Browse by Tags
September 03, 2007
Kevin is right, this has already been talked about , but he does a nice job of explaining the two types of multicasting. Two drawbacks to this however...First you cannot multicast across subnets, well you can but if your network supports this you are wide open to a SQL Slammer type of attack where one laptop brings your network to its knees. Second, you have to have Server 2008 to make this work. A simple, less costly solution, that you can utilize now is to use the 1E OSD Plus Pack , or SMSNomad...
... Read
the full post or
the first comment.
Filed under: Active Directory, Group Policy, Packaging, Patching, Beta, Longhorn, News, Microsoft, SCCM 2007, OSD, SMSNomad Branch, OSD Plus Pack, ConfigMgr, Server 2008
March 22, 2007
Once and for all, without having to buy additional tools or make a script. This process invovles making use of Restricted Groups but if not followed correctly it will remove all other users and groups from the local admin group on the applied computers. Please make sure you follow the directions. Using restricted groups, Edit GPO Computer Configuration Windows Settings Security Settings Restricted Groups; Right click and select add group, specify the Domain Admin group by typing or using the Browse...
... Read
the full post or
be the first to comment.
Filed under: Group Policy
March 09, 2007
In SMS 2003 you had to specify an account with local admin privileges on the computers you were targeting for the client push. Typically this was an account that was in the Domain Admins group, even though it was not recommended. But because of local Administrator password problems, users with local admin rights and so on using anything less often netted very little success. New in SCCM is the ability to use the computer$ account for the install. This means that you can now use the SMS server's computer...
... Read
the full post or
be the first to comment.
Filed under: Group Policy, KB Articles, SCCM 2007, Documentation
February 06, 2007
Channel Nine "In this episode, Blain Barton sits down with Kevin Sullivan, a Lead Program Manager, and Jason Leznek, Senior Product Manager for Windows Vista to discuss the Group Policy evolution in Windows Vista. Kevin and Jason will cover the details on Windows Vista and Longhorn Server Group Policy Basics, ADM vs. ADMX, ADML and discussing the central store. Plus Michael Murphy brings you another customer interview from Launch Tour 2007." Regards, Anthony Anthony Clendenen | Technical Consultant...
... Read
the full post or
be the first to comment.
Filed under: Group Policy, Vista, Longhorn, TechNet
November 21, 2006
Group Policy Settings Reference Overview This spreadsheet lists the policy settings for computer and user configurations included in the administrative template files (admx/adml) delivered with Windows Vista (RTM build 6000). The policy settings included in this spreadsheet cover Windows Vista, Microsoft Windows Server 2003, Windows XP Professional, and Windows 2000. These files are used to expose policy settings when you edit Group Policy objects (GPOs) using Group Policy Object Editor (also known...
... Read
the full post or
the 2 comments.
Filed under: Group Policy, Vista
November 15, 2006
ADM files for Internet Explorer 7 for Windows This page provides the Group Policy Administrative Template file for Internet Explorer 7 for Windows. ADM files for Windows PowerShell This page provides the Group Policy Administrative Template file for PowerShell for Windows. Anthony Clendenen
... Read
the full post or
be the first to comment.
Filed under: Group Policy
November 06, 2006
On Donna’s SecurityFlash blog she has a link to the Windows Defender group policy settings KB article that came out on November 1st. To expand on her post a little I have extracted some of the settings and what they do, or don’t do, from the KB article, which you can find here . These settings apply to XP and > when Windows Defender is installed. The Windowsdefender.adm template contains settings for: Turn off Windows Defender. Turn off Real-Time Protection Prompts for Unknown Detection...
... Read
the full post or
be the first to comment.
Filed under: Group Policy
October 31, 2006
James Senior has a post on his blog “Views on Vista” that details how to build WMI filters for Vista and Server 2007 (Longhorn). For Vista and Server 2007 essentially you look for OS version >= 6 and for Vista a product type that = 1 and for Server 2007 a product type = 3. Check out his post below for the exact syntax. For Vista SELECT Version, ProductType FROM Win32_OperatingSystem WHERE Version >= '6' AND ProductType = '1' For Longhorn Server SELECT Version, ProductType FROM Win32_OperatingSystem...
... Read
the full post or
be the first to comment.
Filed under: Group Policy, Vista
October 17, 2006
Today it was officially announced that Microsoft will combine the recently acquired tools from Softricity, Winternals, and Desktop Standard into a single package that you can purchase for ~$50 per client. What this package gets you is SoftGrid application virtualization, group policy management/enhancement tools from DesktopStandard, and the remote repair tools from Wintenals. For this price you could not get even the tools from DesktopStandard, the backend for the SoftGrid used to run about $15...
... Read
the full post or
the 2 comments.
