Group policy

How to find and remove a Service on Server 2008, 2012 and 2016

Run command prompt as Administrator

Find the keyname with “sc getkeyname”:

C:\Users\administrator.LOCAL>sc getkeyname “Atlassian JIRA”
[SC] GetServiceKeyName SUCCESS
Name = JIRASoftware151216105308

Now delete the key using:

C:\Users\administrator.LOCAL>sc delete “JIRASoftware151216105308”

 

 

How to Setup a Legal Notice Before Login in Group Policy

This is a very easy setting that may also substitute for signing the computer usage agreements every year.
legal-notice-group-policy-settings
1.Open up your Group Policy Management Console (gpmc.msc)
2.Go to the Group Policy Object in your domain, right click on Default Domain Policy and select Edit…
3.Once the Group Policy Editor is up, using the treeview on on the left go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
4.To edit the title of the windows change: Interactive logon:Message title for users attempting to log on
5.To edit the message text change: Interactive Logon:Message text for users attempting to log on

101 Free Network Monitoring Tools

http://www.gfi.com/blog/101-free-admin-tools/

How to add Trusted Sites

We need to go to the Computer Configuration ““> Administrative Tools ““> Windows Components ““> Internet Explorer ““> Internet Control Panel ““> Security Page and then double click to the zone assignment list in the right pane as you can see below.

iegp1

After you double click on site to the zone assignment list you will see a window to enable the settings and configure it. Click enabled. Then click show. On the show contents screen click add.

iegp2

By clicking add we can add URLs and specify what zone we want them to be placed in like so:

iegp3

The number 2 denotes the number of the zone. In this case it is the trusted zone. Microsoft breaks down the settings as follows:

  1. Intranet zone – sites on your local network.
  2. Trusted Sites zone – sites that have been added to your trusted sites.
  3. Internet zone – sites that are on the Internet.
  4. Restricted Sites zone – sites that have been specifically added to your restricted sites.

After clicking OK you can wait for your default refresh of Group Policy which is 15 minutes by default or you can run gpupdate.exe from any workstation to see if it worked. You can also restart the workstations to force the update.

 

To configure the behavior of Automatic Updates


 

  1. In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
  2. In the details pane, click Configure Automatic Updates.
  3. Click Enabled and select one of the following options:
    • Notify for download and notify for install. This option notifies a logged-on administrative user prior to the download and prior to the installation of the updates.
    • Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user prior to installing the updates.
    • Auto download and schedule the install. If Automatic Updates is configured to perform a scheduled installation, you must also set the day and time for the recurring scheduled installation.
    • Allow local admin to choose setting. With this option, the local administrators are allowed to use Automatic Updates in Control Panel to select a configuration option of their choice. For example, they can choose their own scheduled installation time. Local administrators are not allowed to disable Automatic Updates.
  4. Click OK.

How to create mapped drives in Group Policy

To create a new Mapped Drive preference item

  1. Open the Group Policy Management Console . Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit .
  2. In the console tree under User Configuration , expand the Preferences folder, and then expand the Windows Settings folder.
  3. Right-click the Drive Maps node, point to New , and select Mapped Drive .
  4. In the New Drive Properties dialog box, select an Action for Group Policy to perform. (For more information, see “Actions” in this topic.)
  5. Enter drive map settings for Group Policy to configure or remove. (For more information, see “Drive map settings” in this topic.)
  6. Click the Common tab, configure any options, and then type your comments in the Description box. (For more information, see Configure Common Options.)
  7. Click OK . The new preference item appears in the details pane.

Disable Firewall on users using group policy in server 2008, 2012

Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  > Windows Firewall: Protect all network connections = Disabled

After that go to client machine;

Start > Run > CMD > Gpupdate /force

Reboot.

How To Enable Remote Desktop Via Domain Group Policy Windows Server 2012 / 2008 R2 / 2008

Open the Group Policy Management and create a new GPO, and edit.

1 – Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > “Windows Firewall: Allow Inbound Remote Desktop Exception”

2 –  Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections > enable the policy “Allow Users to connect remotely using Remote Desktop Services” Note: this used to be  > Windows Components > Terminal Services > “Allow users to connect remotely using Terminal Services”

Change Windows password in Remote Desktop

CTRL-ALT-END is the key combo to send a CTRL-ALT-DEL to the remote RDP desktop. Useful for changing passwords on workstations and servers remotely.

Permissions that need to be set to allow automate users home directory creations

share1When you configure home directory for user (from “Active directory users and computers” – in Windows 2000/2003/2008/2012 domain or “User manager for domains” – in NT4 domain), you should add root share that will contain the user home directory – \\servername\users$\%username%. To allow automatic creation of this home folder, there need to configure correct NTFS and Share permissions on home folder root share.

Right click the folder > Properties > Sharing > Advanced Sharing. Name the share and add a “$” to the end to make it a hidden share.

Click Permissions on the share.

share2

To allow automate home directory creations, please make sure to apply this security settings on the root folder that should contain the user home directory.

Administrators: Full Control
System: Full Control
Authenticated Users: Full Control

Now click OK > OK to get back to the Folder Properties.

Now we need to configure the NTFS permissions, so we need to be on the “Security” tab of the folder we created earlier.

1. Turn off inheritance on the folder and copy the permissions. You do this by:

a. Click the Advanced button found on the Security tab.
b. Clear Allow inheritable permissions to propagate to this object check box in the Advanced Security Settings dialog box.
c. Click Copy when prompted by the Security dialog box.

2. Click OK to return to the Security tab. Ensure we have the following permissions set:

Administrators: Full Control
System: Full Control
Creator Owner: Full Control
Authenticated Users: Read & Execute, List Folder Contents, Read

3. Change permissions for Authenticated Users so they cannot access other users’ folders. You do this by:

a. Click Advanced on the Security tab.
b. Click Authenticated Users, and then click Edit.
c. On the Permissions Entry for HOME dialog box, drop down the Apply onto and select This folder only.
d. Click OK twice.

See how Group Policies are applied

Run gpresult /v

GPRESULT, or otherwise known as Resultant Set of Policy Queries is a tool used to provide client end information of Group Policy settings.
The utility ships with all current versions of Windows and is used to aid administrators in troubleshooting group policy problems. The policy is very similar between all versions of Windows, however Windows Vista and Windows 7 requires elevation.

The commands below are examples that i use frequently.

Windows XP

This provides verbose log of current logged on user on local PC

1 gpresult /v > gp.txt