GPP is a new technology introduced with Windows Server 2008 to make life of administrators much easy. There are variety no. of settings available in GPPs which helps you manage your system effectively.
Using GPPs you can administer the following components of Operating System. You can manage both these user-based and computer based settings from GPPs. The below list shows the settings available in GPPs. A setting can be applied to either a computer or a user or to both based the setting.
Applications (User-based)
Drive Mapping (User-based)
Environment Variables (User-based and computer-based)
Files (User-based and computer-based)
Folders (User-based and computer-based)
Ini Files (User-based and computer-based)
Registry (User-based and computer-based)
Shortcuts (User-based and computer-based)
Network Shares (Computer-Based)
DataSources (User-based and computer-based)
Devices (User-based and computer-based)
Folder Options (User-based and computer-based)
Internet Settings (User-Based)
Local Users and Groups (User-based and computer-based)
Network Options (User-based and computer-based)
Power Options (User-based and computer-based)
Printers (User-based and computer-based)
Regional Options (User-based)
Scheduled Tasks (User-based and computer-based)
Start Menu (User-Based)
Services (Computer-Based)
If no targets are applied, all the computer/users under this policy will get these settings. If you want to restrict this policy to specific users/computers inside OU, then you need to use targeting. There are 25 targeting options are available which can be used alone or in conjunction with other items. Some of the interesting targets are battery present, computer name, disk space, IP address range, LDAP query, OU, Regkey match, security group, site name, user name and wmi query.
Some of the uses of GPPs are…
You can restrict the desktops local administrators group membership. If any one adds their account to local admins, that will be taken off during the next GPO processing due to GPP setting.
You can execute scripts, commands in user context at scheduled times.
Control power options on laptops/desktops
Easily deploy files to desktops based on user and computer
Push short cuts to user/desktops
And GPPs can definitely replace some of the settings which are being handled by your computer/user login scripts now. Using GPPs for these settings considerably less time than using scripts.
Compatibility…
I am sure many of the users will look for this information after going through the GPP exciting features. Though this feature released with Windows 2008 server, you can happily use GPPs in your existing Windows Server 2003 domain which has XP clients. The only thing you need to do is deploy GPP Client side extensions package from Microsoft. The latest buddies like Windows Vista, Windows 7, and Windows 2008 server will come this CSE by default.
You can read more details about this from below sources…
Today I want to turn my some of the scripting efforts to public.
Sometimes I get requirements to see how many machines are online which are part of a AD security group. I worst method I used to follow was dumping the group member list to some text file and making use of a batch script to ping the machine and check the status. This is pretty good but consuming some of my time for dumping and analyzing. So why below script is born….
You just need to give the group DN in the script and execute it with cscript. That shows the machine status if it is online or not. Feel free to modify the script to match your requirements and let me know if I can be of any help.
‘########################################################################## ‘# Purpose : To check the ping status of computers part of a security group ‘# Author : Sitaram Pamarthi ‘# ‘########################################################################## ‘On Error Resume Next
‘ Replace with your group DN GroupDN=”ldap://CN=Your/ Group Name,OU=Your OU name,DC=domain,DC=com”
Set objGroup = GetObject(GroupDN) objGroup.GetInfo arrMemberOf = objGroup.GetEx(“member”) For Each strMember in arrMemberOf Set objGroup1 = GetObject(“LDAP://” & strMember) strHost=trim(objGroup1.dNSHostName) set objPing = GetObject(“winmgmts:{impersonationLevel=impersonate}”).ExecQuery _ (“select * from Win32_PingStatus where address = ‘” & strHost & “‘”)
for each objRetStatus in objPing if IsNull(objRetStatus.StatusCode) or objRetStatus.StatusCode<>0 then WScript.Echo strhost & ” ==> host not reachable” else Ping = True wscript.echo strhost & ” ==> Machine Reachable” end if next Next
Write a Haiku for Microsoft Windows Server 2008 and Win prizes.
The software giant, Microsoft has recently launched a contest for writing a Haiku for its successful product, “Windows 2008 Server R2”. And the winner of this content will get a “Home theater system” and “Xbox 360 Elite”.
All you need to do is to write a Haiku. So hurry up and write yours at www.r2haiku.com. And don’t miss to down load the free Ebook on “Introduction to Windows Server 2008 R2” from the website (look at bottom right corner of www.r2haiku.com page).
I am an avid fan of quest products when it comes to Active Directory restoration. Their products make you to restore objects in active directory without taking the domain controller offline to DSRM mode. There are many products available in market but it is efficient than other in my opinions. The purpose of writing this post is not give publicity for Quest product but I want to take you through couple of videos from Quest which shows how seamless it is to restore objects from active directory. These videos are completely for Windows 2008 R2 where “Recycle bin” option feature is functional. Refer to Technet if you want to know more about “Recycle bin” optional feature in Active Directory 2008 and “Active Directory Recycle Bin Step-by-Step Guide”.
You can also do this with PowerPack from PowerGUI which is a cost effective solution compared to Quest products. This PowerPack helps you to recover deleted objects from Active Directory recycle bin only but not the items which enterd tombstone — that means it is out of recyclebin.
Visit this blog entry to know more about the PowerPack for recovering AD. Below video give you the procedure for operating the PowerPack.
As per the source(www.cio.in), Microsoft has confirmed first bug with Windows 7. A Canadian researcher, Mr. Laurent Gaffie is the first person who reported this bug. As per Gaffie’s blog entry, this bug triggers a infinite loop which can make the windows 7 system unusable. This bug can be triggered via SMB or through IE.
One can read about this bug and the advisory at Gaffie’s Blog
While searching for some other stuff, I came across below interesting articles about Internals of Windows Vista Kernel. I felt it will be handy for troubleshooting any OS/Application related issues that you experience in Windows Vista/Windows 7(I am thinking there won’t be much change in Win7).
Windows 7 brought lot of features for users and easy options for administrators. If you ever want to copy a file/folder patch in windows 7, just hold SHIFT button and right click on that file/folder. It will give an option called “Copy as Path”, select that and it takes the file path into windows clip board and paste it where ever you want. It pretty pretty easy than conventional method of copying from address bar(or from file/folder properties)
Do you know a tip/trik in Windows 7 and want to share that? Put it here it in comments with a link to your blog.
I have seen system administrators who feels bending the CPU box or rebooting the system are only ways to find out serial number of a machine. In situations where a remote systems serial is required, they do nothing but reaching that machine physically.
Enough doing hard work and be smart, guys; here is a small powershell code which helps you to get serial number of local or remote machine without moving your feet.
Back in the late 1990s, some large Internet association conducted a survey in order to bestow awards in categories like Best Web server and Best Web browser, and one of the categories was Best Web authoring tool.
We didn’t find out about this until the organization contacted the Windows team and said, “Hi, we would like to present Microsoft with the award for Best Web authoring tool. Please let us know who the author of Notepad is, so that we can invite them to the award ceremony.”
Yup, Notepad won the award for Best Web authoring tool.
The mail went out to the team. “Hey, does anybody remember who wrote Notepad?”
Even a decade ago, the original authorship of Notepad was lost to the mists of time. I think the person who ended up going was the original author of the multi-line edit control, since that’s where the guts of Notepad lie.
Today, while playing with PowerShell, I came across a interesting COM object “SAPI.SpVoice”. Using this object you can convert given text stream to voice.
Copy this sample script into powershell window and switch ON your speakers/head phones. You can listen to the voice conversion of text you entered. You can explore more options of this by going through it’s properties and methods, (new-object -com SAPI.SpVoice) | get-member.