Etikett: GroupPolicy

Publicerat

Redirected homefolder – the correct way…

https://support.microsoft.com/kb/274443

1. Set Share Permissions for the the correct group to full access (Sudgestionname: RDS_access_all_user)

2. Use the following settings for NTFS Permissions:

CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
System – Full Control (Apply onto: This Folder, Subfolders and Files)
Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
RDS_access_all_user – Modify (Apply onto: This folder only)
RDS_access_all_user – Read & Execute (Apply onto: This folder only)
RDS_access_all_user – List fodler content (Apply onto: This folder only)
RDS_access_all_user – read (Apply onto: This folder only)
RDS_access_all_user – write(Apply onto: This folder only)

Publicerat

WMI Filtering in Grouppolicy

Filtrera ut olika saker med WMI filter i Grouppolicy

Exempel:

SELECT Version, ProductType from Win32_OperatingSystem Where Version like ”6.1%” and ProductType = ”1” = Window 7 klienter
SELECT Version, ProductType from Win32_OperatingSystem Where Version like ”6.3%” and ProductType = ”1” = Window 8 klienter
SELECT Version, ProductType from Win32_OperatingSystem Where Version like ”10.0%” and ProductType = ”1” = Window 10 klienter

Select Caption,ProductType from Win32_OperatingSystem Where Caption LIKE ”%Windows 10%” and ProductType=”1″ = Windows 10 .. ok 2016

Filtrerar ut alla maskiner med version 6.1% samt har ProductType = 1 (1= Client, 2=Server, 3=Member server)

 

 

 

 

 

Publicerat

WPA2-Enterprise Grouppolicy WMI Filtering

In this example GPO will be used to push an SSID configured for machine authentication using PEAP-MSCHAPv2 to Windows 7 domain member systems.

1. Open the domainGroup Policy Managementsnap-in.
2. Create a new GPO or use an existing GPO.
3.Editthe GPO and navigate to Computer Configuration>Policies> Window Settings>Security Settings>Public Key Policies>Wireless Network (IEEE 801.X) Policies.
4.Right ClickWireless Network (IEEE 801.X) Policiesand chooseCreate a New Windows Vista Policy.
5.Provide aVista Policy Name:
6.ClickAddforConnect to available networks…
7.ChooseInfrastructure.
8.On theConnectiontab, provide aProfile Name:and enter the SSID of the wireless network forNetwork Name(s).ClickAdd.
9.Click theSecuritytab. Configure the following:
Authentication:WPA2-Enterprise or WPA-Enterprise
Encryption:AES or TKIP
Network Authentication Method:Microsoft: Protected EAP (PEAP)
Authentication mode: User Authentication

10. ClickProperties.

11.ForTrusted Root Certification Authoritiesselect the check box next to each CA in the Active Directory PKIinfrastructure and clickOK.
OR Choose to ignore cert by just removing ”Validate Server Certificate”


12.ClickOK toclose out and clickApplyon wireless policy page to save the settings.

13.Apply the GPO to the domain or OU containing the domain member computers.

Filter computer with WMI is handles on another post

Publicerat

Wirless profiles

Wirless profile export/import distribution med GP

Rem Importera en exporterad wirless profil
netsh wlan add profile filename=”Wireless Network Connection-qui.xml”

rem exporterar alla profiler med lösenord i klartext !!!!!!
netsh wlan export profile key=clear

Grouppolicy …

wireless

Publicerat

Group Policy Planning and Deployment Guide

Applying Group Policy to new user and computer accounts….

New user and computer accounts are created in the CN=Users and CN=Computers containers by default.
It is not possible to apply Group Policy directly to these containers, although they inherit GPOs linked to the domain.

To apply Group Policy to the default Users and Computers containers, you must use the new Redirusr.exe and Redircomp.exe tools.
Redirusr.exe for user accounts and Redircomp.exe for computer accounts are two tools that are included with Windows Server 2008.
These tools enable you to change the default location where new user and computer accounts are created, so you can more easily scope GPOs directly to newly created user and computer objects.
These tools are located on servers with the Active Directory Services Role in %windir%\system32.

via Group Policy Planning and Deployment Guide.