Deploying Printers with Group Policy Preferences
KB ID 0000492 Problem I’ve touched on this briefly in KB0000389, I suggest you read through that first so you understand what the requirements are to deploy a GPP instead of the GPO’s you are probably used to. Solution 1. First thing to do is install the printer that needs deploying on a print server. Make sure if your clients are NOT x64 bit that you also add the x86 drivers for your clients to use. How to tell if a...
Windows – Stop “Do you trust this printer?” Message
KB ID 0000508 Problem While setting up a new printer you might see this message on the screen, if you are manually installing a printer that’s fine, but if you are scripting the printer installs you DONT want all your users to see this popping up on their screens, it makes them flap, and then they will ring you up. Printers Do you trust this printer? Windows needs to download and install software from the {print server name}...
Adding a Domain Group to the Local Administrators Group
KB ID 0000589 Problem This weekend I’ve been doing a school migration, (go live is tomorrow). Just as we were finishing up today, we found out a client application needed a certain user group to have LOCAL administrator rights on the client machines. I remembered that it could be done and it had something to do with “Restricted Groups”. So when I got home I fired up the test network and ran though it for tomorrow....
Delete Local ‘Cached’ Copies of User Profiles with Group Policy
KB ID 0000602 Problem I have a client who manages the network at a school. They wanted to stop the profiles of their users being cached, in either the c:documents and settings or c:users folders (depending on the version of Windows and profile the users were using). Solution 1. Log into a domain controller or a machine running the RSAT tools, Start > Administrative Tools > Group Policy Management > Either edit an existing...
Managing Forefront Endpoint Protection (FEP) with Microsoft Group Policy (GPO)
KB ID 0000604 Problem FEP is Microsoft’s offering for antivirus, try to think of it as the corporate version of Security Essentials. Just about everything on the net for managing it seems to be geared to managing it with SCCM. Which is fine if you have SCCM, but what if you don’t? Thankfully you can manage it with group policy, even if information on how to do it is rarer than hens teeth! With a Microsoft CoreCAL you can...
Enable the Local Administrator & Set the Local Administrators Password via Group Policy
KB ID 0000641 Problem Microsoft disabled the local administrators account for a good reason, (its GUID it always the same, and its a well known attack vector into Windows). That said, if you have a problem on the domain, and you want to get into a client machine directly, not having the local admin enabled can be a pain. Note: If you deploy your machines via WDS you can add a local admin account (with a different name) to your...
Disable ‘Offline Files’ with Group Policy
KB ID 0000779 Problem You want to disable the ‘offline files feature’ for caching network files and folders. Note: In Windows XP this was called CSC (Client Side Caching). Solution 1. On a domain controller Start > Administrative Tools > Group Policy Management Console. 2. Navigate to where you want to create your policy, or edit an existing one. 3. Navigate to; Computer Configuration > Administrative Templates...
Disable ‘Sleep’ From the Windows Shutdown Button
KB ID 0000851 Problem You want to stop your users being able to select the ‘Sleep’ option from the Windows 7 power button via group policy. Solution 1. On a domain controller Windows Key+R> gpmc.msc {enter} > The Group Policy Management Console will open. 2. Navigate to where you want to create your policy, or edit an existing one, Note: This is a computer policy, make sure the policy is linked to an OU that...
Disable ‘Lock’ From the Windows Shutdown Button
KB ID 0000851 Problem You want to stop your users being able to select the ‘Lock’ option from the Windows 7 power button via group policy. Solution 1. On a domain controller Windows Key+R> gpmc.msc {enter} > The Group Policy Management Console will open. 2. Navigate to where you want to create your policy, or edit an existing one. Note: This is a computer policy, make sure the policy is linked to an OU that contains...
Microsoft LAPS – Deployment and Configuration
KB ID 0001059 Problem Microsoft have released the Local Administrator Password Solution (LAPS). What is does is automatically change the load administrator password on workstations, (and servers if required) periodically. It then keeps those passwords securely in AD. Microsoft tried to mitigate attacks from the local admin account back in the days of Windows Vista by shipping with this account disabled, which is fine, but most large...