Reply to Message

View discussion in a popup

Replying to:
DEMdev
VMware Employee
VMware Employee

Hi @pbastiaans,

I couldn't find a "quote" button in the new system, so let me use italic instead :slightly_smiling_face:

  • Domain Computers needs to be added with read permissions to the config share
  • Domain Computers needs write to the logging share*

Correct. For computer environment settings, share and NTFS permissions should be configured appropriately so that the Domain Computers group (or some other security principal that covers all relevant computer accounts for your particular scenario) has the correct access to the configuration share and to the profile archives share (for logging, typically.)

  • * currently I write to local VM as I have not figured away to make logs unique for each session

You can just include %USERNAME% or %COMPUTERNAME% (which is effectively the same here, as this runs in the computer context) somewhere in the log file name.

It appears that GPOs aren't being applied 'normally'. For example, when enabling a GPO that disables it appears the settings are flipped, a 1 instead of a 0. Acrobat bUpdater is my example.

Can you provide the ADMX-based settings config file you're testing with and the ADMX/ADML files it's based on so we can take a look? And do DEM's ADMX-based computer settings act differently than "normal" GPO?

It appears that even when disabling the ADMX in Computer Environments(CE) the GPO continues to be applied. Or if you change the setting, i.e., disabling instead of enabling, it does not honor the change. The workaround I found is that the configuration needs to be deleted and recreated.

When computer environment settings are processed, disabled config files are ignored. Settings that were applied at boot will be reverted at shutdown, and the same happens during a refresh (i.e. "old" settings are reverted before "new" ones are applied.)

How are you testing this, and what do you see in the log?