|
Arrrgggghhh. I have a Windows 2008 r2 domain with Windows 7 x64 Enterprise clients. We are getting 100 laptops and I would like to make a scheduled task to wake them, gpupdate them and reboot them at night. I've got the wake task working after I adjusted the default power settings by Control Panel --> Power Options --> Balanced (Change plan settings) --> Change advanced power settings --> Sleep --> Allow Wake Timers --> Plugged in: Enabled So once that is enabled, the task works great. I need to be able to set this setting on all the laptops. I just knew that GPO preference was going to do this for me, but the Allow Wake Timers is not a option in preferences. I have Googled quite a bit trying to find any sort of registry or command line util that can set this option. Powercfg.exe seemed to get so close, but alas did not do what I needed. I ran Regshot and compared the registry before and after that setting, but that did not get me anywhere. Does anyone have any suggestions? *edit* Well of course right after I post this, I continued to Google and found this: powercfg -setacvalueindex SCHEME_CURRENT SUB_SLEEP bd3b718a-0680-4d9d-8ab2-e1d2b4ac806d 1 powercfg -setdcvalueindex SCHEME_CURRENT SUB_SLEEP bd3b718a-0680-4d9d-8ab2-e1d2b4ac806d 1 powercfg -setactive SCHEME_CURRENT This appears to work, but does anyone have a more elegant solution? murk fucked around with this message at 23:53 on Feb 26, 2013 |
#
?
Feb 26, 2013 23:45
|
|
|
|
| # ? Jun 10, 2024 11:31 |
|
|
Can someone walk me through the easiest way to have everyone on the server have the same screen server? Server is 2012.
|
|
#
?
Mar 2, 2013 15:19
|
|
|
scanlonman posted:Can someone walk me through the easiest way to have everyone on the server have the same screen server? Server is 2012. Set the "Force specific screen saver" group policy, either in a local policy, or in a server assigned loopback policy.
|
|
#
?
Mar 2, 2013 16:55
|
|
|
peak debt posted:Set the "Force specific screen saver" group policy, either in a local policy, or in a server assigned loopback policy. What's the difference between local policy or a loopback?
|
|
#
?
Mar 2, 2013 17:05
|
|
|
Local policy is a policy of the machine itself. I don't know about this policy, but it must be something that overrides whater setting the user has, as that's usually howt machine policies effecting user properties operate. Loopback is a user policy that's applied to a machine and Loopback processing is enabled so it only gets applied to users that login to that machine.
|
|
#
?
Mar 2, 2013 17:38
|
|
|
How are printer and printer driver issues troubleshot when they're deployed via GPO? We were dealing earlier today with a workstation that had a corrupted printer driver on it. Previously, when printers were deployed via script, we'd just uninstall any printers that used the driver, then remove the driver itself, then re-install all of them. Unfortunately, it doesn't seem possible to uninstall printers that are assigned via Group Policy: we get "Access Denied", even when logged in as Admins. I can't uninstall that driver so long as any printers are trying to use it. Short of removing all of the printers from the GPO -- and thereby remove the printers from dozens of machines -- there's no way I can find to remove the defective driver. What is The Way to troubleshoot printer/print driver issues like this?
|
|
#
?
Mar 5, 2013 00:32
|
|
|
Sounder posted:How are printer and printer driver issues troubleshot when they're deployed via GPO? Hahahaha here's how I deal with a pesky print driver quote:It's happened for the fourth time so I'll explain how to fix it. The FISHMANPET fucked around with this message at 01:42 on Mar 5, 2013 |
|
#
?
Mar 5, 2013 01:19
|
|
|
FISHMANPET posted:Hahahaha here's how I deal with a pesky print driver See, that's just it, I'm stuck at step 1. I have no clean way of uninstalling these printers: I get "access denied" no matter what account I use. Are you deploying your printers using the Printer Deployment option, or Group Policy Preferences?
|
|
#
?
Mar 5, 2013 17:56
|
|
|
Sounder posted:See, that's just it, I'm stuck at step 1. I have no clean way of uninstalling these printers: I get "access denied" no matter what account I use. These are deployed as a GPO prefernece on Win 7 x64, don't know nothing about no Printer Deployment option 
|
|
#
?
Mar 5, 2013 19:01
|
|
|
FISHMANPET posted:These are deployed as a GPO prefernece on Win 7 x64, don't know nothing about no Printer Deployment option Well, dammit. In GPP under Computer Configuration there's no option for connecting to shared printers. That's only an option for GPP under User Configuration. I was hoping to define printers per computer rather than user. Oh well. Answered my own question. Item-Level Targeting looks like just the thing I need. capitalcomma fucked around with this message at 21:00 on Mar 5, 2013 |
|
#
?
