A few weeks ago, we faced an issue where all of our GPOs were broken (kind of....). It seems although the GPOs were editable, but the settings were not there... What we see was : Description : GPO gone bad..... Issue :  Launch GPMC | Edit a policy, expand to Computer Config | Policies | Administrative Templates , all settings are missing. However, each config line could be found inside All Settings  If we look carefully, the policy is retrieved from the central store.  if we look at other domain ( other domain, not other Domain Controller ), the policy is retrieved from the local computer . Troubleshooting :   Open Windows Explorer, navigate to \\<DomainName>\SYSVOL\<DomainName>\Policies . There is a folder called PolicyDefinitions    Within the folder, there is nothing, no folders no files..... Resolution :     Open Windows Explorer, navigate to \\ <DomainControllerName>\c$\Windows\PolicyDefinitions . Copy all con

This happened to my environment anew days ago, where I was not able to edit my group policy with below error. The GPO is working fine, just that I could not make any changes on it. Issues : Failed to open the Group Policy Object. You might not have the appropriate rights. Details : The system cannot find the path specified. Troubleshooting : Manually assigned delegated permission (with Edit settings, delete & modify security) - not working Tried to edit the policy from PDC Emulator server - not working Checked the availability of the GPO folder in SYSVOL, the GPO folder is available. Resolution : A bit of Googling, I got this : This is the issue, I executed the Procmon & found that process is trying to access the Registry.pol file under User folder under the policy path & it is failing to access, even though user configuration are not configured. It turned out, a folder named ' User ' was missing from the GPO folder, wh

It is a common practice to have a management server, with most (if not all) consoles installed on it. the purpose of this practice are to consolidate the management consoles into centralized servers, and reduce un-needed resources utilization on target servers (e.g : SQL, AppSense, Citrix Delivery Controller, VMware vCenter).  One component that I love to have in my management server is Citrix GPMC. I prefer to configure my Citrix policies via GPO, rather than Citrix Policies. One main reason is to consolidate all policies into a single, centralized location.  This is what you can see from AD server or normal servers/machines without Citrix GPMC installed / enabled. This is what you can see from Citrix servers with GPMC installed / enabled. Now, how to install Citrix GPMC :   Download the installers from here : x86 : http://support.citrix.com/article/CTX142463#download x64 : http://support.citrix.com/article/CTX142464#download  Right click at the installer, an

Group Policy Processing has been introduced since Server 2008, and Microsoft recommends to use GPP instead of normal GPO. To me, I prefer to use GPP as well, as it is more convenience to configure and troubleshoot.  However, in some cases, the configuration may not get reflected, no matter how many times you perform gpupdate (gpupdate /force as well), or even reboot the machines. Your settings are all good, linked enabled to appropriate OU, Block Inheritance already enabled ( to ensure policies assigned to parent OU not conflicting with your policies, just in case ), there were no similar setting in Site and Domain policies, policies already being enforced ( oh wait, do you really need to enforce? ).  What else could it be then? Oh wait, just before you planned to kill someone, you realized there were red dots / circles at the configurations, and those configurations (with red dots / circles ) were the one who drove you crazy! Configurations with green straight lines / circles

In previous post , I mentioned on how to disable drive mapping on Server 2003 via GPO. In this post, I will show on how to disable drive mapping on server 2008. Description : Disabling drive mapping on Server 2008 How To Do :  Access to GPMC , edit the intended GPO. Browse to Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection Click at ' Do not allow drive redirection  '. That is our target setting Right click at it, and press Edit  Choose Enabled , press Apply and OK .  You can double confirm the setting by checking at ICA-TCP and RDP-TCP Properties. They are now checked, and  grayed out. And this is the explanation by Microsoft on the GPO setting.

This post will show on how to disable local drive mapping via GPO for Windows Server 2003 environment. Considering GPO will take precedence over Citrix policy, this setting will work on both RDP and ICA sessions. Description : Disable local drive mapping via GPO (the same setting can be applied to local policy too) How To Do : Open your Group Policy Object, and browse to this setting ( Computer Configuration > Administrative Templates > Windows Components > Terminal Services > Client/Server data redirection   Let's focus on Do not allow drive redirection. Right click at it, and click at Properties  Choose Enabled, press Apply and OK.  This will be the outcome. This is the explanation on this setting by Microsoft.   Drive mapping is now disabled, and users are not able to change it.

This issue occurred to me a few years back, when we started enrolling Windows Server 2008. When I tried to change my Citrix XenApp server to another farm, CHFARM.exe crashed and I could not do it. Because I was using GUi rather than command line during that time, so I could capture below detail. I did not have any issues in changing farm for XenApp in Server 2003, and my home lab (with Windows Server 2008) also gave a positive result. As I only can see this error on Server 2008 (security permission on my home lab was more relaxed - UAC disabled) and but not on Server 2003 (and my home lab), thus to me it was safe to narrow down the root cause to security permission on Server 2008 (to be exact : User Acess Control) that cause the problem. Issues : CHFARM crashed in the middle of changing Citrix XenApp farm (on Windows Server 2008). Troubleshooting   RDP to the server, launch RUN , type secpol.msc , and press OK . (First hint) At this window, click at I want t