|
BangersInMyKnickers posted:You don't need Vista clients to use the new group policy features, only a Vista machine to build the actual policies. So long as the group policy extension update is installed on the XP or Server 2003 system they will apply there just fine, which is why I was trying to shift focus away from using VBScript and batch scripting. I wish we had a test environment... I hate testing in production, but this sounds worth checking out. This may be a silly question, but... how do you build a policy on a Vista machine then apply it on a 2003 domain? BangersInMyKnickers posted:My general procedure is to keep everything filed in \\fileserver\packageshare\product\version#\ to make sure each version gets its own directory. With things like Flash or Acrobat Reader the installer packages are smart enough to remove the old version, but I typically don't like to leave that kind of thing up to chance. I keep a generic policy for installing Java for example, and each time a new revision comes out I do an admin install of it to it's new version directory and then add that installation package to the GPO that the software is associated with. By configuring the properties (advanced settings) of that package you are able to specify what existing packages the new one will be upgrading, and group policy will take care of surplanting the older versions you already have deployed with newer ones.
|
#
¿
Sep 12, 2008 14:27
|
|
|
|
| # ¿ Apr 25, 2024 19:12 |
|
|
BangersInMyKnickers posted:Attach that script on to your java deployment policy.
|
|
#
¿
Sep 12, 2008 19:24
|
|
|
Cidrick posted:If you open up gpedit.msc and enable/disable a policy, it takes effect immediately. However, if I manually add or edit the key in the registry, it doesn't.
|
|
#
¿
Nov 12, 2008 22:08
|
|
|
BangersInMyKnickers posted:Install the group policy client-side extensions on your XP machines and use a Vista/2008 machine to create a policy that modifies your power profile. Your XP workstations can apply that policy and you should be all set. But as far as I could tell, the preferences I set for power and local users and groups would never get applied. Everything else worked great, but those just never seemed to apply. I skimmed the event logs but nothing jumped out at me. Those were probably the two least important preferences I set, so I didn't spend much time looking into them, but I would like to know if I did something wrong.
|
|
#
¿
Feb 27, 2009 15:48
|
|
|
I'm sick of dealing with WebEx for remote support when most of our clients have their own Windows 2003 or 2008 domain controllers and we can create a group policy object to help us utilize the Remote Assistance feature that's built into Windows. So I'm currently trying to test this out. In doing so, I've discovered that our internal network is apparently all kinds of hosed up. DFS hadn't been replicating for a while because somebody decided to put several 900 MB zip files in the share, and now it looks like sysvol is also having problems. Here's the layout: dc01 and as01 are domain controllers in the main office in01 is a domain controller in the remote office (where I am) I created the policy on dc01, specifically for a PC here that I'm testing with. When I reboot or do a gpupdate /force on the PC, I get an error in event log saying it can't find the path for the GPO. I check, sure enough, it's not there. I check \\domain\sysvol\domain.local\policies from dc01, the GUID is present. So my policies aren't replicating, swell. I do some more digging, find that in01 is complaining that it's having problems replicating from as01. I verify the fqdn resolves, double-check that frs is running, that looks fine. From some searching I found the command ntfrsutl version as01.domain.local and that returns results (although apparently the major and minor version numbers are both 0 for NtFrsApi and NtFrs, which seems weird). So at this point I'm a little stumped. I know that as01 has been through some hell recently, having been upgraded to 2003 SP2 then downgraded again to SP1 because SP2 broke some important software, so that may be contributing a little bit to the problem. Or maybe it's something completely different. Anyway, I really don't know what to check next. I just want to prove that this GPO works so that we can start rolling it out to other servers and I can stop using WebEx. It'd probably be faster and easier to build a VM test network for this poo poo, but hey, troubleshooting NtFrs errors is good for me, right?
|
|
#
¿
Jun 19, 2009 14:31
|
|
|
talk show ghost posted:What's with all the double negatives in group policy settings? It always makes me pause and think "is this going to do what I think or exactly the opposite"
|
|
#
¿
Jun 19, 2009 15:45
|
|
|
Any idea if the servers would implode if I just, say, manually copied the policy folder I'm wanting to test with to the server that isn't getting it via replication?
|
|
#
¿
Jun 19, 2009 18:09
|
|
|
|
| # ¿ Apr 25, 2024 19:12 |
|
|
BangersInMyKnickers posted:No, this will run with the user's credentials and they do not have the ability to modify that directory. You need to do it as a computer assigned policy so it will run with system credentials. subinacl is so loving useful it baffles me that it isn't included in all server installs by default
|
|
#
¿
Jul 6, 2010 16:10
|
|