Over 1 million tech questions and answers.

AGPM Production Delegation users being added to Security filtering on all GPOs

Q: AGPM Production Delegation users being added to Security filtering on all GPOs

Im running AGPM 4 SP3 using a least privileged access service account, and when ever I deploy a GPO to production all of the users from Change Controls Production Delegation tab (Domain Admins / Enterprise Admins / Enterprise Domain Controllers / SYSTEM
/as well as my personal account I'm logged in with) get added to the security filtering of the deployed GPO. Not only is this for all current production GPOS but also if I create a new GPO within AGPM the same groups get added to the security filter. Any Ideas
what could be causing this?

Read other answers
RELEVANCY SCORE 200
Preferred Solution: AGPM Production Delegation users being added to Security filtering on all GPOs

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 56

As the heading says. Reinstall has added users.

I had problems with my anti virus that the help desk said required a Windows repair. I did this but now all my setting etc have disappeared.
What I can see is that when I look at 'Documents and settings' there are extra users directories.
These are:

All Users
All Users.Windows
Defaults Users
Default Users.Windows
I now have 3 Network Services NT
I also have two directories of me.

I can delete them using explorer. Can anyone tell me how I get my PC back to the original state?
 

A:Reinstall has added users

You have reinstalled OVER an existing installation.
http://www.techsupportforum.com/mic...user-account-problem-after-system-repair.html
 

Read other 2 answers
RELEVANCY SCORE 55.6

hello

im running windows server 2012
I need newly made users to be auto added to more then just one group
I saw something about this once in google but don't recall the search id used hehehe

Read other answers
RELEVANCY SCORE 54.4

I am completely at my wits end. I have been battling some hellish malware for months now. I have done just about everything I can think of, from using crazy passwords, changing the obvious settings prone to weakness, uncheck Remote access, disable built in admin, disabling shares, strict firewall settings, different firewalls, different AV software, just about everything really, anti-spyware. I have used about every advanced malware discovery out there to no avail, from tdsskiller, combofix, Reanimator, ansMBR, etc.. All come up blank.

The obvious normal signs of something being infected are there. Sudden dropping of firewall, suddenly being denied access to areas, finding services running that should be disabled, noting my av software isn't working properly. Lots of instances of svchost running, far more than reasonable, with the wrong PID, access level. Auditing in cmd environment and seeing unknown open ports, foreign addresses, not accountable to any legitimate service, etc.

To make matters worse, when I actively try to make changes preventing access, I find my own account changed, anything from my search function disabled to all admin tool (mmc) locked out. Piling on, this infection is not only nasty, it's aggressive, it won't hesitate to actually remove my account from all groups, basically locking me out of my own computer. Add to this a particular intelligence, and it's any computer users worst nightmare.

When I tried to limit services, the next time I wou... Read more

A:Fresh reinstall, unknown users added w/ NT Authority

Here is a text copy of event log..

Read other 6 answers
RELEVANCY SCORE 53.6

Our organization is looking to add a IE Shortcut to all of our users via group policy update. We can add the shortcut with no issues, but when you use the shortcut it does not have the favorites bar and toolbar. Even though the local user has all
of this setup in IE already. 
Is this by design, or is there a way we can have all the settings show on the new shortcut? 
Version: IE11
Windows 10

Read other answers
RELEVANCY SCORE 53.2

Greetings!

I'm trying to introduce deployed printers that are deployed only to specific groups of people. We currently deploy about 50 printers per-machine and it's really causing lag when people to go print, and it's frustrating to dig through the list to find the right one.

We have existing security groups, and these are the steps I've taken:

1. Create 4 new GPOs. 1 for classrooms, 1 for faculty, 1 for staff, 1 for administration. Right now I'm testing with the staff.

2. Edit the GPO, add all desired printers to Computer Configuration -> Policies -> Windows Settings -> Deployed Printers

3. Set Security Filtering of the scope of the GPO to the Staff security group (which FYI consists entirely of departmental security groups, no users)

4. Create a new OU called Print Test, put my machine and the new GPO in it

After gpupdate, no printers arrive.

I've found out that if I leave Authenticated Users in the Security Filtering, I get the printers. However, as soon as I remove Authenticated Users and add the Staff group and gpupdate, the printers go away. Same thing if I add my user account instead of the group.

I've verified that, when the Staff group is the only group in the Security Filtering, in the Advanced Delegation, it does has permission to Read and Apply Policy, just like Authenticated Users does when it's there.

I'm stumped! Any ideas would be appreciated.

A:Security Filtering for GPO

I know I can't help you on such matters but those that can would surly like to know what operating system/s you are using.

Knowing what environment might also be useful,
50 printers per-machine is a lot. It kind of leaves out home user and small business.

