From:
Florian Frommherz [MVP] <florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: WMI filter is not applying correctly
Date:
09/21/2007
01:22:52
Howdie!
Pedro Lima schrieb:
>
Last night I was thinking in this question I posted and something came on my
>
mind. I have a deep impression (I'm not sure, but I'll have to check it out)
>
that I have read something about WMI filters applying just to computer
>
accounts. If my impression is true, my WMI query can be perfect when
>
executing in a VBscript file, but would not have any effect on the GPO
>
itself, because the filter here is applying on users. That would explain also
>
the TRUE condition in the query (all the machines would be OK in this
>
filter).
I
have not had many WMI filters applied in the past, so I'm not *that*
expert on that.
As far as I know, WMI filters will be evaluated before processing the
Group Policy regardless of what is inside the GPO and where it is
linked. It therefore doesn't matter if the GPO is for users or computers.
Looking at your query, I can imagine that it always returns true because
there are in fact users in LDAP that start with "ZE". You'd need to
define an additional check to see whether the user currently logged in
is one of those - so WMI doing well, as there are definately users with
an office starting with "ZE".
Before more messing around with WMI, I'd check if I could re-organize
the users in question in a seperate OU (maybe OUs based on their office
seats or something) or try to group them in security groups and catch
them this way. I'm not sure if you'll come around with WMI.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Pedro Lima
<PedroLima@discussions.microsoft.com>
To:
none
Subject:
Re: WMI filter is not applying correctly
Date:
09/20/2007
10:22:03
Hi Florian,
>
Without having checked your query here on my machines, my first guess
>
is: do those people, who get a TRUE where they shouldn't run Windows
>
2000? Windows 2000 isn't capable of Group Policy-WMI filter processing.
>
They always return true and process the policy - no matter what.
To answer your question, all workstations are running Windows XP
Professional, so this isn't the issue.
Last night I was thinking in this question I posted and something came on my
mind. I have a deep impression (I'm not sure, but I'll have to check it out)
that I have read something about WMI filters applying just to computer
accounts. If my impression is true, my WMI query can be perfect when
executing in a VBscript file, but would not have any effect on the GPO
itself, because the filter here is applying on users. That would explain also
the TRUE condition in the query (all the machines would be OK in this
filter).
Anyhow, if this is correct - as I said I have to check it out, and I'd thank
if anyone brings a factual proof of this - I think the GPMC should warn us
about this. That would be a good thing for Microsoft to fix.
Greatings,
--
Pedro Lima
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: WMI filter is not applying correctly
Date:
09/20/2007
00:20:57
Howdie!
Pedro Lima schrieb:
>
When I execute this query via a VBScript, the results are perfect. Only the
>
users that match this criteria are returned. But... when I apply this filter
>
to a GPO, even accounts that doesn't match the criteria are showing "TRUE" in
>
the value of the Group Policy Modeling (look bellow). Only the users matching
>
the criteria should return TRUE. The others should show FALSE.
Without having checked your query here on my machines, my first guess
is: do those people, who get a TRUE where they shouldn't run Windows
2000? Windows 2000 isn't capable of Group Policy-WMI filter processing.
They always return true and process the policy - no matter what.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Windows Installer
Date:
09/21/2007
00:36:13
Howdie!
SBN via WinServerKB.com schrieb:
>
ok, but how about if i disable this how will i allow my users to install
>
softwares that are only allowed.
Publish the software. People can then install it (whenever they choose
to) from Control Panel-Software. The installation will then be elevated
by the Windows Installer Service in order to have it succeed.
Assign software on a computer basis whenever you can. I - for one - have
never seen a really useful scenario where assigning software per users
made much sense. As soon as people roam between workstations, you'll
start about thinking that a little more advanced...
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
SBN via WinServerKB.com
<u32166@uwe>
To:
none
Subject:
Re: Windows Installer
Date:
09/20/2007
19:34:45
ok, but how about if i disable this how will i allow my users to install
softwares that are only allowed.
--
Message posted via http://www.winserverkb.com
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Windows Installer
Date:
09/19/2007
00:31:50
Howdie!
SBN via WinServerKB.com schrieb:
>
Hey guys in the GPO what do you mean by "always install with elevated
>
privileges"
Some MSI packages need access to areas of the file system and registry
that are restricted to "admin-only" write access. So if you wanted to
deploy a package on a per-user basis this would mean that the
installation would normally fail (if the users aren't admins on their
machines and therefore have not sufficient rights to access and modify
filesystem and registry areas needed by the package).
"Always install with elevated privileges" lets Windows Installer execute
the MSI package in the SYSTEM's context (pretty similar to the mode it
runs the computer based Software Installation). As the SYSTEM has full
access to all filesystem and registry sources needed, the installation
should succeed - even if performed by an user.
Since the installation runs with privileged, be sure to have tested the
package. People could gain extended access to systems if the
installation routines aren't well designed. When using elevated privs,
be sure users have as little control over the installation as possible
(no user prompts for file paths etc...)
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
John
<John@discussions.microsoft.com>
To:
none
Subject:
Re: why?Why?Why? Please help!
Date:
10/01/2007
15:14:01
Hi, thanks for your help.
Interesting, the user can not connect to the outlook and can connect to the
network drives. Delete the outlook profile, even can not create one as the
account is not in the adress list error pop up...
do you know whether the group policy can crush user account not to connect
to to the exchange server? Users get 1053 error and got GPO core failure from
result of GPO.
thanks.
"Florian Frommherz [MVP]" wrote:
>
Howdie!
>
>
John schrieb:
>
> Thanks for your help. We apply policy to dept. OU.
>
> If one or two users needs to exclude from the policy,
>
> I simply put the user to deny or take out apply policy
>
> pemission. Is this right?
>
>
If you have "Authenticated Users" still in the list, add the users
>
(better you put them into a security group and do it that way) to the
>
list and deny "Read" and "Apply Group Policy".
>
>
> When I run the group policy results on this computer,
>
> I got:
>
>
>
> Event Type: Error
>
> Event Source: Userenv
>
> Event Category: None
>
> Event ID: 1053
>
> [...]
>
> Computer: Workstation1
>
> Description:
>
> Windows cannot determine the user or computer name. (The specified user does
>
> not exist. ).
>
>
If DNS is working well on the machine, check if the computer's domain
>
account is okay (try to unjoin and rejoin the machine to the domain).
>
>
If that all does not work, see the following:
>
http://www.eventid.net/display.asp?eventid=1053&eventno=1584&source=Userenv&phase=1
>
>
cheers,
>
>
Florian
>
--
>
Microsoft MVP - Windows Server - Group Policy.
>
eMail: prename [at] frickelsoft [dot] net.
>
blog: http://www.frickelsoft.net/blog.
>
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: why?Why?Why? Please help!
Date:
09/28/2007
11:22:46
Howdie!
John schrieb:
>
Thanks for your help. We apply policy to dept. OU.
>
If one or two users needs to exclude from the policy,
>
I simply put the user to deny or take out apply policy
>
pemission. Is this right?
If you have "Authenticated Users" still in the list, add the users
(better you put them into a security group and do it that way) to the
list and deny "Read" and "Apply Group Policy".
>
When I run the group policy results on this computer,
>
I got:
>
>
Event Type: Error
>
Event Source: Userenv
>
Event Category: None
>
Event ID: 1053
>
[...]
>
Computer: Workstation1
>
Description:
>
Windows cannot determine the user or computer name. (The specified user does
>
not exist. ).
If DNS is working well on the machine, check if the computer's domain
account is okay (try to unjoin and rejoin the machine to the domain).
If that all does not work, see the following:
http://www.eventid.net/display.asp?eventid=1053&eventno=1584&source=Userenv&phase=1
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
John
<John@discussions.microsoft.com>
To:
none
Subject:
Re: why?Why?Why? Please help!
Date:
09/28/2007
11:00:01
Thanks for your help. We apply policy to dept. OU.
If one or two users needs to exclude from the policy,
I
simply put the user to deny or take out apply policy
pemission. Is this right?
When I run the group policy results on this computer,
I
got:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date:
9/28/2007
Time:
11:23:14 AM
User:
NT AUTHORITY\SYSTEM
Computer: Workstation1
Description:
Windows cannot determine the user or computer name. (The specified user does
not exist. ).
Group Policy processing aborted. For more information, see Help and
Support
Center at
http://go.microsoft.com/fwlink/events.asp.
Any idea?
"Florian Frommherz [MVP]" wrote:
>
Howdie!
>
>
John schrieb:
>
> Thanks for your reply and help.
>
>
Glad you worked it out.
>
>
> But, I have to exclude some users from this policy. I put these users in
>
> security of policy and set to block. But, these users are still getting
this
>
> policy even they are blocked from this policy?
>
>
What do you mean by "block"? You can deny "Read" and "Apply Group
>
Policy" permissions to that policy. Just take the security group for that:
>
>
http://www.frickelsoft.net/blog/?p=28
>
>
cheers,
>
>
Florian
>
--
>
Microsoft MVP - Windows Server - Group Policy.
>
eMail: prename [at] frickelsoft [dot] net.
>
blog: http://www.frickelsoft.net/blog.
>
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: why?Why?Why? Please help!
Date:
09/28/2007
10:29:21
Howdie!
John schrieb:
>
Thanks for your reply and help.
Glad you worked it out.
>
But, I have to exclude some users from this policy. I put these users in
>
security of policy and set to block. But, these users are still getting
this
>
policy even they are blocked from this policy?
What do you mean by "block"? You can deny "Read" and "Apply Group
Policy" permissions to that policy. Just take the security group for that:
http://www.frickelsoft.net/blog/?p=28
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
John
<John@discussions.microsoft.com>
To:
none
Subject:
Re: why?Why?Why? Please help!
Date:
09/28/2007
10:22:01
Thanks for your reply and help.
I
found a way to do this through I configured the
settings in "User Configuration\Windows Setting\Internet Explorer
Maintenance\URLs\Important URLs" and in "Administrative Templates\Windows
Components\Internet Explorer\Disable changing home page settings."
But, I have to exclude some users from this policy. I put these users in
security of policy and set to block. But, these users are still getting
this
policy even they are blocked from this policy?
Is there something I am missing?
"Florian Frommherz [MVP]" wrote:
>
Howdie John!
>
>
John schrieb:
>
> I set up the policy to disable change home page of IE and set our company
>
> web site as home page through Group Policy Management Console. I enabled
the
>
> settings in "User Configuration\Administrative Templates\Internet
>
> Explorer\Disable changing home page settings and enter our company web site
>
> as the home page" But most users do not get the prescribed web home page and
>
> only a few got it. I troubleshooted a while and found out the policy
only
>
> works on the computer with IE7. it does not work with computers with
IE6.
>
> Then I went furthur and found out that if I create the policy from the Active
>
> directory uses and computers console, not from GPMC and I can not set the
>
> home page and only disabe changing the home page. That explains why most
>
> users do not get the prescribed home page.
>
>
The reason why you cannot enter the home page in "Active Directory Users
>
and Computers" is, because they changed the Administrative Template
>
between 2000 and XP (at least I think so, since my Windows 2000 machine
>
wouldn't let me specify the home page there either, but my Windows XP
>
would let me).
>
>
I can't imagine why that shouldn't work since the policy says "At least
>
IE 5" and the key it writes to seems to be valid. Anyway, if you're out
>
of luck with that policy, you could hav a look at "Internet Explorer
>
Preference Mode".
>
>
cheers,
>
>
Florian
>
--
>
Microsoft MVP - Windows Server - Group Policy.
>
eMail: prename [at] frickelsoft [dot] net.
