Customizing the Text ScreenSaver with Group Policy

“Customizing screensavers?” I hear you cry, “That’s a bit retro isn’t it?”

Nowadays screensavers have more or less disappeared. It makes much more sense to just turn off the screen after 10 minutes of inactivity. However, there are some instances where a screensaver can be useful, for example, an always-on kiosk or even digital signage.

One of the more useful standard screensavers in the Windows operating system is called “3D Text”. Useful because by default it will display the time but can be customized to display some text instead

Continue reading Customizing the Text ScreenSaver with Group Policy

Use Group Policy Preferences with WMI Targeting to Copy Files

Here’s a quick and simple guide on how to update a file based on it’s “last modified” date (but it can also be tweaked to use any file attribute). It uses the Item-Level Targeting feature of Group Policy Preferences. The problem is, the Targeting Editor only has a “File Match” option that can check whether a file exists or is of a certain version. Luckily, we can implement a custom WMI query to check any of the files attributes using the CIM_DataFile.

Continue reading Use Group Policy Preferences with WMI Targeting to Copy Files

The MDT and Office 2013 Click-to-Run Jigsaw Puzzle

office 2013 iconsIf you are trying to deploy a click-to-run (C2R) version of Office 2013/365 then it’s time to forget everything you knew about deploying office and start from a clean slate!

Due to Office 2013’s Cloud-based nature it is set up a bit differently to the traditional CD/MSI approach. This is fine if it’s your personal copy but what about deploying it to an whole office of PCs?

IT pros have been using the Microsoft Installer (MSI) technology for years to silently install Office programs. You can use a mix of existing switches to update and patch Office installations using Group Policy, scripts, Office Customization Tool (OCT) or the Microsoft Deployment Toolkit (MDT).  However, Microsoft, in their wisdom, decided to offer a brand new deployment methodology for Office 2013, Click-To-Run. There is still an MSI version out there but it is only available for the Volume Licensed customers, which means, if your business was used to buying the much cheaper Product Key Card (PKC) licenses, you are stuck with C2R. Oh, and by the way, WSUS can’t be used to update it either.

We came across this issue when we purchased and job lot of PKCs for Office Home and Business 2013. This includes Outlook, Word, Excel, PowerPoint and OneNote. This seems like an ideal buy for most small businesses as it includes all of the core Office apps that your average user would need. However, when it comes to deploying, customising and activating it is about as far from business-ready as you can get! I struggled for weeks trying to get things working correctly to allow a smooth integration with our Windows 7 deployment, I did finally get there, but I hit so many brick walls I almost gave up trying. The worst part is when you get a stock “You should buy Volume Licenses” response… erm yeh, I wish I knew that 3 months ago before the money was spent.

So here is my ultimate guide to installing, customising and activating Office 2013 C2R editions. It’s not going to be pretty but it will get you someway to a mostly automated and controlled deployment. It is specifically tailored towards Office 2013 Home and Business but should work for any Office 2013 C2R version that needs to be deployed in a Windows Domain

Continue reading The MDT and Office 2013 Click-to-Run Jigsaw Puzzle

Using Group Policy Preferences to deploy Favorites to Internet Explorer

My previous article, The new way to configure Internet Explorer proxy settings with Group Policy, spoke about how the Internet Explorer Maintenance section of Group Policy has been killed off in favour of ADMX templates and Group Policy Preferences. One benefit of this is that you get rid of the time-consuming “Branding Internet Explorer” section when a user logs on to a PC.

Thanks to the lack of communication from Microsoft, we now need to scramble around to get all of our Internet Explorer Favorites re-deployed for any PC with IE10 or above. Thankfully it is a relatively simple, if tedious task. I used the GPMC on a 2008 R2 member server

Continue reading Using Group Policy Preferences to deploy Favorites to Internet Explorer

The new way to configure Internet Explorer proxy settings with Group Policy

Internet Explorer 10 was released for Windows 7 and Windows Server 2008 R2 machines back in February 2013. Nine months later and we are going through it again with Internet Explorer 11. For SysAdmins and IT Pros managing software updates, these new versions led to quite a significant change in how we use Group Policy to manage them.

I only recently discovered that when Windows 8 (and along with it IE10) was released they finally got rid of the “Internet Explorer Maintenance” Section of the Group Policy Editor. This section always struck me as an odd place to configure IE settings and I’m still not sure why they couldn’t just use the normal Administrative Template section.

Internet Explorer Maintenance in Server 2003 Group Policy Editor
Internet Explorer Maintenance in Server 2003 Group Policy Editor

Continue reading The new way to configure Internet Explorer proxy settings with Group Policy

Group Policy Management Overview

gpmc iconWe use Group Policy to tweak the default settings on Microsoft Servers and PCs. You edit the policies using the Group Policy Editor console (gpedit.msc) but to manage the policies you use the Group Policy Management Console (gpmc.msc). The more policies you start to create, the more confusing managing them can become and with each new version of Microsoft software (Office included) new Group Policy templates are added. This article is to give you an insight into exactly what the Group Policy Management Console (GPMC) is about and how everything links together.

