Starter Group Policy Objects for download

Comments Off

MS has released two packages of Starter GPO’s that you can download.

These Starter GPO’s are recommended settings for Windows XP and Windows Vista. It contains Settings for “Specialized Security— Limited Functionality (SSLF)” and “Enterprise Client (EC)”.

Of course you need RSAT to manage these Starter GPO’s

Download them here

Technorati Tags: , ,

CSE for Windows Group Policy Preference

Comments Off

Microsoft has finally released the new CSE’s required to recieve settings done in the new GP Preference that is released with Windows Server 2008.

They are now here for XP, Server 2003 and Vista


Group Policy Preference Client Side Extensions for Windows XP (KB943729)
Group Policy Preference Client Side Extensions for Windows XP x64 Edition (KB943729)
Group Policy Preference Client Side Extensions for Windows Vista (KB943729)
Group Policy Preference Client Side Extensions for Windows Vista x64 Edition (KB943729)
Group Policy Preference Client Side Extensions for Windows Server 2003 (KB943729)
Group Policy Preference Client Side Extensions for Windows Server 2003 x64 Edition (KB943729)

Technorati Tags: , , , , , ,

Update: GPDBPA-tool on localized Windows

Comments Off

I asked the question if they were going to change this tool so it also is runnable on localized versions of Windows.

The answer is that it won’t install on a localized version but you can install it on an English Windows XP and then transfer the files to your localized version and then run it. The files are located at %ProgramFiles%\GPDBPA\

They don’t guarantee success but you might want to try it (in LAB-environment first of course).

Technorati Tags: ,

My first test of GPDBPA

Comments Off

It took me some time more than just last weekend to checkout the tool delivered from MS but here are my first thoughts about this tool.

First a print screen of the program:

Until today I have only run the program on two domain controllers so I haven’t really tested the tool completely but I have found some parts which you might find interesting.

First of all you should check the page named Critical Issues of course.
For me I got two errors here when I tried on my DC.

  1. Incorrect permissions on Default Domain Controller Policy
  2. DFS service not running on [MACHINE]

About the first error it complained about “Enterprise Domain Controllers” security group didn’t have the “Apply Group Policy” access which was correct so I now recieved this information and could open GPMC and correct the error.

Second error I’m a bit confused about since on Windows 2003 (and earlier) normally don’t have DFS running (if you don’t configure it of course). It’s using FRS for replication of SYSVOL and not DFS. I think this is a mistake from MS because I suspect the tool also has been designed with Windows Server 2008 kept in mind since it’s using DFS-R and not FRS and I think that’s why it’s watching the status of this service.

If you continue at “All Issues” you can find even more information. Some parts are information and some parts errors. I got a lot of errors which I don’t really understand. For example it complained about that:

  • I’m not using Roaming profiles!?!?
  • Offline Files disabled using reg-key (on a Domain Controller)!?!?
  • It complained that two out of four of my group policies (which affects my DC’s) had their user settings disabled!?!?

However the tool has also “Tree reports” which tells you a lot about your GPO’s so if you know what you are doing you can find some useful information about your GPO’s in this tool instead of searching for it using AdsiEdit for example.

As conclusion you can say that the tool has some improvements that need to be done before you can fully benefit from it but it’s a great start if you aren’t using anything today and I would recommend everyone to check it out and at least see if it tells you if you have any errors. :)

There are some other tools available on the market which you might want to check you if you don’t find this tool useful enough. You can find links on the Group Policy homepage

Technorati Tags: , , ,

Wireless Network Policy

Comments Off

Depending on which system you use you have some different options if you want to configure wireless policys using Group Policy.

Windows Vista and Windows Server 2008: These has it as default that you can configure wireless policys using GPO so nothing needs to be done.

Windows 2003: Depending on which level of servicepack you have installed you might need to install “Wi-Fi Protected Access (WPA) support for Wireless Network (IEEE 802.11) Policies is available for Windows Server 2003″. Note that this will not let you configure WPA2 wireless policys. You will need Windows Vista och Windows Server 2008 for that.

Windows XP: First requirement is that you need to have Windows Server 2003 AD Schema in your AD. Second requirement is that you need atleast SP1 for XP.
From you Windows 2003 server (located at C:\Windows\System32) copy the files wlsnp.dll, wlstore.dll and ws03res.dll. Then register wlsnp.dll using “regsvr32 wlsnp.dll”.
Now this has registrered a new snap-in for Wireless Network Policy.
Side-note: For Windows XP to be able to process WPA2 policys you will need to install “Update for Windows XP (KB917021)”

Windows 2000: Sorry, no can do…

Technorati Tags: , , , , , , ,