>
blog: http://www.frickelsoft.net/blog.
>
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: why?Why?Why? Please help!
Date:
09/28/2007
00:29:51
Howdie John!
John schrieb:
>
I set up the policy to disable change home page of IE and set our company
>
web site as home page through Group Policy Management Console. I enabled
the
>
settings in "User Configuration\Administrative Templates\Internet
>
Explorer\Disable changing home page settings and enter our company web site
>
as the home page" But most users do not get the prescribed web home page and
>
only a few got it. I troubleshooted a while and found out the policy only
>
works on the computer with IE7. it does not work with computers with IE6.
>
Then I went furthur and found out that if I create the policy from the Active
>
directory uses and computers console, not from GPMC and I can not set the
>
home page and only disabe changing the home page. That explains why most
>
users do not get the prescribed home page.
The reason why you cannot enter the home page in "Active Directory Users
and Computers" is, because they changed the Administrative Template
between 2000 and XP (at least I think so, since my Windows 2000 machine
wouldn't let me specify the home page there either, but my Windows XP
would let me).
I
can't imagine why that shouldn't work since the policy says "At least
IE 5" and the key it writes to seems to be valid. Anyway, if you're out
of luck with that policy, you could hav a look at "Internet Explorer
Preference Mode".
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Where is Quick Launch?
Date:
09/24/2007
07:28:36
Howdie!
AlanTerrill schrieb:
>
Thanks - what do you mean by a 'standard profile' -how do I do this?
See these two articles, they'll tell you how:
http://technet2.microsoft.com/windowsserver/en/library/86bd78dc-de1c-4c90-b5cd-6b56c07529761033.mspx?mfr=true
http://support.microsoft.com/kb/168475
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
AlanTerrill
<AlanTerrill@discussions.microsoft.com>
To:
none
Subject:
Re: Where is Quick Launch?
Date:
09/24/2007
07:04:00
Thanks - what do you mean by a 'standard profile' -how do I do this?
Alan
>
> I want to include the item "Show Quick Launch" under 'Taskbar and Start
>
> Menu' to be loaded as standard on all PCs, but I can't find a setting
>
> relating to this in Group Policy Manager. Can anyone tell me where to find it?
>
>
You cannot do that - there's no option for this. The only possible way
>
is to define a standard profile which all new users will pick up and
>
enable the Quick Launch bar there.
>
>
cheers,
>
>
Florian
>
--
>
Microsoft MVP - Windows Server - Group Policy.
>
eMail: prename [at] frickelsoft [dot] net.
>
blog: http://www.frickelsoft.net/blog.
>
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Where is Quick Launch?
Date:
09/24/2007
06:53:40
Howdie!
AlanTerrill schrieb:
>
I want to include the item "Show Quick Launch" under 'Taskbar and Start
>
Menu' to be loaded as standard on all PCs, but I can't find a setting
>
relating to this in Group Policy Manager. Can anyone tell me where to find it?
You cannot do that - there's no option for this. The only possible way
is to define a standard profile which all new users will pick up and
enable the Quick Launch bar there.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: vista machines
Date:
09/27/2007
11:44:53
Howdie!
param@community.nospam schrieb:
>
1. We use a central WSUS 3.0 server to deploy updates to all our
>
workstations. For some reason the
Vista
machines will not pickup the updates
>
and also when you try to manually perform the update on them, we get an
>
error. Does something have to be configured differently in GPO?
I've
Vista
here with WSUS 3 - that works great. It's the same policy as
for other clients and they picked it up. Does your eventlog on the
Vista
machines come up with an error?
>
2. Windows Firewall will not launch on these machines. We get an error "Due
>
to an unidentified problem windows cannot display windows firewall
>
settings.". Firewall settings are also controlled through GPO for our XP
>
workstations. Do we need to do anything differently?
Use a
Vista
workstation and fire up the GPMC on it. Then create a custom
firewall policy for your
Vista
clients. The windows firewall changed
in Windows Vista (it has some special "Advanced Settings") and seems to
neglect some (legacy) settings you set for Windows XP. I've not look
into this, yet, so this is all I can tell you. Creating a OU (at the
same level as your Windows XP machines OU for example) and creating a
Vista specific GP configuration should work,
though.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Al Dunbar
<AlanDrub@hotmail.com.nospaam>
To:
none
Subject:
Re: Using a master NTUSER file
Date:
09/22/2007
16:25:16
"Blackberry" <info@NoSpamIt.com> wrote in message
news:%237uPHUQ$HHA.1208@TK2MSFTNGP03.phx.gbl...
>
Hi All
>
>
I work in a number of schools and I have to set up (too) many PCs in the
>
same standard form. Because 99% of these are Win2K3 clients we are
>
talking
>
numerous user profiles as well, so I currently log on as one user, set the
>
Desktop, Screensaveer, etc stuff up and then copy the NTUSER file from
>
this
>
account to the default user so that every user profile that logs on has
>
this
>
style. This seems to work fine, but I would now like to take this a step
>
further and keep of a copy of this NTUSER file so that on a new machine I
>
simply drop this into the default user folder straight away.
>
>
My question is, am I allowed to do this from one machine to another or
>
will
>
it screw it up? Although 99% of our machines are XP Pro SP2, if I dropped
>
my master NTUSER file into a Win XP Home or Win XP Pro SP1 PC would it
>
screw
>
things up?
If 99% are w2k and 99% are xp, what are the other -98%? ;-)
I'd advise against trying to use an NTUSER file in any other o/s-sp
combination than the one it was created on. Whether it would work on
identical machines, well, you could just try it yourself.
/Al
Top
From:
Pegasus \(MVP\) <I.can@fly.com>
To:
none
Subject:
Re: Using a master NTUSER file
Date:
09/22/2007
05:46:07
Interesting post: It is both cross-posted (which is fine) and
multi-posted (which causes duplication of effort). Why? You
appear to be fully aware of the two posting methods!
Top
From:
Lanwench [MVP - Exchange]
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com>
To:
none
Subject:
Re: user settings not being saved
Date:
09/25/2007
16:27:55
pete0085 <pete0085@discussions.microsoft.com> wrote:
>
Thanks for the info. I am doing some research on terminal services
>
and admit I am confused about quite a few things. Happen to have a
>
good link that goes into detail of how to set everything up correctly?
>
>
I posted this question over in the TS group,
I
don't see it in there...at least not yet. [see below for hints on better
ways to access these newsgroups]
>
does the server need to
>
be a dedicated server
It really ought to be a dedicated member server in the domain.
If you had only one or two users, and already had a kick-ass file/print
server that wasn't doing too much else I'd say you could get away with
running TS in a virtual server or VMWare instance, but for 12-20, forget it.
>
or could it host another application as long as
>
it's not a file server.
No, it should not. It *can*, but it should not. Remember, it's a big fat
shared workstation and has enough to do. Your rebooting it shouldn't hurt or
affect anything other than disrupting the remote users - leave it to do its
job.
>
>
I am somewhat confused that you need to use a different path for the
>
TS profile? You don't use the same profile folder to logon through
>
TS? I have TS installed on a test server and haven't seen any
>
options that indicates a profile path.
If your user object in ADUC has a roaming profile path, you'll eventually
run into problems if you log into a TS session and don't have a totally
different TS path defined as well. Don't risk it.
>
>
A good article, link or book would be helpful to understand some of
>
these things.
The TS group gurus may have more advice on that front - I don't, really.
You're going to want to ask for help with the correct group policy settings
(loopback processing) on the box. I'm no expert, sadly.
<snip>
HOW TO USE USENET
You might want to consider using a news client, such as Forte Agent,
Thunderbird, or even Outlook Express, rather than the pretty clunky web
interface to the newsgroups. I's a lot easier to do nearly everything that
way. You can mark messages to be watched, filter the views so you can see
replies to your posts easily, and search.
The Microsoft public news server is msnews.microsoft.com and you can
subscribe to as many groups as you like; no authentication is required.
The following is from a post by MVP Malke ...
-------------------------------------------------------
Here's information on Usenet and using a newsreader:
http://www.elephantboycomputers.com/page3.html#12-09-02 - a brief
explanation of newsgroups
http://michaelstevenstech.com/outlo...ssnewreader.htm
http://rickrogers.org/setupoe.htm
http://support.microsoft.com/defaul...wto/default.asp
-
Set Up Newsreader
http://www.dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
http://aumha.org/nntp.htm - list of MS newsgroups
microsoft.public.test.here - MS group to test if your newsreader is
working properly
http://www.mailmsg.com/SPAM_munging.htm - how to munge email address
http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting vs.
crossposting
Some newsreaders for Windows
http://www.forteinc.com/agent/index.php - for Forte
http://www.mozilla.org (Thunderbird does newsgroups)
http://gravity.tbates.org/
-------------------------------------
Top
From:
pete0085
<pete0085@discussions.microsoft.com>
To:
none
Subject:
Re: user settings not being saved
Date:
09/25/2007
14:58:00
Thanks for the info. I am doing some research on terminal services and
admit
I
am confused about quite a few things. Happen to have a good link that goes
into detail of how to set everything up correctly?
I
posted this question over in the TS group, does the server need to be a
dedicated server or could it host another application as long as it's not a
file server.
I
am somewhat confused that you need to use a different path for the TS
profile? You don't use the same profile folder to logon through TS?
I have
TS installed on a test server and haven't seen any options that indicates a
profile path.
A
good article, link or book would be helpful to understand some of these
things.
"Lanwench [MVP - Exchange]" wrote:
>
pete0085 <pete0085@discussions.microsoft.com> wrote:
>
> There are not any servers on that side.
>
>
If you don't even have a domain controller there, in its own AD site/subnet,
>
then this is all just going to pretty much suck overall, I'm afraid. I
>
would use a terminal server.
>
>
> Even if there was, the
>
> difficulty would be not all the same users work at that location. It
>
> varies on a week by week basis.
>
>
>
> That would help with the slow logon time, but there are other issues,
>
> mainly accessing resources /applications over the network which can
>
> be very slow.
>
>
>
> We do use folder redirection which greatly helps logon times.
>
>
Sure, but if you have your users' folders redirected to a server located on
>
the other side of a slow WAN link, I can't imagine what the performance must
>
be like. You wouldn't be able to get away with that for Application Data,
>
certainly.
>
>
>
>
> We are a smaller company with a smaller budget. I have looked into a
>
> terminal server.
>
>
That's the only way to go here, in my opinion. If you've got Exchange
>
2003/2007, your users can still use their local Outlook (RPC over HTTP).
>
>
> Estimated the max of 12 users would access it at
>
> any one time with a total of 20 different users. I will talk to my
>
> supervisor regarding this as it may be a better solution to accessing
>
> applications and resources over the network.
>
>
Great. Try posting in m.p.windows.terminal_services for help spec'ing out
>
your hardware. You'll want to mention what applications your users need to
>
use. Note that this server should be a member server in the domain, and have
>
no other roles (no data should be stored on it, etc). Lock it down tightly
>
via group policy, too.
>
>
>
> Can you have folder redirection without roaming profiles?
>
>
Sure. A lot of companies don't use roaming profiles.
>
>
> It was my
>
> understanding you need a folder in the roaming profile to redirect
>
> from.
>
>
Nope. You would never redirect anything *to* the folder holding the roaming
>
profile anyway....it would defeat the purpose of redirection.
>
>
> If you set a policy to redirect the desktop, app data, etc, if
>
> there is no folder in the profile folder, how does this work?
>
>
Ah, but there is a folder in the profile folder - each user will still have
>
a local profile on the Windows workstation.
