GroupPolicy/Registry issue
My MDR product is having an issue with scanning the registry of our hosts. It times out and causes performance issues, essentially bringing down the host. I opened a case with their support and we narrowed the issue down to this reg key: Computer\HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects There are hundreds of sub keys, each with their own sub keys. It seems each time group policy is applied to the host, 2 new keys are created, a machine and a user key. As a test, I deleted everything under the main key and rebooted. After logging back in, 2 new keys had been created. After a day I checked again and there were a dozen or more. Now after a few weeks we're back up to hundreds. Does anyone have any ideas as how to automatically clean up the older entries to keep the number to a minimum? Or is there a way to stop this behavior? Thanks
Group Policy object did not apply because failed error code:0x80070709 The printer name is invalid
Hi Everyone, I have a few AVD pools where we publish an app for users to access. Users report that printers are not being mapped after login. We use GPP user side to map printers and set as default. Many a times we see these events logged: VALUE>The printer name is invalid.</VALUE></PROPERTY>-</INSTANCE> Event ID 4098 is logged in the Application Log: Log Name: Application Source: Group Policy Printers Date: <DateTime> Event ID: 4098 Task Category: (2) Level: Warning Keywords: Classic User: SYSTEM Computer: server.fabrikam.com Description: The user 'HP Printer' preference item in the 'Define Printers {XXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}' Group Policy object did not apply because it failed with error code '0x80070709 The printer name is invalid.' This error was suppressed. For this one I found this https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/group-policy-printer-preferences-not-set-default-printer#resolution which is really not helpful since there is no possible solution as the client is a AVD VM and used by many users at the same time. VALUE> No printers were found.' VALUE></PROPERTY>-</INSTANCE> Event ID 4098 is logged in the Application Log: Log Name: Application Source: Group Policy Printers Date: <DateTime> Event ID: 4098 Task Category: (2) Level: Warning Keywords: Classic User: SYSTEM Computer: server.fabrikam.com Description: The user 'Accounts - Main Printer' preference item in the 'Printers - Global {zzzzzzzzzzzzzzzzzzzzz}' Group Policy Object did not apply because it failed with error code '0x80070bc4 No printers were found.' This error was suppressed. VALUE>The specified printer has been deleted.</VALUE></PROPERTY>-</INSTANCE> Event ID 4098 is logged in the Application Log: Log Name: Application Source: Group Policy Printers Date: <DateTime> Event ID: 4098 Task Category: (2) Level: Warning Keywords: Classic User: SYSTEM Computer: server.fabrikam.com Description: The user 'Sales-Printer' preference item in the 'Printers - Global {zzzzzzzzzzzzzzzzzzzzz}' Group Policy Object did not apply because it failed with error code '0x80070771 The specified printer has been deleted.' This error was suppressed. No KB's or posts out there to help with these 2 errors. Really need assistance and printers are not being mapped on first logon, users need to come out of AVD and go back and relaunch the app to see the printers mapped. This is the same case with our internal app or Notepad. Thanks, M
Unusual Behavior using GPO PowerShell Scripts During Restart/Shutdown in Hyper-V – Need Help
I have noticed strange behavior in Hyper-V. Group Policy is configured to execute PowerShell scripts for logon, logout, startup, and shutdown. The typical sequence of script execution is: startup → logon → logout → shutdown. However, an issue arises when a restart is initiated while logged in (i.e., after startup and logon scripts have already been executed). Upon clicking the restart button from the GUI, the following occurs: after the logout and shutdown scripts run as expected, the startup script is executed and the logon script (!) is triggered. This happens despite the fact that the lock screen is displayed after the restart, and no user has logged in yet. This phenomenon consistently occurs when restarting or shutting down from the GUI while logged in. It does not occur when restarting via the command line using shutdown /r /t 0 or shutting down with shutdown /s /t 0. Why does Hyper-V behave in this inexplicable manner, executing the logon script in such cases? Is it possible to configure something within the virtual machine to address this issue? Or are there specific Group Policies for script execution that could control this behavior? Could there be certain Registry entries that influence the shutdown or restart process to prevent this issue in Hyper-V? Alternatively, could the problem be resolved by modifying the startup or logon scripts, for instance, by adding conditions to verify if an actual login has occurred? Any ideas or suggestions to explain or resolve this behavior would be greatly appreciated.
Server 2016 Windows Update disabled?
I have Windows 2016 and 2019 Servers. All in in the same OU and getting the same Group Policy. This is confirmed via gpresult. I am using GP to disable Automatic Updates. This looks to be working in 2019: But with Server 2016, it says this: Should I expect these servers to update?Recycle Bin GPO settings not working/implemented in Windows Server 2022.
Hi, folks. I leverage the following three settings under User/Administrative Templates/Windows Components/File Explorer to effectively disable the Recycle Bin and force prompting for deletions on all Windows Server hosts, yet on Windows Server 2022, they are having no effect. The description for each setting contains no hints as to whether they've been deliberately omitted from Windows Server 2022 (most likely) or this is just some kind of bug/accidental omission. I ran a cross-check using the local group policy editor on a Server 2022 host as I haven't specifically updated the domain templates to Server 2022, but it's the same outcome. Does anyone have any insight as to whether these settings have been dropped as of Server 2022/Windows 11? Cheers, Lainsetting GP Link failure
I'm trying to connect several group policies to their OU via Powershell the command used is New-GPLink -Name $line.Displayname -Target $line.Target -LinkEnabled $LinkEnable -Order $line.Order where the viariables are read from a csv file The command fails with the following error New-GPLink : A referral was returned from the server. At D:\Scripts\LinkGPO.ps1:17 char:1 + New-GPLink -Name $line.Displayname -Target $line.Target -LinkEnabled ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [New-GPLink], DirectoryServicesCOMException + FullyQualifiedErrorId : System.DirectoryServices.DirectoryServicesCOMException,Microsoft.GroupPolicy.Commands.NewGPLinkCommand I also tried the same command with the explicit path and names but it fails as well connecting it via the Group Policy Management works indeed any help ?Printer Group Policy on a TSDisconnect not working correct on server 2022
We have users that roam between floors and we have one Group Policy handling the printer setup. So when the user is on Floor 1, they get printer A and B, but when they disconnect and go to Floor 2 they get printers C and D. and the default printer changes according to the floor they are on. The GP is setup so that if they are on a Floor 1 endpoint computer it gives out printer A and B. All of this is setup in one GPO and it is divided up by floors. I can simulate this problem on two computers setup at my desk lab. We used to use Server 2012 and it worked just fine. When the user would do a tsdisconnect, and connect back to their session, the printers would change per floor. I know it is the same session, because programs stay open. We went recently to Server 2022 and this stopped working. The printers from Floor 1 stayed and never changed to Floor 2 printers. So I dropped back on a test machine to Server 2016 and it works fine with that version as well. I have not tried 2019, but we had similar issues of it giving us "ghost sessions" that we couldn't kill, which is a whole other problem. It seems like since 2012 or 2016, the server family has some weird problems. I searched high and low for people with similar problems, but most people seem to "lose" their default printer, and I don't have that issue, I can't get it to change according to GPO. Thanks for an insight on this.
group policy setting to restrict which users are allowed to sign in to google chrome
I am trying to setup a group policy for chrome to "restrict which users are allowed to sign in to google chrome". Any ideas what the correct formatting of the string should be for this setting if I need to include multiple domains as in restricting to domains in this list? wc.k12.mo.us maryviller2.com moval.edu sps.org Is this the correct format? *@wc.k12.mo.us|*@sps.org|*@moval.edu|*@maryviller2.com
