A crash course on understanding Group Policy

April 12, 2013 System Administration No Comments

One of my main responsibilities at my job is managing our Group Policy. It works best with a well thought out structure in Active Directory but you should have that anyways for organization purposes.

I’ll often hear discussions or see comment threads of new IT Professionals wanting to move to centralized management. They might have just gotten the hang of AD structure but Group Policy sounds too good to be true. I have taught some crash courses on Group Policy before but it can be a difficult subject for people to grasp and intimidating to get started with. There are a few key concepts and if you have an understanding of your environment, it should all click nicely. But first, you have to get started some where.

A script to delete mapped network drives using a certain UNC path

February 20, 2013 Code, System Administration 3 Comments

Mapped drives. You can love ‘em or hate ‘em.

After changing file servers or retiring an old server, clients might have old mapped drives pointing to these servers. Since they could be a confusing interface and disconnected drives might slow down the computer until they time out, it’s not a bad idea to clean up the old ones. It’s a pretty simple process to disconnect a mapped drive when you are in front of the computer. You just right click on the drive and choose ‘Disconnect’. There are also command line options if you’re at the computer with the user logged in.

Scripting the removal is also easy if you know the drive letter. It can just be a simple:
Net Use Z: /Delete

However, many organizations are in chaos with mapped drive letters and if you ran a script like that to delete all Z drives, you might disconnect some current, useful drives with clients that don’t know the path where it was mapped. To utilize a script, it’s going to have to have some intelligence built into it to ensure you are disconnecting the correct drives. You would run into the same problem with using Group Policy Preferences to Delete a connection by drive letter.

The Active Directory Administrative Center in Windows 8/Server 2012

December 26, 2012 Software, System Administration No Comments

After installing the Remote Server Administration Tools (RSAT) on Windows 7 or Windows 8, in addition to the popular Active Directory Users and Computers and Group Policy Management Console, you will gain access to the Active Directory Administrative Center.

Active Directory Administrative Center provides network administrators with an enhanced Active Directory data management experience and a rich graphical user interface (GUI). Administrators can use Active Directory Administrative Center to perform common Active Directory object management tasks (such as user, computer, group, and organization units management) through both data-driven and task-oriented navigation.

Understanding Windows To Go, Server 2012 Security Tools, and Remote Desktop updates to 8.0

November 16, 2012 Operating Systems, Software, System Administration No Comments

Here’s a quick wrap up of some topics that have come up lately but would be a little lacking as their own articles. Still, it’s information to know. With Windows 8 and Server 2012 out, they changed the game and brought a number of other things with them. To keep up, you can read about Windows To Go, security tools to administer Server 2012, and Remote Desktop Protocol updating to version 8.0.

Using the Office 2013 Microsoft Office Customization Tool and Office 2013 Group Policy Administrative Templates

November 8, 2012 Software, System Administration No Comments

Office 2013′s methods of deployment aren’t that different from Office 2010′s deployment options. The Office Customization Tool is still there and the administrative templates are there to allow customization through Group Policy. Office 2013 Pro Plus has a few more products included in it and a few more features like synchronizing with the cloud and social network. Exploring these deployment tools like their brand new is worthwhile to see what new settings and preferences you might be able to configure and control. Yesterday’s post about Office 2013′s animated cursor is a perfect example of small changes that have been made that can result in a change on the user experience side.

Update WSUS to support Windows 8 and Server 2012

October 24, 2012 Software, System Administration No Comments

Windows 8 general availability hits Friday. While you’re probably hoping that it will still be a little while before Microsoft’s newest operating system lands in your organization, it’s better to be prepared than caught unaware. In addition, Microsoft will probably have a few updates inline quickly to resolve any bugs that crop up. In fact, amongst other updates, there is a Flash for Internet Explorer 10 update and the mini-service pack “Windows 8 Client and Windows Server 2012 General Availability Cumulative Update” ready to be installed.

To save some bandwidth and ensure your computers are getting the latest Windows updates, you will want to update your Windows Server Update Services (WSUS) to be able to cache Windows 8 and Server 2012 updates. If you are running WSUS 3.0 SP2, there’s an update to install. Of course, you could also just update your WSUS server to run off of Server 2012 and that should have the update needed to deliver updates to Windows 8 RTM.

Adobe Reader 11 has landed with GPO ADM templates

October 15, 2012 Software, System Administration 4 Comments

Adobe Reader and Acrobat XI was announced at the beginning of the month with a load of new features. One of them that made me as an IT Pro excited was the Group Policy templates that would allow more flexible control and configuration over the applications. Today, Adobe Reader 11 and Acrobat 11 Pro became available and with them also came the Group Policy templates. Here’s a little dive into what is available through the group policy configuration.

Use Group Policy to allow ping and remote management on Windows 7

October 8, 2012 System Administration No Comments

One of the benefits of having computers joined to a domain and within a local network is the ability to manage things over the network pretty easily. Unfortunately, some basics are turned off by default. Fortunately, it’s pretty easy to turn them on for your environment. Being able to see if a computer is powered on or on the network with a simple ping is a basic function. That is why it’s surprising to see the default setting has this turned off. I understand the security implications but in a proper environment where a firewall should prevent ping from outside the network and administrator access is needed to use management tools like Remote Registry, the hidden admin share (C$), and Computer Management of another computer, the policy change should be relatively safe while allowing more predictable remote access.