>
>
In the example below, if you have a folder called users, shared as users$
>
(the $ makes it hidden...) you could use:
>
>
\\server\users$\%username%\My Documents,
>
\\server\users$\%username%\Desktop,
>
\\server\users$\%username%\Application Data.
>
>
You would absolutely want to use the same folder redirection when you use a
>
terminal server, note.
>
>
Since you have roaming profile paths defined in each user's ADUC properties,
>
you must use a *different* path for their TS profiles:
>
>
If you use \\server\profiles$\%username% for your regular roaming profiles,
>
you would want to use something like \\server\tsprofiles$\%username% for the
>
same user's terminal services profile.
>
>
Never mix and match them, ever. Since you'll be redirecting the important
>
folders anyway, they shouldn't not notice much of a difference.
>
>
>
> "Lanwench [MVP - Exchange]" wrote:
>
>
>
>> pete0085 <pete0085@discussions.microsoft.com> wrote:
>
>>> It's a different computer in a different building over a T1 link.
>
>>
>
>> Then forget using a roaming profile for these users unless you
>
>> specify a path
>
>> to a server on *that* side.
>
>>
>
>>> The
>
>>> network is slow, but there isnt' anything we can do for the other 2
>
>>> branches. I admit the logon times can take up to 10 minutes for some
>
>>> and that's not much fun.
>
>>
>
>> In your situation, I would simply ditch the roaming profiles!
>
>> They're great sometimes, but they are not always suitable. DFS is
>
>> another option, but I'm not sure how well that's going to work nor
>
>> what your budget & current hardware allocationare.
>
>>
>
>> Instead of roaming profileds, use folder redirection (to local
>
>> servers whenever possible....) for My Documents, Desktop,
>
>> Application Data. If you use Outlook 2007 against Exchange server,
>
>> it will autoconfigure the Outlook profile (or you can look into
>
>> profile generation utilities so your login script does this).
>
>>
>
>>>
>
>>> There haven't been any errors in event log. That's the first thing
>
>>> I checked. Sometimes the uphclean tool gives me a message in event
>
>>> viewer that the profile was remapped.
>
>>>
>
>>> Our users often move between 3 diff locations and don't work at the
>
>>> same computer, so we need to use roaming profiles.
>
>>
>
>> Have you thought about implementing Terminal Services in the main
>
>> office instead?
>
>>
>
>>> The
>
>>> administrative overhead of logging on as each user and creating
>
>>> their desktop everytime for every pc they would be working at was
>
>>> too much and too often they would logon somewhere and not have any
>
>>> applications they needed and their outlook was not setup.
>
>>>
>
>>> If you know of a better way to do this over a T1 link I would like
>
>>> to hear your ideas. Roaming profiles makes everything easier,
>
>>> excpet the logon time can be ridiculous for some users.
>
>>
>
>> I can't see how they put up with it.
>
>>>
>
>>> I don't know if this is why the settings are resetting, but they
>
>>> don't do it for anyone else.
>
>>
>
>> You're just lucky, honestly.
>
>>>
>
>>> If I were to recreate their ntuser files, would I need to delete
>
>>> those files off all the workstations or would the server copy over
>
>>> the update ntuser files to the cached copy on the workstation.
>
>>
>
>> The latter, but there's no "recreate" here.....
>
>>>
>
>>> "Lanwench [MVP - Exchange]" wrote:
>
>>>
>
>>>> pete0085 <pete0085@discussions.microsoft.com> wrote:
>
>>>>> There is a somewhat weird issue with one user where the settings
>
>>>>> are not being saved when roaming between locations
>
>>>>
>
>>>> When you say "locations" what do you mean? Different computers on
>
>>>> the same LAN, or a computer in an entirely different
>
>>>> building/location/WAN-connected network? If the latter, roaming
>
>>>> profiles will not be fun and I'd avoid using them.
>
>>>>
>
>>>>> using roaming profiles.
>
>>>>>
>
>>>>> Normally the folder view will revert back to icons instead of by
>
>>>>> list and the outlook signature will not be saved. They have to
>
>>>>> add the signature everytime they go to a different location and
>
>>>>> also add it when they move back to their normal location.
>
>>>>>
>
>>>>> As far as I know that's the 2 things being affected, there are
>
>>>>> probably more.
>
>>>>
>
>>>> Event log errors?
>
>>>> RSOP.msc errors?
>
>>>>>
>
>>>>> I know the user doesn't have a man. profile.
>
>>>>>
>
>>>>> Any ideas to what is causing this and how to fix it??
>
>>>>
>
>>>> You might try posting in m.p.windows.server.active_directory as
>
>>>> this likely isn't a group policy issue per se. However, here's my
>
>>>> boilerplate on roaming profiles.
>
>>>>
>
>>>> General tips:
>
>>>>
>
>>>> 1. Set up a share on the server. For example - d:\profiles, shared
>
>>>> as profiles$ to make it hidden from browsing. Make sure this share
>
>>>> is *not* set to allow offline files/caching! (that's on by default
>
>>>> - disable it)
>
>>>>
>
>>>> 2. Make sure the share permissions on profiles$ indicate
>
>>>> everyone=full control. Set the NTFS security to administrators,
>
>>>> system, and users=full control.
>
>>>>
>
>>>> 3. In the users' ADUC properties, specify
>
>>>> \\server\profiles$\%username% in the profiles field
>
>>>>
>
>>>> 4. Have each user log into the domain once from their usual
>
>>>> workstation (where their existing profile lives) and log out. The
>
>>>> profile is now roaming.
>
>>>>
>
>>>> 5. If you want the administrators group to automatically have
>
>>>> permissions to the profiles folders, you'll need to make the
>
>>>> appropriate change in group policy. Look in computer
>
>>>> configuration/administrative templates/system/user profiles -
>
>>>> there's an option to add administrators group to the roaming
>
>>>> profiles permissions.
>
>>>>
>
>>>> Notes:
>
>>>>
>
>>>> * Make sure users understand that they should not log into multiple
>
>>>> computers at the same time when they have roaming profiles (unless
>
>>>> you make the profiles mandatory by renaming ntuser.dat to
>
>>>> ntuser.man so they can't change them). Explain that the
>
>>>> last one out wins,
>
>>>> when it comes to uploading the final, changed copy of the profile.
>
>>>>
>
>>>> * Keep your profiles TINY. Via group policy, redirect My Documents
>
>>>> at the very least - to a subfolder of the user's home directory or
>
>>>> user folder. Also consider redirecting Desktop & Application Data
>
>>>> similarly..... so the user will have:
>
>>>>
>
>>>> \\server\home$\%username%\My Documents
>
>>>> \\server\home$\%username%\Desktop,
>
>>>> \\server\home$\%username%\Application Data.
>
>>>>
>
>>>> Alternatively, just manually re-target My Documents to
>
>>>> \\server\home$\%username% (this is not optimal, however.)
>
>>>>
>
>>>> If you aren't going to also redirect the desktop using policies,
>
>>>> tell users that
>
>>>> they are not to store any files on the desktop or you will beat
>
>>>> them with a stick. Big profile=slow login/logout, and possible
>
>>>> profile corruption.
>
>>>>
>
>>>> * Note that user profiles are not compatible between different OS
>
>>>> versions, even between W2k/XP. Keep all your computers. Keep your
>
>>>> workstations as identical as possible - meaning, OS version is the
>
>>>> same, SP level is the same, app load is (as much as possible) the
>
>>>> same.
>
>>>>
>
>>>> * Do not let people store any data locally - all data belongs on
>
>>>> the server.
>
>>>>
>
>>>> * The User Profile Hive Cleanup Utility should be running on all
>
>>>> your computers. You can download it here:
>
>>>>
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
>
>
>
>
Top
From:
Lanwench [MVP - Exchange]
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com>
To:
none
Subject:
Re: user settings not being saved
Date:
09/25/2007
13:14:36
pete0085 <pete0085@discussions.microsoft.com> wrote:
>
There are not any servers on that side.
If you don't even have a domain controller there, in its own AD site/subnet,
then this is all just going to pretty much suck overall, I'm afraid. I
would use a terminal server.
>
Even if there was, the
>
difficulty would be not all the same users work at that location. It
>
varies on a week by week basis.
>
>
That would help with the slow logon time, but there are other issues,
>
mainly accessing resources /applications over the network which can
>
be very slow.
>
>
We do use folder redirection which greatly helps logon times.
Sure, but if you have your users' folders redirected to a server located on
the other side of a slow WAN link, I can't imagine what the performance must
be like. You wouldn't be able to get away with that for Application Data,
certainly.
>
>
We are a smaller company with a smaller budget. I have looked into a
>
terminal server.
That's the only way to go here, in my opinion. If you've got Exchange
2003/2007, your users can still use their local Outlook (RPC over HTTP).
>
Estimated the max of 12 users would access it at
>
any one time with a total of 20 different users. I will talk to my
>
supervisor regarding this as it may be a better solution to accessing
>
applications and resources over the network.
Great. Try posting in m.p.windows.terminal_services for help spec'ing out
your hardware. You'll want to mention what applications your users need to
use. Note that this server should be a member server in the domain, and have
no other roles (no data should be stored on it, etc). Lock it down tightly
via group policy, too.
>
>
Can you have folder redirection without roaming profiles?
Sure. A lot of companies don't use roaming profiles.
>
It was my
>
understanding you need a folder in the roaming profile to redirect
>
from.
Nope. You would never redirect anything *to* the folder holding the roaming
profile anyway....it would defeat the purpose of redirection.
>
If you set a policy to redirect the desktop, app data, etc, if
>
there is no folder in the profile folder, how does this work?
Ah, but there is a folder in the profile folder - each user will still have
a
local profile on the Windows workstation.
In the example below, if you have a folder called users, shared as users$
(the $ makes it hidden...) you could use:
\\server\users$\%username%\My Documents,
\\server\users$\%username%\Desktop,
\\server\users$\%username%\Application Data.
You would absolutely want to use the same folder redirection when you use a
terminal server, note.
Since you have roaming profile paths defined in each user's ADUC properties,
you must use a *different* path for their TS profiles:
If you use \\server\profiles$\%username% for your regular roaming profiles,
you would want to use something like \\server\tsprofiles$\%username% for the
same user's terminal services profile.
Never mix and match them, ever. Since you'll be redirecting the important
folders anyway, they shouldn't not notice much of a difference.
>
"Lanwench [MVP - Exchange]" wrote:
>
>> pete0085 <pete0085@discussions.microsoft.com> wrote:
>>> It's a different computer in a different building over a T1 link.
>>
>> Then forget using a roaming profile for these users unless you
>> specify a path
>> to a server on *that* side.
>>
>>> The
>>> network is slow, but there isnt' anything we can do for the other 2
>>> branches. I admit the logon times can take up to 10 minutes for some
>>> and that's not much fun.
>>
>> In your situation, I would simply ditch the roaming profiles!
>> They're great sometimes, but they are not always suitable. DFS is
>> another option, but I'm not sure how well that's going to work nor
>> what your budget & current hardware allocationare.
>>
>> Instead of roaming profileds, use folder redirection (to local
>> servers whenever possible....) for My Documents, Desktop,
>> Application Data. If you use Outlook 2007 against Exchange server,
>> it will autoconfigure the Outlook profile (or you can look into
>> profile generation utilities so your login script does this).
>>
>>>
>>> There haven't been any errors in event log. That's the first thing
>>> I checked. Sometimes the uphclean tool gives me a message in event
>>> viewer that the profile was remapped.
>>>
>>> Our users often move between 3 diff locations and don't work at the
>>> same computer, so we need to use roaming profiles.
