Delete Local ‘Cached’ Copies of User Profiles with Group Policy
KB ID 0000602 Problem I have a client who manages the network at a school. They wanted to stop the profiles of their users being cached, in either the c:documents and settings or c:users folders (depending on the version of Windows and profile the users were using). Solution 1. Log into a domain controller or a machine running the RSAT tools, Start > Administrative Tools > Group Policy Management > Either edit an existing...
Managing Forefront Endpoint Protection (FEP) with Microsoft Group Policy (GPO)
KB ID 0000604 Problem FEP is Microsoft’s offering for antivirus, try to think of it as the corporate version of Security Essentials. Just about everything on the net for managing it seems to be geared to managing it with SCCM. Which is fine if you have SCCM, but what if you don’t? Thankfully you can manage it with group policy, even if information on how to do it is rarer than hens teeth! With a Microsoft CoreCAL you can...
Enable the Local Administrator & Set the Local Administrators Password via Group Policy
KB ID 0000641 Problem Microsoft disabled the local administrators account for a good reason, (its GUID it always the same, and its a well known attack vector into Windows). That said, if you have a problem on the domain, and you want to get into a client machine directly, not having the local admin enabled can be a pain. Note: If you deploy your machines via WDS you can add a local admin account (with a different name) to your...
Disable ‘Offline Files’ with Group Policy
KB ID 0000779 Problem You want to disable the ‘offline files feature’ for caching network files and folders. Note: In Windows XP this was called CSC (Client Side Caching). Solution 1. On a domain controller Start > Administrative Tools > Group Policy Management Console. 2. Navigate to where you want to create your policy, or edit an existing one. 3. Navigate to; Computer Configuration > Administrative Templates...
Disable ‘Sleep’ From the Windows Shutdown Button
KB ID 0000851 Problem You want to stop your users being able to select the ‘Sleep’ option from the Windows 7 power button via group policy. Solution 1. On a domain controller Windows Key+R> gpmc.msc {enter} > The Group Policy Management Console will open. 2. Navigate to where you want to create your policy, or edit an existing one, Note: This is a computer policy, make sure the policy is linked to an OU that...
Disable ‘Lock’ From the Windows Shutdown Button
KB ID 0000851 Problem You want to stop your users being able to select the ‘Lock’ option from the Windows 7 power button via group policy. Solution 1. On a domain controller Windows Key+R> gpmc.msc {enter} > The Group Policy Management Console will open. 2. Navigate to where you want to create your policy, or edit an existing one. Note: This is a computer policy, make sure the policy is linked to an OU that contains...
Microsoft LAPS – Deployment and Configuration
KB ID 0001059 Problem Microsoft have released the Local Administrator Password Solution (LAPS). What is does is automatically change the load administrator password on workstations, (and servers if required) periodically. It then keeps those passwords securely in AD. Microsoft tried to mitigate attacks from the local admin account back in the days of Windows Vista by shipping with this account disabled, which is fine, but most large...
Windows Deployment Services and Symantec Ghost
KB ID 0000108 Problem There’s very little about this that seems to be stored in one place out there on the Internet, Why would you want to use Ghost and WDS together anyway? Well once upon a time we used the PXE element is RIS, (WDS’s Predecessor) to use the Symantec GhostCast server. So yes I understand why people raise an eyebrow because you can achieve all your imaging needs with WDS alone. however people have invested...
WDS (Server 2003) Deploying Windows XP
For WDS on 2008 with Windows 7 Click Here KB ID 0000107 Problem This is aimed at people who want to capture a pre built machine and roll that image out to many PC’s. The client machine can either be vista or XP, at the time of writing most corporate’s are still using XP so I’ll use XP for this example. The whole procedure was done on the workbench in Virtual Server, which is how I recommend you try doing this before...
VMware ESX – WDS Fails “The network location cannot be reached”
KB ID 0000308 Problem Whilst trying to contact a WDS server from an ESX client machine (though this can happen on a physical machine also). You see the following error, The network location cannot be reached, For information about network troubleshooting, se Windows Help. Solution This is because the WindowsPE image you are using to Capture/Deploy does not have the network drivers for the NIC in the machine you are imaging (At...