Managing Forefront Endpoint Protection (FEP) with Microsoft Group Policy (GPO)
KB ID 0000604 Problem FEP is Microsoft’s offering for antivirus, try to think of it as the corporate version of Security Essentials. Just about everything on the net for managing it seems to be geared to managing it with SCCM. Which is fine if you have SCCM, but what if you don’t? Thankfully you can manage it with group policy, even if information on how to do it is rarer than hens teeth! With a Microsoft CoreCAL you can...
Enable the Local Administrator & Set the Local Administrators Password via Group Policy
KB ID 0000641 Problem Microsoft disabled the local administrators account for a good reason, (its GUID it always the same, and its a well known attack vector into Windows). That said, if you have a problem on the domain, and you want to get into a client machine directly, not having the local admin enabled can be a pain. Note: If you deploy your machines via WDS you can add a local admin account (with a different name) to your...
Disable ‘Offline Files’ with Group Policy
KB ID 0000779 Problem You want to disable the ‘offline files feature’ for caching network files and folders. Note: In Windows XP this was called CSC (Client Side Caching). Solution 1. On a domain controller Start > Administrative Tools > Group Policy Management Console. 2. Navigate to where you want to create your policy, or edit an existing one. 3. Navigate to; Computer Configuration > Administrative Templates...
Deploying Office 2010 via Group Policy
KB ID 0000464 Problem What used to be the simplest task, has now been overly complicated (Thanks Microsoft!) Simply deploying from a single .msi file would have been far too easy! This procedure uses group policy to install Microsoft Office 2010 via group policy. It uses the Microsoft preferred method of employing startup scripts. Below I’ve also disabled UAC, I found it was stopping my automated install, (If I ran the script...
Defining / Locking and Managing Proxy Settings
KB ID 0000181 Problem If you have a proxy server at your corporate/home location, then there a few methods you can use to ensure that your clients use it. Before you start running though this, remember if you have a proxy server then it’s common sense that your firewall/router will block web access for your clients, and only allow the Proxy server (and any other servers/machines) that need direct web access out. If you are...
Allow Users to Install Printers with Group Policy
KB ID 0000148 Problem Ordinary domain users cannot install printer drivers, because installing a printer driver requires “rights”. So unless you have installed the print driver as an administrator, the users cannot add a new printer, without logging on with administrative privileges, installing the printer and driver, then logging back on as the user, only at that point can they install the printer. To stop this happening...