prevent user 2 c printer
Date:
09/21/2007 06:37:55
Hi Meinolf
Thanks for replying - BTW just got a call now from a technician that wants
to setup a mail account for the user and cannot because GPO prevents the
domain users to access the Control Panel. The technician is logged on as the
domain user to setup his mail account in Control Panel > Mail icon.
Any way around this?
Craig
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb66587c88c9ca66ccb5cc71@msnews.microsoft.com...
>
Hello MSExchangeStudent,
>
>
Did you set the printer as default printer after adding it to the machine?
>
>
Making the user admin, NO, you are right.
>
>
If the reason is only that the user changes the printer configuration,
>
then configure the security settings from the printer for domain users
>
with print and only give domain admins manage printers right.
>
>
Best regards
>
>
Meinolf Weber
>
Disclaimer: This posting is provided "AS IS" with no warranties, and
>
confers no rights.
>
>> Hi all
>>
>> I have a GP that prevent users to add a printer so obviously if i want
>> to install a printer i need to log off and on as the admin. When i do
>> that i can install the printer succesfully but when i log back on as
>> the user i cannot see the printer. How do i overcome this
>>
>> BTW , what i then did was to make the user a domain admin and i could
>> instll the printer but obviously that is the wrong way. I also do not
>> want to disable the GPO as they delete and change settings in their
>> printer setup.
>>
>> craig
>> Win xp pro and Win 2003 Server
>
>
Top
From:
Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: GP prevent user 2 c printer
Date:
09/21/2007 06:02:29
Hello MSExchangeStudent,
Did you set the printer as default printer after adding it to the machine?
Making the user admin, NO, you are right.
If the reason is only that the user changes the printer configuration, then
configure the security settings from the printer for domain users with print
and only give domain admins manage printers right.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
>
Hi all
>
>
I have a GP that prevent users to add a printer so obviously if i want
>
to install a printer i need to log off and on as the admin. When i do
>
that i can install the printer succesfully but when i log back on as
>
the user i cannot see the printer. How do i overcome this
>
>
BTW , what i then did was to make the user a domain admin and i could
>
instll the printer but obviously that is the wrong way. I also do not
>
want to disable the GPO as they delete and change settings in their
>
printer setup.
>
>
craig
>
Win xp pro and Win 2003 Server
Top