+InsaneNutter MVC Posted January 16, 2014 MVC Share Posted January 16, 2014 I'm pretty new to Windows Server when it comes to Active Directory and Group Policies, I have recently set Windows Server 2012 R2 Essentials up at my place of work, now i'm trying to get in to some more advanced settings and set-up some group policy options.Server OS: Windows Server 2012 R2 EssentialsClient OS: All running Windows 8.1 ProI?m starting with something simple (so I thought) basically ensuring each computer has the same set of shortcuts on the start screen, as it's just a colourful mess every time a user logs on to a different PC. I have setup a start screen on a new user account and exported it to an XML file, as per the instructions here: http://technet.microsoft.com/en-us/library/dn467928.aspx#BKMK_DomainGPODeploymentThis has then been placed in a network share all domain users can access: \\SERVER\GroupPolicyI have then created a group policy to apply the start screen layout to all the client computers on the network :This however doesn't appear to work, when a user logs on to a client PC the start screen is full of all the random modern apps, and not the ones in my XML file. I've been reading Group Policy for Beginners on the Microsoft website, which is based on Windows Server 2008 R2 and Windows 7, however it appears to be a similar setup in 2012 R2 from what i can see. With that in mind i have run I have run gpupdate on both the server and the client pc i'm testing this on. I?ve never set a group policy up before (everyone has to start somewhere i guess! :)) i?m hoping someone can advise where I might be going wrong? Cheers. Link to comment Share on other sites More sharing options...
riahc3 Posted January 16, 2014 Share Posted January 16, 2014 Hello, Like yourself I have no clue and yup, everyone has to start somewhere. I have questions for you that maybe you have the answers to so I can learn as well. Is "SERVER" the same PC running Windows Server 2012 R2 Essentials? Why put the network path? Instead of \\SERVER\GroupPolicy\thefile.xml, put C:\GroupPolicy\thefile.xml ? Im reading that from the technet article you posted... Also, there are two registry values that seem to be needed to modified. Another thing that has occured to me (this has happened on more than one occasion). Even if you share a folder, remember to set the security settings for that folder as well. You can have Windows share with its permissions, but if NTFS locks you out, there is no way to access it. Link to comment Share on other sites More sharing options...
farmeunit Posted January 16, 2014 Share Posted January 16, 2014 I haven't tried the start screen layout options, but there are some things to take into account depending on which GP setting you are using. gpupdate /force - refreshes ALL GPO settings Also, some settings require rebooting a time or two sometimes. Hello, Like yourself I have no clue and yup, everyone has to start somewhere. I have questions for you that maybe you have the answers to so I can learn as well. Is "SERVER" the same PC running Windows Server 2012 R2 Essentials? Why put the network path? Instead of \\SERVER\GroupPolicy\thefile.xml, put C:\GroupPolicy\thefile.xml ? Im reading that from the technet article you posted... Also, there are two registry values that seem to be needed to modified. If he uses C:\GroupPolicy\thefile.xml, the other domain computers won't see that, unless you push that file to that location. The other computers would try looking on their C: drive. Link to comment Share on other sites More sharing options...
riahc3 Posted January 16, 2014 Share Posted January 16, 2014 Hello, gpupdate /force - refreshes ALL GPO settingsHe mentioned he did this: With that in mind i have run I have run gpupdate on both the server and the client pc i'm testing this on.Also consider yourself lucky that the server and client is on the same level; Imagine setting Start Menu AND Start Screen from WS12 R2 policies for Windows XP! Link to comment Share on other sites More sharing options...
DaveLegg Developer Posted January 16, 2014 Developer Share Posted January 16, 2014 Is the policy being enforced? (Right click the policy in the left hand pane, and select "Enforced". Then run the gpupdate /force on a client again, log off and back on, and hopefully you'll see the start screen you've applied. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted January 16, 2014 Veteran Share Posted January 16, 2014 Start off with making sure that the policy works with your computer as a local group policy. Once it does then you can think about the global group policy push. To see if your computer is recieving the policy you have tried to push run the followin command gpresult -r you have created a user configuration policy so you should see it in the user section. You can post the results if you wish. gpresult is a great tool in diagnosing group policy issues. another one is rsop.msc You don't need to have policies enforced for them to be pushed, you need to have them enforced if you want those rules to override others rules you have in place. When a Group Policy Object (GPO) is enforced it means the settings in the Group Policy Object on an Organization Unit (which is shown as a folder within the Active Directory Users and Computers MMC) cannot be overruled by a Group Policy Object (GPO) which is link enabled on an Organizational Unit below the Organizational Unit with the enforced Group Policy Object (GPO). In Active Directory Users and Computers MMC 'below' means it is a subfolder. Link to comment Share on other sites More sharing options...
