Solved: How To Push a User GPO To Only Some Computers

If need to have different settings for your users depending upon which computers they are on this is the article for you.  Trying to set and HKCU entry based on the machine can be easily done but the process is not obvious. Our customers wants users to have the default 1 year of caching in Outlook so when they are on a plane, they still have their mail BUT they also was users to log…

SOLVED: GPO To Block Software by File Name, Path, Hash or Certificate

If you want to block programs from running on your corporate network, you can easily create a Group Policy Object (GPO) to make that happen.  However, there are two GPO’s you can use but only one of them works well. Method 1 – GPO to Block Software By File Name This is the old way of blocking software and it has limited performance as we explain below: Launch REGEDIT Expand USER CONFIGURATION > POLICIES >…

SOLVED: How To Clone a GPO Using the Group Policy Management Console

I have been told by more than one Microsoft tech that there is no way to clone a Group Policy Object.  That is wrong; there is an EASY way to clone GPO’s. Launch Group Policy Management Console Expand GROUP POLICY OBJECTS (NOT the GPO’s attached to you OU’s but the actual GROUP POLICY OBJECTS folder) Right click on the GPO want to clone and select BACKUP then complete the wizard Right click on GROUP POLICY…

SOLVED: Intune vs GPO vs SCCM Which Rules Win & What The End of Hybrid SCCM-Intune Means for the Future

If you have a Group Policy Object or System Center Configuration Manager setting some parameter on your PC and you also have the setting configured in Microsoft Intune, Intune will win. Put simply, Intune overrides GPO and SCCM. It is also notable that Microsoft has dropped SCCM – Intune Hybrid support.  You must move your SSCM/Intune hybrid configuration to a Standalone Intune by September 2019. At the recent Microsoft Ignite Conference in Florida I asked…

SOLVED: GPO To Set Windows 10 or Windows Server 2016 To Not Update Automatically

If you want to set your modern Windows (Win 10, Server 2016, Server 2019…) to not download and install updates automatically, there is a simple Group Policy Object you can create: GPO To Stop Windows From Automatically Updating: Expand COMPUTER > POLICIES > ADMINISTRATIVE TOOLS > WINDOWS COMPONENTS > WINDOWS UPDATE Set CONFIGURE AUTOMATIC UPDATES to ENABLED and select a CONFIGURE AUTOMATIC UPDATING option from the drop down We like #3 AUTO DOWNLOAD AND NOTIFY FOR…

SOLVED: GPOs To Lock Down Your Remote Desktop Session Host Server

If you have a Server 2016 Remote Desktop Services infrastructure, you will likely want to lock down the Sessions Hosts.  Below are some of the useful Group Policies that we suggest you apply. Note that Server 2012 and Server 2016 have the option to use something very important for security named USER PROFILE DISKS.  A User Profile Disk is a VHDX that is created for each user.  That Virtual Hard Disk contains their C:\USERS\ profile…

SOLVED: Windows 10 Lock Screen Graphic GPO Not Working On 1703

If you have Windows 10 Enterprise or Education you should be able to use a GPO to set a custom lock and home screen.  Unfortunately, Windows 10 1703 broke that and it has been driving many IT staff crazy trying to fix it. After a few weeks of banging around with Microsoft Partner Support they have just confirmed that this will be fixed shortly: After checking with our Product team, it seems that our issue will be fixed on…

SOLVED: Customize Windows 10 Start Menu & Taskbar Using a GPO in 6 Easy Steps

If you run Windows 10 in a corporate settings you will likely want to set a few default entries in the START menu and TASKBAR.  If nothing else you will likely want to remove the default junk that Microsoft clutters the START menu with.  Fortunately after a few hours of playing with this we have found it can be done without too much effort. Note this only works on Windows 10 Enterprise and Education although…

SOLVED: File Explorer Mapped Drives Close Spontaneously

If you see your mapped drives disappear you may have a Group Policy that maps your network shares using the REPLACE feature.   Another symptom I noticed occurs if you remote (RDP) to a different PC and leave it for a few days, multiple mappings for the same letter will appear. The simple fix is to set the Drive Map GPO to use the Action UPDATE. To stop your mapped drives disappearing or automatically closing: Launch Group Policy Management Find your drive…

SOLVED: How Long Does It Take For Group Policies To Take Effect?

The short answer is that is takes up to 2 hours for Group Policy changes to take effect for both Computer and for User policies.  However, as usual there is more to the story. What is a ‘Background Refresh’ of a Group Policies? Unless you have changed the defaults, Group Policy is automatically updated every 90 minutes for both Computer and for User policies.  To stop all systems from flooding the servers and network, there is a random offset ranging…

SOLVED: How to Disable Cortana Using Group Policy on Windows 10

If you want to disable the Cortana personal search assistant in Windows 10 using Group Policy this is the place for you: Computer Configuration > Administrative Templates > Windows Components > Search . You can also edit the registry locally: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search to a DWORD with a value of 0 .  If you set it to 1 or delete the key, Cortana will be enabled.

SOLVED: How to Control Windows 10 Updates From a WSUS Server

As you likely have figured out Windows 10 ignores the Re-Prompt for restart with scheduled installations GPO which is very unfortunate because it worked so well.  Given this you now have two apparent choices, let your Windows 10 PC’s reboot automatically or not. Fortunately the GPO: COMPUTER CONFIGURATION > POLICIES > ADMINISTRATIVE TEMPLATES > WINDOWS COMPONENTS > WINDOWS UPDATE > No auto-restart with logged on users for scheduled automatic updates installations  does still work. This means…

SOLVED: How To Disable PROTECTED MODE In Internet Explorer Using GPO

This was a major a pain to me.  I have found that many sites, including MSN.COM, Outlook Web Access, GoToMeeting.com and others,  do not load properly with PROTECTED MODE enabled on Windows 7, 8 and 10 so after arguing with Microsoft about it for a few months last year, I have just given up and decided to disable it.  Now it gets tricky if you don’t follow the steps: Launch Group Policy Management Console and EDIT and…

SOLVED: How to Change the Wallpaper on the Windows 8.1 Lock Screen Using Group Policy

If you want to force a background image to your Windows 8.1 Lock Screen you can accomplish your mission using a registry key or Group Policy that sets that registry key for you. Download the Group Policy Templates for Windows 8.1 HERE and add them to your Group Policy Store (if you do not already have them) Open your Group Policy Editor Expand COMPUTER CONFIGURATION > POLICIES > ADMIN TEMPLATES > CONTROL PANEL > PERSONALIZATION…

SOLVED: How to Move Group Policy Objects (GPOs) Between Domains

It turns out that Group Policy Management Console (GPMC) has a dandy EXPORT, IMPORT feature.  The only thing that isn’t particularly obvious is that you have to EXPORT (and IMPORT) in the GROUP POLICY OBJECTS folder, and not on any of the OU’s.  On the old/source domain, start GPMC Expand your GROUP POLICY OBJECTS folder Right click on a policy you want to move Select Backup Copy the resulting file to a stick, network disk, floppy,…