Active Directory – Apply a GPO rule centrally to local administrators

Excuse me, if anyone has asked before – tried to search, maybe I missed it.

Anyway, I have to

1a) Set a domain-wide policy to deny access to this computer from the network
1b) Include the local "administrator" of each computer in this policy

I am amazed that only domain users are displayed on the domain controller >> Group Policy Management while the policies are changed in the "Select Users and Computers" phase. Also a scope change is not possible – only the local domain controller, the entire domain or the forest can be searched

I did some research on limited users. I'm sure I can use this tool to override user group memberships. However, I can not automate adding / centrally managing the local administrator of each PC to the Deny Login policy.

I would appreciate any ideas or alternative suggestions on this topic. This may need to be explained to the management, or even care must be taken to make this the default for new computers

Windows – Install a .reg file from a GPO

I downloaded a .reg file with some registry keys that I want to use on a Windows computer.
Since the same key must be used, I want to do this directly with GPO policies.

I've found several tutorials, but no one specifically states a way to directly transfer the contents of a .reg file.

Could you please explain a clean way for me how to do that?

Windows Server 2012 R2 – Shared printer can not be deployed through GPO

I have a domain controller on which I configured Print Management. I added two printers:

  • 192.168.0.98 => Students Printer => Share: // dc01 / printer_students
  • 192.168.0.99 => Teacher Printer => Share: // dc01 / printer_docenten

There are two local domain groups for both printers, each with access to each printer.


I configured a GPO as follows, but the printer is not visible when printing a document?

To run gpresult / r The client will show that the GPO is being applied.

I tried to create it instead of update, but to no avail.

Server: 2012 R2
Customers: Windows 10

Is something missing here?


Enter the image description here

Windows Server 2008 R2 – GPO object is missing in SYSVOL

In an Active Directory site, I created an OU on the additional domain controller and linked a GPO to configure WSUS client computers.
GPO is not applied to the computer setting when GP is updated on the client.
I was able to see the new OU in the Group Policy Management Console, but the unique ID for the WSUS GPO is missing in the SYSVOL / domain directory on the additional domain controller

How long should we wait for replication, and how can I verify from my site if there are replication errors, cancel this policy?

Windows 10 allows firewall logging via gpo

I'm working on enabling the domain profile for Windows 10 through gpo. We have a relatively large environment and this has not been enabled for the domain profile in the past. The current plan is to enable the firewall with policy and create an Any / Any rule for inbound connections. You can then use the Event Log / Firewall protocol to support the creation of exception rules, and then enable the Block inbound connections option.

The problem I currently have is that I do not get the expected behavior regarding the Windows System32 Logfiles Firewall protocol when configuring the Windows Settings policy in a GPO. The firewall folder and pfirewall.log (default settings of MS) ​​are not created. When I configure the same settings on the local computer, the files are created. I've verified that the firewall service account has the correct permissions.

In Win7 and Win10, the policy sets the registry settings under HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft WindowsFirewall DomainProfile Logging when the policy is set.

However, in win7, the keys under HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services SharedAccess Parameters FirewallPolicy DomainProfile Logging will match these configurations. In Win10 they do not do that. My guess is that MS has updated the policy registry key for win10, but not the admx for it. Is it possible to see which key under Software Guidelines the firewall service is searching for under Windows 10 somehow?

File Systems – ** GPO – Block the creation of folders and files in the root directory in Windows 10

I would like to use a GPO setting to block users to create folders and files in the root directory in Windows 10.
When searching the Internet, I found the setting

Computer Configuration -> Policies -> Windows Settings -> Security
Settings-> File system

where I created an entry for% SystemDrive% where authenticated users have "Deny"to"Create files / write data" and "Create folder / attach data", applied "Only this folder".

After saving and linking the GPO, I rebooted the workstation to get the new policies, but the settings did not block anything.

Any idea, what could be wrong? Any other suggestion to achieve the same result?

Many thanks.