Filed under: SMS 2003, Group Policy, Tools, Vista, News, Microsoft
October 17, 2006
Think back to the dumb terminal days, back when you only had to worry about your servers staying up. If an end user had a problem, they moved to a different terminal or you replaced it. Okay I wasn’t really working in IT back then but I have heard stories. Well imagine this…You give a user a computer with only an OS installed, their computer is in an OU that through group policy locks it down as kiosk, they can’t write to the system at all, they can’t open control panel,...
... Read
the full post or
be the first to comment.
Filed under: SMS 2003, Group Policy, Microsoft
October 14, 2006
I am sitting in the Phoenix airport terminal patiently waiting for my flight home so what better time to make my first post in several days? They provide FREE wireless access here! The last two days I have been sitting in a CheckFree facility where Jeremy Moskowitz was giving his two day Intensive Group Policy training. I was a few minutes late because I forgot to print out maps before I left, I wasn't joking about being really busy at work! When we started we did the usual I am Anthony and I the...
... Read
the full post or
be the first to comment.
Filed under: Group Policy
October 03, 2006
It was announced today the MSFT purchased DesktopStandard , the makers of GPO Vault and PolicyMaker. If you work with GP’s you know how frustrating it can be to get to a certain point with normal policies and want to extend it, but unless you have the time and resources to program them you are stuck, like applying password aging at the OU level. DekstopStandard made this possible, but then you run into another problem $$$. Problem solved…These tools look to be part of GPMC, and I am...
... Read
the full post or
be the first to comment.
Filed under: Group Policy, Microsoft
September 27, 2006
Two revisions to some previous tools make the list of downloads today. The first one is the step-by-step Vista deployment guide. In this one they have added more group policy documentation, including some other new or revised docs. The second one is for testing applications in standard user mode, or non-admin. This tool will help you determine if an application is going to cause you headaches when the user is no longer running with admin rights, in Vista even the admin runs most things without admin...
... Read
the full post or
be the first to comment.
Filed under: Group Policy, Tools, Vista
September 13, 2006
Original source: Group Policy Settings Reference Windows Vista RC1 Brief Description This spreadsheet lists the policy settings for computer and user configurations included in the administrative template files (admx/adml) delivered with Windows Vista RC1 (build 5600). Download details: Group Policy Settings Reference . '> Listen to this article
... Read
the full post or
be the first to comment.
Filed under: Group Policy, Vista
September 08, 2006
I got my approval to attend Jeremy Moskowitz 2 day intensive GP training in Phoenix next month and was looking at a related site yesterday GPOGUY.com and on his site he has six free GP training videos. If you are new to GP’s or want a quick refresher these should work great for you and they are free. Here is the link and a list of the sessions available. Welcome to the GPOGUY.COM training video page! The goal of these videos is to provide short, but useful instructional training on various...
... Read
the full post or
be the first to comment.
Filed under: Group Policy, Tools
August 23, 2006
There are a number of articles on how to secure the local administrator account on Windows computers and most of the have the same advice, rename it, make the password very strong, etc. But I was asked this question a few days ago and after doing some reading and research I don’t really care for this approach. I think I prefer the idea of setting a very strong password, using a tool that generates a password based on criteria you supply for the local admin account and then disabling the account...
... Read
the full post or
be the first to comment.
Filed under: Active Directory, Group Policy, Security
May 09, 2006
http://blogs.technet.com/windowsserver/archive/2006/05/09/427789.aspx Summary of New or Expanded Group Policy Settings You can now use Group Policy to centrally manage a greater number of features and component behaviors. The number of Group Policy settings has increased from approximately 1,700 in Windows Server 2003 with Service Pack 1 (SP1) to approximately 2,500 in Windows Vista and Windows Server "Longhorn". Antivirus Manages behavior for evaluating high-risk attachments. • User Configuration...
... Read
the full post or
be the first to comment.
Filed under: Group Policy, Vista, News
April 25, 2006
David Power - Program manager Some pretty cool stuff, some of it is redundant. What's new? New in Vista is that GP's no longer run under Winlogon but instead run as a shared service and the service itself has been hardened by requiring local admins to have elevated privileges to stop the service, the service will also auto restart from any error. Network Awareness - policy application is not network sensitive, no longer a 90 minute wait before refresh if a DC is detected. If a system comes out of...
... Read
the full post or
be the first to comment.
Filed under: Group Policy, Security, Vista, Microsoft, MMS 2006
April 25, 2006
This was a long day, I managed to get into four sessions and spend some time at SMS Expert booth talking with Dave. If you have not seen the new version of ESD make sure you stop by and check it out, they have done some great things with it. I was not able to make it to the get together at the Marriott, I was tired and had not eaten since lunch so I got back to my room about 9:30, ate, and went to sleep. Hopefully I will be meet up with some of the myITforum people today. My wife and daughter arrive...
... Read
the full post or
be the first to comment.
Filed under: SMS 2003, Scripting, Group Policy, Vista, Longhorn, News, Microsoft, MMS 2006