|
IT Guy posted:Can I create a single GPO that looks at the M:\ Drive for the file? When I goto set it up, it wants me to choose the file which I'm scared that the second branch will download and install from branch 1's server. I remember dealing with something similar to this--I'm sure there is a better way, but I worked around it and cheated by calling a .bat file that points to the mapped drive/executable due to lack of time to get it solved. I don't know if that would work for your specific situation, though.
|
#
¿
Apr 16, 2010 02:00
|
|
|
|
| # ¿ Apr 16, 2024 06:21 |
|
|
quackquackquack posted:For those of you in environments where it should not be run (in my case, lab computers using an autolog account), how are you blocking things like DropBox? Group Policy Software Restriction? Firewall? We rolled out (are still rolling out, rather) full whitelisting via AV product (Sophos), so nothing runs anymore (in theory) unless it's preapproved. Before that, I'd set SRP to only allow execution from Program Files/Windows, disallowed running any executables/links from user folders.
|
|
#
¿
Jun 28, 2011 05:14
|
|
|
Sounder posted:Apologies if this has already been covered, but is there a way to prevent users from writing to the C drive except for places I want them to write to (My Docs, Desktop)? It looks like, by default, even unprivileged users can create folders in C:\, and that just won't fly in a company where everything MUST be backed up regularly from our file servers. I've yet to do this with complete success due to many users having local admin, but for a starting point, we do the following: 1. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory - set this to what you want the user's default directory to be 2. Admin Templates-> Windows Components -> Hide C drive from explorer (you can restrict access to it as well, but Office will complain.) This took care of a majority of our issues with this. It doesn't take care of someone going into Docs and Settings/Users and saving in there. mute fucked around with this message at 07:26 on Nov 6, 2011 |
|
#
¿
Nov 6, 2011 07:20
|
|
|
Drumstick posted:Im trying to deploy a shortcut through GPO. Im under Computer> Preferences > Shourtcuts Do the machine accounts have access to the path/directory as well?
|
|
#
¿
Jan 12, 2012 19:03
|
|
|
psexec -s -i cmd.exe This will open a command window as the SYSTEM account of your local test machine. Then try to access/copy as below: copy \\your\share\file C:\Some\Directory\path\
|
|
#
¿
Jan 12, 2012 22:21
|
|
|
IT Guy posted:I could condense the GPOs but I find it more organized to keep certain things separate. Condensing causes issues when one system needs one thing but not another. I re-did all the policies here and they ballooned from 20 to something close to 180 right now. But now everything is logical and predictable (at least as far as that goes) and I don't have to wonder where something is being set. And I know without having to look it up exactly what's being applied when I use GPRESULT. And definitely, as others have said, naming is key for your sanity.
|
|
#
¿
Mar 14, 2012 05:38
|
|
|
|
| # ¿ Apr 16, 2024 06:21 |
|
|
Honey Im Homme posted:Anyone know if using %logonserver% in folder redirection is going to break anything? Think I can clear up a few gpos across a couple of our sites with this. I think you can probably do this, with caveats (users must only authenticate to one DC, or you must have DFS sync on all the DCs, which sort of eliminates the gains from multiple sites) Non-answer: Unless you're hurting for $$$ for a Windows license, I'd at the very least virtualize onto ESXi free and have 1 DC and 1 FS per site. Separation is good.
|
|
#
¿
Mar 15, 2012 03:55
|
|