riahc3 Posted January 16, 2014 Share Posted January 16, 2014 Hello, If he uses C:\GroupPolicy\thefile.xml, the other domain computers won't see that, unless you push that file to that location. The other computers would try looking on their C: drive.What you said makes perfect sense but: To enable the customized Start screen layout on the computer, enter the following settings, and then click OK: Select the Enabled option. Under Options, specify the path to the .xml file that contains the Start screen layout. For example, type C:\Users\Test01\StartScreenMarketing.xml. Optionally, enter a comment to identify the Start screen layout. I might have misinterpreted. Link to comment Share on other sites More sharing options...
c.grz Posted January 16, 2014 Share Posted January 16, 2014 Do you see anything in the event viewer that may tell you why it's not working? Another method is to have the group policy copy the file to the local workstation and use that path to specify the location of the xml file. Link to comment Share on other sites More sharing options...
+InsaneNutter MVC Posted January 16, 2014 Author MVC Share Posted January 16, 2014 Thank's for all the replies, i have been playing about trying the suggestions this evening with no luck unfortunately. Is the policy being enforced? (Right click the policy in the left hand pane, and select "Enforced". Then run the gpupdate /force on a client again, log off and back on, and hopefully you'll see the start screen you've applied. It wasn't enforced, however i have done as suggested with no luck Start off with making sure that the policy works with your computer as a local group policy. Once it does then you can think about the global group policy push. To see if your computer is recieving the policy you have tried to push run the followin command gpresult -r you have created a user configuration policy so you should see it in the user section. You can post the results if you wish. gpresult is a great tool in diagnosing group policy issues. another one is rsop.msc You don't need to have policies enforced for them to be pushed, you need to have them enforced if you want those rules to override others rules you have in place.When a Group Policy Object (GPO) is enforced it means the settings in the Group Policy Object on an Organization Unit (which is shown as a folder within the Active Directory Users and Computers MMC) cannot be overruled by a Group Policy Object (GPO) which is link enabled on an Organizational Unit below the Organizational Unit with the enforced Group Policy Object (GPO). In Active Directory Users and Computers MMC 'below' means it is a subfolder. Thanks for the info, that certainly is useful to know. The policy appears to applied when i log on as a standard domain user, i have also changed the policy to try load the XML file from C:\GroupPolicy\StartLayout.xml as a test, forced an update, even rebooted the client pc, however the same result. I will try setting it up as a local group policy when i'm at work tomorrow and see if it makes any difference. Do you see anything in the event viewer that may tell you why it's not working?Another method is to have the group policy copy the file to the local workstation and use that path to specify the location of the xml file. Nothing that stands out as causing a problem i would say.This is basically the contents of the XML file i'm trying to apply, it has the desktop tile and weather one just for a test. <launcher version="2"><view name="Start"><group><tile AppID="Microsoft.Windows.Desktop" size="square310x310" FencePost="0"/></group><group><tile AppID="Microsoft.BingWeather_8wekyb3d8bbwe!App" size="square310x310" FencePost="0"/></group></view></launcher> Link to comment Share on other sites More sharing options...
riahc3 Posted January 16, 2014 Share Posted January 16, 2014 Hello, If in the delegation tab, you add "Everyone", what happens? Link to comment Share on other sites More sharing options...
sc302 Veteran Posted January 17, 2014 Veteran Share Posted January 17, 2014 So what that tells me is that the xml config is garbage. Troubleshoot that first. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted January 17, 2014 Veteran Share Posted January 17, 2014 I think I found the problem http://technet.microsoft.com/en-us/library/dn467928.aspx Start screen control is supported in the Windows 8.1 Enterprise operating system, the Windows RT 81 operating system with sideloading enabled, and all editions of the Windows Server 2012 R2 operating system. Start screen control is not supported in the Windows 8.1 Pro operating system and the Windows 8.1 operating system. Link to comment Share on other sites More sharing options...
