Tag: Group Policy

Troubleshoot Group Policy Object showing Extra Registry Settings

When your environment migrates from legacy or lower version of Windows Server to a newer version. Example, from Windows Server 2008 to Windows Server 2016.  You will experience this. This is why I am writing this post.

I notice when I launch the Group Policy Management and direct to one of the Group Policy Object > Settings Tab > Show all and saw a part says “Extra Registry Settings“. I open up the Edit, trying to locate that part but failed to do so. What I did is I research on the browser, checking whether has anyone experience it and what are the solutions to it.

There is a message display inside the “Extra Registry Settings” but not helpful in getting any information in the browser. The message is “Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.”

 

gpo01.PNG
Example, of the part

 

Thank god that PowerShell can remove this registry using the Remove-GPRegistryValue Command. You may refer to the reference below too.

First I run the GET command just to make sure the registry value is valid;

#This command retrieve information of an extra registry of the
Get-GPRegistryValue -Name "<GPO Name>" -Key "HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\"

#If result is valid then move on to REMOVE command, note that sensitivity on the Key Path Value "\" at the end must not be included
Remove-GPRegistryValue -Name "<GPO Name>"  -Key "HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\" -ValueName "<Registry Value Name>"

#A result will be shown after the REMOVE command executed, result contain GPO Name, Owner, creation time and modification time

 

Reference:

  1. https://sdmsoftware.com/group-policy-blog/tips-tricks/removing-extra-registry-settings-from-gpos/
  2. https://deploywindows.com/2017/10/12/extra-registry-settings-need-access-to-old-group-policy-settings/

 

Skype for Business: How to setup QoS at client side?

Well there are 2 ways you could perform this is by editing the client’s computer (local group policy) or push the settings using group policy management.

Anyway, both of these methods or steps are similar and simple to setup.

*Note: A wrong value can causes the QoS not running correct

Steps for local group policy;

  1. Make sure you are login as local administrator on your computer
  2. Go to > Start > Search > Group policy
  3. At the group policy > computer configuration > Windows settings > policy QoS settings
  4. Create new policy
  5. Just follow the below image to create total of 5 QoS policies

sfb2

6. During creating the policy, just change which is necessary. Leave the others as default.

7. Do a restart of the computer (I always do this)

Steps for  GPM;

  1. Open GPM
  2. Create a new GPO and name it
  3. Right click the GPO and click edit
  4. At the group policy > computer configuration > Windows settings > policy QoS settings
  5. Create new policy
  6. Just follow the below image to create total of 5 QoS policies

sfb2

7. Link this GPO to the OU you wish to have this GPO implemented

8. After that remember to do gpupdate /force on both the server and the client computer

For testing;
1. Install wireshark

2. Select the network you connected and Start the wireshark (Start Capture traffic)

3. Start your skype for business audio call or video call, or both within the same network. Do a peer-to-peer communication.

4. Talk to the audio or make some sound for a minute or 2.

5. End the skype for business call (audio or video)

6. Stop your wireshark

7. Save your traffic

8. You should be able to see your QoS is working

 

wireshark.png

References:

  1. https://three65.blog/2015/09/07/skype-for-business-configuring-quality-of-service-qos/
  2. https://gallery.technet.microsoft.com/office/Configure-QoS-for-Skype-cdea2e67
  3. https://gallery.technet.microsoft.com/lync/Configure-QoS-for-Skype-cdea2e67

AD & GPO: How to enable or configure Windows Hello?

To create this GPO is pretty simple, just by creating a new GPO or you could reuse a existing GPO (Not the default GPO).

*Note: Windows Hello only works with Windows Server 2016 and Surface Pro, Windows 10

Here are the simple steps;

  1. At the Group Policy Management > Group Policy Objects > right click to create a new policy/edit the existing policy
  2.  The image below is basically the policy to enable Windows Hello featuregpowinhello.JPG
  3. After this, remember to link the gpo to the OU that you wish it will take the gpo
  4. Remember to also do a “gpupdate /force” at both the server and computer side.
    • Open cmd > type the command “gpupdate /force”
  5. There is a gpupdate function with one push, but you have to make sure that the user’s computer are connected.
    • In the GPMC > select the OU > right click > select GPO Update policy
      • This will update all the objects inside that particular OU

AD & GPO: Why password/account policy is not working?

To those are newbie to GPO (Group Policy Objects) or Group policy management, your mentor sure told you to not configure default domain policy and instead they will tell you to create a new GPO.

Here is something you should know, Not all policy settings are workable under newly create GPO”. This means that there are still dependencies with Default GPOs. Even you’ve try to enable “Enforce” or “Block Inheritance”, the Default GPO will always there running. Thus, always research and understand in-dept of GPO.

Below is the supporting article is the answer to you.

References:

  1. https://technet.microsoft.com/en-us/library/cc748850(v=ws.10).aspx