Read other 1 answers
RELEVANCY SCORE 53.2

Has Dell changed the labeling of their order status?  It used to be that once a unit went into production, it quickly went into testing, then shipping.  Here I saw processing - pre-production - now production for like a week.  Does it hang in production for a while and then jump right to shipping? I am just trying to make sense of the status labels... Thanks.  

A:What does "in production" mean on your order build? How long does it hang in production?

Yes. PendingYour order is pending and Order Number(s) have not yet been assigned for specific items within your purchase. Please check back again later.In ProductionUpon approval of payment for your order, the order will be In Production. Production time includes obtaining the parts, assembly or build time, and shipping preparations/transit to the carrier. Shipping preparations will vary based on type of order and size.ShippedAfter an order has completed the manufacturing process and shipping preparations it is transitioned to the carrier for delivery. Shipping time will vary based on type of order and size and shipping method chosen.CanceledThis status means an order has been canceled. For any questions regarding a cancellation, please click on the Contact Us Page.ChangedThis status means an order has been changed. Go to the "Order Details" page to learn more about a Changed Order.Order ProcessingOrder Processing includes time to process payment. Approval times vary based on the designated form of payment.Message Edited by Loud_One on 08-30-2008 12:59 PM

Read other 2 answers
RELEVANCY SCORE 51.2

Windows 7
Windows Firewall Advanced Security

How can I block all outgoing traffic to the internet except one program? I have tried making an outgoing rule to BLOCK all programs, and then an outgoing rule to ALLOW out traffic from the program I need. However, the block rule is took priority and the allow rule was ignored.

I don't want a single outbound connection except one program; no ICMP, DNS, TCP, UDP, MALWARE, nothing. Surely I don't have to individually block every program and port do I?

A:Egress filtering, Windows Firewall Advanced Security

Okay, here's what I did next: Only port I want open for outgoing is 20050

Create outbound rule,
--Custom
--All programs
--Protocol=TCP
--Source Port=Any
--Destination Port=1-20049, 20051-65535 (leaving the 20050 hole)
--Block
--Applies to Domain, Public, and Private profiles

If I am correct, this will allow no TCP traffic outbound except port 20050. I guess I should now create a separate outgoing rule to completely block every other protocol. Does this sound right?

Read other 1 answers
RELEVANCY SCORE 50.4

February 10, 2017

Russian anti-virus company Doctor Web has updated Dr.Web Net filtering Service (11.1.9.02090) in a number of Dr.Web products. The update delivers a fix for an identified problem.

Specifically, it addresses a connectivity issue involving some remote banking applications and Outlook Express.

Please, note that if the option to scan secure traffic is enabled, SSL 2.0 connections will still be blocked. If you need to use this protocol, add the corresponding application onto SpIDer Gate's exception list.

The update will be performed automatically; however, a system reboot will be required.
 

A:Dr.Web Net filtering Service updated in Dr.Web 11.0 for Windows, Dr.Web Enterprise Security Suite 10

Nice share, qashashng rafti zire tokhma doci
 

Read other 1 answers
RELEVANCY SCORE 49.2

So, I updated to Firefox 3 and all is good. I then spent the better part of a day trying to
find the magical anti phishing & other malware security updates to the new browser.
Finally I broke down and limped over to Mozilla to post my query. "How can I locate the
new security features to make sure my download went correctly?" The answer I got was that
the new features are hidden and only pop up when you have visited a site or downloaded a file with malware in it. I love Firefox, I love Mozilla, but come on, I should traipse around the
web until I get some verification of the security features working by way of a notification message or until my computer is so loaded with garbage it gives me a dose?
 

A:Firefox 3 added security?

I've read everywhere that overall the extra security should help make for safer browsing, but none of the upgrades will prove a major deterrent for malware pushers.
 

Read other 1 answers
RELEVANCY SCORE 48.8

I was wondering if anyone knows of a way to password protect a folder so that if someone got to snooping around my system they would have to put in a password to veiw the contence of the folder? Is there a program I have to use?

Thanx
 

A:Solved: Added folder security

Do you have a password on your account? They would need that to see your files if you have them encrypted.

You could also put them in a zip file and password-protect the zip.

There are several, small, encryption programs here:

http://freezip.cjb.net/freeware/
 

Read other 3 answers
RELEVANCY SCORE 48.8

Is there any advantage to using a router for added security on a single computer, using a cable modem, if you already have ZoneAlarm?

Thanks for any info you can give.
 

A:Solved: Using Router for added security?