Mar 5, 2013 20:28
|
|
|
Sounder posted:Well, dammit. The Moskowitz book includes the solution I ended up with, which is to tag the computers with environment variables, then have user policy apply printers with item-level targeting based on the environment variable. In my case I had separate variables for printers that should be mapped, as well a single extra variable to determine which one should be the default.
|
|
#
?
Mar 5, 2013 21:41
|
|
|
Sounder posted:How are printer and printer driver issues troubleshot when they're deployed via GPO? Log in with an account that doesn't have the group policy applied. Then you won't have the printers connected and you can delete the drivers at your leisure.
|
|
#
?
Mar 5, 2013 23:42
|
|
|
peak debt posted:Log in with an account that doesn't have the group policy applied. Then you won't have the printers connected and you can delete the drivers at your leisure. I applied these policies using Computer Configuration, to computer accounts, so any user logging in to them will get them. Tee hee. I'm pushing these via User Configuration now, things are already running more smoothly. On a related question, should I expect an unacceptable level of AD lookups if I do item-level targeting in a big printer GPO, that will affect a couple dozen printers and be applied to 200+ users? Would this hotfix mitigate/prevent this? I was hoping to avoid making multiple GPO's with WMI or security filtering, and just put one big printer object in the Users OU, but if it'll bring the Domain Controllers to their knees then I'll split up the load. capitalcomma fucked around with this message at 21:58 on Mar 8, 2013 |
|
#
?
Mar 8, 2013 00:31
|
|
|
So, uh, scratch my last question. Somebody made some very bad changes to a GPO today: they removed a bunch of Assigned Applications from the main workstation GPO. Is there a way to revert changes to GPO's?
|
|
#
?
Mar 14, 2013 04:38
|
|
|
Sounder posted:So, uh, scratch my last question. Somebody made some very bad changes to a GPO today: they removed a bunch of Assigned Applications from the main workstation GPO. I would imagine if you are asking this question that your company isn't backing up gpo or doing system state backups. My condolences.
|
|
#
?
Mar 14, 2013 14:07
|
|
|
I don't know of any way to get back from where you are, but Advanced Group Policy Management for Software Assurance/Enterprise customers might apply for the future. I want to know is there a way other than scripts for apply drive maps in computer configuration? I know I could use preferences with loopback processing but I'm trying to move as many GPOs to computer configuration so login times will speed up.
|
|
#
?
Mar 14, 2013 16:11
|
|
|
Drive mappings are per user so I don't really think you can do that at the computer level. Even if you do loopback it still loopbacks to being part of the user environment.
|
|
#
?
Mar 14, 2013 22:15
|
|
|
alanthecat posted:I don't know of any way to get back from where you are, but Advanced Group Policy Management for Software Assurance/Enterprise customers might apply for the future. Thanks, I will definitely research that. And I wouldn't look at moving mappings if you're trying to shave time off of the logon process. Look in to shrinking roaming profile size as much as possible: Folder Redirection, blocking certain non-essential folders from roaming (so they'll behave as if they were a local-only profile folder), stuff like that. EDIT: forgot what thread I was in. Here's the policy that will block replication of roaming profile folders: User Config -> Policies -> Admin Templates -> System -> User Profiles -> "Exclude Directories in roaming profile" We applied this to a bunch of folders full of logs from lovely apps that were writing their logs to Appdata\Roaming for some reason (gently caress you, Shoreware). capitalcomma fucked around with this message at 04:23 on Mar 15, 2013 |
|
#
?
Mar 14, 2013 22:43
|
|
|
Is there any reason you're using drive mappings as opposed to pushing shortcuts, using DFS etc? I can't imagine that it's slowing your logins down much anyway, I just thought that drive maps weren't much of a thing any more. Unless you have a lot of users who can handle "save that to the L drive" and not much else.
Thanks Ants fucked around with this message at 00:37 on Mar 15, 2013 |
|
#
?
Mar 15, 2013 00:35
|
|
|
Caged posted:Is there any reason you're using drive mappings as opposed to pushing shortcuts, using DFS etc? I can't imagine that it's slowing your logins down much anyway, I just thought that drive maps weren't much of a thing any more. Unless you have a lot of users who can handle "save that to the L drive" and not much else. I have not gotten around to DFS yet but can you explain this a little more? No drive mapping?
|
|
#
?
Mar 16, 2013 02:45
|
|
|
Yes, I would also like to know more about this brave new world without drive mappings.
|
|
#
?
Mar 16, 2013 03:58
|
|
|
Well obviously it depends on your users and what software you have in use and whether it handles UNC paths, but our guys are pretty happy to access files using \\filestore\sharename. If you have people who have known nothing other than saving to a drive then yeah you're going to want to keep them around, but in my experience it can cause more problems that it solves, especially if you have each department share mapping to a drive (so Z:\ is always the root of your depts share for example) and people send links / shortcuts around expecting everyone to be starting at the same point.
|
|
#
?
