171 questions
171 questions with Windows for business | Windows Server | Directory services | Deploy group policy objects tags
2 answers
Default Domain Policy misconfigured — Domain Admins & Enterprise Admins added to DENY logon settings, locking all admin access
Hello, I need help recovering my Active Directory domain after an incorrect settings change was applied to the Default Domain Policy (DGP {31B2F340-016D-11D2-945F-00C04FB984F9}). A change was made to the GPO’s security policy that added multiple Deny…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-11-28T07:08:19.64+00:00
Al Aguilar
0
Reputation points
edited an answer 2025-12-01T01:27:11.9733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 26%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Kate Pham (WICLOUD CORPORATION)
205
Reputation points Microsoft External Staff
Moderator
1 answer
Secured Domain Admins and Enterprise Admins accounts, now access is denied
Good day... A coworker tried to set up role-based access using our domain accounts, following a YouTube video (https://www.youtube.com/watch?v=VO2P6MiniM4). Shortly after, he was logged out, and now none of us can log into any domain-joined workstations…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-11-27T03:49:07.43+00:00
Al Aguilar
0
Reputation points
commented 2025-11-28T07:18:55.8266667+00:00
Al Aguilar
0
Reputation points
2 answers
Security Filtering shows none on denying apply on a single user
I have a group policy that has Authenticated Users and SYSTEM in security filtering. Basically I want it to apply to all users apart from 3 which are the admins. They are part of a group called IT which I was earlier added in delegation and denying…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-11-13T17:57:59.7733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 76%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Aakarsh Gupta
0
Reputation points
answered 2025-11-14T01:06:12.2366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 61%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Harry Phan
9,835
Reputation points
Independent Advisor
1 answer
ps1 script to deploy custom mouse cursors works, but it needs additional manual push
The script <# .SYNOPSIS Automates deployment of custom mouse cursors via Active Directory GPO. .DESCRIPTION Creates a Group Policy Object that deploys custom cursor files and configures registry settings to apply them. .PARAMETER…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-11-05T23:25:04.1033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 54%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVJ%3C/text%3E%3C/svg%3E)
Vladimir Jovanovski
0
Reputation points
commented 2025-11-07T21:56:29.4833333+00:00
Vladimir Jovanovski
0
Reputation points
6 answers
After applying the Windows Server 2016 Security baseline GPO to the domain controllers OU replication does not work (Access Dined error)
Dear Team, After implementing the Windows Server 2016 Security baseline GPO (https://www.microsoft.com/en-us/download/details.aspx?id=55319) on the Domain Controllers OU, replication functions have ceased across all domain controllers. Our environment…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-10-17T03:33:25.68+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 52%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Ashan Dissanayake
46
Reputation points
answered 2025-10-30T15:53:35.22+00:00
Ashan Dissanayake
46
Reputation points
2 answers
Restricting Removable Devices on Windows Server 2022
Hi, I have a Windows Server 2022 and i would like to disable the access to removable disks but it doesnt seem to want to work. Within MMC > Non-administrator policy i have set the pin 'All Removable Storage Classes: Deny all access' to enabled…
Windows for business | Windows Server | Directory services | Deploy group policy objects
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 33%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 16%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
3 answers
GPO and trusted relationships
If there is a trust relationship between two domains configured with Selective Authentication, and in domain A there is a GPO with Loopback Processing enabled in Merge mode (meaning user policies are combined with computer policies), a problem occurs.…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-10-18T17:11:53.25+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 43%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFG%3C/text%3E%3C/svg%3E)
Filip Gronostaj
20
Reputation points
commented 2025-10-22T17:00:13.3566667+00:00
Filip Gronostaj
20
Reputation points
1 answer
How to restrict server RDP to all users and only accept RDP from a single source (IP, host)
Hello, We’re in the process of implementing a Privileged Access Management (PAM) solution and would like to restrict direct Windows RDP access for users. Specifically, we want to ensure that users can only initiate RDP sessions through the PAM server and…
Windows for business | Windows Server | Directory services | Deploy group policy objects
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 78%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
1 answer
Tried to seup LAPS on my 2016 ADDC running on 2019 Server. I cannot get it to work
Tried to seup LAPS on my 2016 ADDC running on 2019 Server, using the Microsoft Documentation. I cannot get it to work. Somehow while truobleshooting this I now have have both versions of LAPS on my server. How can get one of these versions off and…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-10-03T13:13:41.58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 30%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPL%3C/text%3E%3C/svg%3E)
Philip Lindeman
0
Reputation points
answered 2025-10-03T14:21:37.02+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 90%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQQ%3C/text%3E%3C/svg%3E)
Quinnie Quoc
7,400
Reputation points
Independent Advisor
1 answer
One of the answers was accepted by the question author.
