If need to have different settings for your users depending upon which computers they are on this is the article for you. Trying to set and HKCU entry based on the machine can be easily done but the process is not obvious. Our customers wants users to have the default Read more…
If you want to block programs from running on your corporate network, you can easily create a Group Policy Object (GPO) to make that happen. However, there are two GPO’s you can use but only one of them works well. Method 1 – GPO to Block Software By File Name Read more…
I have been told by more than one Microsoft tech that there is no way to clone a Group Policy Object. That is wrong; there is an EASY way to clone GPO’s. Launch Group Policy Management Console Expand GROUP POLICY OBJECTS (NOT the GPO’s attached to you OU’s but the Read more…
If you have a Group Policy Object or System Center Configuration Manager setting some parameter on your PC and you also have the setting configured in Microsoft Intune, Intune will win. Put simply, Intune overrides GPO and SCCM. It is also notable that Microsoft has dropped SCCM – Intune Hybrid Read more…
If you want to set your modern Windows (Win 10, Server 2016, Server 2019…) to not download and install updates automatically, there is a simple Group Policy Object you can create: GPO To Stop Windows From Automatically Updating: Expand COMPUTER > POLICIES > ADMINISTRATIVE TOOLS > WINDOWS COMPONENTS > WINDOWS Read more…
If you have a Server 2016 Remote Desktop Services infrastructure, you will likely want to lock down the Sessions Hosts. Below are some of the useful Group Policies that we suggest you apply.
Note that Server 2012 and Server 2016 have the option to use something very important for security named USER PROFILE DISKS. A User Profile Disk is a VHDX that is created for each user. That Virtual Hard Disk contains their C:\USERS\ profile and blocks remote users from interacting with the physical disk.
If you want to use USER PROFILE DISKS click HERE for more information. If you don’t want to use USER PROFILE DISKS, you should consider configuring the following GPOs:
USER > POLICIES > SYSTEM > FOLDER REDIRECTION
USER > POLICIES > ADMINISTRATIVE TEMPLATES > WINDOWS COMPONENTS > FILE EXPLORER > HIDE THESE SPECIFIED DRIVES IN MY COMPUTER
USER > POLICIES > ADMINISTRATIVE TEMPLATES > WINDOWS COMPONENTS > FILE EXPLORER > PREVENT ACCESS TO DRIVES FROM MY COMPUTER
Lets get started. Below are the GPO’s we suggest you consider to lock down your RDS Session Hosts:
If you have Windows 10 Enterprise or Education you should be able to use a GPO to set a custom lock and home screen. Unfortunately, Windows 10 1703 broke that and it has been driving many IT staff crazy trying to fix it. After a few weeks of banging around with Microsoft Partner Read more…
If you run Windows 10 in a corporate settings you will likely want to set a few default entries in the START menu and TASKBAR. If nothing else you will likely want to remove the default junk that Microsoft clutters the START menu with. Fortunately after a few hours of Read more…
If you see your mapped drives disappear you may have a Group Policy that maps your network shares using the REPLACE feature. Another symptom I noticed occurs if you remote (RDP) to a different PC and leave it for a few days, multiple mappings for the same letter will appear. The simple fix Read more…
The short answer is that is takes up to 2 hours for Group Policy changes to take effect for both Computer and for User policies. However, as usual there is more to the story. What is a ‘Background Refresh’ of a Group Policies? Unless you have changed the defaults, Group Policy is Read more…
If you want to disable the Cortana personal search assistant in Windows 10 using Group Policy this is the place for you: Computer Configuration > Administrative Templates > Windows Components > Search . You can also edit the registry locally: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search to a DWORD with a value of 0 . Read more…
As you likely have figured out Windows 10 ignores the Re-Prompt for restart with scheduled installations GPO which is very unfortunate because it worked so well. Given this you now have two apparent choices, let your Windows 10 PC’s reboot automatically or not. Fortunately the GPO: COMPUTER CONFIGURATION > POLICIES > Read more…
This was a major a pain to me. I have found that many sites, including MSN.COM, Outlook Web Access, GoToMeeting.com and others, do not load properly with PROTECTED MODE enabled on Windows 7, 8 and 10 so after arguing with Microsoft about it for a few months last year, I have Read more…
If you want to force a background image to your Windows 8.1 Lock Screen you can accomplish your mission using a registry key or Group Policy that sets that registry key for you. Download the Group Policy Templates for Windows 8.1 HERE and add them to your Group Policy Store Read more…
It turns out that Group Policy Management Console (GPMC) has a dandy EXPORT, IMPORT feature. The only thing that isn’t particularly obvious is that you have to EXPORT (and IMPORT) in the GROUP POLICY OBJECTS folder, and not on any of the OU’s. On the old/source domain, start GPMC Expand your Read more…
After watching THIS video explaining that in 2010, Java was the most exploited product, I decided we need to update our Java to the current version. We came up with two ways to deploy Java; one through a group policy (GP) in Active Directory (AD), two, through a script with minimal Read more…