Group Policy for Proxy Settings is not applied on some machines

I have configured a GPO which is publishing the Proxy settings and the Exceptions through a PAC file.

I received many complaints that internet is not working on some machines. First thing i logged in to one of these machines which has a problem and checked the Registry:

Hkey_Current_User\Software\Microsoft\Windows\Current Version\Internet Settings

Check the following Values:

AutoConfigURL    you should see The URL of the PAC file for example: ( http://10.1.1.15/proxy.pac)

Proxy Enable  0   it should be 1

That’s mean that the proxy GPO is not applied on this machine, but if you see the correct values are there then the policy is applied and you have to go through different solution from what I’m writing here for Example try to Delete the Connections Folder under Internet Settings on registry, then open the Internet Explorer the folder should come again and this might solve the problem.

Anyway lets go back to our problem which is the policy is not received at all, so after check i found that its because of the version of the IE which is 11 , but IE Maintenance is deprecated for IE10 / 11 and the policies won’t apply for these versions.

 

Read the rest of this entry »

Advertisements

check what are the GPO’s that applied to a specific machine and Export them on html file

On the machine where you want to check what are the group polices that are applied , run the following command :

c:\ gpresult /h gpresult.html

then go to the c drive and find the html file which has all GPOs’ that are applied to that machine

APIPA comes to static IP Virtual Machine after Rebooting

I was installing security updates which require rebooting the server, after the reboot i wasn’t able to connect to the server remotely, after connecting through the Hyper-V console i found that the machine got APIPA address in spite of having a static IP address.

After searching over the internet i found the solution, i will mention it here and share the source as well.

from the command prompt write:

  • netsh interface ipv4 show inter

Result will be:

1 50 4294967295 connected Loopback Pseudo-Interface 1
11 10 1500 connected Local Area Connection

 

11 keep this number in your mind.

Then run the following command:

  • netsh interface ipv4 set interface 11 dadtransmits=0 store=persistent
  • Then go to services:

Disable  DHCP Client service.

  • Restart the Machine.

Resources:

http://lyngtinh.blogspot.com/2011/12/how-to-disable-autoconfiguration-ipv4.html

Create a file with a specific size

when i was testing the maximum message size should be allowed on Exchange Server , i needed to attach files with specific size, so instead of searching your files for the required size i found this kind command to generate the files with the required size:

you have to use FSUTIL command in the following format:

FSUTIL file createnew < path and name of the file > < size in bytes >

for Example;

To create a file with 20 MB size:

fsutil file createnew d:\TestFile.txt 20000000

 

Resources:

http://windowsitpro.com/systems-management/how-can-i-create-file-certain-size-windows-xp-and-later

Find The Distinguished Name for the Active Directory user

some times you need to use the distinguished name for users in AD , this name doesn’t come in Active Directory Users and Computers, so to find such name there are multiple ways you can find them on the link which I’m sharing, but the one i will mention here is by using DSQUERY command:

Dsquery user forestroot –samid “XYZ”

Resources:

http://wiki.zimbra.com/wiki/LDAP_Active_Directory

Give non Administrator user an Access to read the Event logs in Active Directory

I had a Firewall Appliance which requires to read AD logs by using a normal AD user, to fulfill this requirement i found a very good article i want to summarize it and share it with you:

  • First thing we want to Modify the Local Security Policy on the Domain Controller, but this step cant be done if you go directly to the Local Security Policy from the Administrative Tools, to do this you have to go to the Group Policy Management :

Note: you have to use Administrative Privilege ( Domain Admin or Local Administrator on the Server) 

image

go to Domain Controllers –> Default Domain Controller Policy

Right click —-> Edit

Under Computer Configuration—> Windows Settings —> Security Settings —-> Local Policy —> User Rights Assignment

Select and double click on Manage auditing and Security Log

 

image

image

Select Add User or Group —> Browse to add the user —> then OK —> OK

  • The Second Step is to open WMI Manager:

  Go to RUN on start Menu —> Type “wmimgmt.msc

Right click on WMI control —-> select Properties —> security Tap —-> Expand ROOT —->Select Security Folder —> then Security on the bottom of the Box

 

image

Press Add to add the user —-> on the permission check the allow box for Execute Methods —> then OK

image

 

Now this user has the access to read the security AD event log only.

If you have more than one Domain Controller, you have to do the same settings on all of them.

you can test this by login using the same user name, open the server manager —> connect to different computer ( the DC ) —> open the event logs , you will see you have only access to the security logs.

                          Resources:

                        http://www.manageengine.com/products/active-directory-audit/help/admin/domain-settings/authentication-for-collecting-audit-data.html#wmi

                        Search Domain for list of users inside a CSV file to Move them to a specific OU

                        The requirement was to collect list of users distributed over the domain to a specific OU, so we have to take the source of the data from a CSV file then search the domain for the content of this file to move the results to a specific OU.

                        Open  windows Power Shell:

                        Import-module activedirectory
                        $users= import-csv c:\SBCU.csv foreach ($user in $users) { Get-Aduser -filter "Samaccountname -eq ‘$($user.name)’" | Move-ADObject -TargetPath "ou=HRusers ,dc=Contoso,dc=Com" }