Read other 7 answers
RELEVANCY SCORE 48.8

Hello. I just recently added some suggested programs to my computer and in order to keep me protected but now it's slower.
This is what was done:

1. Replaced Ad-Aware 6.0 with SE version
2. Downloaded Spybot
3. Spyguard
4. Spyblaster
5. Zone Alarm (free version)
6. Hijack This (newest version)

but even after all of this to protect me, it's slower than ever. Any ideas?

I have Windows XP - Pentium II processor
Thanks in advance!
 

A:Added security made my PC slower

Read other 6 answers
RELEVANCY SCORE 48.8

If you are running a full internet security suite do you "need" any additional programs or are you in good shape to thwart attacks on your PC? Also, I have heard that virus programs and firewalls conflict w/each other when both are running simulatenously, is it true?
 

A:Programs Conflicting and added security!

Yes, firewalls and AV programs will conflict if run simultaneously. Actively run only one.

"Suites" are not usually the best way to secure broad malware protection. First, the programming of a "suite" is complex and can lead to problems, esp. if you want to remove it. Second, parts of the "suite may not be the best available. I have seen references here at TSG recommending individual programs, and I have followed that advice.
{redoak}
 

Read other 2 answers
RELEVANCY SCORE 48.8

Hi all,
Normally when a standard user is added to the group "Network Configuration Operators", it should provide them with access to change NICs. This is also indicated in the group description ==> "Members in this group can have some administrative
privileges to manage configuration of networking features"
I've added a standard user to the group but I'm still receiving the error "You do not have permission to open the Network Connections folder" when opening ncpa.cpl. When I click on the active connection in "network and sharing center"
and click on Properties, I am able to change the settings of this adapter.
Does anyone have a clue why the message "you do not have permission to open the Network Connections folder" is displayed?
I thought this KB might be needed, but it's not applicable to my system appareantly.
The systems impacted are Windows 7 x64.
The following image described what is working (green) and what's not (red).

I've simulated this on a Windows 10 device (other domain!!) and I'm always able to open ncpa.cpl. When trying to change the properties of a NIC, I'm prompted for credentials. Only when a user is added to the group "Network Configuration Operators",
he's able to change the settings of the NIC.
Thanks in advance!

Read other answers
RELEVANCY SCORE 48

Hiya

This white paper explains how to troubleshoot delegation issues that can arise in Kerberos authentication scenarios. The paper summarizes required infrastructure and describes Windows authentication scenarios. The central discussion is organized around four troubleshooting checklists: one each for Active Directory, client application, middle tier, and back-end. The appendices detail diagnostic tools and give examples of how to resolve problems in typical IIS to SQL delegation scenarios

System Requirements
Supported Operating Systems: Windows Server 2003

Microsoft Word or Word Viewer

http://www.microsoft.com/downloads/...4f-e28a-4726-bffe-2f64ae2f59a2&DisplayLang=en

Regards

eddie
 

Read other answers
RELEVANCY SCORE 47.6

I have a new GPO that only one security group can get.  What I am running into is if I login to a computer I have login to before I do not get the policy.  If I login to a computer for the first time I will get the policy.
Has anyone ever had this problem before?

Read other answers
RELEVANCY SCORE 47.6

I have had AT&T Uverse that came with a 2Wire 3800HGV-B Gateway for about a year now. I enabled MAC Filtering and entered all my home computer's MAC Addresses. About six months ago my brother tried to connect his work laptop to my wireless network but it would not connect until I added its MAC Address. For this past Christmas, I bought a new HP laptop running Windows 7 (64-bit). To my surprise before I had registered its MAC Address, I was able to connect to my wireless network and surf the Internet. I checked and MAC Filtering was enabled. I diabled and re-enabled. I rebooted the wireless gateway several times and still I was able to connect with this new laptop even though its MAC Address had not been registered. I removed an existing registered MAC Address and again to my surprise I was able to connect to my wireless network and surf the Internet despite its MAC Address had been removed completely or moved to the Block area. I showed this to my work Sr. Network Admin and he found nothing wrong. I have asked AT&T Support but so far no response. I doubt it is a hardware issue. I think it is the firmware. I am at the latest version of the firmware. I think I may need to re-flash the firmware. Since I do not techically own this gateway device, I am reluctant to do anything without AT&T approval. I did try contacting the gateway manufacturer 2Wire but they refuse to help me and directed me to contact AT&T. I am using WPA2-PSK with AES. Anyone have any sugge... Read more

A:Solved: MAC Address Filtering Not Filtering

First off, MAC filtering is a needless security measure if you're running WPA2-AES. I'd simply disable it and get on with your life!