+InsaneNutter MVC Posted January 17, 2014 Author MVC Share Posted January 17, 2014 I think I found the problem http://technet.microsoft.com/en-us/library/dn467928.aspx Ah thank you, i guess that is why then. It's a bit poor the feature is not allowed in Pro editions of Windows. I just presumed from the Group Policy Editor, it would work on any edition of 8.1, something to be wary of in the future then i guess. Link to comment Share on other sites More sharing options...
riahc3 Posted January 17, 2014 Share Posted January 17, 2014 Hello, I think I found the problem http://technet.microsoft.com/en-us/library/dn467928.aspx But then it says: In Windows RT 8.1, you can use local policy settings, but only if you turn on the Group Policy Client service. For more information, see Local Group Policy support for Windows RT. If the service is not enabled, you must set the corresponding registry values directly. The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 8.1 and Windows Server 2012 R2 are installed. In Group Policy, ADMX files are used to define Registry-based policy settings in the Administrative Templates category. To find out how to create a central store for Administrative Templates files, see article 929841 in the Microsoft Knowledge Base. I doubt something like Start Screen layout is limited to Enterprise.... Just to confirm what sc302 says, make a VM with Enterprise. You can download a evaluation here: http://technet.microsoft.com/us-en/evalcenter/hh699156.aspx Did you ask on the Microsoft forums? Link to comment Share on other sites More sharing options...
+InsaneNutter MVC Posted January 17, 2014 Author MVC Share Posted January 17, 2014 Hello, But then it says: I doubt something like Start Screen layout is limited to Enterprise.... Just to confirm what sc302 says, make a VM with Enterprise. You can download a evaluation here: http://technet.microsoft.com/us-en/evalcenter/hh699156.aspx Did you ask on the Microsoft forums? I must admit i find it hard to believe it is limited to the enterprise, however even the Microsoft Forums basically state that too. It pretty poor now the start menu has gone you have no control over what is on the "new" start screen what so ever in the pro edition, i would imagine this is a pretty basic thing people want to do. I have tried editing the local policy on the machine it's self, which basically does the same as applying the group policy through the domain. It wont change the layout on the screen, however i can stop the current layout from been altered. So it sounds like its a case of going to every PC, setting up how the start screen should look manually, then basically locking it so users can not mess with it. I know i can do that, however it appears a pretty backwards way of doing it.... even with just the 15 client PC's we currently have. If i was to do that If someone was log on to someone else's computer the user would get a start menu filled with all the default modern apps, not the changes i made. Link to comment Share on other sites More sharing options...
riahc3 Posted January 17, 2014 Share Posted January 17, 2014 Hello, I must admit i find it hard to believe it is limited to the enterprise, however even the Microsoft Forums basically state that too. It pretty poor now the start menu has gone you have no control over what is on the "new" start screen what so ever in the pro edition, i would imagine this is a pretty basic thing people want to do. I have tried editing the local policy on the machine it's self, which basically does the same as applying the group policy through the domain. It wont change the layout on the screen, however i can stop the current layout from been altered. So it sounds like its a case of going to every PC, setting up how the start screen should look manually, then basically locking it so users can not mess with it. I know i can do that, however it appears a pretty backwards way of doing it.... even with just the 15 client PC's we currently have. Even if i was to do that If someone was log on to someone else's computer the user would get a start menu filled with all the default modern apps, not the changes i made. Im still boggled on why a domain capable client edition of Windows 8.1 does not get this enforced. I mean its nothing special or anything.... Id think there is some kind of workaround to able to do this....must be. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted January 17, 2014 Veteran Share Posted January 17, 2014 There is but I am having problems pasting it right now. Google spiceworks export startscreen import startscreen Then look for something that says configure default startscreen for non enterprise. Link to comment Share on other sites More sharing options...
riahc3 Posted January 17, 2014 Share Posted January 17, 2014 Hello, There is but I am having problems pasting it right now. Google spiceworks export startscreen import startscreen Then look for something that says configure default startscreen for non enterprise. http://community.spiceworks.com/how_to/show/63212-configure-default-start-screen-for-windows-8-1-non-enterprise Link to comment Share on other sites More sharing options...
Recommended Posts