Group Policy to allow specific users to install specific software without admin privileges
I am a newly system administrator for an organization and I am trying to create a Group Policy that will allow specific users to download and use certain software like LogMeIn123 without having to use admin privileges. We don't want to give full admin rights, but only for this specific instance. I have done some research, but I am not sure the best way to set this up. The problem is our IT team consists of 3 members total and cannot be everywhere at once and this would be beneficial in key times. I have seen some people recommend using a login script, but I am not sure how to do that. I have also seen some people recommend using a third-party tool which is out of the questions for our organization. I am also open to other ways and ideas of having preforming this. Can anyone please provide me with some instructions on how to set this up? Thanks in advance for your help! Additional information: I am using Windows Server 2012R2. I have a list of the specific users that I want to allow to install LogMeIn123. I have the LogMeIn123 installation file located on a network server.
Group Policy object did not apply because failed error code:0x80070709 The printer name is invalid
Hi Everyone, I have a few AVD pools where we publish an app for users to access. Users report that printers are not being mapped after login. We use GPP user side to map printers and set as default. Many a times we see these events logged: VALUE>The printer name is invalid.</VALUE></PROPERTY>-</INSTANCE> Event ID 4098 is logged in the Application Log: Log Name: Application Source: Group Policy Printers Date: <DateTime> Event ID: 4098 Task Category: (2) Level: Warning Keywords: Classic User: SYSTEM Computer: server.fabrikam.com Description: The user 'HP Printer' preference item in the 'Define Printers {XXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}' Group Policy object did not apply because it failed with error code '0x80070709 The printer name is invalid.' This error was suppressed. For this one I found this KB which is really not helpful since there is no possible solution as the client is a AVD VM and used by many users at the same time. VALUE> No printers were found.' VALUE></PROPERTY>-</INSTANCE> Event ID 4098 is logged in the Application Log: Log Name: Application Source: Group Policy Printers Date: <DateTime> Event ID: 4098 Task Category: (2) Level: Warning Keywords: Classic User: SYSTEM Computer: server.fabrikam.com Description: The user 'Accounts - Main Printer' preference item in the 'Printers - Global {zzzzzzzzzzzzzzzzzzzzz}' Group Policy Object did not apply because it failed with error code '0x80070bc4 No printers were found.' This error was suppressed. VALUE>The specified printer has been deleted.</VALUE></PROPERTY>-</INSTANCE> Event ID 4098 is logged in the Application Log: Log Name: Application Source: Group Policy Printers Date: <DateTime> Event ID: 4098 Task Category: (2) Level: Warning Keywords: Classic User: SYSTEM Computer: server.fabrikam.com Description: The user 'Sales-Printer' preference item in the 'Printers - Global {zzzzzzzzzzzzzzzzzzzzz}' Group Policy Object did not apply because it failed with error code '0x80070771 The specified printer has been deleted.' This error was suppressed. No KB's or posts out there to help with these 2 errors. Really need assistance and printers are not being mapped on first logon, users need to come out of AVD and go back and relaunch the app to see the printers mapped. This is the same case with our internal app or Notepad. Thanks, MWindows Admin Center needs a Group Policy Extension for GPMC
That's one of the important things that is missing in WAC 1907. even if not as part of the main features, make it available as an extension to optionally install it whoever needs it. Then, Microsoft can expect people to move from RSAT to the new WAC.
Unusual Behavior using GPO PowerShell Scripts During Restart/Shutdown in Hyper-V – Need Help
I have noticed strange behavior in Hyper-V. Group Policy is configured to execute PowerShell scripts for logon, logout, startup, and shutdown. The typical sequence of script execution is: startup → logon → logout → shutdown. However, an issue arises when a restart is initiated while logged in (i.e., after startup and logon scripts have already been executed). Upon clicking the restart button from the GUI, the following occurs: after the logout and shutdown scripts run as expected, the startup script is executed and the logon script (!) is triggered. This happens despite the fact that the lock screen is displayed after the restart, and no user has logged in yet. This phenomenon consistently occurs when restarting or shutting down from the GUI while logged in. It does not occur when restarting via the command line using shutdown /r /t 0 or shutting down with shutdown /s /t 0. Why does Hyper-V behave in this inexplicable manner, executing the logon script in such cases? Is it possible to configure something within the virtual machine to address this issue? Or are there specific Group Policies for script execution that could control this behavior? Could there be certain Registry entries that influence the shutdown or restart process to prevent this issue in Hyper-V? Alternatively, could the problem be resolved by modifying the startup or logon scripts, for instance, by adding conditions to verify if an actual login has occurred? Any ideas or suggestions to explain or resolve this behavior would be greatly appreciated.
Server 2016 Windows Update disabled?
I have Windows 2016 and 2019 Servers. All in in the same OU and getting the same Group Policy. This is confirmed via gpresult. I am using GP to disable Automatic Updates. This looks to be working in 2019: But with Server 2016, it says this: Should I expect these servers to update?
Admin account Lockout
Hi All - I have been asked to implement password chages ppoicy at a site we support. During this process I also setup account lockout policy after 5 invalid attempts The option Allow Administrator Account lockout was enabled and now when trying to login I have the message - The referenced account is currently locked out and may not be logged onto. We have only used the correct password to logon - but this still has happened and waiting 30mins does not sort this issue. Also, I have no other Administrator account for this Domain Server. Does anyone have any suggestions on dealing with this ? The Policy has the following settings - Account Lockout Duration 30mins Account Lockout Threshold 5 Invalid logon attemps Allow Administrator Lockout Enabled Reset Account loclout Counter after 30minsRecycle Bin GPO settings not working/implemented in Windows Server 2022.
Hi, folks. I leverage the following three settings under User/Administrative Templates/Windows Components/File Explorer to effectively disable the Recycle Bin and force prompting for deletions on all Windows Server hosts, yet on Windows Server 2022, they are having no effect. The description for each setting contains no hints as to whether they've been deliberately omitted from Windows Server 2022 (most likely) or this is just some kind of bug/accidental omission. I ran a cross-check using the local group policy editor on a Server 2022 host as I haven't specifically updated the domain templates to Server 2022, but it's the same outcome. Does anyone have any insight as to whether these settings have been dropped as of Server 2022/Windows 11? Cheers, Lain