Mar 16, 2013 20:20
|
|
|
Caged posted:Well obviously it depends on your users and what software you have in use and whether it handles UNC paths, but our guys are pretty happy to access files using \\filestore\sharename. If you have people who have known nothing other than saving to a drive then yeah you're going to want to keep them around, but in my experience it can cause more problems that it solves, especially if you have each department share mapping to a drive (so Z:\ is always the root of your depts share for example) and people send links / shortcuts around expecting everyone to be starting at the same point. Yea, I'm afraid your reality and mine aren't lining up right now. Thankfully, we're not big enough that having to reuse drive letters is a problem, and we just have the sensitive stuff locked down by groups and permissions. If we took away drive mappings tomorrow, I'd be out on my rear end by lunchtime. It doesn't really help that we've had mapped drives for the past decade, and that's all upper management will understand.
|
|
#
?
Mar 16, 2013 20:26
|
|
|
Never mind. Swink fucked around with this message at 07:26 on Mar 19, 2013 |
|
#
?
Mar 19, 2013 07:17
|
|
|
FISHMANPET posted:Yes, I would also like to know more about this brave new world without drive mappings. In a windows 7 environment, you can bypass drive mappings by publishing shortcuts to network shares to the desktop and/or pushing these shortcuts to the windows explorer favorites. A large majority of your users will access these shares by opening windows explorer in one fashion or another and simply looking to the left for the location they need. The "hump" to get over is that users are already use to referencing these network shares as "L drive" or whatever when they communicate with each other. This can be accommodated by simply naming the shortcut appropriately. The icon will be different however and I can't find a reliable way to make these shortcuts have the drive icon instead of the folder in these situations. I have only tested this because legacy start-up scripts loving blow. They are slow, buggy, and I am getting the feeling the Microsoft has done something to make them worse over time. Computers booting up in a domain environment will start-up a lot faster by publishing shortcuts instead of using drive mappings when they are essentially the same loving thing and I don't understand it. There is one final upside of course besides speed too. Getting users use to making shortcuts to things instead of drive mappings has lots of great potential. Those shortcuts simply won't vanish like drive mappings and can actually be transferred a lot easier as well. So any rear end in a top hat that in the past lost that unique drive mapping that nobody else has won't flip his poo poo when it vanishes one day. Sickening fucked around with this message at 13:50 on Mar 19, 2013 |
|
#
?
Mar 19, 2013 13:45
|
|
|
While you can push favorites out, you can handle mapping network drives via GPO, too. No start-up script required. That's what we've done, and startup time has improved perceptibly. Not to mention it doesn't require a 15kb startup script that's an absolute bear to manage. Speaking of computer GPOs with extensive Item-Level Targetting, I remembered this blog post from a couple of months back: http://sdmsoftware.com/group-policy-preferences/expensive-group-policy-preferences-item-level-targeting/ Specifically, it talks about "expensive" ILT options, one that take exceptionally long to process. It's a company trying to sell you GPO management software, but it's still some handy info.
|
|
#
?
Mar 19, 2013 22:35
|
|
|
Wizard of the Deep posted:While you can push favorites out, you can handle mapping network drives via GPO, too. No start-up script required. That's what we've done, and startup time has improved perceptibly. Not to mention it doesn't require a 15kb startup script that's an absolute bear to manage. That's a good link. I'd love to see more info related to the logistics of Group Policy Preferences in the OP. Stuff like that link and maybe these gpp related hotfixes that fix problems and optimize performance.
|
|
#
?
Mar 20, 2013 18:30
|
|
|
Sounder posted:That's a good link. I'd love to see more info related to the logistics of Group Policy Preferences in the OP. Stuff like that link and maybe these gpp related hotfixes that fix problems and optimize performance. Wouldn't these hotfixes show up in windows updates?
|
|
#
?
Mar 20, 2013 18:54
|
|
|
madmaan posted:Wouldn't these hotfixes show up in windows updates? A lot of these hotfixes are in Microsoft's LDR code branch, meaning "not fit for widespread release". They recommend you only install them if you experience the problem described in the Symptoms section of the hotfix page. As such, they're not yet rolled in to the Windows Update catalog by default. There are a shitload of hotfixes like that: see KB2775511 for a rollup that recently got released, containing 90 such hotfixes. capitalcomma fucked around with this message at 22:38 on Mar 20, 2013 |
|
#
?
Mar 20, 2013 19:47
|
|
|
Sounder posted:A lot of these hotfixes are in Microsoft's LDR code branch, meaning "not fit for widespread release". They recommend you only install them if you experience the problem described in the Symptoms section of the hotfix page. As such, they're not yet rolled in to the Windows Update catalog by default. There are a shitload of hotfixes like that: see KB2775511 for a rollup that recently got released, containing 90 such hotfixes. How could I not know this after all this time? Jesus.
|
|
#
?
