OneDrive GPO (Domain Group Policy)
OneDrive GPO KB ID 0001821 Problem The administrative template that you get with Win11 is somewhat out of date, so if you want to manage OneDrive with domain group policy your options are limited, if only there was a newer administrative template! Well, there is, and it gets updated and sent to you quite regularly. Microsoft just do a good job of hiding it. Solution OneDrive GPO Depending on your deployment the files you need can be...
Group Policy: Item-Level Targeting
KB ID 0001654 Problem Yesterday I wrote a post about Deploying a ‘Mapped’ Drive to a couple of users using Group Policy. This received a comment that was basically ‘Why not simply use Client Targeting?’ To be fair that’s a good point, I was using a Group Policy Preference and they can be specifically targeted. So here’s how to do that. Solution If you do not already have one, create a group for your...
Windows Server – Change Your Password in an RDP Session (Send Ctrl+Alt+Del)
KB ID 0001183 Problem Colleague: Windows Server, Where’s Windows Security gone? Me: Eh? Colleague: Windows Security! Me: What are you trying to do? Colleague: I want to change my password and I can’t send a Ctrl+Alt+Delete to the remote server. Well I know that pressing Crtl+Alt+Delete would let you change your password like so; I wasn’t aware that in Server 2008 and earlier if you were connected via RDP you got a...
Gpupdate: Windows Could Not Locate the Directory Object
KB ID 0001625 Problem Saw this on a Windows client on my test network; User Policy update has completed successfully. Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows could not locate the directory object OU=Top-Level,OU=computers,DC=PeteNetLive,DC=com. Group Policy settings will not be enforced until this event is resolved. View the event details...
Add The ‘Group Policy Management Console’
KB ID 0001615 Problem On a Domain Controller you will get Group Policy Management, (by default) listed under administrative tools. But if you have a ‘Management Server’ of a ‘Jump Box’, that you want to install the tool onto, (without making it a domain controller!) Then do the following; Option 1: Install GPMC with Powershell This is the quickest and simplest option! Open a PowerShell Windows and execute the...
Windows Group Policy – Disable The Local Windows Firewall
KB ID 0001090 Problem I’ve got nothing against the Windows firewall, it’s certainly a lot easier to manage now than it was back in the XP SP2 days. But I find a lot of clients still just ‘want it gone’ and, providing they have a decent corporate firewall in front of them that’s fair enough. Solution 1. On a domain controller or a client running the remote administration tools > Windows Key+R >...
Group Policy Preferences and Client Side Extensions
Group Policy Preferences KB ID 0000389 Problem Group Policy Preferences (GPP) first came in with Server 2008 and were enhanced for Server 2008 R2, To be able to apply them to older Windows clients, you need to install the “Client side Extensions” (CSE), You can either script this, deploy with a group policy, or if you have WSUS you can send out the update that way. From windows 7 onwards they are already installed....
Remote Desktop Services – Securing By Group Policy
KB ID 0001211 Problem Note: This is not an exhaustive list, but it’s what I use when securing Remote Desktop Services, (Terminal Services) servers. Some of these settings are ONLY for Server 2012 R2 and later. If you have any settings you think are omitted, please comment below. Solution User Access To RDS If you want to create a Domain security group for RDS users than please do so. BE AWARE the ‘Remote Desktop...
Cisco WLC: EAP-TLS Secured Wireless with Certificate Services
KB ID 0001420 Problem Ah certificates! If I had a pound for every time I’ve heard “I don’t like certificates”, I could retire! The following run through is broken down into the following parts; Setup the Cisco WLC (WLAN) Setup NAP (RADIUS). Setup Certificate Auto Enrolment. Setup Group Policy to Deliver the Wireless Settings. Note: If you are scared of certificates, sometimes it’s easier to setup password...
Windows ‘Always On’ VPN Part 1 (Domain and PKI)
KB ID 0001399 Problem Always On VPN was a bit of a misnomer when it was released, as it was only really ‘on’ when a user logged on. So when comparing it with ‘Direct Access’ it didn’t have the capacity to ‘Manage Out’. With the release of Windows 10 (1709) this has been rectified with ‘Device Tunnels’, (more on that later). The solution uses RAS, NAP (NPS), and PKI (Certificate...