A good read: The Six Dumbest Ways to Secure A Wireless LAN
 

Read other 3 answers
RELEVANCY SCORE 47.6

HI,

I am trying to fix the issue in which I am not able to do remote desktop .I have came across the solution which says we need to set "Encrytion Oracle remediation " as "vulnerable"But when I am trying to fix this I am not able to find "Credence Delagation " option in my group policy.
Any help and suggestion will be appreciated.


Thanks,
RG

Read other answers
RELEVANCY SCORE 47.6

Greetings!

Stats: Outlook 2002, Exchange 2000, Delegated Mailboxes

Here are the issues we're having:

Person A gave rights to Person B to manage their mailbox (delegation). The delegation is set up correctly, but its hindering some functionality (which may not even exist).

1) Can Person B (the controller of A's box) utilize A's contacts via the Address Book? At this point, we cannot. We tried to add it via the Address book 'Tools --> Options' menu, but its not even listed. We also verified the properties of the delegated contact list and its checked to generate Exchange Views.

* Basic problem: Person B cannot utilize the contact list from anything except for manually clicking on the 'Contacts' folder in the delegated mailbox. (So, using the To... doesn't work)
2) Can Person B set 'reminders' in Person A's calendar? If so, we have something set up incorrectly. Presently, reminders in the delegated mailbox do not pop up for the controller. Ideas?

* Basic Problem: Events come and go in the delegated calendar without reminding the controller (Person B).
 

A:Outlook Delegation: Bane of my existance

1. As far as I know, "no". But did you double-check that the Person A's address book is an "Outlook address book"?

2. Unsure

Check www.slipstick.com (the ultimate Outlook resource, IMHO)
 

Read other 1 answers
RELEVANCY SCORE 47.6

How to Delegate User Account Unlocking capability to Team Leader and Managers via Active Directory? 
1, I need clear cut steps which I can perform in AD
2, Also how Manager or Team lead will access that for user account unlocking?

ST

Read other answers
RELEVANCY SCORE 47.6

Dear all,

one of my user encounter an outlook delegation error. it say that the delegate were not save correctly. cannot modify access control list.



The troubleshoot step i did. User test on another machine which is running on outlook 2007 no issue with that. But when change to outlook 2010 the delegation error take places. i re-create the profile but still same issue. i have also added this dword IgnoreSOBError and modify to value 1 HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\x.0\Outlook\Preferences

Re-install and un-install outlook 2010

unfortunately, i still encounter the same problem. But when i try to delegate on my site using outlook client version 2010. i have no problem at all.

can anyone advise me on this?

i kindly appreciate your kindness help.



thank you.

A:outlook 2010 delegation error

If you meant 2010 Exchange see this: http://support.microsoft.com/kb/2545238
If not, choose the correct fix it here: http://support.microsoft.com/kb/2593557 or do it manually as instructed.

Read other 2 answers
RELEVANCY SCORE 47.6

Dear all,

one of my user encounter an outlook delegation error. it say that the delegate were not save correctly. cannot modify access control list.



The troubleshoot step i did. User test on another machine which is running on outlook 2007 no issue with that. But when change to outlook 2010 the delegation error take places. i re-create the profile but still same issue. i have also added this dword IgnoreSOBError and modify to value 1 HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\x.0\Outlook\Preferences

Re-install and un-install outlook 2010

unfortunately, i still encounter the same problem. But when i try to delegate on my site using outlook client version 2010. i have no problem at all.

can anyone advise me on this?

i kindly appreciate your kindness help.



thank you.

A:outlook 2010 delegation error

If you meant 2010 Exchange see this: https://support.microsoft.com/kb/2545238
If not, choose the correct fix it here: https://support.microsoft.com/kb/2593557 or do it manually as instructed.

Read other 2 answers
RELEVANCY SCORE 46.8

Is there a way I can punch up a simple batch file script and get it to setup Group Policy Objects on client workstations? I can use the GUI GPEditor if I had to, but I think after about 25 machines, I'd get a little tired of it, and I'm looking to run this on about 400 machines.
 

Read other answers
RELEVANCY SCORE 46.8

I'm pretty new to Group Policy Management. I just got a job at a school and one of my labs is not working like it should. I have done GPRESULT on a computer from another working lab and I'm comparing it to the computer in the lab I'm at now. So, in my
GPM, a couple polices are listed above my designated labs that should be inherited by all the labs, and then I have some of those same policies duplicated in just my troublesome lab. My question is, will having a duplicate GPO break things? I'm probably not
explaining all that right, but I'll try my best to answer any questions to help me find a solution. 

Read other answers
RELEVANCY SCORE 46.4

IS 2014 showed up with its dire warning of errors and infections.  I ran MBAM-Chameleon (although it never finished the process where it killed suspicious processes); then MBAM quick scan which ID'd 3 infected files. Rebooted and ran MBAM full scan which came up clean.  Ran RogueKiller, which ID'd zero.access and pointed to CDROM.sys as obfuscated and suspicious.  Ran the RogueKiller delete process, and now the CD optical drive doesn't register with Windows XP (SP3).  Where should I go from here?
 
Thanks in advance!

A:Internet Security 2014 fake anti-malware; as an added bonus zero.access!

Please...follow Steps 6-8 of Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html .  Post the DDS log which is requested, along with your RogueKiller log...as a new topic in the forum which contains the Prep Guide.
 
Thanks .
 
Louis

Read other 2 answers
RELEVANCY SCORE 46

Bit of a pickle, this one, chaps.

We have a windows 2003 server, with active directory installed, as well as DNS and DHCP services.

Let's say we have a main forest on our domain, called domain.kais - and within this domain, we have two Organisational Units, called OU1 and OU2. Within each OU, let's say we have 10 users.

Go to Group Policy Editor, and apply a new GPO to say OU1. You make all the settings you want, but for simplicity, let's say the only setting you do is something ridiculously simple, like, remove Recycle Bin from the laptop. You make the GPO called something like "OU1 GPO", link it to the OU, make sure it's the only GPO linked to it (so take away the standard Default Domain User GPO).

Go to a workstation, log on with a user from within that OU. Because you can log on, the assumption is that the network works fine, as the user gets authenticated. To make sure it's not a locally cached user, you created a brand new user within the OU.

So, if that works, any idea why the GPO isn;t taking effect? it's really getting to me now!

A.
 

A:Windows 2003 Server / GPOs

Well heres a couple of things -

http://www.activedir.org/gp_faq.htm - A nice who what when why and how of Group policies it does mention 2000 and not 2003 but it still applies in most cases.

On the workstation once logged in go to your command line and do a gpupdate /force and see if that yields its results.

Oh yeah and another thought how is DNS running on your network? if you do an ping of a machine name from the clients not getting the update do you get back the FQDN or does it just show the machine name?
 

Read other 1 answers
RELEVANCY SCORE 46

I created a number of GPOs and they have been working ok. Edit the GPOs has also been working.
I now can't create any new GPOs or edit the existing ones. I get the below error message.
1. When editing
"Failed to Open the Group Policy Object. You might not have the appropriate rights."
2. When creating new
"The network name cannot be found."

Read other answers
RELEVANCY SCORE 46

Morning everyone,

I am working with Windows 7 Professional 32-bit, in a network environment and I am trying to test it with our old GPOs we use on XP machines.

I am currently trying to install GPSI's such as Office etc.

When I reboot the machine after a GPUpdate I can only see 'Please Wait' while it installs the updates, but I know some of these updates will hang. I won't know what's hanging if I can't see what stage of the update it is at.

Is there anyway of customising this area of the startup to display which updates are installing?

Like in Windows XP where the box would appear in the middle of the screen saying "Installing Managed Software <Program Name>" etc.

Thanks for any help you can give regarding this.

-- Danoni

A:Changing Display of Installing GPOs

The answer to this I have since found out is to enable 'verbose' messages - we did this through a GPO on the domain controller. Can now fully see what is installing when loading Windows.

Read other 1 answers
RELEVANCY SCORE 46

Hiya

Source code for Kerberos Protocol Transition and Constrained Delegation whitepaper sample scenarios

System Requirements
Supported Operating Systems: Windows Server 2003

All editions of Windows Server 2003 for code samples on Microsoft IIS servers;
All editions of Windows Server 2003, Windows 2000 professsional and all editions of Windows 2000 Server for code samples on Microsoft SQL server;
All but Web edition of Windows Server 2003 for running Active Directory

http://www.microsoft.com/downloads/...10-7c48-453a-a1af-d6a8b1944ce2&DisplayLang=en

Regards

eddie
 

A:Kerberos Protocol Transition and Constrained Delegation Whitepaper Samples: Feb 20

Originally posted by eddie5659:
Source code for Kerberos Protocol Transition and Constrained Delegation whitepaper sample scenarios
Click to expand...

Whachutalkinbout Willis?
 

Read other 2 answers
RELEVANCY SCORE 45.6

Hello,

I need to disable the below settings. I have tried using the below GPO settings, ran gpupdate /force and restarted 2 domain computers. I then logged into each computer with a different domain account. The live tiles were still changing. I am still able to add a PIN to the account. I was still able to add a Microsoft account. (I do not have a Work/School account but the option was still available. I added the same Microsoft account to both domain users. The Sync your settings is all grayed out and all set to off. However, I noticed the desktop background synced and the Favorites Synced. How do I disable all these settings so they cannot be used and are turned off?

