Group Policy provides centralized management and configuration of operating systems, applications, and users’ settings in an windows Active Directory environment.
Functionality of group policy almost has no limits to what it can do. Few examples that can be configured includes folder redirection, relocating known folders to OneDrive, harden Windows endpoints, establishing drive/printer mappings and hybrid join devices to azure AD. The pivotal role of group policy lies in the centralized administration of on-premises Windows devices.
**In the case of Azure AD joined devices, management is achievable through the Intune Configuration Service Provider (CSP), akin to group policy but tailored for cloud-connected devices.
- Allow Remote Desktop Access with Restricted GroupsRemote Desktop Access, in the realm of Windows administration, is like a mighty gatekeeper controlling who can and cannot enter the castle (remote access to a computer) through the secret passage (Remote Desktop Protocol). Through … Continue reading Allow Remote Desktop Access with Restricted Groups
- OneDrive Group Policy – OneDrive KFMNow that the Azure side is configured to allow SSO for office apps, we will proceed with making group policy changes for OneDrive. In this policy, we will harden OneDrive app and restrict users from … Continue reading OneDrive Group Policy – OneDrive KFM
- Group Policy TroubleshootUseful tools to know when dealing with group policies. Review the policies applied to current logged on user: (saves the html to c:\temp\) View policy applied for computer configuration. (firewall, trusted zone info, etc.) Enable … Continue reading Group Policy Troubleshoot
- Enforce Auto Recover Path for (Word/Excel/PowerPoint)In the Microsoft Office suite software, there exists an auto recover feature for Word, Excel, and PowerPoint that periodically saves a copy of the document. Should an unexpected event like a crash, power failure, or … Continue reading Enforce Auto Recover Path for (Word/Excel/PowerPoint)
- Enforce Outlook Exchange Cache ModeFor organization in a windows environment utilizing outlook as their primary email application, it is crucial to lock down the settings which could prevent outlook from not functioning properly. A scenario that can break outlook … Continue reading Enforce Outlook Exchange Cache Mode
- Group Policy Copying files/set of files to locationGoal: Copy over a set of files to a folder and copy a single set of files to a folder. Useful scenario includes copying over xml or settings file to use for apps. Also useful … Continue reading Group Policy Copying files/set of files to location
- Enable/Disable Microsoft Edge enterprise syncFor organization that utilizes windows OS, enabling enterprise sync for Edge is a no brainier. This brings more convenience for users when they are roaming between multiple devices. Microsoft edge enterprise can sync the following … Continue reading Enable/Disable Microsoft Edge enterprise sync
- Policy AnalyzerPolicy Analyzer is a streamlined tool designed to assess and contrast collections of Group Policy Objects (GPOs). It can identify instances where a group of Group Policies contains duplicated configurations or internal discrepancies and can … Continue reading Policy Analyzer
- Delete Scheduled taskWhat if I have to delete the scheduled task if user is not in the correct group? Use the following to delete scheduled task for user Goal: Implement delete action and remove the scheduled task … Continue reading Delete Scheduled task
- Scheduled Task- Deploying scripts using Group policyThe post will review the deployment of powershell script using scheduled task instead of immediate task. The script establishes a task that triggers at every user log on and it sticks to the machine that … Continue reading Scheduled Task- Deploying scripts using Group policy
- Immediate task- deploy scripts in group policyIn order to run scripts to complete certain task in windows environment, immediate task or scheduled task can accomplish that goal. Goal: Deploy immediate task to workstation to disable power button with a powershell script … Continue reading Immediate task- deploy scripts in group policy
- Remove office add-in resiliency for a specific group.Now that we know how to enable and disable office add-in resiliency for all users, how do we proceed to only disable it for certain users? It is fairly straightforward, it requires item level targeting … Continue reading Remove office add-in resiliency for a specific group.
- Enable or Disable Office Add-in ResiliencyFor organizations that implements extended features to outlook with third-party apps, ensuring the continuous operation of these add-ins is of paramount importance. Among the significant add-ins in use are those for document management systems and … Continue reading Enable or Disable Office Add-in Resiliency
- Outlook- Meetings are created as Teams Online Meetings by defaultIn outlook 365, users are experiencing issues with teams auto generating a meeting link whenever they create a new meeting. Users can manually disable this by unchecking “Add online meeting to all meetings” under file … Continue reading Outlook- Meetings are created as Teams Online Meetings by default
- Print NightmareThe CVE-2021-1675 print vulnerability has persisted since 2021, posing risks of both local privilege escalation (LPE) and remote code execution (RCE) within Windows’ print spooler. While the ultimate remedy involves deactivating the print spooler and … Continue reading Print Nightmare
- Office Ribbon/Quick access Custom ribbonAt times, organizations may tailor their office ribbon or quick access ribbon to align with users’ requirements. For instance, they can eliminate the OneNote button if it’s not in use, or remove the Teams button … Continue reading Office Ribbon/Quick access Custom ribbon
- File association for Domain joined computersFor domain joined machine that has already been re imaged and requires a certain file type to be opened with a specific application, utilizing group policy to force those changes will be needed. Goal: Generate … Continue reading File association for Domain joined computers
- Application association for Windows ImageCompany that has their own customized image will almost always has their own set of application associated with specific file type. Not all individuals will opt for Microsoft Media Player to launch MP4 files. Some … Continue reading Application association for Windows Image
- Create Firewall exception rulesCreating firewall exception are necessary when windows defender block legitimate applications from running. Goal – create exception rules for certain apps. In this scenario,an exception to the Ringcentral Meetings app will be added to be … Continue reading Create Firewall exception rules
- GPO- Security Group filterGoal– Apply group policy only to certain test group instead of the default authenticated users group, which impacts all users. 1. If I want the [Onedrive-Dev] policy to only apply to group [Onedrive] instead of … Continue reading GPO- Security Group filter
- Orphaned GPO & Unlinked GPOGPOs are objects, just like any other sort of objects in Active Directory. Administrators will create GPOs and remove them depending on the needs of the organization. In a normal condition, once a GPO is … Continue reading Orphaned GPO & Unlinked GPO
- AGPM- Advanced group policy managementWhat is AGPM? Microsoft Advanced Group Policy Management (AGPM) extends the capabilities of the Group Policy Management Console (GPMC) to provide comprehensive change control and improved management for Group Policy Objects (GPOs) Benefits: 1. Check … Continue reading AGPM- Advanced group policy management
- Group Policy Preference- Creating shortcutsGoal – deploy shortcuts to users workstation. Includes certain apps or power settings that users may find useful. Requirement– DC (domain controller) server with Group policy management role installed 1 – Open Group policy management … Continue reading Group Policy Preference- Creating shortcuts
- Folder Redirection SetupInfrastructure Requirement : 1 DC SERVER (Mecm2) *We will configure Group policy and set up network share here A Client PC running Windows 10 (CLIENT-10) *To test if user’s folder gets redirects to the network share on MECM2 … Continue reading Folder Redirection Setup
Steven's Event Log 