Managing Forefront Endpoint Protection (FEP) with Microsoft Group Policy (GPO)
KB ID 0000604 Problem FEP is Microsoft’s offering for antivirus, try to think of it as the corporate version of Security Essentials. Just about everything on the net for managing it seems to be geared to managing it with SCCM. Which is fine if you have SCCM, but what if you don’t? Thankfully you can manage it with group policy, even if information on how to do it is rarer than hens teeth! With a Microsoft CoreCAL you can...
Enable the Local Administrator & Set the Local Administrators Password via Group Policy
KB ID 0000641 Problem Microsoft disabled the local administrators account for a good reason, (its GUID it always the same, and its a well known attack vector into Windows). That said, if you have a problem on the domain, and you want to get into a client machine directly, not having the local admin enabled can be a pain. Note: If you deploy your machines via WDS you can add a local admin account (with a different name) to your...
Disable ‘Offline Files’ with Group Policy
KB ID 0000779 Problem You want to disable the ‘offline files feature’ for caching network files and folders. Note: In Windows XP this was called CSC (Client Side Caching). Solution 1. On a domain controller Start > Administrative Tools > Group Policy Management Console. 2. Navigate to where you want to create your policy, or edit an existing one. 3. Navigate to; Computer Configuration > Administrative Templates...
Disable ‘Sleep’ From the Windows Shutdown Button
KB ID 0000851 Problem You want to stop your users being able to select the ‘Sleep’ option from the Windows 7 power button via group policy. Solution 1. On a domain controller Windows Key+R> gpmc.msc {enter} > The Group Policy Management Console will open. 2. Navigate to where you want to create your policy, or edit an existing one, Note: This is a computer policy, make sure the policy is linked to an OU that...
Disable ‘Lock’ From the Windows Shutdown Button
KB ID 0000851 Problem You want to stop your users being able to select the ‘Lock’ option from the Windows 7 power button via group policy. Solution 1. On a domain controller Windows Key+R> gpmc.msc {enter} > The Group Policy Management Console will open. 2. Navigate to where you want to create your policy, or edit an existing one. Note: This is a computer policy, make sure the policy is linked to an OU that contains...
Microsoft LAPS – Deployment and Configuration
KB ID 0001059 Problem Microsoft have released the Local Administrator Password Solution (LAPS). What is does is automatically change the load administrator password on workstations, (and servers if required) periodically. It then keeps those passwords securely in AD. Microsoft tried to mitigate attacks from the local admin account back in the days of Windows Vista by shipping with this account disabled, which is fine, but most large...
Windows Deployment Services and Symantec Ghost
KB ID 0000108 Problem There’s very little about this that seems to be stored in one place out there on the Internet, Why would you want to use Ghost and WDS together anyway? Well once upon a time we used the PXE element is RIS, (WDS’s Predecessor) to use the Symantec GhostCast server. So yes I understand why people raise an eyebrow because you can achieve all your imaging needs with WDS alone. however people have invested...
WDS (Server 2003) Deploying Windows XP
For WDS on 2008 with Windows 7 Click Here KB ID 0000107 Problem This is aimed at people who want to capture a pre built machine and roll that image out to many PC’s. The client machine can either be vista or XP, at the time of writing most corporate’s are still using XP so I’ll use XP for this example. The whole procedure was done on the workbench in Virtual Server, which is how I recommend you try doing this before...
VMware ESX – WDS Fails “The network location cannot be reached”
KB ID 0000308 Problem Whilst trying to contact a WDS server from an ESX client machine (though this can happen on a physical machine also). You see the following error, The network location cannot be reached, For information about network troubleshooting, se Windows Help. Solution This is because the WindowsPE image you are using to Capture/Deploy does not have the network drivers for the NIC in the machine you are imaging (At...
Adding Drivers to Images on WDS
KB ID 0000314 Problem Before Server 2008 R2 when we needed to inject drivers into our WDS images we had to do it like this. Now however the process is a lot more elegant! Simply import the drivers into WDS, then inject them into the boot images (Yes the boot images NOT the Windows Images you are deploying!) Solution Add Driver Packages to Image is “Greyed out” If while attempting to add drivers, the option to “Add...