Disable Live Tiles
Disable Settings - Accounts - Sing-in Options - Create a PIN
Disable Settings - Accounts - Your account - Add Microsoft account
Disable Settings - Accounts - Your account - Add a work or school account
Disable Settings - Accounts - Sync your Settings


Disable Live Tiles
GPO - User Configuration/Policies/Administrative Teplates/Start menu and Taskbar
Clear history of Tile notification on exit Setting: Enabled

GPO - User Configuration/Policies/Administrative Teplates/Start menu and Taskbar/Notifications
Turn off notifications network usage Setting: Enabled
Turn off tile notifications Setting: Enabled

Disable Settings - Accounts - Sing-in Options - Create a PIN
GPO - Computer Configuration/Policies/Administrative Templates/System/Logon
Turn on PIN sign-in Setting: ... Read more

A:GPOs to Disable Account Settings are not working

Where did you find a GPO template for Windows 10?

Read other 6 answers
RELEVANCY SCORE 45.6

Okay, I really must be doing something wrong, but I don't think I am. We just recently moved to Windows 2000 and I am trying to set up GPOs in our domain. What I did was created a new OU for the domain. In this OU, I created a few OUs for various groups of computers (different PC labs we have), and OU for "students" and and OU for "faculty". I then moved the necessary computers into each computer OU and then placed the student global group and faculty global group into their respective OUs.

From here, using AD Users and Computers, I right click on an OU (Student OU for example) and choose the Group Policy Tab. I create a new GPO, choose to enable "Disable Control Panel" and then rename the GPO and close it out. I tried leaving it like this and did not work.

So I then clicked on the properties of the Student Global Group located inside the Student OU and chose the security tab, where I chose for the student global group READ and APPLY GROUP POLICY.

Still, did not work!!!

What am I doing wrong?? Is there something else I should be looking at??

The same goes for GPOs I set up for any of the Computer OUs, like enabling the option to "Not show the last logged on user". No GPOs are effective right now.

Thank you all so much in advance!!

Pete
 

Read other answers
RELEVANCY SCORE 45.6

In trying to adhere to the disable Dr. Watson crash dumps STIG, I need to locate which GPO setting that disables the crash dumps. I'm aware of the ways to disable the createcrashdump in the regisrty or deleting the AeDebug registry key. However, I have a GPO that is enabling the crash dumps. (I know this because everytime I manually disable it and refresh my group policies it is re-enabled.)

I've been able to isolate which GPO is enabling the crash dumps by unlinking all my GPOs and re-linking them one by one to locate the culprit. I've manually looked through the policy settings of the GPO enabling the crash dumps and can't find anything that would disable the create crash dumps. I was wondering if anyone knew off hand how to disable the Dr. Watson crash dumps or disable Dr. Watson completely through a Group Policy Setting.

I'm all googled out on this one. Any assistance would be great thanks.

OS: Windows Server 2003 SP2, Windows XP SP2
 

Read other answers
RELEVANCY SCORE 45.6

Hello
We are moving to Windows Server 2012 R2 and therefor to Internet Explorer 11. I have already upgraded the administrative template files holded by our domain controller (.admx files on the central store). 
When trying to create a GPO I just can't find a configuration item to set the browser title. I know that IEM has gone in favor of group policy preferences. But there is no such config item there as well. Am I stuck with IEAK11?

Thanks in advance
Matthias

A:Howto to set browser title of IE11 using GPOs

Hello Matze2ooo,
the link is this
Package Type Selection: Internet Explorer Customization Wizard. It creates a *.exe file you have to distribute.

These are useful TechNet Library articles helping you with
IEAK 11:

Good starting point -
IEAK 11: List of tasks and references to create, manage, and deploy Internet Explorer 11 custom packages
How to deploy IEAK 11 -
Internet Explorer 11 (IE11) - Deployment Guide for IT Pros How to distribute
Deploy Internet Explorer 11 using software distribution tools
As written above, you could also distribute a the registry key Windows Title
through GPO to users.
 
Bye,
Luca





Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. | Whenever you see a helpful reply, click on Vote As Help and click on Mark As Answer if a post answers your question.

Read other 7 answers
RELEVANCY SCORE 45.2

Hi all,
I'm trying to set Google as the default search engine when an end-user types something in the navigation bar. Standard this is Bing, and although Bing is wonderful we still would like to go with Google.

