I was following this and didn’t get what the issue was. This is because Im on Win 8.1 and have RSAT installed. This of course just worked off the bat.
Gavin Wilby IT Support Engineer From: [email protected] [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: 14 September 2015 22:35 To: [email protected] Subject: RE: [NTSysADM] RE: IE Enterprise mode Okay, because you don’t have PolicyDefinitions in AD already, don’t add them. Just leave the DCs alone and hop on any workstation or server that’s at least Windows 7 and use that. You are correct that by default on the c:\windows\PolicyDefinitions folder even Admins only have read access. You’ll have to find a way around that. The important thing is to understand that you don’t need to install these on your DCs for what you’re trying to do. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Heaton, Joseph@Wildlife Sent: Monday, September 14, 2015 4:21 PM To: '[email protected]<mailto:[email protected]>' <[email protected]<mailto:[email protected]>> Subject: RE: [NTSysADM] RE: IE Enterprise mode I was trying to copy the files into c:\windows\PolicyDefinitions. That’s where permissions don’t seem correct at all. Under c:\windows\sysvol, I have domain, staging, staging areas and sysvol. Under the second sysvol, I have my domain fqdn, then under that, I have Policies, scripts, StarterGPOs. I do NOT have a PolicyDefinitions folder anywhere in the sysvol file structure. The initial NTFS permissions on c:\windows\PolicyDefinitions were: Owner: TrustedInstaller TrustedInstaller – FC, This folder and subfolders SYSTEM – Modify, This folder only SYSTEM – FC, Subfolders and files only Administrators – Modify, This folder only Administrators – FC, Subfolders and files only Users – R&E, This folder, subfolders and files CREATOR OWNER – FC, Subfolders and files only ALL APPLICATION PACKAGES – R&E, This folder, subfolders and files These are the permissions on all the DCs for this folder. On one of the DCs, I changed ownership to Enterprise Admins, and changed: Administrators – FC, This folder, subfolders and files Even with that change, I had to modify the permissions on each of the files themselves to set the above permission, before I was able to copy in the new file, and replace the existing. This DC is where I have my GPMC on my own workstation pointing for AGPM. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Monday, September 14, 2015 12:41 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] RE: IE Enterprise mode Wait. Are you looking at Windows\PolicyDefinitions on the DC? If so, that’s not what you want if you are trying to enforce the available ADMX files domain-wide. If you do not have a PolicyDefinitions folder under Sysvol\Policies, then take a step back. If you simply need to be able to edit Enterprise Mode in GPOs, just copy the admx and adml files to Windows\PolicyDefinitions on a member server that has GPMC installed. That’s all you need to do in order to edit the settings for any domain GPO. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Heaton, Joseph@Wildlife Sent: Monday, September 14, 2015 2:46 PM To: '[email protected]<mailto:[email protected]>' <[email protected]<mailto:[email protected]>> Subject: RE: [NTSysADM] RE: IE Enterprise mode Wow. Could you list the permissions on your PolicyDefinitions folder, please? Mine look really messed up. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Monday, September 14, 2015 11:40 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] RE: IE Enterprise mode I figured I would mention UAC that since I see admins often burned by it when using Explorer. The default permissions should have allowed you to do this. Subfolders and files of the Policies folder grant Administrators full control, so I would think that when Policy Definitions was initially created, that would have been set unless someone changed it. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Heaton, Joseph@Wildlife Sent: Monday, September 14, 2015 11:59 AM To: '[email protected]<mailto:[email protected]>' <[email protected]<mailto:[email protected]>> Subject: RE: [NTSysADM] RE: IE Enterprise mode Tried copying it from another DC, with the same results. Looked at UAC, and someone has set the UAC to Never Notify, which is odd in and of itself, but “should” mean that UAC isn’t stepping in. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Friday, September 11, 2015 6:04 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] RE: IE Enterprise mode If you are trying it locally, it’s most likely because of UAC. Copy it over the network instead. You may already know this but don’t forget to copy the .adml file(s) as well. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Heaton, Joseph@Wildlife Sent: Thursday, September 10, 2015 6:44 PM To: '[email protected]<mailto:[email protected]>' <[email protected]<mailto:[email protected]>> Subject: [NTSysADM] RE: IE Enterprise mode So, I’m having trouble importing the admx file. I’m logged onto the server with a domain admin account, and when I try to copy the file into the PolicyDefinitions folder, I get a popup saying I need permissions to do this. Anyone know how to fix this? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Damien Solodow Sent: Wednesday, September 09, 2015 9:18 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: IE Enterprise mode Yes, mostly pros, yep, nope. DAMIEN SOLODOW Senior Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Heaton, Joseph@Wildlife Sent: Wednesday, September 9, 2015 12:16 PM To: NT System Admin Issues Discussion list <[email protected]<mailto:[email protected]>> Subject: [NTSysADM] IE Enterprise mode Anyone using it? Pros/cons, good thing, does it work as advertised? Is it a pain to get set up and working? Thanks, Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: (916) 323-1284 Every Californian should conserve water. Find out how at: [SaveOurWater_Logo]<http://saveourwater.com/> SaveOurWater.com<http://saveourwater.com/> · Drought.CA.gov<http://drought.ca.gov/> SMP Partners Limited, SMP Trustees Limited and SMP Fund Services Limited are licensed by the Isle of Man Financial Supervision Commission. SMP Accounting & Tax Limited is a member of the ICAEW Practice Assurance Scheme. SMP Partners Limited registered in the Isle of Man, Company Registration No: 000908V Directors: M.W. Denton, M.J. Derbyshire, S.E McGowan, O. Peck, J.J. Scott, S.J. Turner SMP Trustees Limited registered in the Isle of Man, Company Registration No: 068396C Directors: A.C. Baggesen, M.W. Denton, O. Peck, J.J. Scott, J. Watterson, J. Cubbon SMP Fund Services Limited registered in the Isle of Man, Company Registration No: 120288C Directors: V. Campbell, M.W. Denton, D.A. Manser, S.E McGowan, J.J. Scott, R.K. Corkill SMP Accounting & Tax Limited registered in the Isle of Man, Company Registration No: 001316V Directors: I.F. Begley, A.J. Dowling, P. Duchars, J.J. Scott, S.J. Turner SMP Capital Markets Limited registered in the Isle of Man, Company Registration No: 002438V Directors: M.W. Denton, M.J. Derbyshire, D.F Hudson, S.E McGowan, O. Peck, J.J. Scott. SMP Partners Limited, SMP Trustees Limited, SMP Fund Services Limited, SMP Accounting & Tax Limited and SMP Capital Markets Limited are members of the SMP Partners Group of Companies. This email is confidential and is subject to disclaimers. Details can be found at: http://www.smppartners.com/disclaimer.asp ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