>>
>> Have you thought about implementing Terminal Services in the main
>> office instead?
>>
>>> The
>>> administrative overhead of logging on as each user and creating
>>> their desktop everytime for every pc they would be working at was
>>> too much and too often they would logon somewhere and not have any
>>> applications they needed and their outlook was not setup.
>>>
>>> If you know of a better way to do this over a T1 link I would like
>>> to hear your ideas. Roaming profiles makes everything easier,
>>> excpet the logon time can be ridiculous for some users.
>>
>> I can't see how they put up with it.
>>>
>>> I don't know if this is why the settings are resetting, but they
>>> don't do it for anyone else.
>>
>> You're just lucky, honestly.
>>>
>>> If I were to recreate their ntuser files, would I need to delete
>>> those files off all the workstations or would the server copy over
>>> the update ntuser files to the cached copy on the workstation.
>>
>> The latter, but there's no "recreate" here.....
>>>
>>> "Lanwench [MVP - Exchange]" wrote:
>>>
>>>> pete0085 <pete0085@discussions.microsoft.com> wrote:
>>>>> There is a somewhat weird issue with one user where the settings
>>>>> are not being saved when roaming between locations
>>>>
>>>> When you say "locations" what do you mean? Different computers on
>>>> the same LAN, or a computer in an entirely different
>>>> building/location/WAN-connected network? If the latter, roaming
>>>> profiles will not be fun and I'd avoid using them.
>>>>
>>>>> using roaming profiles.
>>>>>
>>>>> Normally the folder view will revert back to icons instead of by
>>>>> list and the outlook signature will not be saved. They have to
>>>>> add the signature everytime they go to a different location and
>>>>> also add it when they move back to their normal location.
>>>>>
>>>>> As far as I know that's the 2 things being affected, there are
>>>>> probably more.
>>>>
>>>> Event log errors?
>>>> RSOP.msc errors?
>>>>>
>>>>> I know the user doesn't have a man. profile.
>>>>>
>>>>> Any ideas to what is causing this and how to fix it??
>>>>
>>>> You might try posting in m.p.windows.server.active_directory as
>>>> this likely isn't a group policy issue per se. However, here's my
>>>> boilerplate on roaming profiles.
>>>>
>>>> General tips:
>>>>
>>>> 1. Set up a share on the server. For example - d:\profiles, shared
>>>> as profiles$ to make it hidden from browsing. Make sure this share
>>>> is *not* set to allow offline files/caching! (that's on by default
>>>> - disable it)
>>>>
>>>> 2. Make sure the share permissions on profiles$ indicate
>>>> everyone=full control. Set the NTFS security to administrators,
>>>> system, and users=full control.
>>>>
>>>> 3. In the users' ADUC properties, specify
>>>> \\server\profiles$\%username% in the profiles field
>>>>
>>>> 4. Have each user log into the domain once from their usual
>>>> workstation (where their existing profile lives) and log out. The
>>>> profile is now roaming.
>>>>
>>>> 5. If you want the administrators group to automatically have
>>>> permissions to the profiles folders, you'll need to make the
>>>> appropriate change in group policy. Look in computer
>>>> configuration/administrative templates/system/user profiles -
>>>> there's an option to add administrators group to the roaming
>>>> profiles permissions.
>>>>
>>>> Notes:
>>>>
>>>> * Make sure users understand that they should not log into multiple
>>>> computers at the same time when they have roaming profiles (unless
>>>> you make the profiles mandatory by renaming ntuser.dat to
>>>> ntuser.man so they can't change them). Explain that the
>>>> last one out wins,
>>>> when it comes to uploading the final, changed copy of the profile.
>>>>
>>>> * Keep your profiles TINY. Via group policy, redirect My Documents
>>>> at the very least - to a subfolder of the user's home directory or
>>>> user folder. Also consider redirecting Desktop & Application Data
>>>> similarly..... so the user will have:
>>>>
>>>> \\server\home$\%username%\My Documents
>>>> \\server\home$\%username%\Desktop,
>>>> \\server\home$\%username%\Application Data.
>>>>
>>>> Alternatively, just manually re-target My Documents to
>>>> \\server\home$\%username% (this is not optimal, however.)
>>>>
>>>> If you aren't going to also redirect the desktop using policies,
>>>> tell users that
>>>> they are not to store any files on the desktop or you will beat
>>>> them with a stick. Big profile=slow login/logout, and possible
>>>> profile corruption.
>>>>
>>>> * Note that user profiles are not compatible between different OS
>>>> versions, even between W2k/XP. Keep all your computers. Keep your
>>>> workstations as identical as possible - meaning, OS version is the
>>>> same, SP level is the same, app load is (as much as possible) the
>>>> same.
>>>>
>>>> * Do not let people store any data locally - all data belongs on
>>>> the server.
>>>>
>>>> * The User Profile Hive Cleanup Utility should be running on all
>>>> your computers. You can download it here:
>>>>
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
Top
From:
pete0085
<pete0085@discussions.microsoft.com>
To:
none
Subject:
Re: user settings not being saved
Date:
09/24/2007
15:42:04
There are not any servers on that side. Even if there was, the difficulty
would be not all the same users work at that location. It varies on a week
by week basis.
That would help with the slow logon time, but there are other issues, mainly
accessing resources /applications over the network which can be very slow.
We do use folder redirection which greatly helps logon times.
We are a smaller company with a smaller budget. I have looked into a
terminal server. Estimated the max of 12 users would access it at any one
time with a total of 20 different users. I will talk to my supervisor
regarding this as it may be a better solution to accessing applications and
resources over the network.
Can you have folder redirection without roaming profiles? It was my
understanding you need a folder in the roaming profile to redirect from.
If
you set a policy to redirect the desktop, app data, etc, if there is no
folder in the profile folder, how does this work?
"Lanwench [MVP - Exchange]" wrote:
>
pete0085 <pete0085@discussions.microsoft.com> wrote:
>
> It's a different computer in a different building over a T1 link.
>
>
Then forget using a roaming profile for these users unless you specify a
>
path
>
to a server on *that* side.
>
>
> The
>
> network is slow, but there isnt' anything we can do for the other 2
>
> branches. I admit the logon times can take up to 10 minutes for some
>
> and that's not much fun.
>
>
In your situation, I would simply ditch the roaming profiles! They're great
>
sometimes, but they are not always suitable. DFS is another option, but I'm
>
not sure how well that's going to work nor what your budget & current
>
hardware allocationare.
>
>
Instead of roaming profileds, use folder redirection (to local servers
>
whenever possible....) for My Documents, Desktop, Application Data. If you
>
use Outlook 2007 against Exchange server, it will autoconfigure the Outlook
>
profile (or you can look into profile generation utilities so your login
>
script does this).
>
>
>
>
> There haven't been any errors in event log. That's the first thing I
>
> checked. Sometimes the uphclean tool gives me a message in event
>
> viewer that the profile was remapped.
>
>
>
> Our users often move between 3 diff locations and don't work at the
>
> same computer, so we need to use roaming profiles.
>
>
Have you thought about implementing Terminal Services in the main office
>
instead?
>
>
> The
>
> administrative overhead of logging on as each user and creating their
>
> desktop everytime for every pc they would be working at was too much
>
> and too often they would logon somewhere and not have any
>
> applications they needed and their outlook was not setup.
>
>
>
> If you know of a better way to do this over a T1 link I would like to
>
> hear your ideas. Roaming profiles makes everything easier, excpet
>
> the logon time can be ridiculous for some users.
>
>
I can't see how they put up with it.
>
>
>
> I don't know if this is why the settings are resetting, but they
>
> don't do it for anyone else.
>
>
You're just lucky, honestly.
>
>
>
> If I were to recreate their ntuser files, would I need to delete
>
> those files off all the workstations or would the server copy over
>
> the update ntuser files to the cached copy on the workstation.
>
>
The latter, but there's no "recreate" here.....
>
>
>
> "Lanwench [MVP - Exchange]" wrote:
>
>
>
>> pete0085 <pete0085@discussions.microsoft.com> wrote:
>
>>> There is a somewhat weird issue with one user where the settings are
>
>>> not being saved when roaming between locations
>
>>
>
>> When you say "locations" what do you mean? Different computers on
>
>> the same LAN, or a computer in an entirely different
>
>> building/location/WAN-connected network? If the latter, roaming
>
>> profiles will not be fun and I'd avoid using them.
>
>>
>
>>> using roaming profiles.
>
>>>
>
>>> Normally the folder view will revert back to icons instead of by
>
>>> list and the outlook signature will not be saved. They have to add
>
>>> the signature everytime they go to a different location and also
>
>>> add it when they move back to their normal location.
>
>>>
>
>>> As far as I know that's the 2 things being affected, there are
>
>>> probably more.
>
>>
>
>> Event log errors?
>
>> RSOP.msc errors?
>
>>>
>
>>> I know the user doesn't have a man. profile.
>
>>>
>
>>> Any ideas to what is causing this and how to fix it??
>
>>
>
>> You might try posting in m.p.windows.server.active_directory as this
>
>> likely isn't a group policy issue per se. However, here's my
>
>> boilerplate on roaming profiles.
>
>>
>
>> General tips:
>
>>
>
>> 1. Set up a share on the server. For example - d:\profiles, shared as
>
>> profiles$ to make it hidden from browsing. Make sure this share is
>
>> *not* set to allow offline files/caching! (that's on by default -
>
>> disable it)
>
>>
>
>> 2. Make sure the share permissions on profiles$ indicate
>
>> everyone=full control. Set the NTFS security to administrators,
>
>> system, and users=full control.
>
>>
>
>> 3. In the users' ADUC properties, specify
>
>> \\server\profiles$\%username% in the profiles field
>
>>
>
>> 4. Have each user log into the domain once from their usual
>
>> workstation (where their existing profile lives) and log out. The
>
>> profile is now roaming.
>
>>
>
>> 5. If you want the administrators group to automatically have
>
>> permissions to the profiles folders, you'll need to make the
>
>> appropriate change in group policy. Look in computer
>
>> configuration/administrative templates/system/user profiles -
>
>> there's an option to add administrators group to the roaming
>
>> profiles permissions.
>
>>
>
>> Notes:
>
>>
>
>> * Make sure users understand that they should not log into multiple
>
>> computers at the same time when they have roaming profiles (unless
>
>> you make the profiles mandatory by renaming ntuser.dat to ntuser.man
>
>> so they can't change them). Explain that the
>
>> last one out wins,
>
>> when it comes to uploading the final, changed copy of the profile.
>
>>
>
>> * Keep your profiles TINY. Via group policy, redirect My Documents
>
>> at the very least - to a subfolder of the user's home directory or
>
>> user folder. Also consider redirecting Desktop & Application Data
>
>> similarly..... so the user will have:
>
>>
>
>> \\server\home$\%username%\My Documents
>
>> \\server\home$\%username%\Desktop,
>
>> \\server\home$\%username%\Application Data.
>
>>
>
>> Alternatively, just manually re-target My Documents to
>
>> \\server\home$\%username% (this is not optimal, however.)
>
>>
>
>> If you aren't going to also redirect the desktop using policies,
>
>> tell users that
>
>> they are not to store any files on the desktop or you will beat them
>
>> with a stick. Big profile=slow login/logout, and possible profile
>
>> corruption.
>
>>
>
>> * Note that user profiles are not compatible between different OS
>
>> versions, even between W2k/XP. Keep all your computers. Keep your
>
>> workstations as identical as possible - meaning, OS version is the
>
>> same, SP level is the same, app load is (as much as possible) the
>
>> same.