What I did:
1. Made a new GUID (PowerShell New GUID thing): {001c1193-09c6-4f56-a5b7-2b031da433a7}
2. Set the following reg keys:









Action
        Replace






Hive
HKEY_CURRENT_USER


Key path
Software\Microsoft\Internet Explorer\SearchScopes


Value name
DefaultScope


Value type
REG_SZ


Value data
{001c1193-09c6-4f56-a5b7-2b031da433a7}









Action
        Replace



Properties



Hive
HKEY_CURRENT_USER


Key path
Software\Microsoft\Internet
Explorer\SearchScopes\{001c1193-09c6-4f56-a5b7-2b031da433a7}


Value name
DisplayName


Value type
REG_SZ


Value data
Google








Action        
Replace



Properties



Hive
HKEY_CURRENT_USER


Key path
Software\Microsoft\Internet
Explorer\SearchScopes\{001c1193-09c6-4f56-a5b7-2b031da433a7}


Value name
FaviconURL


Value type
REG_SZ


Value data
http://www.google.com/favicon.ico








Action
        Replace



Properties



Hive
HKEY_CURRENT_USER


Key path
Software\Microsoft\Internet
Explorer\SearchScopes\{0... Read more

Read other answers
RELEVANCY SCORE 44.8

Hi All,

I have a Windows 7 Enterprise Ed laptop which does not applies the computer GPOs. User GPOs work fine.
In the event log, Event ID 1125 is logged:
?The processing of Group Policy failed because of an internal system error. Please see the Group Policy operational log for the specific error message. An attempt will be made to process Group Policy again at the next refresh cycle.?

In the Details tab:
Error code 19, ?The media is write protected?


When I run ?gpupdate /force? or ?gpupdate /target:computer? After a long time, I get the message: ?Computer Policy update has not completed in the expected time. Exiting??GPRESULT /H GPReport.html gives: ?ERROR: Access Denied? (run as local administrator)RSoP.msc: ?The RSoP snap-in was unable to generate the RSoP data due to the error listed below. Details: This operation returned because the timeout period expired?

The laptop is part of a large domain (more than 10k clients). This is the only one with this error (for as far as I know?)
Any help would be much appreciated.
Johan

Read other answers
RELEVANCY SCORE 44

Appreciate if anyone can advise of the RPTester tool is a publicly available tool glimpsed in forum question

Delegation Authorization Rules / ActAs removed in ADFS 4.0? (Windows Server 2016)

Read other answers
RELEVANCY SCORE 43.6

Hey guys, I have windows 7 and set up Homegroup. All the folders I share additionally to what Homegroup is sharing have EVERYONE in the Security Tab enabled with all Permissions checked!

Now I also realised that C:\Users has in Security Tab has EVERYONE with Read & Execute - List - Read activated?

Is that the default option?

And is it normal that every folder I share in Homegroup gets EVERYONE added with all Permissions?

A:Everyone in C:\Users Security Tab?? Is that right?

If i read your post right you are talking about Share Permissions and not NTFS permissions.

If this is the case, the is normal. When looking at what access a user has when accessing a shared folder, you combine the share permissions and NTFS permissions with the least priviledge taking priority.

For example, if user John has FULL CONTROL permission to the USERS share but has only READ permission for NTFS permissions on that folder, then John can only read.

Read other 6 answers
RELEVANCY SCORE 43.2

Hi all

I just realized that when i installed windows, I only had an admin account. I created a normal user account, but all my programs are installed for the admin user.

How do I make an existing installed program available to my 'normal' user?

Also, how do people secure their machines? Meaning, do you run malware, firewalls, etc, and if so which?

thanx in advance...

A:Users and programs and security

Welcome
For the first part of your question this should help

How to Take Ownership and Grant Permissions in Windows Vista My Digital Life

Read other 9 answers
RELEVANCY SCORE 43.2

If you don't know how our certain security applications render their findings, then please don't ask for them!!
Those of us who know the Developer's and what to look for, work on many other forums. It just takes time away from us to go through more than "WE" asked for. It's okay to ask and have a look at the Topic, tho'!
Thanks for understanding this issue

A:Please don't ask users to run 'Security' Apps!

So basically, only let people with fancy mvp badges etc help out with security problems? Sorry, but i don't have any of these fancy things, i don't work on other forums, i've never helped on another forum like this yet i've helped solve MANY security issues.
Thank you for understanding my issue

Read other 7 answers
RELEVANCY SCORE 43.2

Is it normal to have "Everyone" in security permissions under \Users?
Given that Users(PCname\Users) is already in the list.

A:Security Permissions for Users

  
Quote: Originally Posted by mjf


Is it normal to have "Everyone" in security permissions under \Users?
Given that Users(PCname\Users) is already in the list.


just checked my system (32bit) and no it is not. Did you upgrade from a previous OS?

Read other 1 answers
RELEVANCY SCORE 43.2

Since the search engine doesn't work on this forum, I'll create a new post. I'm trying to set up different IE security settings for the different users on my XP Home machine. Specifically, I want more strict settings when my kids are logged in.

