RE: [NTSysADM] Set-ImageSize Help

I wouldn’t really worry about it, but, the thing I see that’s not disposed is the $Graphics variable. You can tell it needs to be by looking up the class on MSDN and seeing that it implements IDiposable. From a

RE: [NTSysADM] Q about GPO Security Filtering precendence

For this scenario you might consider adding a deny for applying the policy to the policies for the other groups. It's really not necessary as the last policy applied will take precedence but would potentially help with troubleshooting logic in case a system does end up in more than one group.

RE: [NTSysADM] Q about GPO Security Filtering precendence

One other thing. If you want 4 to apply to every machine in that OU (except the exceptions for 1,2 and 3) then you don't need an 'All WSUS security group' or any filtering on that GPO. It will apply to all of them as is. Then let 1,2 and 3 do their thing with the security filtering.

RE: [NTSysADM] Set-ImageSize Help

Yeah, the thing that always makes me cringe is the lack of error detection and reporting in so much public PowerShell… And you are correct, while PowerShell does have “using ” it does not have “using ”. But it can be implemented fairly easily….

RE: [NTSysADM] PCI nightmare - c:\windows\csc files

Be aware a load of those GPOs are XP/2003 only. Here’s an article documenting my adventures with it (admittedly from a while back) http://www.htguk.com/appsense-desktopnow-and-offline-files/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Charles F

RE: [NTSysADM] PCI nightmare - c:\windows\csc files

If users have not successfully synced those files back to a server and you do a mass reset or policy change you are GOING to have people lose data, so be extremely careful. I do use the registry key method even on modern Windows 10 computers and it does work, but it resets that cache for all

RE: [NTSysADM] Re: GPO being filtered out, denied by security - MORE

Did you bounce the servers so they could pick up the new group memebership? -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Tuesday, June 20, 2017 11:11 AM To: ntsysadm@lists.myitforum.com Subject:

[NTSysADM] GPO being filtered out, denied by security

I'm scratching my head at this. I created a new GPO, to set updates to be applied automatically, and rebooted automatically. I created a new AD group; added 10 server accounts to it. Set the security filtering on the new GPO to this new group. All seemed fine, I spot-checked the 10 servers to be

RE: [NTSysADM] Re: GPO being filtered out, denied by security - MORE

I was just point out that denies override everything else. Is it possible that you added a DENY entry to some other group of which these computers are members? -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone

[NTSysADM] Re: GPO being filtered out, denied by security - MORE

OK, I've noticed that there are more servers exhibiting this GPO denial. All were added to the AD group that applies to this denied GPO. All that were added to the AD group yesterday are fine, GPO *not* being denied. Maybe I just need to leave it? I would have thought that a "gpupdate /force"

Re: [NTSysADM] Re: GPO being filtered out, denied by security - MORE

On Tue, Jun 20, 2017 at 11:52 AM, Mayo, Bill wrote: > I was just point out that denies override everything else. Is it possible > that you added a DENY entry to some other group of which these computers are > members? Pretty sure I haven't a DENY to anything in this

RE: [NTSysADM] Re: GPO being filtered out, denied by security - MORE

Did you remember to add either "authenticated users" or "domain computers" with read access on the advanced tab after you added the security filtering to apply just to the group? -Bonnie -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On

Re: [NTSysADM] Re: GPO being filtered out, denied by security - MORE

On Tue, Jun 20, 2017 at 11:21 AM, Kennedy, Jim wrote: > Did you bounce the servers so they could pick up the new group memebership? No. But then, neither did I bounce the other 5 servers that are working, and are not filtering out the GPO

RE: [NTSysADM] Re: GPO being filtered out, denied by security - MORE

I don't think I've ever had a server successfully get group membership in its access token without a reboot. We all know that a user has to log out and back on. A machine has to reboot. Not sure if there's an alternative to rebooting, like restarting the netlogon service, and I'm not sure why

Re: [NTSysADM] Set-ImageSize Help

Thanks for the information. I'll play around with it. - Sean On Tue, Jun 20, 2017 at 5:02 AM, Michael B. Smith wrote: > Yeah, the thing that always makes me cringe is the lack of error detection > and reporting in so much public PowerShell… > > > > And you are correct,

Re: [NTSysADM] Re: GPO being filtered out, denied by security - RESOLVED

Sweet! That's a very good tip. Kurt On Tue, Jun 20, 2017 at 9:28 AM, Michael Leone wrote: > I didn't bounce the servers. But this did work: > > http://www.windowsnetworking.com/kbase/WindowsTips/Windows7/AdminTips/Admin/Forcingre-evaluationofcomputergroupmembership.html >

[NTSysADM] RE: PCI nightmare - c:\windows\csc files

Does using the Registry value to reset the database do this, or does that just whack the database and not the data? As I recall it's HKLM\System\CurrentControlSet\Services\CSC\Parameters\FormatDatabase (DWORD 1) and then a restart... From: listsad...@lists.myitforum.com

Re: [NTSysADM] Re: GPO being filtered out, denied by security - MORE

On Tue, Jun 20, 2017 at 12:29 PM, Charles F Sullivan wrote: > I don't think I've ever had a server successfully get group membership in > its access token without a reboot. We all know that a user has to log out > and back on. A machine has to reboot. Actually not ...

[NTSysADM] PCI nightmare - c:\windows\csc files

Greetings! Since MS had the annoying habit of enabling off-line caching, I have a PCI nightmare. All our workstations are Window 7 Professional, SP1. A scan by an application called "IdentityFinder" has located 3000+ files among several dozen machines it claims has either social security

RE: [NTSysADM] Re: GPO being filtered out, denied by security - RESOLVED

Nice find!! Gonna save this one. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Tuesday, June 20, 2017 12:28 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Re: GPO being filtered out, denied

Re: [NTSysADM] Re: GPO being filtered out, denied by security - MORE

On Tue, Jun 20, 2017 at 12:30 PM, Miller Bonnie L. wrote: > Did you remember to add either "authenticated users" or "domain computers" > with read access on the advanced tab after you added the security filtering > to apply just to the group? Yep. One of the first

RE: [NTSysADM] Re: GPO being filtered out, denied by security - MORE

Was just going to suggest that - that bites me all the time -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Miller Bonnie L. Sent: 20 June 2017 17:30 To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Re: GPO being

RE: [NTSysADM] Re: GPO being filtered out, denied by security - RESOLVED

Thanks. That's my answer to a rebooting alternative. I'll have to file this away for reference. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Tuesday, June 20, 2017 12:28 PM To: ntsysadm@lists.myitforum.com

Re: [NTSysADM] Re: GPO being filtered out, denied by security - RESOLVED

On Tue, Jun 20, 2017 at 1:47 PM, James Rankin wrote: > In my testing I was never quite sure that trick would work. I wrote an article about it a few years ago, but the behaviour seems to be a little hit and miss. I did it on 5 machines; it successfully re-set the group

RE: [NTSysADM] PCI nightmare - c:\windows\csc files

You should looking into this Group Policy setting under Computer Configuration: Administrative Templates > Network > Offline Files > Allow or disallow use of the Offline Files feature There are other settings in there which might also help pass a PCI audit, such as Encrypt the Offline Files