none
DA group policy editor RRS feed

  • Question

  • Hi,

    Right now I can only use Group Policy Management to view/edit DA policy. I can't view/edit them from my DC server. How to let me to edit/view DA group policy from my DC server?


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    Wednesday, September 29, 2010 4:00 PM

Answers

  • Hi George,

    The report will not work when you run it on Windows 2008, since some of the items are only supported in 2008 R2.

    You can Edit the GPO however in 2008, however, you won't see some of the new DA related settings (NRPT for example)

    • Proposed as answer by MrShannon Tuesday, October 19, 2010 2:00 PM
    • Marked as answer by Erez Benari Monday, October 25, 2010 10:12 PM
    Friday, October 15, 2010 10:48 PM

All replies

  • Hi,

    It's not possible to configure DirectAccess through the Group Policy Management for a big part of the settings, in order to do that you must use the netsh commandlets as described here:


    Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) : http://security.sakuranohana.fr/
    Thursday, September 30, 2010 8:31 AM
  • Hi George,

    Why do you want to edit the UAG DirectAccess Group Policy?

    It's not a good idea to edit the UAG DirectAccess Group Policy because each time you run the UAG DirectAccess wizard it will overwrite that policy. It is better to create a separate GPO and associate that with the DirectAccess clients group so that it isn't overridden by the UAG DirectAccess wizard. Make sure to put this higher in the binding order.

    HTH,

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Thursday, September 30, 2010 1:29 PM
    Moderator
  • Hi, Tom,

    Thanks for your post. I got your point.

    The reason is I want to see what changes of those GPs from my language of Windows. We are UAG partner of MS in Taiwan. We will deliver service to the customers. I am also speaker of UAG of Microsoft Taiwan. Sometimes I need to cut screenshot of my language. So I use my DC which is TChinese edition and use GP editor in it to see what changes of DA client and server but failed. That's why I post my question.

    If there is no way to see the changes of GP from Windows of my language, it is OK for me.

    Thanks anyway...


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    Saturday, October 2, 2010 3:38 AM
  • Hi George,

    Oh! OK, that's a different question :)

    So you cannot get the Group Policy Object settings to appear in Chinese?

    Thanks!

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Monday, October 4, 2010 1:32 PM
    Moderator
  • Hi, Tom,

    UAG installed on English version Windows 2008R2. Display GPO on UAG is OK.

    When I cut screenshot for customer in Taiwan, I want to cut Chinese version GPO screenshot. That is why I use my DC since it is Windows 2008(not R2) Chinese version. But I can't because no UAG related GPO there.

    I don't expect UAG GPO appears in Chinese. I only want to cut them on Chinese Windows. If you can tell me how to import UAG GPO object into other Windows OS, then it solve my problem...

    TKS very much.

    George


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    Monday, October 4, 2010 11:39 PM
  • Hi George,

    The UAG DirectAccess GPO should appear on domain controller closest to the UAG DirectAccess server or array. Of course, it should appear on all domain controllers. On what domain controllers do you see the UAG DirectAccess Group Policy Objects?

    Thanks!

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Tuesday, October 5, 2010 12:47 PM
    Moderator
  • Hi George,

    The UAG DirectAccess GPO should appear on domain controller closest to the UAG DirectAccess server or array. Of course, it should appear on all domain controllers. On what domain controllers do you see the UAG DirectAccess Group Policy Objects?


     

    Hi, Tom,

    I can see DA GPO from any domain GP console. But I can't see the content of those GP. When I "Edit" those policies(I did not Edit it, I just want to see related setting), no DA related setting if not use GP console on UAG). If I click settings tab from GP console from server not UAG, there is error "No object" when generate report.

    I guess I should import something to the server which is not UAG and then can generate report from it.

    George


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    Wednesday, October 6, 2010 6:56 AM
  • Hi George,

    Is this a problem only for the DirectAccess policies, or are there other Group Policy settings that are not related to DirectAccess that you cannot see?

    Thanks!

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Wednesday, October 6, 2010 9:52 AM
    Moderator
  • Strange - what version of OS is your DC running?


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, October 6, 2010 10:20 AM
    Moderator
  • Is this a problem only for the DirectAccess policies, or are there other Group Policy settings that are not related to DirectAccess that you cannot see?

     

    It is only related to DA policies. Other policies I created are OK to see and generate report.


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    Wednesday, October 6, 2010 10:22 AM
  • Strange - what version of OS is your DC running?


    My DC is running on Windows 2008 X64 SP2 (not R2) Traditional Chinese edition.

    And UAG is installed on Windows 2008 R2 English edition.


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    Wednesday, October 6, 2010 10:24 AM
  • Hi George,

    The report will not work when you run it on Windows 2008, since some of the items are only supported in 2008 R2.

    You can Edit the GPO however in 2008, however, you won't see some of the new DA related settings (NRPT for example)

    • Proposed as answer by MrShannon Tuesday, October 19, 2010 2:00 PM
    • Marked as answer by Erez Benari Monday, October 25, 2010 10:12 PM
    Friday, October 15, 2010 10:48 PM