I can't seem to figure out how to change the settings for a specific user. Can anyone shed some light on this for me?

Thanks!

...Scotty

Read other answers
RELEVANCY SCORE 43.2

Hi Guy's,

Long time no see...... now a problem for ya?

In my security tab in properties I have 3 unknown user accounts

Can anyone shed any light on these... I have run all types of

security software to no avail.


Many Thanks


Cheekyman

A:Unknown users in security tab??

What are the names of the accounts?

By any chance - TrustedInstaller, Authenticated Users, Administrators, SYSTEM, ...?

Read other 7 answers
RELEVANCY SCORE 43.2

Hi all,

I'm sorry to post again, but I've some problems....

Recently I've got a lot of pop-up ads for anti-spyware etc. I've got a flashing icon in my system tray that says I have all sorts of malware (which I think is malware), and I had these two icons added to my programs list "live safety center" and some security thing which I deleted. I've been getting a lot of norton alerts telling me that it's found and deleted certain viruses etc. I think largely it started with Virtumundo and I downloaded to Vundofix programs and ran them and they seemed to work except that I'm still infected and I have no idea how I keep getting infected. I've ran norton, spybot, AVG, cleaned all my prefetch, temp files, garbage files, cache etc using CCleaner, Clean Up! and ATF Cleaner. But it keeps coming back. I'm running spybot again now and I think it's found some more stuff. I'm posting my HJT log below.

Since my last post, where my IE was knocked out, I haven't been using IE but using Firefox instead, which is now my default browser. But the pop-ups still come up in IE windows.

Currently, I've run VundoFix and Vurtomondubegone, spybot, and AVG, and combined i thought I picked up whatever virus I had. My system looked clean and then I started up a again, and as soon as I loaded my homepage, another popup came on!!! Then I thought it was maybe a widget that i had on my igoogle homepage--something created not by google or something. So i've removed and am now awaiting t... Read more

A:Help Please: pop-ups, system alerts, added "live security center" etc

EDIT: So I've still been having some pop-up problems. The big system alert pop-up in the system tray has gone away. But, I was still getting some IE pop-ups whenever I had IE open; they would pop-up right on top of the window that would be open so it looked like it was a redirection. Anyway, after running some more VundoFixes and spybots, etc., I found a cache of infected .dll files in the C:\Windows\system32 dir created recently and so cleared them out. That improved my system but I was still getting pop-ups. I ran panda activescan (after feeling comfortable running IE) and here is the report:


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mlljg.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Steve Sha\My Docume... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

Securing Microsoft Outlook on the Windows PC (may also be applicable for Mac users).

I am unaware of any currant threats against Outlook Desktop Client, however: With all of the current threats, especially spam, Ransomware, malicious documents, .zip attachments, and even iframes and JavaScript propagating Ransomware and Malware, have you considered disabling both the Attachment Preview and/ or the Reading Pane (The part generally on the right side where you can view the message without double-clicking the message to open. That way, if you are unsure of the sender, you can move it to Junk before opening. I have done out of caution.

There have been 0-days before and they are likely to be a problem in the future as both Internet Explorer, Office and I believe Windows all have OLE integrated in them. It's also wise, as when you Open Outlook and it downloads messages, what happens if the last message it downloads is malicious and you have both the Attachment Preview and Reading Pane enabled? The email will displayed, possibly the attachment previewed (within a sandbox of some sorts such as IE). There is a potential for exploitation.

The links below offer instructions if you choose to take this precaution.
Previewing Attachments - Microsoft Office Support

Reading Pane On/Off - Microsoft Office Support

For users of Outlook Web App (Browser version)

Previous Patched Vulnerability -RCE:
Outlook ?letterbomb? exploit could auto-open attacks in e-mail
(From 12/20... Read more

Read other answers
RELEVANCY SCORE 42.8

Hello,

I would like to make a few quick questions about comodo

1/ How many of you are really using comodo (CIS, CF, CCAV)?
2/ what settings are you using? Minimal tweaks or many tweaks? Could you please share it? How stable and how annoying are they?
3/ What should I change other than CS's settings on her video?

Thank you
 

A:How many MT users are using COMODO security products?

Hello.Im using comodo firewall and panda free av.
Comodo FW settings from cruelsister
Panda Free AV settings: default. I also have the panda toolbar.
I have tested this combo a lot and the system remained clean.
I picked panda because its very light. I tried Qihoo but it was heavy and i saw an article about stolen data or something whatever. So i deleted it and installed panda.
Althought with cruelsister's settings u dont really need av but i wanted one
PS: In my opinion Panda is underrated product BUT if you try it for yourself you will see its pretty good.
 

Read other 2 answers