>
>>
>
>> * Do not let people store any data locally - all data belongs on the
>
>> server.
>
>>
>
>> * The User Profile Hive Cleanup Utility should be running on all your
>
>> computers. You can download it here:
>
>>
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
>
>
>
>
>
Top
From:
Lanwench [MVP - Exchange]
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com>
To:
none
Subject:
Re: user settings not being saved
Date:
09/24/2007
10:55:44
pete0085 <pete0085@discussions.microsoft.com> wrote:
>
It's a different computer in a different building over a T1 link.
Then forget using a roaming profile for these users unless you specify a
path
to a server on *that* side.
>
The
>
network is slow, but there isnt' anything we can do for the other 2
>
branches. I admit the logon times can take up to 10 minutes for some
>
and that's not much fun.
In your situation, I would simply ditch the roaming profiles! They're great
sometimes, but they are not always suitable. DFS is another option, but I'm
not sure how well that's going to work nor what your budget & current
hardware allocationare.
Instead of roaming profileds, use folder redirection (to local servers
whenever possible....) for My Documents, Desktop, Application Data. If you
use Outlook 2007 against Exchange server, it will autoconfigure the Outlook
profile (or you can look into profile generation utilities so your login
script does this).
>
>
There haven't been any errors in event log. That's the first thing I
>
checked. Sometimes the uphclean tool gives me a message in event
>
viewer that the profile was remapped.
>
>
Our users often move between 3 diff locations and don't work at the
>
same computer, so we need to use roaming profiles.
Have you thought about implementing Terminal Services in the main office
instead?
>
The
>
administrative overhead of logging on as each user and creating their
>
desktop everytime for every pc they would be working at was too much
>
and too often they would logon somewhere and not have any
>
applications they needed and their outlook was not setup.
>
>
If you know of a better way to do this over a T1 link I would like to
>
hear your ideas. Roaming profiles makes everything easier, excpet
>
the logon time can be ridiculous for some users.
I
can't see how they put up with it.
>
>
I don't know if this is why the settings are resetting, but they
>
don't do it for anyone else.
You're just lucky, honestly.
>
>
If I were to recreate their ntuser files, would I need to delete
>
those files off all the workstations or would the server copy over
>
the update ntuser files to the cached copy on the workstation.
The latter, but there's no "recreate" here.....
>
>
"Lanwench [MVP - Exchange]" wrote:
>
>> pete0085 <pete0085@discussions.microsoft.com> wrote:
>>> There is a somewhat weird issue with one user where the settings are
>>> not being saved when roaming between locations
>>
>> When you say "locations" what do you mean? Different computers on
>> the same LAN, or a computer in an entirely different
>> building/location/WAN-connected network? If the latter, roaming
>> profiles will not be fun and I'd avoid using them.
>>
>>> using roaming profiles.
>>>
>>> Normally the folder view will revert back to icons instead of by
>>> list and the outlook signature will not be saved. They have to add
>>> the signature everytime they go to a different location and also
>>> add it when they move back to their normal location.
>>>
>>> As far as I know that's the 2 things being affected, there are
>>> probably more.
>>
>> Event log errors?
>> RSOP.msc errors?
>>>
>>> I know the user doesn't have a man. profile.
>>>
>>> Any ideas to what is causing this and how to fix it??
>>
>> You might try posting in m.p.windows.server.active_directory as this
>> likely isn't a group policy issue per se. However, here's my
>> boilerplate on roaming profiles.
>>
>> General tips:
>>
>> 1. Set up a share on the server. For example - d:\profiles, shared as
>> profiles$ to make it hidden from browsing. Make sure this share is
>> *not* set to allow offline files/caching! (that's on by default -
>> disable it)
>>
>> 2. Make sure the share permissions on profiles$ indicate
>> everyone=full control. Set the NTFS security to administrators,
>> system, and users=full control.
>>
>> 3. In the users' ADUC properties, specify
>> \\server\profiles$\%username% in the profiles field
>>
>> 4. Have each user log into the domain once from their usual
>> workstation (where their existing profile lives) and log out. The
>> profile is now roaming.
>>
>> 5. If you want the administrators group to automatically have
>> permissions to the profiles folders, you'll need to make the
>> appropriate change in group policy. Look in computer
>> configuration/administrative templates/system/user profiles -
>> there's an option to add administrators group to the roaming
>> profiles permissions.
>>
>> Notes:
>>
>> * Make sure users understand that they should not log into multiple
>> computers at the same time when they have roaming profiles (unless
>> you make the profiles mandatory by renaming ntuser.dat to ntuser.man
>> so they can't change them). Explain that the
>> last one out wins,
>> when it comes to uploading the final, changed copy of the profile.
>>
>> * Keep your profiles TINY. Via group policy, redirect My Documents
>> at the very least - to a subfolder of the user's home directory or
>> user folder. Also consider redirecting Desktop & Application Data
>> similarly..... so the user will have:
>>
>> \\server\home$\%username%\My Documents
>> \\server\home$\%username%\Desktop,
>> \\server\home$\%username%\Application Data.
>>
>> Alternatively, just manually re-target My Documents to
>> \\server\home$\%username% (this is not optimal, however.)
>>
>> If you aren't going to also redirect the desktop using policies,
>> tell users that
>> they are not to store any files on the desktop or you will beat them
>> with a stick. Big profile=slow login/logout, and possible profile
>> corruption.
>>
>> * Note that user profiles are not compatible between different OS
>> versions, even between W2k/XP. Keep all your computers. Keep your
>> workstations as identical as possible - meaning, OS version is the
>> same, SP level is the same, app load is (as much as possible) the
>> same.
>>
>> * Do not let people store any data locally - all data belongs on the
>> server.
>>
>> * The User Profile Hive Cleanup Utility should be running on all your
>> computers. You can download it here:
>>
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
Top
From:
pete0085
<pete0085@discussions.microsoft.com>
To:
none
Subject:
Re: user settings not being saved
Date:
09/23/2007
15:14:09
It's a different computer in a different building over a T1 link. The
network is slow, but there isnt' anything we can do for the other 2 branches.
I
admit the logon times can take up to 10 minutes for some and that's not
much fun.
There haven't been any errors in event log. That's the first thing I
checked. Sometimes the uphclean tool gives me a message in event viewer
that
the profile was remapped.
Our users often move between 3 diff locations and don't work at the same
computer, so we need to use roaming profiles. The administrative overhead
of
logging on as each user and creating their desktop everytime for every pc
they would be working at was too much and too often they would logon
somewhere and not have any applications they needed and their outlook was not
setup.
If you know of a better way to do this over a T1 link I would like to hear
your ideas. Roaming profiles makes everything easier, excpet the logon
time
can be ridiculous for some users.
I
don't know if this is why the settings are resetting, but they don't do it
for anyone else.
If I were to recreate their ntuser files, would I need to delete those files
off all the workstations or would the server copy over the update ntuser
files to the cached copy on the workstation.
"Lanwench [MVP - Exchange]" wrote:
>
pete0085 <pete0085@discussions.microsoft.com> wrote:
>
> There is a somewhat weird issue with one user where the settings are
>
> not being saved when roaming between locations
>
>
When you say "locations" what do you mean? Different computers on the same
>
LAN, or a computer in an entirely different building/location/WAN-connected
>
network? If the latter, roaming profiles will not be fun and I'd avoid using
>
them.
>
>
> using roaming profiles.
>
>
>
> Normally the folder view will revert back to icons instead of by list
>
> and the outlook signature will not be saved. They have to add the
>
> signature everytime they go to a different location and also add it
>
> when they move back to their normal location.
>
>
>
> As far as I know that's the 2 things being affected, there are
>
> probably more.
>
>
Event log errors?
>
RSOP.msc errors?
>
>
>
> I know the user doesn't have a man. profile.
>
>
>
> Any ideas to what is causing this and how to fix it??
>
>
You might try posting in m.p.windows.server.active_directory as this likely
>
isn't a group policy issue per se. However, here's my boilerplate on
>
roaming profiles.
>
>
General tips:
>
>
1. Set up a share on the server. For example - d:\profiles, shared as
>
profiles$ to make it hidden from browsing. Make sure this share is *not* set
>
to allow offline files/caching! (that's on by default - disable it)
>
>
2. Make sure the share permissions on profiles$ indicate everyone=full
>
control. Set the NTFS security to administrators, system, and users=full
>
control.
>
>
3. In the users' ADUC properties, specify \\server\profiles$\%username% in
>
the profiles field
>
>
4. Have each user log into the domain once from their usual workstation
>
(where their existing profile lives) and log out. The profile is now
>
roaming.
>
>
5. If you want the administrators group to automatically have permissions to
>
the profiles folders, you'll need to make the appropriate change in group
>
policy. Look in computer configuration/administrative templates/system/user
>
profiles - there's an option to add administrators group to the roaming
>
profiles permissions.
>
>
Notes:
>
>
* Make sure users understand that they should not log into multiple
>
computers at the same time when they have roaming profiles (unless you make
>
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
>
change them). Explain that the
>
last one out wins,
>
when it comes to uploading the final, changed copy of the profile.
>
>
* Keep your profiles TINY. Via group policy, redirect My Documents at the
>
very least - to a subfolder of the user's home directory or user folder.
>
Also consider redirecting Desktop & Application Data similarly..... so the
>
user will have:
>
>
\\server\home$\%username%\My Documents
>
\\server\home$\%username%\Desktop,
>
\\server\home$\%username%\Application Data.
>
>
Alternatively, just manually re-target My Documents to
>
\\server\home$\%username% (this is not optimal, however.)
>
>
If you aren't going to also redirect the desktop using policies, tell users
>
that
>
they are not to store any files on the desktop or you will beat them with a
>
stick. Big profile=slow login/logout, and possible profile corruption.
>
>
* Note that user profiles are not compatible between different OS versions,
>
even between W2k/XP. Keep all your computers. Keep your workstations as
>
identical as possible - meaning, OS version is the same, SP level is the
>
same, app load is (as much as possible) the same.
>
>
* Do not let people store any data locally - all data belongs on the server.
>
>
* The User Profile Hive Cleanup Utility should be running on all your
>
computers. You can download it here:
>
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
>
>
>
Top
From:
Lanwench [MVP - Exchange]
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com>
To:
none
Subject:
Re: user settings not being saved
Date:
09/23/2007
09:54:49
pete0085 <pete0085@discussions.microsoft.com> wrote:
>
There is a somewhat weird issue with one user where the settings are
>
not being saved when roaming between locations
When you say "locations" what do you mean? Different computers on the same
LAN, or a computer in an entirely different building/location/WAN-connected
network? If the latter, roaming profiles will not be fun and I'd avoid using
them.
>
using roaming profiles.
>
>
Normally the folder view will revert back to icons instead of by list
>
and the outlook signature will not be saved. They have to add the
>
signature everytime they go to a different location and also add it
>
when they move back to their normal location.
>
>
As far as I know that's the 2 things being affected, there are
>
probably more.
Event log errors?
RSOP.msc errors?
>
>
I know the user doesn't have a man. profile.
>
>
Any ideas to what is causing this and how to fix it??
You might try posting in m.p.windows.server.active_directory as this likely
isn't a group policy issue per se. However, here's my boilerplate on
roaming profiles.
General tips:
1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is *not* set
to allow offline files/caching! (that's on by default - disable it)
2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.
3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field
4. Have each user log into the domain once from their usual workstation
(where their existing profile lives) and log out. The profile is now
roaming.
5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
profiles permissions.
Notes:
*
Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless you make
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
change them). Explain that the
last one out wins,
when it comes to uploading the final, changed copy of the profile.
