Questions tagged [group-policy]

Group Policy is a built-in feature of the Microsoft Windows operating systems. Group Policy allows administrators to automatically configure myriad options within the OS. These policies can be configured, and applied, either locally to the computer via Local Group Policy or remotely within an Active Directory environment.

Microsoft has added Group Policy Preferences Client Side Extensions, formerly a third-party tool called PolicyMaker, to its in-support Windows OSes. The CSEs greatly extend the number features which can be configured via Group Policy.

See the following links for more details.

http://gpsearch.azurewebsites.net - Searchable list of configurable group policies http://blogs.technet.com/grouppolicy - Microsoft’s official Group Policy blog http://blogs.technet.com/askds - Ask Directory Services is the official blog from Microsoft engineers supporting group policy and other related AD technologies

3186 questions

votes

1 answer

How can I restrict the java plugin to run only on certain sites in Internet Explorer?

I want to secure our centrally managed computers better and it is very difficult to automatically deploy the java runtime, but how to do that is another question. I find the security of Java catastrophic, even if it is fully patched: It looks like…

asked Feb 15 '12 at 09:32

Christian

1,052
5
16
24

votes

2 answers

How can I stop .exe's being ran from removeable media, such as USB drives?

I have an issue with users running .exe's from removable storage such as Memory Sticks and SD cards. I am trying to set up blocking of exe's being ran from all removable storage to combat this, however under the Group Policy settings under "User…

windows-server-2008 group-policy

asked Jan 19 '12 at 15:33

tombull89

2,964
8
41
52

votes

2 answers

Can I deny "Internet Explorer" via GPO and use Google Chrome as a default and the only Browser?

Can I deny "Internet Explorer" via GPO and use Google Chrome as a default and the only Browser? I wonder as Internet Explorer is a part of an Windows operating system, if it's possible to deny it. I would like to force users to use Google Chrome…

windows group-policy internet-explorer defaults

asked Dec 15 '11 at 23:48

bakytn

1,217
5
16
28

votes

7 answers

How do you manage computers without Active Directory?

I need to setup between 5 - 10 computers to start with for a charity organization which can't offord to be running a dedicated server that maintains group policies for a growing number of staff. Is there a way I can manage policies of each computer…

group-policy

asked May 31 '11 at 20:33

PeanutsMonkey

1,892
9
27
28

votes

2 answers

Group policy preferences that only target 32bit or 64bit os

I am currently deploying some files through GPP to a folder under program files. I now have to differ between a 64bits and 32bits os. What is the easy way to filter out what computer to target with the targeting editor? Wmi: SELECT * FROM…

group-policy

asked Jun 03 '09 at 12:37

Bård

votes

2 answers

How do I deploy an internal certificate authority?

IE7 aggressively warns about certificate failure; we have some internal sites that run over HTTPS and thus need a valid cert. We appear to have an certificate authority on the intranet that can sign SSL certs, but we have a problem: how do we mass…

windows security group-policy certificate

asked May 26 '09 at 18:43

jldugger

14,342
20
77
129

votes

1 answer

Shutdown script doesn't run if workstation is not connected to the network

I have a requirement to run a batch script every time a system is shut down, no matter if the computer is connected to the network or not. (It shouldn't matter for the question, but the script in question clears the print queue of the…

windows active-directory group-policy batch

asked Apr 23 '19 at 14:47

Per von Zweigbergk

2,625
2
19
28

votes

1 answer

Windows - turn off high contrast mode via GPO or script?

I have a situation with a sizable deployment of Windows 10 computers and users who are turning on some truly horrific high-contrast themes, and then consuming IT resources because they can't change it back. I'm aware that there's a keyboard shortcut…

windows group-policy scripting windows-10

asked Oct 21 '17 at 01:31

HopelessN00b

53,795
33
135
209

votes

1 answer

Block user from connecting MiFi units to computers

The scenario: a user connects a MiFi device to a computer on the Windows Domain network to charge it. This MiFi acted as a network interface and the computer's network traffic started going out through the MiFi. This is obviously not wanted as this…

windows group-policy

asked Dec 08 '16 at 02:00

ETL

6,513
1
28
48

votes

2 answers

Using Azure AD to push Group Policy settings

I am trying to use Azure Active Directory instead of using a traditional domain controller. I would like to use Azure AD to authenticate users and to push GPO settings, such as folder redirection, drive mappings and Windows 10 privacy settings. I…

windows active-directory group-policy azure azure-active-directory

asked Jul 17 '16 at 17:53

user3580480

votes

2 answers

Need explanation of why a particular GPO is applied to all domain computers

I'm a little stumped on this one so I'm hoping someone can enlighten me, since I consider myself a pretty knowledgeable GPO person. I have a login banner GPO that changes the Interactive Logon: settings within Computer Configuration - Policies -…

group-policy

asked Jul 24 '15 at 21:05

TheCleaner

32,627
26
132
191

votes

1 answer

What does SBS 2011 do "under the hood" when you give a user admin access?

I have been using Windows Server for many years now and when I have someone who needs local admin access over their machine, I apply it through group policy in a similar way to this answer. One of my clients has SBS 2011, and, one of the features…

active-directory group-policy windows-sbs-2011

asked Feb 01 '15 at 18:55

William Hilsum

3,536
6
29
39

votes

1 answer

Is using the AD home directory attribute to map the home drive really no longer a best practice?

I have read some articles that claim that using the Active Directory user home directory attribute to automatically map the home drive is a legacy method, deprecated, or not recommended. The second article I linked gives some good reasons why this…

active-directory group-policy windows user-management home-directory

asked Jan 31 '15 at 00:37

optic

votes

2 answers

How do I block inheritance/application of a single GPO?

Due to the workload generated by recent ransomware outbreaks (Cryptolocker/Cryptowall/etc.), I was recently tasked with implementing Software Restriction policies to block program execution from temporary directories. This is generally working well…

windows active-directory group-policy

asked Oct 20 '14 at 17:41

HopelessN00b

53,795
33
135
209

votes

1 answer

How do I set default internet zone level with Group policy?

I have been trying for a while to get this done with no success. It looks like my group policy settings are being applied when I run the group policy results wizard. Here is what I am doing to set the internet zone to medium. 1.Group policy…

windows-server-2008 windows-server-2003 group-policy internet-explorer

asked Oct 13 '14 at 16:30

donL

Prev 1 2 3

…

99 100 Next