In the case of Horizon View, the pool must bet floating, not dedicated. The machines must be non-persistent.
2) to verify that we have installed the correct version you should open the registry and find the following key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeClickToRunConfiguration.: SharedConputerLicensing: value 1
3) Download the O365 ADMX files from the following location
4) Copy the ADML and ADMX files to the respective folders under Policy definition of the Domain controller
5) Open gpmc.msc and navigate to the following policies.
Computer ConfigurationPoliciesAdministrative TemplatesMicrosoft Office 2016 (Machine)Licensing Settings.
6) Enable “Use shared computer activation” policy
7) Reboot the VDA machines
We want to start using the Active Directory import function to make sure all domain joined servers will have Symantec installed but are running into a problem.
The AD import function is working ok, we get a new group in the console containing all computer objects from the coresponding OU. But since we have multiple roles of servers in that OU that need different and sometimes overlapping exception policies we want to move the computer objects out of the created client group and into a client group that has the specific exception policy in place. But when we do that the it seems like a copy of the moved object is created in the correct client group but the from AD imported object stays in the client group corresponding to the OU.
For example. In AD we have an OU named Servers 2012 R2, in that OU we have multiple SQL servers and those SQL servers have different configurations so they need different exception policies in Symantec. So we move one of the SQL servers from the Servers 2012 R2 client group to the client group named SQL Servers 1 (for example). When we do that a computer object in the SQL Servers 1 is created, the object shows it is online and everything is working ok. But when we look at the Servers 2012 R2 client group the originally imported object is still there and the info says that it is offline.
This situation is causing confusion and is undesired.
Is this normal behaviour for Symantec?
Is there a way to import objects from AD and move those around to different client groups after initial import and not have double entries in the console?
Or are we doing things wrong and is it possible to have multiple exception policies placed on one client group in Symantec that handles specific computers in that client group but not all others and vice versa?
I have this error when upgrading to the latest SEPM version (14.2.1031.010).
– I have a GPO with these settings: “logon as a service permission” to these 3 accounts (NT SERVICEsemsrv ,NT SERVICEsemwebsrv, NT SERVICEsemapisrv) and this one in “Replace a process level token” (NT SERVICEsemwebsrv).
I have this log error:
I would appreciate any help.
When you try to open a remote PureMessage console, an error is displayed:
Error retrieving data from the server. Ensure server / database is started and try again
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
First seen in
PureMessage for Microsoft Exchange 3.1.4
PureMessage for Microsoft Exchange 4.0.4
The user who is trying to log on is not a member of the group ‘Sophos PureMessage Administrators’, which is a group created in Active Directory by PureMessage.
What To Do
To add the user to this group, go to the Windows ‘Active Directory Users and Computers’ window and open the Users folder. Follow the instructions in Windows documentation/Help for details of how to add the user to this group.
1.Download Group Policy Templates 7.15.zip folder provided in this article.
2. Extract the necessary files from the zip folder after download.
To create new policy and associate the same to proper filter, following should be performed:
1. Start the Active Directory Group Policy Management console;
2. Create new policy;
3. Edit the policy, and select appropriate Citrix Computer or User policy, or Profile Manager Computer or User policy;
4. Close the Group Policy Management Editor window;
5. Under the New policy window, associate the policy to appropriate Active Directory OU or Group.
To install the Citrix Group Policy snap-in:
Locate and run the appropriate Citrix Group Policy MSI file on the machine where you intend to manage Group Policy (domain controller or other server)
To install User Profile Management admin templates
- In the Group Policy Object Editor, right-click Administrative Templates under Computer Configuration and then select Add/Remove Templates.
- Click Add, browse to the ADM Template file, and click Open.
- Click Close to apply the policy settings in the ADM Template file to the GPO
|Article Number: 494592||Article Version: 4||Article Type: How To|
- Log in to InsightIQ web administration interface.
- Click SETTINGS tab.
- Click Users on the SETTINGS ribbon.
- Click Configure LDAP.
- Check Enable LDAP. Enabling LDAP allows you to edit the remaining fields on this page.
- Type Active Directory (AD) server (Domeain Controler) URI into the LDAP server field. Server URI should begin with ldap:// or ldaps://. Port is optional
- Type the Base Search Entry. Distinguished Name (DN) of the entry to start searches at. If your AD domain is domain.com, your DN would be dc=domain,dc=com.
- Type AD server credentials in the Bind entry and Bind password fields. The Bind Entry should have the format of “user@domain”. For example: email@example.com
- Click link: Show optional setings.
- Type user into Object Class for users field. Attribute that defines a user on this server.
- Type group into Object Class for groups field. Attribute that defines a group on this server.
- Click Submit.
Active Directory server configuration:
**NOTE** InsightIQ 4.1.2 supports logging in via sAMAccountName.
If you are running InsightIQ4.1.2, you do not need to configure gidNumber or uid attributes in your Active Directory server.
On the Active Directory server confirm following attributes for groups and users.
1. Groups have to have a valid, configured gidNumber attribute.
2. Users have to have their uid set and it should be the same as their sAMAccountName attribute
Tools, resources used while reproducing the issue/configuration in a lab environment:
- IIQ 4.1 vm
- Windows 2012 AD
- Wireshark to verify IIQ LDAP requests and responses from AD
- Softerra LDAP Browser to verify LDAP / AD servers Distinguished Names and users and groups attributes
To verify groups and users attributes in the Active Directory:
- Log in to Domain Controller.
- Go to Active Directory Users and Computers.
- Click Viewtab.
- Click/check Advanced Features.
- Navigate to Users and open Properties window of related group or user.
- Navigate to and click on the Attribute Editor.
1. On a Windows Server machine, use the “Add Roles and Features” wizard from Server Manager to add the “Group Policy Management” feature.
2. On a Windows Desktop machine, install the Remote Server Administration Tools for the specific OS, once the installation is complete you will find the Group Policy Management console in the Start Menu.
Take into account the installation has to be performed with a domain admin account.
When opening the Group Policy Management Editor on a Windows 10 machine you might get the following warning:
According to the following Microsoft article, this is an informational event and can be safely ignored:
Install the Citrix Group Policy management package (CitrixGroupPolicyManagement_x64.msi).
This msi can be found in the XD/XA installation media under x64Citrix Policy.
At this point you should be able to create and configure Citrix policies using the MS gpmc:
However, you will notice that if you try to use GPO filters that are specific to Citrix policies like the Delivery Group filter or the Tag filter you might get an error like:
In order to be able to use these filters from the gpmc you need to install Citrix Studio on the machine:
The following article explains the details in case you want to manually install Studio (for scripted installations):
Once Studio is correctly installed, you will now be able to use the mentioned filters: