Deploying Certificates via ‘Auto Enrollment’
KB ID 0000919 Problem SHA CERTIFICATE WARNING: Note This article was written some time ago, ensure your CA environment does NOT use SHA1 for your certificates, if it does, Please visit the following link for migration instructions; Upgrade Your Microsoft PKI Environment to SHA2 (SHA256) I need to setup wireless authentication based on computer certificates, I’ve done similar jobs before by manually issuing certificates for Cisco...
Adding a 2003 Domain Controller to a 2000 Domain
KB ID 0000256 Problem If you have an existing Windows Server 2000 domain, and you would like to add a Windows Server 2003 Domain controller, there’s a few extra hoops to jump through. Solution Before you start, make sure all your domain controllers are at AT LEAST Service pack 2, though there’s no reason not to be at Service Pack 4. If you are running Exchange 2000 READ THIS first! 1. If you do not already know which...
Windows – “Don’t Display Last Login User Name” via GPO
KB ID 0000460 Problem By default Windows will display the last user that successfully logged on, on shared machines or in a secure domain environment you might not want this.. Solution On a Single (stand alone) machine. 1. Click start and in the run/search box type gpedit.msc{enter} 2. Navigate to > Computer Configuration > Windows settings > Security Settings > Local Policies > Security Options >...
Prevent Users changing Desktop Wallpaper with Group Policy
KB ID 0000461 Problem If you need to lock down your client machines desktops and prevent your users from changing the wallpaper, then here’s a run through on how to do it. Solution 1. On your domain controller , Start > Administrative Tools > Group Policy Management Console > Either create a new policy and link it to your targeted USERS or edit an existing one, then navigate to; User Configuration > Administrative...
Remove the Recycle Bin Via Group Policy
KB ID 0000463 Problem You might ask “why would I want to do this?” But if your users do not have access to local drives, then nothing’s going to get put in the recycle bin anyway, so it’s one less thing they can fiddle with. Solution 1. On your domain controller , Start > Administrative Tools > Group Policy Management Console > Either create a new policy and link it to your targeted USERS or edit an...
Disable “Ease of access” Settings from the Windows Logon Screen via GPO
KB ID 0000462 Problem Did a migration of a school the other week, afterwards it seems the “little darlings” had discovered that they could (from the logon screen) access the “Ease of access” settings and enable “High Contrast”, which is obviously hilarious, but annoying for their teachers. Ease of Access, is designed as part of the accessibility options, and as such has no GPO settings, (I’m...
Change the default Shutdown / Log Off Option via GPO
KB ID 0000465 Problem Out of the box, the default power option presented to your users is shutdown. People with multiple users on their machines, may prefer the log off option to be the default. Note: You can also set the default option to: Shutdown Sleep Log off Lock Restart Switch User (Unless blocked by other policy then it will revert to shutdown). Hibernate Solution 1. On your domain controller , Start > Administrative...
Add a URL to Clients “Trusted Sites” with Group Policy
KB ID 0000146 Problem You want to have a URL added to everyone’s “Trusted Sites” list, and to avoid visiting each machine you want to use Group Policy, Or users don’t have the rights to do this themselves and you want to add one for them, i.e. the URL of your corporate CRM System. Solution The Group Policy you need to edit is, Computer Configuration > Policies (This level is on Server 2008 only) >...
Enable RDP via Group Policy
KB ID 0000043 Problem Rather than enabling on an ad-hoc basis, you want to turn on RDP for multiple machines via Group Policy. Solution Group Policy Location To simply enable RDP, change the following policy; Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections Locate and change the “Allow users to connect remotely using Remote Desktop...
Windows Disable UAC Thorough Group Policy
KB ID 0000041 Problem UAC (User Account Control) – while a good thing, sometimes causes more annoyances than solves problems, to turn it of through group policy do the following. Solution This Policy is a Computer based policy and needs to be applied to Computers NOT Users. Disable UAC On Windows Server 2008 / 2008 R2 Domain With Group Policy 1. On a domain controller or a client running the remote administration tools >...