Mar 20, 2013 20:24
|
|
|
madmaan posted:How could I not know this after all this time? Jesus. Meh. While some of these hotfixes are nice, they're not mandatory for keeping your AD or Group Policy infrastructure up and running. In other news, that GPO I posted about a couple weeks ago? I managed to restore it, but afterward all of the workstations decided that the Assigned Applications in the GPO needed to be re-applied. Is this the expected behavior after a restore?
|
|
#
?
Mar 21, 2013 22:50
|
|
|
Sounder posted:...afterward all of the workstations decided that the Assigned Applications in the GPO needed to be re-applied. And shouldn't MSIs just not reinstall if there's no need for a repair? I think I changed some to DFS recently and they reinstalled, though I'm not 100% sure on that. I've a GPO applying a scheduled task to desktops asking them to wake for a "gpupdate /force" and a "shutdown /r" outside opening hours for software installs. I've seen it work before but it's definitely not worked properly recently. Probably an ACPI setting where some users shut down and others sleep.
|
|
#
?
Mar 22, 2013 00:01
|
|
|
Sounder posted:See, that's just it, I'm stuck at step 1. I have no clean way of uninstalling these printers: I get "access denied" no matter what account I use.
|
|
#
?
Mar 27, 2013 04:49
|
|
|
Italy's Chicken posted:There's a much easier way of removing bad drivers then the timing trick FISHMANPET talks about. Go to "Devices and Printers" and click on anything to highlight it... a printer, even fax or xps writer works. Your buttons in the Device and Printers window will change to reveal one called "Print server properties." This annoyingly hidden window is actually referring to the local machine, not a print server. Click on the tab "Drivers" to reveal every printer driver that's ever been installed on the local machine. The rest is easy to understand (click remove), except that when the actual deletion is done, you might get a message "access is denied" if the files are in use. The driver package is still gone, just reboot and the files will truly be gone from your machine. I have no idea how to automate any of that. That seems like something Powershell may be able to do, but I'm not sure enough to say anything more than "look to see if Powershell can do that". Granted, you'd have to run it as a startup script, but I think you could do some item-level targeting to make sure it only happens once/as appropriate.
|
|
#
?
Mar 27, 2013 17:20
|
|
|
Windows 7 network discovery, why are you such a giant piece of poo poo to enable in a windows firewall enabled evironment. Have any of you gone through the pain of enabling this before? I just fixed it, but you shouldn't have to do so much for one feature.
|
|
#
?
Apr 15, 2013 22:51
|
|
|
Is there no group policy setting to reboot machines after they've installed updates? It's kind of annoying to have to manually bounce servers even if they automatically install updates. Everything's virtualized, so it's easy enough to schedule a powershell script to reboot them all weekly, but a) there's no reason to reboot if there weren't updates and b) what if an update takes a really long time and the script reboots the machine in the middle of the update?
|
|
#
?
Apr 17, 2013 15:53
|
|
|
Erwin posted:Is there no group policy setting to reboot machines after they've installed updates? It's kind of annoying to have to manually bounce servers even if they automatically install updates. Everything's virtualized, so it's easy enough to schedule a powershell script to reboot them all weekly, but a) there's no reason to reboot if there weren't updates and b) what if an update takes a really long time and the script reboots the machine in the middle of the update? What kind of environment are you in where server rebooting on their own is no big deal? What you are wanting would be a total nightmare for most and is probably not close to the norm. I mean you can specify when updates are installed and you could do this during non-production hours for sure, but man, seems like something that would be a nailbiter. Sickening fucked around with this message at 16:03 on Apr 17, 2013 |
|
#
?
Apr 17, 2013 16:00
|
|
|
Pretty sure your script could check for pending reboots instead: http://gallery.technet.microsoft.com/scriptcenter/Get-PendingReboot-Query-bdb79542
|
|
#
?
Apr 17, 2013 16:01
|
|
|
madmaan posted:What kind of environment are you in where server rebooting on their own is no big deal? What you are wanting would be a total nightmare for most and is probably not close to the norm. It wouldn't be every server, only test environments, etc. What's the difference between me doing it manually during the evening, or them rebooting themselves after installing updates at 2am on a Sunday?
|
|
#
?
Apr 17, 2013 16:03
|
|
|
|
| # ? Jun 10, 2024 11:31 |
|
|
Erwin posted:It wouldn't be every server, only test environments, etc. What's the difference between me doing it manually during the evening, or them rebooting themselves after installing updates at 2am on a Sunday?
|
|
#
?
Apr 17, 2013 16:08
|
|