It’s always best to edit policies from the latest OS. This is one of the reasons to always have a VM somewhere with the latest OS purely for Group Policy. Alternatively, if you are using the latest OS then you can install the GPMC from the Remote Server Administration Tools (RSAT) and then edit the policies from there. If you don’t, it’s not a big issue but some policies won’t be available. All of the templates can be stored in a central location in Active Directory so they can be accessed by all domain machines. There is some debate whether it is best to have the policies held locally rather than in the central store but I think it works well. By default this is \\DCName\sysvol\domain.name\Policies\PolicyDefinitions. If you ever download a new template you will need to put it in there. For more details on activating the central store se the following Microsoft Support article

Inheritance & Precedence

Group Policies Objects (GPOs) are created in the Group Policy Objects folder in GPMC. Policies are then linked to Active Directory Organizational Units (OUs). You can link as many Policies as you like to an OU and you can also link the same policy to as many OUs as you like. You can also block inheritance by right-clicking an OU and disabling it. The precedence of any GPOs, i.e. what GPO policy wins out of any competing policies, can be changed in the Linked GPO tab of an OU. Normally the deepest policy wins.

Continue reading Group Policy Management Overview

Configuring Firefox proxy settings for all users

Spread Firefox Affiliate ButtonI recently had an issue with the latest version of Firefox (v3.6.15). Normally, when we install Firefox on our network, we have to change the proxy settings from the default “No Proxy” to “Auto-detect proxy settings for this network”. This doesn’t normally cause much of an issue as we only use Firefox on a few select machines and can be changed by the individual user. However, it seems the default install behaviour has slightly changed to add a new option that seems to muddy the water. There is now a “Use system proxy settings” option (similar to Google’s Chrome) that seems to be selected by default for new users. Although this may seem to make sense, on our network this causes terribly slow page load times, e.g. 10 minutes to load google.co.uk. Luckily I found a way to set the “Auto-detect” option for all users.

WARNING: This seems to have changed again since Firefox 4 was released. If anyone knows how to change it please add a comment.

Continue reading Configuring Firefox proxy settings for all users

Tips – Finding the right Group Policy setting

UPDATED – see below for info on the new Group Policy Search web app

Now Windows Internet Explorer 9 (IE9) is nearing the end of it’s beta process it won’t be long before SysAdmins will be deploying it out across their networks. Something that occurs with any new Microsoft software is the need to update Group Policy to control any new features and lock down as appropriate. I thought I’d share a few tips on how I find discover and configure these new settings.

It seems that with each new Administrative template (ADMX) there are an ever-increasing amount of settings that can be managed (Over 1500 for IE9 alone!). While great for security it can be a headache to navigate. Microsoft usually lists the group policy settings for each product on the TechNet site, like this page for IE9, but did you know there is also an MSDN website (hosted on Azure) called Group Policy Search. This is a godsend policy administrators because not only does it allow you to search the contents of all the Microsoft Windows & Office policies but it also gives you the info like what the policy is supported on and even the registry key that the policy changes. This is a great place to copy details if you need to report to a manager on what a certain setting can do.

Group Policy Search Cloud App
Group Policy Search Cloud App

 This site does work on smartphones but I can see this working really well as a reference app on a mobile device. UPDATE: I just found that somebody has made this into an app for Windows Phone 7/8. Find it in the web store or search on your phones marketplace for Group Policy Search. Now it’s up to another dev to make one for Android and iPhone!

If you use Windows 7/Server 2008 R2, or later, you can also download a Search Connector (from the site’s Settings menu). This lets you search the Group Policy Search website from Windows Explorer, giving you an excerpt of the description and link to the relevant webpage. UPDATE: Unfortunately, due to the change of host for the web app, the connector is broken. Luckily, it is easily fixed by editing the OSDX file. Download the GroupPolicySearch.osdx connector from the site and open with a text editor. Change line 5 to the code below, save and then double-click the file to install to your userprofile/Searches folder

<Url type="application/rss+xml" template="http://gpsearch.azurewebsites.net/gps/rss.ashx?search={searchTerms}"/>
Group Policy Search Connector
Group Policy Search Connector in Windows 7

Another task that becomes complicated is to find settings you have previously changed. I may open up the Group Policy Editor knowing I need to modify a previous setting change but it can be like finding a needle in a haystack digging through all the non-configured settings. You can find it via a report in the Group Policy Management console but did you know you can also filter policies in the editor? Go to the View menu and choose Filter Options. Here you can set up a number of criteria on what you want to see. I typically would change it to only show configured settings and also any policy with my initials in the comments. This makes it really easy to see the changes I have made and adjust them appropriately.

Group Policy Filtering
Group Policy Filtering

I hope that’s given you a bit of help in discovering and managing group policy settings. Let me know your tips in the comments.

UPDATE: I discovered this great page in the increasingly useful TechNet Wiki – Group Policy Survival Guide. It contains links to anything and everything to do with Group Policy

How to merge two small active directory domains quickly and easily

This article describes the steps I took when we decided to merge to sister companies into one domain. I have, in the past, used the Active Directory Migration Tool. The ADMT, currently at version 3.0 “provides an integrated toolset to facilitate migration and restructuring tasks in an Active Directory infrastructure”. It works great and has loads of guidance on how to go about the daunting task of migrating 200 users from an NT 4 domain to Active Directory, merging domains or restructuring numerous sub-domains. However, it involves a lot of planning and background fiddling to get it working. In my current situation I needed to migrate only 20 users to our main domain so I didn’t really want the hassle of reading through the mammoth migration guide. Neither did I want to add everybody one by one. Therefore, I created the following method that did everything I needed as quickly as possible, without making my brain hurt 🙂

Continue reading How to merge two small active directory domains quickly and easily