*
Keep your profiles TINY. Via group policy, redirect My Documents at the
very least - to a subfolder of the user's home directory or user folder.
Also consider redirecting Desktop & Application Data similarly..... so the
user will have:
\\server\home$\%username%\My Documents
\\server\home$\%username%\Desktop,
\\server\home$\%username%\Application Data.
Alternatively, just manually re-target My Documents to
\\server\home$\%username% (this is not optimal, however.)
If you aren't going to also redirect the desktop using policies, tell users
that
they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.
*
Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.
*
Do not let people store any data locally - all data belongs on the server.
*
The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
Top
From:
drdoak
<drdoak@discussions.microsoft.com>
To:
none
Subject:
Re: User rights assigned via Restricted Groups not working entirel
Date:
09/17/2007
06:44:03
There are still groups I want to have in the admin group for every workstation.
Besides, the way I'm doing it seems to add them to the proper groups, it
just only seems to work halfway. What I'd like to know is why that's
happening...
"Anthony" wrote:
>
Yes. It will do that,
>
Anthony.
>
http://www.airdesk.co.uk
>
>
>
"drdoak" <drdoak@discussions.microsoft.com> wrote in message
>
news:AF286710-1DBD-4ABF-BB70-9FC1DBFF7A46@microsoft.com...
>
> The group policy is overwriting anyone we put into the local Admins group.
>
>
>
> "Anthony" wrote:
>
>
>
>> If you have 50 distinct circumstances, don't you have to manage 50
>
>> configurations anyway? You just seem to be managing 50 instances of the
>
>> local group, rather than 50 separate domain goups.
>
>> If you want to do it locally, you just add people to the local admins
>
>> group.
>
>> Anthony
>
>> http://www.airdesk.co.uk
>
>>
>
>>
>
>>
>
>>
>
>>
>
>> "drdoak" <drdoak@discussions.microsoft.com> wrote in message
>
>> news:D1F3BC1D-22BC-487A-9BB9-1DC9BC0DB305@microsoft.com...
>
>> > There can get to be quite a few of these "exceptions" that require us
>
>> > to
>
>> > do
>
>> > this and they all need different users as the admins... I REALLY
don't
>
>> > want
>
>> > to have 50 different OUs and GPOs just for this one purpose.
>
>> >
>
>> > Besides, since it knows which user is in which group, shouldn't the
>
>> > current
>
>> > solution be working?
>
>> >
>
>> > "Anthony" wrote:
>
>> >
>
>> >> What you could do is:
>
>> >> - create a policy that adds a domain group to the local admins group
>
>> >> - apply this policy to the subset of computers where you want it to
>
>> >> apply,
>
>> >> Anthony,
>
>> >> http://www,airdesk.co.uk
>
>> >>
>
>> >>
>
>> >>
>
>> >>
>
>> >> "drdoak" <drdoak@discussions.microsoft.com> wrote in message
>
>> >> news:E057C2F3-8745-41BF-96ED-9AFD460F48DA@microsoft.com...
>
>> >> >I have a GPO that sets the members of the Local Admins group with
>
>> >> >Restricted
>
>> >> > Groups. That part seems to work fine and the service staff is able
>
>> >> > to
>
>> >> > do
>
>> >> > admin related tasks.
>
>> >> >
>
>> >> > We have a need for some users to have administrative access to their
>
>> >> > own
>
>> >> > systems (or a small lab, or whatever). To do this, I went into the
>
>> >> > Restricted Group membership for "Administrators" and added a group
>
>> >> > called
>
>> >> > "LocAd" to "Members of this group." On the workstations that have
>
>> >> > this
>
>> >> > need,
>
>> >> > we manually create a local group called "LocAd." Upon a reboot,
the
>
>> >> > "LocAd"
>
>> >> > group is indeed added to "Administrators." If we don't create a
>
>> >> > "LocAd"
>
>> >> > group on the workstation, then it isn't added and life goes on.
>
>> >> >
>
>> >> > Here's where the fun starts... The users that we add to the local
>
>> >> > LocAd
>
>> >> > group stay in that group. They can access any file that only
admins
>
>> >> > can
>
>> >> > access. BUT, they cannot do anything in Windows that requires
admin
>
>> >> > access.
>
>> >> > No setting the clock, etc...
>
>> >> >
>
>> >> > Obviously they are recognized as being part of the proper groups
>
>> >> > since
>
>> >> > they
>
>> >> > can access/modify files that only admins are allowed to touch.
They
>
>> >> > just
>
>> >> > can't do anything else...
>
>> >> >
>
>> >> > Thoughts?
>
>> >>
>
>> >>
>
>> >>
>
>>
>
>>
>
>>
>
>
>
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Upgrade package in software installation
Date:
09/24/2007
01:10:41
Hello,
Best practices for Group Policy Software Installation
http://technet2.microsoft.com/windowsserver/en/library/5f065962-a6e3-422a-8db7-20a57f40f9f51033.mspx?mfr=true
You should not use the existing GPO but create a new one, see the "Assign or
publish just once per Group Policy object" section
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Fabrussio" <Fabrussio@discussions.microsoft.com> wrote in message
news:8AF703DA-C107-4C5F-B160-510235F0B210@microsoft.com...
>
Are there any negative effects of upgrading an old package with the new
>
(rather than uninstalling) in a Software Installation GPO?
Top
From:
DurgaRao
<ndurgarao@hotmail.com>
To:
Subject:
Re: Unable to set Proxy Settings for IE7 and 2K3
Date:
09/25/2007
06:51:37
Hello Meinolf Weber
I
am sending complete output of gpresult /v and ipconfig /all as an
attachment.
In GPO I changed browser title it is working on client side, but default
home page is about:blank it is not wokring.
Thanks and Regards
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6659fec8c9cd792cf3b269@msnews.microsoft.com...
>
Hello DurgaRao,
>
>
Is that the complete output from gpresult /v? Can you also post an
>
ipconfig
>
/all from the client?
>
>
Best regards
>
>
Meinolf Weber
>
Disclaimer: This posting is provided "AS IS" with no warranties, and
>
confers
>
no rights.
>
>> Hello Meinolf Weber,
>>
>> I checked the group policy with gpresult /v command the output of the
>> command shows
>> Internet Explorer connection :
>> HTTP Proxy Server, Secure Proxy Server, FTP Proxy Server :
>> MyProxyServerAddress:PortNumber,
>> Auto Config Enable: No,
>> Enable Proxy: Yes,
>> Use same Proxy : Yes.
>> But Internet is not connected through proxy.
>> If I configure the same Proxy settings in internet explorer -> tools
>> Menu->Internet Options -> Lan Settings Internet is working without
>> any
>> problem.
>> Thanks and Regards
>>
>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>> news:ff16fb66591a48c9cb8803d17ce1@msnews.microsoft.com...
>>
>>> Hello DurgaRao,
>>>
>>> Did you check with gpresult /v on the client machine that the policy
>>> is applied?
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>>> Hello Meinolf Weber,
>>>>
>>>> I created all users are in different OU's and GPO is linked to that
>>>> OU's and GPO Status is enabled.
>>>>
>>>> Thanks and Regards
>>>>
>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>>>> news:ff16fb66587b38c9ca625a280aa1@msnews.microsoft.com...
>>>>
>>>>> Hello DurgaRao,
>>>>>
>>>>> Did you link the policy to the OU's where the users are?
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers no rights.
>>>>>> Hello all
>>>>>>
>>>>>> I have windows 2003
Enterprise
server with SP2 as a DC and
>>>>>> Windows
>>>>>> XP
>>>>>> with
>>>>>> SP2 as clients to DC, In server and nodes have the IE 7.
>>>>>> Users are created in different OU's and i created a GPO to setup
>>>>>> proxy as
>>>>>> follows
>>>>>> User configuration ->Windows Settings -> Internet Explorer
>>>>>> Maintenance
>>>>>> ->
>>>>>> Proxy Settings -> Enable Proxy (Checked) and given the http
>>>>>> address
>>>>>> and
>>>>>> port.
>>>>>> But in client systems I am unable to browse the intenet.
>>>>>> I checked
>>>>>> HKEY_USERS\Software\Microsot\Windows\Currentversion\Internet
>>>>>> Settings\ proxyenable data key is 1 but ProxyServer data key is
>>>>>> not
>>>>>> stored
>>>>>> any value
>>>>>> Thank you in advance for any help.
>
>
Attachment
N1:
gpresult.txt
Attachment
N2:
IP.TXT
Top
From:
Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: Unable to set Proxy Settings for IE7 and 2K3
Date:
09/25/2007
03:51:35
Hello DurgaRao,
Is that the complete output from gpresult /v? Can you also post an ipconfig
/all from the client?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
>
Hello Meinolf Weber,
>
>
I checked the group policy with gpresult /v command the output of the
>
command shows
>
Internet Explorer connection :
>
HTTP Proxy Server, Secure Proxy Server, FTP Proxy Server :
>
MyProxyServerAddress:PortNumber,
>
Auto Config Enable: No,
>
Enable Proxy: Yes,
>
Use same Proxy : Yes.
>
But Internet is not connected through proxy.
>
If I configure the same Proxy settings in internet explorer -> tools
>
Menu->Internet Options -> Lan Settings Internet is working without
>
any
>
problem.
>
Thanks and Regards
>
>
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>
news:ff16fb66591a48c9cb8803d17ce1@msnews.microsoft.com...
>
>> Hello DurgaRao,
>>
>> Did you check with gpresult /v on the client machine that the policy
>> is applied?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>>> Hello Meinolf Weber,
>>>
>>> I created all users are in different OU's and GPO is linked to that
>>> OU's and GPO Status is enabled.
>>>
>>> Thanks and Regards
>>>
>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>>> news:ff16fb66587b38c9ca625a280aa1@msnews.microsoft.com...
>>>
>>>> Hello DurgaRao,
>>>>
>>>> Did you link the policy to the OU's where the users are?
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>>> Hello all
>>>>>
>>>>> I have windows 2003
Enterprise
server with SP2 as a DC and
>>>>> Windows
>>>>> XP
>>>>> with
>>>>> SP2 as clients to DC, In server and nodes have the IE 7.
>>>>> Users are created in different OU's and i created a GPO to setup
>>>>> proxy as
>>>>> follows
>>>>> User configuration ->Windows Settings -> Internet Explorer
>>>>> Maintenance
>>>>> ->
>>>>> Proxy Settings -> Enable Proxy (Checked) and given the http
>>>>> address
>>>>> and
>>>>> port.
>>>>> But in client systems I am unable to browse the intenet.
>>>>> I checked
>>>>> HKEY_USERS\Software\Microsot\Windows\Currentversion\Internet
>>>>> Settings\ proxyenable data key is 1 but ProxyServer data key is
>>>>> not
>>>>> stored
>>>>> any value
>>>>> Thank you in advance for any help.
Top
From:
DurgaRao
<ndurgarao@hotmail.com>
To:
none
Subject:
Re: Unable to set Proxy Settings for IE7 and 2K3
Date:
09/24/2007
22:42:41
Hello Meinolf Weber,
I
checked the group policy with gpresult /v command the output of the
command shows
Internet Explorer connection :
HTTP Proxy Server, Secure Proxy Server, FTP Proxy Server :
MyProxyServerAddress:PortNumber,
Auto Config Enable: No,
Enable Proxy: Yes,
Use same Proxy : Yes.
But Internet is not connected through proxy.
If I configure the same Proxy settings in internet explorer -> tools
Menu->Internet Options -> Lan Settings Internet is working without any
problem.
