Group Policy Object
10 TopicsConfigure RPC packet level privacy setting for incoming connections not show in group policy
Hi, it's about the group policy setting in windows server 2022, I have downloaded Windows Server 2022 Security Baseline.zip from https://www.microsoft.com/en-us/download/details.aspx?id=55319 Microsoft Security Compliance Toolkit 1.0 and imported SecGuide.adml and SecGuide.admx. I can see the MS Security Guide folder in local group policy editor, but there is no setting for "Configure RPC packet level privacy setting for incoming connections", I also try to find from All Settings, there is no such setting. Could you advice how to config it to let it show in the group policy editor or GPO. Thanks.Solved4KViews0likes2CommentsTamper Protection managed by administrator and OFF - cannot be enabled manually when joined on-prem
Hi all, We are currently only managing Microsoft Defender ATP via Group Policy and there is no GPO for tamper protection. But we cannot enable it manually either-. "This setting is managed by your administrator" and set tamper protection to OFF. When deploying a new Windows 10 I can enable it manually. When joining the computer to on-prem AD and GPO for Windows Defender ATP hits, temper protection is turned off and you cannot change it. Is this by design or is there a GPO setting interfering? Thanks!52KViews2likes13CommentsLogin Script to Popup a Windows Form
Hi, I am trying to popup a form via a PowerShell login script (User Configuration) but the form is getting supressed even when using: $form.Topmost = $true Does anyone know a way via PowerShell I can force the form to popup? I'd like to avoid using the "Run logon scripts visible" setting since its not the only script running and the form will only display when certain criteria are met. I can't post my actual script but its a pretty generic form much like this: Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $form = New-Object System.Windows.Forms.Form $form.Text = 'Data Entry Form' $form.Size = New-Object System.Drawing.Size(300,200) $form.StartPosition = 'CenterScreen' $okButton = New-Object System.Windows.Forms.Button $okButton.Location = New-Object System.Drawing.Point(75,120) $okButton.Size = New-Object System.Drawing.Size(75,23) $okButton.Text = 'OK' $okButton.DialogResult = [System.Windows.Forms.DialogResult]::OK $form.AcceptButton = $okButton $form.Controls.Add($okButton) $cancelButton = New-Object System.Windows.Forms.Button $cancelButton.Location = New-Object System.Drawing.Point(150,120) $cancelButton.Size = New-Object System.Drawing.Size(75,23) $cancelButton.Text = 'Cancel' $cancelButton.DialogResult = [System.Windows.Forms.DialogResult]::Cancel $form.CancelButton = $cancelButton $form.Controls.Add($cancelButton) $label = New-Object System.Windows.Forms.Label $label.Location = New-Object System.Drawing.Point(10,20) $label.Size = New-Object System.Drawing.Size(280,20) $label.Text = 'Please enter the information in the space below:' $form.Controls.Add($label) $textBox = New-Object System.Windows.Forms.TextBox $textBox.Location = New-Object System.Drawing.Point(10,40) $textBox.Size = New-Object System.Drawing.Size(260,20) $form.Controls.Add($textBox) $form.Topmost = $true $form.Add_Shown({$textBox.Select()}) $result = $form.ShowDialog() if ($result -eq [System.Windows.Forms.DialogResult]::OK) { $x = $textBox.Text $x } Any help would be appreciated. Thanks2KViews0likes2CommentsGroup Policy Objects - Drive Mapping with Passwords
Struggling to Map a Drive to an external source with a Username and Password through GPO. We are using SIMs as our MIS in school and use certain reporting features that require a mapped drive to the LAs Server, in legacy GPO you could map a drive with a username and password using the CPassword Attribute - but due to being a "known security risk" this was removed by Microsoft. Our users are restricted and have locked down profiles so dont have permission to map the drive themselves using the username and password and because of CPassword Attribute being removed from GPO we cannot map the drive? Any help in doing this through GPO?916Views0likes0CommentsExcluding a user or machine from Domain Group Policy
Hi, I am trying to exclude a machine/user from applying domain group policy for screen lock. However none of the solution I found on google worked for me. I created a new GPO and linked it to the Active Directory Group (user is a member) and linked the GPO to the group. and desired OU. In the Policy delegation tab under Advanced setting added the user and set permission Deny : Allow the policy. That too didn't work. Tried the same with the computer account too, still no luck.1.5KViews0likes3CommentsActive Directory DFSR headache
We have 23 DC's, all but one of which are 2012R2. The one-off, I upgraded a couple weeks ago directly from 2012R2 to 2019. For the past year or two we've had 2 DC's that weren't doing SYSVOL replication. I thought I had fixed that before I started with the process of getting them upgraded to 2019, but now that I've done one server, it looks like I was incorrect. So here's what's driving me nuts. Using the "status" tab of the Group Policy Management MMC, things are either horribly FUBAR, or humming along perfectly, depending (apparently) on the OS of the computer I'm running the MMC from. If I run it from a Windows 10 workstation or the Server 2019 DC, things look bad. I show 15 servers with replication "in progress", of which 13 show a status under the SYSVOL column of "Inaccessible", and 2 show a "Contents" issue with a single GPO. If I run the MMC from the 2012R2 DCs or from a Win 8.1 VM I spun up on a hunch, I show all 22 DCs in perfect sync (both AD and SYSVOL) with the baseline DC. When I use a file/folder comparison tool on the contents of the SYSVOL folder for each DC, not one of them matches the contents on the PDC. Although there are no "orphaned" files or folders, the date modified doesn't match on a varying number of files and/or folders for each DC (sometimes off by years). The closest is actually the 2019 DC, which only shows mismatches on the contents of 3 GPOs. The DFSR event logs don't show any regularly occurring errors other than losing replication for a bit between DCs when one goes down for system state backup. I ran a dcdiag /a /c, and didn't see any errors in there aside from the DFS test failing due to the above-mentioned errors caused by backups, some system event log errors due to a deleted computer account, and one DC had a typo in the secondary DNS entry on its network adapter settings. There are also no errors when I run repadmin /showrepl. I've tried running both non-authoritative and authoritative replications using the instructions https://docs.microsoft.com/en-us/troubleshoot/windows-server/group-policy/force-authoritative-non-authoritative-synchronization, and neither made any difference at all. Any suggestions?Solved1.7KViews1like3CommentsHybrid Azure Join
Hello everyone, we want to use the Hybrid Azure Join Now my question is, can we use Cloud GPO's (CSP/ADMX) AND On Prem GPO's? So for example, can I roll out printers via local GPO and software, onedrive settings via Intune from the cloud? Unfortunately I can't find any information here, if Google is not my friend today Best Regards, Phil2.7KViews0likes3CommentsUnderstanding of custom policies / oma-uri / registry
Hi, i would like to understand the whole topic belonging custom policies / OMA-URI / registry a little deeper. I hope that some of you guys would like to join the disscussion to gain some new knowledge together. The first goals should be: Configuring some basic "onboard" registry values Implementation of some Group Policy Objects through Intune Config Let me outline one or two examples: I would like to create / edit a registry value at a specific path. (e.g. HKCU\Software\sample\subfolder) I would like to take an existing GPO and move this one completely to Intune management (e.g. User Configuration \ Preferences \ Folder Options -> hide known file extensions:false) My thoughts on this: This should be possible, right? 😄 I already used "admx ingesting" before e.g. for use with Google Chrome ADMX / Google Update ADMX, which worked fine after understanding it. 😉 Is it possible to use all the other gpo related settings within intune, when they' aren't present in the "administrative templates profile", yet? If yes, how? Any participation in discussion is highly appreciated. Regards PatrickSolved48KViews0likes5Comments