Tag Archives: grouppolicy
Microsoft Technet

Sometimes it’s nice to see Microsoft add my information to their knowledge base.

By on Wednesday, May 29, 2013

This morning I was working on a Sites and Services issue for a client and part of the troubleshooting process was to run the Best Practice Analyzer on the domain controller. One of the results was to enable client fallback to the local netlogon and sysvol share after the local domain controller comes back online again. This reduces traffic across the network. I’m not quite sure why this is not enabled by default.

The BPA points to the technet article DFS-N: Client failback should be enabled for the Netlogon and SYSVOL folders on domain controllers.  Scrolling through the page I was pleasantly surprised to see my avatar at the bottom with a comment on improving the documentation with the actual registry keys that needed changing. Not only was my comment on the page, the original web page had been updated to include the information.

It’s nice to see content updated based on user feedback. It’s not nice to see that I had this problem 3 years ago 😉

Continue Reading
0
Group Policy Work

Group Policy Naming Conventions?

By on Wednesday, January 25, 2012

Jeremy Moskowitz from the GPAnswers website posted a good question today – How do you name your Group Policies? Strangely enough it had never occurred to me to have a naming convention for the GP’s – normally I just make sure they are descriptive enough in the name and use the comment fields in 2008 and newer to provide a changelog of the Group Policy and details on what it should do. However, this does rely on EVERYONE updating the group policy and I know this doesn’t always happen – even I sometimes forget to fill in this information when making a quick change, so have a standard naming convention seems a great idea. Having the author (or initials) is also important so other people can easily hunt track you down to get clarification or assistance on the settings.
Do you have any naming conventions that you use?

Continue Reading
0
Group Policy Microsoft

Fixed – Group Policy settings show “An error occurred while generating report: An unknown error occurred while the HTML report was being created.”

By on Thursday, August 5, 2010

Whilst doing some troubleshooting work for a client’s group policy settings that were not being applied to a vista machine I launched the Group Policy Management Console (gpmc) and when I went to view the Resultant Set Of Policy (RSOP) of a client machine and when I tried to view the default domain policy I received the message “An error occurred while generating report: An unknown error occurred while the HTML report was being created.” All other group policies appeared fine – it was just the default domain policy – arguably the most important one and not an easy one to restore. My first step was to use a DC that did not have the gpmc installed to use the native group policy tools within the Active Directory Users and Computers snapin. Fortunately this tool worked and I could see the settings…..lots of them.
As I knew the group policy did not seem to be corrupt I then went back into gpmc and attempted a backup of the group policies. All but the default domain policy backed up successfully.
The error message almost looked similar to issues when trying to view web pages on a server with the enhanced ie security enabled but it didn’t really make sense that it was only affecting one group policy.

After a few minutes of digging I found an entry on tek-tips (a site I don’t like to use due to the popups and nag screens) but in this case the answer worked. From Roadki11’s posting on tek-tips.com:-

Cause:
Seems to be something with importing IE security settings.

Solution:
Edit install.ins inside: {GUID of Policy}\user\MICROSOFT\IEAK

[Security Imports]
ImportSecZones=1

Set it back to “0”

Using gpmc I obtained the guid of the policy by right clicking the policy and choosing properties then I connected to c:\WINDOWS\SYSVOL\sysvol\domain\Policies\{guid}\user\Microsoft\ieak
First I made a backup and then edited install.ins, set ImportSecZones to 0 and was then able to edit the policy in gpmc.
Hopefully the background information and the instructions on how to connect to the correct file helps others.
Whilst you are in the gpmc make sure you go down to Group Policy Objects, right click, Backup All, select a location, enter the date and time stamp for the description and back those policies up. Document where the backups are stored so that if you need to restore them they are easily accessible – even on another computer.
I’ve now added the backup to our checkup and system documentation instructions so at a minimum we will have monthly backups of the group policies and a documented location for where this information is kept. In an ideal world, printing off the settings would also be a good way to document the information too.

Continue Reading
3
Security

Printing now works in the kiosk mode

By on Saturday, May 6, 2006

I forgot to blog that we fixed the problem with not being able to use Ctrl-P to print in internet explorer with a kiosk group policy on a machine. The solution which sort of makes sense was to enable the File menu again. We had restricted this but for some reason this also restricts ctrl-p, ctrl-s and other shortcuts on some sites. By enabling the File Menu in the group policy everything worked 100% of the time. Further details in the extended entry

Continue Reading
0