Thanks and Regards
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb66591a48c9cb8803d17ce1@msnews.microsoft.com...
>
Hello DurgaRao,
>
>
Did you check with gpresult /v on the client machine that the policy is
>
applied?
>
>
Best regards
>
>
Meinolf Weber
>
Disclaimer: This posting is provided "AS IS" with no warranties, and
>
confers no rights.
>
>> Hello Meinolf Weber,
>>
>> I created all users are in different OU's and GPO is linked to that
>> OU's and GPO Status is enabled.
>>
>> Thanks and Regards
>>
>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>> news:ff16fb66587b38c9ca625a280aa1@msnews.microsoft.com...
>>
>>> Hello DurgaRao,
>>>
>>> Did you link the policy to the OU's where the users are?
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>>> Hello all
>>>>
>>>> I have windows 2003
Enterprise
server with SP2 as a DC and Windows
>>>> XP
>>>> with
>>>> SP2 as clients to DC, In server and nodes have the IE 7.
>>>> Users are created in different OU's and i created a GPO to setup
>>>> proxy as
>>>> follows
>>>> User configuration ->Windows Settings -> Internet Explorer
>>>> Maintenance
>>>> ->
>>>> Proxy Settings -> Enable Proxy (Checked) and given the http address
>>>> and
>>>> port.
>>>> But in client systems I am unable to browse the intenet.
>>>> I checked
>>>> HKEY_USERS\Software\Microsot\Windows\Currentversion\Internet
>>>> Settings\ proxyenable data key is 1 but ProxyServer data key is not
>>>> stored
>>>> any value
>>>> Thank you in advance for any help.
>
>
Top
From:
Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: Unable to set Proxy Settings for IE7 and 2K3
Date:
09/22/2007
16:32:46
Hello DurgaRao,
Did you check with gpresult /v on the client machine that the policy is applied?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
>
Hello Meinolf Weber,
>
>
I created all users are in different OU's and GPO is linked to that
>
OU's and GPO Status is enabled.
>
>
Thanks and Regards
>
>
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>
news:ff16fb66587b38c9ca625a280aa1@msnews.microsoft.com...
>
>> Hello DurgaRao,
>>
>> Did you link the policy to the OU's where the users are?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>>> Hello all
>>>
>>> I have windows 2003
Enterprise
server with SP2 as a DC and Windows
>>> XP
>>> with
>>> SP2 as clients to DC, In server and nodes have the IE 7.
>>> Users are created in different OU's and i created a GPO to setup
>>> proxy as
>>> follows
>>> User configuration ->Windows Settings -> Internet Explorer
>>> Maintenance
>>> ->
>>> Proxy Settings -> Enable Proxy (Checked) and given the http address
>>> and
>>> port.
>>> But in client systems I am unable to browse the intenet.
>>> I checked
>>> HKEY_USERS\Software\Microsot\Windows\Currentversion\Internet
>>> Settings\ proxyenable data key is 1 but ProxyServer data key is not
>>> stored
>>> any value
>>> Thank you in advance for any help.
Top
From:
DurgaRao
<ndurgarao@hotmail.com>
To:
none
Subject:
Re: Unable to set Proxy Settings for IE7 and 2K3
Date:
09/21/2007
21:54:52
Hello Meinolf Weber,
I
created all users are in different OU's and GPO is linked to that OU's and
GPO Status is enabled.
Thanks and Regards
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb66587b38c9ca625a280aa1@msnews.microsoft.com...
>
Hello DurgaRao,
>
>
Did you link the policy to the OU's where the users are?
>
>
Best regards
>
>
Meinolf Weber
>
Disclaimer: This posting is provided "AS IS" with no warranties, and
>
confers no rights.
>
>> Hello all
>>
>> I have windows 2003
Enterprise
server with SP2 as a DC and Windows XP
>> with
>> SP2 as clients to DC, In server and nodes have the IE 7.
>> Users are created in different OU's and i created a GPO to setup
>> proxy as
>> follows
>> User configuration ->Windows Settings -> Internet Explorer Maintenance
>> ->
>> Proxy Settings -> Enable Proxy (Checked) and given the http address
>> and
>> port.
>> But in client systems I am unable to browse the intenet.
>> I checked HKEY_USERS\Software\Microsot\Windows\Currentversion\Internet
>> Settings\ proxyenable data key is 1 but ProxyServer data key is not
>> stored
>> any value
>> Thank you in advance for any help.
>
>
Top
From:
Meinolf Weber
<meiweb(nospam)@gmx.de>
To:
none
Subject:
Re: Unable to set Proxy Settings for IE7 and 2K3
Date:
09/21/2007
05:30:39
Hello DurgaRao,
Did you link the policy to the OU's where the users are?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
>
Hello all
>
>
I have windows 2003
Enterprise
server with SP2 as a DC and Windows XP
>
with
>
SP2 as clients to DC, In server and nodes have the IE 7.
>
Users are created in different OU's and i created a GPO to setup
>
proxy as
>
follows
>
User configuration ->Windows Settings -> Internet Explorer Maintenance
>
->
>
Proxy Settings -> Enable Proxy (Checked) and given the http address
>
and
>
port.
>
But in client systems I am unable to browse the intenet.
>
I checked HKEY_USERS\Software\Microsot\Windows\Currentversion\Internet
>
Settings\ proxyenable data key is 1 but ProxyServer data key is not
>
stored
>
any value
>
Thank you in advance for any help.
Top
From:
Roy Chastain <roy@kmsys.com>
To:
none
Subject:
Re: Trouble importing .adm templates
Date:
09/21/2007
05:13:43
Okay, upon looking closely for the 4th time, I see the list box says 'currently
installed templates'. I thought that was a list
of available templates and add would add the one highlighted. Duh!
On Thu,
20 Sep 2007
20:05:39 +0200, "Mark Heitbrink [MVP]"
<spam-only@gruppenrichtlinien.de> wrote:
>You see the "open/search" dialog?
>
>Mark
>
>Roy Chastain schrieb:
>> I downloaded the package that has .ADM files.
>> Yes, I did a right click on the Administrative Templates under the User
Configuration and selected add/remove templates.
>> The resulting dialog only shows about 5 old templates. None of the
Office templates are there.
>>
>> On Thu,
20 Sep 2007
14:20:08 +0200, "Florian Frommherz
[MVP]" <florian@PLEASELEAVETHISOUT.frickelsoft.net> wrote:
>>
>>>Howdie!
>>>
>>>Roy Chastain schrieb:
>>>> I am running on a 2003 Server SP2
>>>> It has GP Object Editor 1.0 and GP Management 1.0.2
>>>> I have downloaded the Office 2007 admin templates and copied them to
windows\inf
>>>> They do not show up when I try to add a template in GPOE.
>>>> There are other templates in windows\inf that do not show in the add list
either.
>>>
>>>Which package did you download? Did it contain .ADM or .ADMX files?
>>>
>>>You opened the Group Policy Editor and right-clicked the User
>>>Configuration node and chose "Add/Remove Template"?
>>>
>>>cheers,
>>>
>>>Florian
>> -------------------------------------------
>> Roy Chastain
>> KMSYS Worldwide, Inc.
>> http://www.kmsys.com
-------------------------------------------
Roy Chastain
KMSYS Worldwide, Inc.
http://www.kmsys.com
Top
From:
Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: Trouble importing .adm templates
Date:
09/20/2007
13:05:39
You see the "open/search" dialog?
Mark
Roy Chastain schrieb:
>
I downloaded the package that has .ADM files.
>
Yes, I did a right click on the Administrative Templates under the User
Configuration and selected add/remove templates.
>
The resulting dialog only shows about 5 old templates. None of the Office
templates are there.
>
>
On Thu,
20 Sep 2007
14:20:08 +0200, "Florian Frommherz
[MVP]" <florian@PLEASELEAVETHISOUT.frickelsoft.net> wrote:
>
>>Howdie!
>>
>>Roy Chastain schrieb:
>>> I am running on a 2003 Server SP2
>>> It has GP Object Editor 1.0 and GP Management 1.0.2
>>> I have downloaded the Office 2007 admin templates and copied them to
windows\inf
>>> They do not show up when I try to add a template in GPOE.
>>> There are other templates in windows\inf that do not show in the add list
either.
>>
>>Which package did you download? Did it contain .ADM or .ADMX files?
>>
>>You opened the Group Policy Editor and right-clicked the User
>>Configuration node and chose "Add/Remove Template"?
>>
>>cheers,
>>
>>Florian
>
-------------------------------------------
>
Roy Chastain
>
KMSYS Worldwide, Inc.
>
http://www.kmsys.com
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
Roy Chastain <roy@kmsys.com>
To:
none
Subject:
Re: Trouble importing .adm templates
Date:
09/20/2007
10:25:57
I
downloaded the package that has .ADM files.
Yes, I did a right click on the Administrative Templates under the User
Configuration and selected add/remove templates.
The resulting dialog only shows about 5 old templates. None of the Office
templates are there.
On Thu,
20 Sep 2007
14:20:08 +0200, "Florian Frommherz
[MVP]" <florian@PLEASELEAVETHISOUT.frickelsoft.net> wrote:
>Howdie!
>
>Roy Chastain schrieb:
>> I am running on a 2003 Server SP2
>> It has GP Object Editor 1.0 and GP Management 1.0.2
>> I have downloaded the Office 2007 admin templates and copied them to
windows\inf
>> They do not show up when I try to add a template in GPOE.
>> There are other templates in windows\inf that do not show in the add list
either.
>
>Which package did you download? Did it contain .ADM or .ADMX files?
>
>You opened the Group Policy Editor and right-clicked the User
>Configuration node and chose "Add/Remove Template"?
>
>cheers,
>
>Florian
-------------------------------------------
Roy Chastain
KMSYS Worldwide, Inc.
http://www.kmsys.com
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Trouble importing .adm templates
Date:
09/20/2007
07:20:08
Howdie!
Roy Chastain schrieb:
>
I am running on a 2003 Server SP2
>
It has GP Object Editor 1.0 and GP Management 1.0.2
>
I have downloaded the Office 2007 admin templates and copied them to windows\inf
>
They do not show up when I try to add a template in GPOE.
>
There are other templates in windows\inf that do not show in the add list
either.
Which package did you download? Did it contain .ADM or .ADMX files?
You opened the Group Policy Editor and right-clicked the User
Configuration node and chose "Add/Remove Template"?
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Blackberry <info@NoSpamIt.com>
To:
none
Subject:
Re: Stopping auto-detect of printers?
Date:
09/22/2007
06:48:58
Hi Mark
Very interesting have you basically created your own GPO setting?
Is there one to set the auto-arrange to on by default?
Thanks
"Mark Heitbrink [MVP]" <spam-only@gruppenrichtlinien.de> wrote in message
news:O9DeVbh7HHA.5404@TK2MSFTNGP02.phx.gbl...
Hi
usually one group is enough, there are the same regulars ...
F´up to microsoft.public.windows.group_policy
Yobbo schrieb:
>
Is there anyway to stop the auto-detection of the printers that I install,
>
as I only want my shared printers to be available to certain machines?
You can use an own ADM Template.
http://www.gruppenrichtlinien.de/adm/Explorer.txt
CLASS USER
CATEGORY "Explorer View and Style
POLICY "Options"
PART "Deactivate automatic Search of Printer and Shares" CHECKBOX
VALUENAME "NoNetCrawling"
VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
END PART
END POLICY
END CATEGORY
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
Jason Krause
<JasonKrause@discussions.microsoft.com>
To:
none
Subject:
Re: Statview firewall exception for
Vista
via group policy
Date:
09/25/2007
18:42:02
I'm not sure. I will add the path to a test system as a system variable and
try that. Thanks.
