Issue on creating GPO task
farzadha2 opened this issue · 13 comments
Hi
Currently trying to copy the same config i have on host machine but through GPO, but for some reason its not appearing on the user,
The user does not have admin permissions so my question is do i need to put the task though user config or computer config?
This picture is how its configured on local computer
This is what im trying to configure but does not get applied on the computers through GPO
Thank you
Thank you so much for the reply, i was looking at it but i ran same the steps but could not get it working, though GPO im trying to create the same task as it creates normally on the user when i run gpupdate/force i dont see on the user that task
i dont see on the user that task
I'm not sure what you mean when you say "on the user". Are you looking at the Task Scheduler? The Task Scheduler works per machine, but the individual tasks themselves get assigned to specific users to run with the permissions of those users.
Have you checked to make sure you are also filling out the other tabs correctly, as well? Like the triggers, actions, etc.? If you fill something out incorrectly, the task might not get created if it's invalid.
Have you also made sure that the shared location (\\share) can be accessed by the "SYSTEM" account? The "SYSTEM" account will need access to read the script from the shared location. And to be honest, you don't always have to use the "SYSTEM" account specifically, you can use any user account that has permission to both read the script from the shared location as well as write to the local machine's hosts file. Although if you do use a user account that is not the "SYSTEM", you should make sure that the task does not require the user to be logged in to run and is not interactive so that it can run in the background whether or not someone is logged in or not.
Thank you for the reply,
when creating the GPO, i have two options to create the task scheduler though user or through computer configuration
what i did was on the GPO copy the unified host folder to the C drive of the user, so in theory no need that the user to access the \share folder
This are the screen shots
As stated earlier, and as I believe was mentioned in one of the other issues I linked, these tasks should be on a per-machine basis, so "computer."
As a warning though, both GPO functionality at large as well as the functionality accessible through the snap-ins (mmc) can be wildly different depending on what relevant add-on packages you've installed and what version of Windows you're running. So, it's possible your GPO options on a domain controller or through a remote session using a snap-in might be wildly different from those options on your local machine. I would highly recommend Googling further about the particular Windows version you're using for more details, as I don't currently have access to nor do I have set up a Windows domain or mixed environment at present, so I can't really give you the level of detail that perhaps you need for your particular setup and situation.
thank you for the reply, after testing the solution was adding nt/system
and that did the trick,
quick question im trying to block netflix and other sites using the custom.txt, which i add this
but cant seem to block it, i also checked the host file and it shows the entries there also
not sure what i missed?
# Custom entries managed by ScriptTiger's Unified Hosts AutoUpdate
# These custom entries are in standard hosts file format
# 102.54.94.97 rhino.acme.com
# 38.25.63.10 x.acme.com
# 127.0.0.1 localhost
# ::1 localhost
# 0.0.0.0 block.me
216.239.38.120 www.google.com
0.0.0.0 netflix.com
0.0.0.0 netflix.com/co
0.0.0.0 movies.netflix.com
0.0.0.0 cbp-us.nccp.netflix.com
0.0.0.0 movies1.netflix.com
0.0.0.0 movies2.netflix.com
0.0.0.0 netflix.com
0.0.0.0 moviecontrol.netflix.com
0.0.0.0 api-global.netflix.com
0.0.0.0 api-us.netflix.com
0.0.0.0 api.netflix.com
0.0.0.0 www2.netflix.com
0.0.0.0 redirects-us.nccp.netflix.com
0.0.0.0 redirects-eu.nccp.netflix.com
0.0.0.0 nccp-nrdp-31.cloud.netflix.net
0.0.0.0 ios.nccp.netflix.com
0.0.0.0 uiboot.netflix.com
0.0.0.0 signup.netflix.com
0.0.0.0 iphone-api.netflix.com
0.0.0.0 nccp-fuji.netflix.com
0.0.0.0 nccp-fuji.cloud.netflix.net
0.0.0.0 nccp-nato.cloud.netflix.net
0.0.0.0 nccp-nato.netflix.com
0.0.0.0 mcdn.netflix.com
0.0.0.0 secure.netflix.com
0.0.0.0 htmltvui-api.netflix.com
0.0.0.0 nccp-ps3.netflix.com
0.0.0.0 nccp-ps3.cloud.netflix.net
0.0.0.0 api-user.netflix.com
0.0.0.0 mobile-api.netflix.com
0.0.0.0 api-public.netflix.com
0.0.0.0 peliculasflix.co
0.0.0.0 pelisflix1.top
0.0.0.0 filmelier.com
0.0.0.0 vudu.com
0.0.0.0 pluto.tv
0.0.0.0 kanopy.com
0.0.0.0 justwatch.com
0.0.0.0 fmovies.to
thank you for the reply, after testing the solution was adding nt/system
I'm glad you were able to figure it out!
quick question im trying to block netflix and other sites using the custom.txt, which i add this
but cant seem to block it, i also checked the host file and it shows the entries there also
not sure what i missed?
I don't have Netflix nor have I ever compiled a list of its domains, so I can't really help you as far as the domain list itself goes. However, just at a quick glance, I do see the entry netflix.com/co, which is invalid because it contains a slash, making it a URL and not a domain name. I might also recommend trying to disable your IPv6 and see if that helps. If IPv6 is indeed the problem but disabling it is not an option for you, you might also try the IPv4_IPv6 format found on the following link:
Thanks for the reply, i tried adding only netflix.com just to block the site but it still opens the website
for example when i ping netflix.com it resolves to the real IP when it should resolve to 0.0.0.0
Are you issuing the ipconfig /flushdns command after you save the newly edited hosts file and before you try testing if the entry resolves? If not, your DNS cache could be resolving to an entry cached before you edited your file. I've also seen cases on Windows machines where, if you have multiple DNS servers configured on multiple adapters, the default system DNS server that the ping and nslookup commands are using by default may actually be a different DNS server from the one your Web browser is using. Also, if you are using any VPN or proxy applications or plug-ins for your Web browser, then these will obviously bypass your hosts file, as well.
Thanks for the reply, correct i ran ipconfig/flushdns im still looking to see what could be the issue ill post back if anything
Thank you again
so after a while did realize something odd it does block all the custom list except for netflix which is very odd, checked that i did not have any proxies
Just to confirm, you did try disabling IPv6 on your network adapters? Or try using the IPv4_IPv6 list to test?
I also don't see www.netflix.com on your list. Depending on the browser you're using, even if you do type netflix.com, the browser itself might be rewriting the URL to www.netflix.com before it actually resolves anything. Some browsers will also automatically try every top-level domain one by one if it encounters a problem.
I think it's worth noting Netflix has a huge CDN, content delivery network, with nodes in every region of the planet, as well as regional domains, like netflix.eu and netflix.com.au and one for every other regional top-level domain. If you're really trying to block everything, maybe using a white list instead of a black list might be the best approach if the list of websites you do want allowed is actually smaller than the list of websites you want to block.
thanks for the reply correct i disabled ipv6 and added www.netflix.com also
im going to keep trying and post back if i find anything
thanks again