Group Policy Desktop Wallpaper Black
I have a strange problem where every so often one of my users who has our corporate desktop wallpaper deployed via Group Policy will log on and find that it is now just a black wallpaper. It seems to happen at random but once it has happened the…
Windows for business | Windows Server | Directory services | Deploy group policy objects
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 34%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETF%3C/text%3E%3C/svg%3E)
1 answer
how do i get rid of azure completely its taken over my home pc
yes i tried azure maybe a year ago and went to the site and closed and removed my account since then its re written my registry put Strick polices in place wont let its self be removed its self presavating all my drivers all are inf 06/21/06 drivers that…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-09-30T06:43:43.3366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 51%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
jeffrey liddell
0
Reputation points
commented 2025-10-02T02:30:31.1233333+00:00
jeffrey liddell
0
Reputation points
1 answer
Why are our PCs generating excessive network traffic on TCP 445 to the DCs?
Second time this has happened this year. Different site each time. Only affecting the one site. LAN/WAN performance severely degraded due to multiple clients 445 traffic to the DCs for this site. Started overnight, previous day was normal. Newly booted…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-10-01T19:52:49.06+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 77%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMF%3C/text%3E%3C/svg%3E)
Mark Frickle
0
Reputation points
answered 2025-10-02T00:10:49.72+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 33%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDV%3C/text%3E%3C/svg%3E)
Domic Vo
11,150
Reputation points
Independent Advisor
3 answers
Windows Hello for Business
Hello Team, We’ve received the request to deploy Windows Hello for Business using Group Policy. Our GPO server is running on Windows Server 2022. While reviewing several articles online, we found conflicting information and are currently unsure which…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-09-22T16:31:33.8166667+00:00
Kanhaiyalal Chandrawanshi
40
Reputation points
answered 2025-09-26T16:16:01.0466667+00:00
Kanhaiyalal Chandrawanshi
40
Reputation points
2 answers
How to disable USB sticks for a domain but pop up admin credentials request when a normal user wants.
My idea is; Disabling the USB sticks for every user in the domain but at the same time when they plug a USB stick into their device. Windows will pop-up a admin credential requirement screen to run that device so the Admin can use them credentials to…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-09-19T11:53:44.33+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 28.999999999999996%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
Süleyman Baki Memiş
0
Reputation points
answered 2025-09-22T09:09:23.83+00:00
Süleyman Baki Memiş
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Problems with using USB pendrives when logged in via Remote Desktop
Greetings, I have a problem in one of my client companies, which has a Windows Server Active Directory domain. Several employees make use of third party applications that require access to special license USB pendrives to operate. They have ordinary,…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-09-12T13:39:19.9166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 50%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
Michal Cwik
20
Reputation points
accepted 2025-09-18T07:20:39.14+00:00
Michal Cwik
20
Reputation points
1 answer
I am in an organization and trying to give access for pin and fingerprint for everyone by creating a GPO on server, i tried to configure and applied few GPO and now able to assign pin and finger but while logging in with finger or pin it is not working.
When i tries to login by my finger or pin it is showing this is temporarily unavailable. The rules i enabled on GPO are : required things on Windows Hello for Businesses : I Enabled the Biometric : Enabled the required things on Logon section Please it…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-09-09T06:02:59.9+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 92%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Satyasarathi Dhal
0
Reputation points
answered 2025-09-09T08:16:32.6366667+00:00
Quinnie Quoc
7,400
Reputation points
Independent Advisor
1 answer
When running a Powershell script via GPO to enable Bitlocker. "A required privilege is not held by the client. (Exception from HRESULT: 0x80070522)"
We're moving towards using BitLocker for FDE to all of our users. Just got everything in GPO created, startup PowerShell script attached, and everything started moving fine in the initial testing of a few machines. Once I started to open that testing to…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-08-29T15:28:01.6966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 72%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKD%3C/text%3E%3C/svg%3E)
Korazu DyShin
0
Reputation points
answered 2025-08-30T13:29:24.0166667+00:00
Domic Vo
11,150
Reputation points
Independent Advisor
1 answer
How to fix Error 0x800706ba (RPC) on the client side?
Hi Microsoft Community, Good day! As part of our security, we tried to Enable the "Restrict Unauthenticated RPC clients" (Computer Configuration > Administrative template > System > Remote Procedure Call) and set it to…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-08-28T03:57:50.41+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 33%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
Joshua D. Engracia
0
Reputation points
commented 2025-08-29T01:30:55.24+00:00
Joshua D. Engracia
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Windows Hello for Business – Biometric requires PIN after success (Hybrid + Intune)
We are deploying Windows Hello for Business (WHfB) in a hybrid Azure AD joined environment, managed via Intune Account Protection policies. Our requirement is: fingerprint/face should unlock the device directly, and PIN should only be required if…
Windows for business | Windows Server | Directory services | Deploy group policy objects
asked 2025-08-25T08:20:08.2233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 28.999999999999996%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Sachin Ameta
25
Reputation points
commented 2025-08-25T15:41:36.8766667+00:00
Sachin Ameta
25
Reputation points
1 answer
One of the answers was accepted by the question author.
Issue with Domain and Client with Domain account
Hi, I have created some GPOs and deployed it to some client machines. The GPO does not applied on some machines. I did do the following PS and see why: Test-ComputerSecureChannel -Server "DCName.domain.com" result :…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 90%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)