"G Johansson" wrote:
>
Is the %SMS_ADMIN_UI_PATH% variable a system or user vaiable?
>
If it's only a user then it wont work...
>
>
--
>
Regards G Johansson
>
fantomen@NOSPAM.GPfaq.se
>
http://GPfaq.se
>
>
>
"Jason Krause" <JasonKrause@discussions.microsoft.com> wrote in message
>
news:A72A235A-EB87-4522-8E4C-C8F2424C5EDC@microsoft.com...
>
>I am trying to create an inbound firewall rule to make statview.exe work on
>
>
Vista.
>
>
>
> Our administrators have the SMS tools installed in different paritions,
>
> and
>
> this is causing an issue. I have created identical rules for
>
> D:\SMSADMIN\bin\i386\statview.exe and C:\SMSADMIN\bin\i386\statview.exe
>
>
>
> I wanted to merge these rules into a single exception using the variable:
>
> %SMS_ADMIN_UI_PATH%\statview.exe
>
>
>
> As you can guess, this isn't working and I am not sure why. I know
>
> Vista/Group policy supports other variables, is there a prerequisite step
>
> I
>
> am missing here?
>
>
Top
From:
G Johansson
<fantomen@NOSPAM.GPfaq.se>
To:
none
Subject:
Re: Statview firewall exception for
Vista
via group policy
Date:
09/25/2007
15:41:10
Is the %SMS_ADMIN_UI_PATH% variable a system or user vaiable?
If it's only a user then it wont work...
--
Regards G Johansson
fantomen@NOSPAM.GPfaq.se
http://GPfaq.se
"Jason Krause" <JasonKrause@discussions.microsoft.com> wrote in message
news:A72A235A-EB87-4522-8E4C-C8F2424C5EDC@microsoft.com...
>I am trying to create an inbound firewall rule to make statview.exe work on
>
Vista.
>
>
Our administrators have the SMS tools installed in different paritions,
>
and
>
this is causing an issue. I have created identical rules for
>
D:\SMSADMIN\bin\i386\statview.exe and C:\SMSADMIN\bin\i386\statview.exe
>
>
I wanted to merge these rules into a single exception using the variable:
>
%SMS_ADMIN_UI_PATH%\statview.exe
>
>
As you can guess, this isn't working and I am not sure why. I know
>
Vista/Group policy supports other variables, is there a prerequisite step
>
I
>
am missing here?
Top
From:
Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: Software restriction
Date:
09/25/2007
05:00:13
Hi,
Joel4283 schrieb:
>
I don't see the "filesystem" selection.
It is only inside a Domain GPO, not the local gpedit.msc
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
Phillip Windell
<philwindell@hotmail.com>
To:
none
Subject:
Re: Software restriction
Date:
09/24/2007
11:58:00
"Joel4283" <Joel4283@discussions.microsoft.com> wrote in message
news:ABC5DA26-6A56-4307-9CF1-5FEAF64E2688@microsoft.com...
>
Is there a way to set up some sort of group policy that restricts
>
application access per user? Example: Let's say we're using one
system
>
and
>
two different people can log on to it. The system itself has Office 2007,
>
Quickbooks Pro and an internal proprietary app. User1 logs in and can
>
only
>
"see" Office 2007. User2 logs in and "sees" all apps.
Yes, they are called Software Restriction Policies. It does not change
what
the user "sees",...it effects what they "run". What they "run" is more
important than what they "see".
http://support.microsoft.com/kb/324036
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Top
From:
Joel4283
<Joel4283@discussions.microsoft.com>
To:
none
Subject:
Re: Software restriction
Date:
09/24/2007
11:30:02
I
don't see the "filesystem" selection. Am I missing some rights to see it
or something?
"Mark Heitbrink [MVP]" wrote:
>
^Hi,
>
>
Joel4283 schrieb:
>
> Is there a way to set up some sort of group policy that restricts
>
> application access per user? Example: Let's say we're using one
system and
>
> two different people can log on to it. The system itself has Office
2007,
>
> Quickbooks Pro and an internal proprietary app. User1 logs in and can
only
>
> "see" Office 2007. User2 logs in and "sees" all apps.
>
>
Why not simply use NTFS permissions?
>
CompConf\...\Filesystem
>
>
Mark
>
--
>
Mark Heitbrink - MVP Windows Server - Group Policy
>
>
Homepage: www.gruppenrichtlinien.de - deutsch
>
Blog: gpupdate.spaces.live.com - english
>
Top
From:
Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: Software restriction
Date:
09/24/2007
10:43:15
^Hi,
Joel4283 schrieb:
>
Is there a way to set up some sort of group policy that restricts
>
application access per user? Example: Let's say we're using one
system and
>
two different people can log on to it. The system itself has Office 2007,
>
Quickbooks Pro and an internal proprietary app. User1 logs in and can only
>
"see" Office 2007. User2 logs in and "sees" all apps.
Why not simply use NTFS permissions?
CompConf\...\Filesystem
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Simple question about gpupdate
Date:
09/27/2007
08:32:36
Howdie Brian!
BrianB schrieb:
>
Curiously, does "gpudpate" or "gpupdate /force" run logon scripts associated
>
to the policies? It seems not too, but I just want to verify.
Well, Scripts will only run computer startup/shutdown and user
login/logoff (depending on what you've configured). On background
refreshes, they don't get executed (although changes to the scripts will
be applied and cached in the background, though).
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: setup a GPO for IE.
Date:
09/27/2007
14:03:56
Howdie!
Ed Cheung schrieb:
>
I am trying to create a GPO to allow me to add some sites to both Local
>
Intranet, and Trusted sites in IE for 1000+ computers. I am looking at
>
Computer Configuration->Administrative Templates->Windows
>
Compunents->Internet Explorer and do not see any entries in there related to
>
this.
Does that help you?
http://www.frickelsoft.net/blog/?p=30
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: screen saver from Group policy
Date:
09/24/2007
09:10:25
Hi,
Darshan Diora schrieb:
>
Have an Win 2003 domain and applied screen saver group policy, whenever
>
my screen saver is activated after the idle time of the server cpu
>
utilisation shoots up to 100% [...]
What about using "blank screen" oder "windows logo" instead of SETI!?
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: screen saver from Group policy
Date:
09/24/2007
06:52:24
Howdie!
Darshan Diora schrieb:
>
Have an Win 2003 domain and applied screen saver group policy, whenever
>
my screen saver is activated after the idle time of the server cpu
>
utilisation shoots up to 100% and remains contsant, also checked
under the
>
task manager the screen saver file displays cpu 99%. How can i block this
>
screen saver policy being applied on that particular server by registery
>
edit or some other tools.
What about moving the server out of the scope of the policy? Just put
the server into another OU where the policy isn't linked to (and isn't
apply through inheritance).
Or use security filtering:
http://www.frickelsoft.net/blog/?p=28
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Rolf Lidvall
<no_direct_email@me>
To:
none
Subject:
Re: Removing Outlook Express /Windows Medi Player from Start
Menu
Date:
09/24/2007
05:02:21
See:
http://support.microsoft.com/kb/328326
Regards
Rolf Lidvall
Swedish Radio (Ltd)
Top
From:
Florian Frommherz [MVP] <florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Removing Outlook Express /Windows Medi Player from Start
Menu
Date:
09/22/2007
11:03:07
Howdie!
Blackberry schrieb:
>
Any ideas on how I can supress these shortcuts?
Not sure if there is a policy for the OE icon - probably not. What you
can do: write a script that would delete the shortcuts.
QuickLaunch: %Appdata%\Microsoft\Internet Explorer\Quick Launch\
StartMenu: %Userprofile%\Start Menu\Programs\
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
Mathieu CHATEAU
<gollum123@free.fr>
To:
none
Subject:
Re: Removing Outlook Express /Windows Medi Player from Start
Menu
Date:
09/22/2007
09:32:11
Hello,
MACHINE
Administrative Templates\
Windows Components\
Windows Media Player
->Prevent Desktop Shortcut Creation
->Prevent Quick Launch Toolbar Shortcut Creation
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Blackberry" <info@NoSpamIt.com> wrote in message
news:%23o9SpRS$HHA.1212@TK2MSFTNGP05.phx.gbl...
>
Hi All
>
>
Don't really want to uninstall OE from my imaged workstation rollouts, as
>
there always appears to be something lurking that needs OE, HOWEVER even
>
though I remove it from the default user folder it still appears when my
>
Win2k3/AD/GPO users log onto the machine.
>
>
Same goes for Windows Media Player, but that does one worse and shows up
>
on
>
the Desktop as well!!
>
>
Any ideas on how I can supress these shortcuts?
>
>
Not overly bothered about WMPlayer, but we don't use OE in schools and
>
it's
>
the first thing that the little varmints click on to mess about with the
>
machines! I'm always seeing the infamous setup OE enter an email address
>
box when they've been playing!
>
>
Thanks
>
>
Top
From:
Uwe Sieber <mail@uwe-sieber.de>
To:
none
Subject:
Re: Remove the close windows X in vista
Date:
09/18/2007
11:28:02
John Fidget wrote:
>
Hello
>
>
We run an old DOS TAS database on our network (soon to be replace hopefully)
>
we've started introducing
Vista
which is very popular, the only downside is
>
when they're running the DOS session for the database the user is hitting the
>
X to close the window and without warning it closes, this would normally be
>
OK but its only a matter of time before it damages (again) the database, is
>
there anyway of stopping this.
Some time ago I had made a tool that deactivates the
Close button of all console windows and dos boxes.
http://www.uwe-sieber.de/files/ConsoleNoClose.zip
I've not tested it under
Vista so far.
Uwe
Top
From:
Mark Heitbrink [MVP]
<spam-only@gruppenrichtlinien.de>
To:
none
Subject:
Re: Remove the close windows X in vista
Date:
09/18/2007
08:24:25
Hi,
Take a look at
http://peccatte.karefil.com/software/WinTopMost/WinTopMostENG.htm
I
know there a more of this tools outside, but this was the first I found.
So, there is no preference from my site about this product.
Just search the web for "remove x close window", or similar. ;-)
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Top
From:
Florian Frommherz [MVP]
<florian@PLEASELEAVETHISOUT.frickelsoft.net>
To:
none
Subject:
Re: Remove the close windows X in vista
Date:
09/18/2007
08:18:43
Howdie!
John Fidget schrieb:
>
Thanks for the answer........I need to stop the closure of a dos application
>
by clicking the X in the top right of the windows by using group policy or
>
something similar, I'm not sure CTRL+C helps me ??
You can't do that in Group Policy.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Top
From:
robert.stojanov@gmail.com
To:
none
Subject:
Re: Remove the close windows X in vista
Date:
09/18/2007
07:43:03
You can't use it from GP, my mistake sorry...
Top
From:
John Fidget <JohnFidget@discussions.microsoft.com>
To:
none
Subject:
Re: Remove the close windows X in vista
Date:
09/18/2007
07:00:02
Thanks for the answer........I need to stop the closure of a dos application
by clicking the X in the top right of the windows by using group policy or
something similar, I'm not sure CTRL+C helps me ??
"robert.stojanov@gmail.com"
wrote:
>
Try the combination of CTtrl+C that will terminate the current task
>
without losing any data.
>
>
Top
From:
robert.stojanov@gmail.com
To:
none
Subject:
Re: Remove the close windows X in vista
Date:
09/18/2007
04:50:33
Try the combination of CTtrl+C that will terminate the current task
without losing any data.
Top
