Daniel Ramawidjaja Blog

June 27, 2009

Group Policy Management Console (GPMC) Installation on Windows Server 2003 R2 x64

Filed under: Group Policy,Windows Server 2003 R2 — Daniel Ramawidjaja @ 4:41 am
Tags: ,

You can download the GPMC here:
http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en

Unfortunately, GPMC need the .NET Framework 1.1 while the Windows Server 2003 R2 x64 includes only .NET Framework 2.0.

GPMC Installation Needs .NET Framework 1.1

You can install .NET Framework 1.1, but you may find error on other web applications. See my previous post, Error on Certificate Services Web Enrollment After Installing .NET Framework 1.1 on Windows Server 2003 R2 x64.

After installing .NET Framework 1.1 and some troubleshooting when necessary, you can install install GPMC sucessfully.

GPMC Installation completed

 

Here the test of GPMC usage after installation

GPMC Testing

GPMC Testing

GPMC Testing

 

To avoid problems with incompatibility of .NET Framework 1.1, it is recommended for you to install GPMC on client computers, such as Windows XP or Windows Vista. I wrote this post just to show you that actually we can install GPMC on Windows Server 2003 x64 that includes only .NET Framework 2.

Advertisements

June 19, 2009

Impact of Disjoining Domain to Group Policy Implementation

Filed under: Active Directory,Group Policy — Daniel Ramawidjaja @ 7:12 pm
Tags: ,

One discussion with my student make me think again, try to open my mind, and doing some simulation to prove the concept and my knowledge about the impact if a client computer disjoin domain to avoid Group Policy implementation. Then I take conclusion that the dis-joining process will remove all group policy implementation that was retrieved previously from the domain’s Group Policy.
I did some testing on Windows XP and Windows Vista, but only documented the test result on Windows XP.

 

Verify the implementation of Group Policy that was retrieved from Domain.
The execution of vbs file was denied.

Effect of Disjoining Domain to Group Policy Implementation - Before

The interactive logon message text appeared.

Effect of Disjoining Domain to Group Policy Implementation - Before

 

Disjoin from the Domain

Disjoin from Domain

 

Verify the Impact of Disjoining Domain to Previous Group Policy Implementation
Software Restriction Policy to deny access to vbs files does not apply.

Effect of Disjoining Domain to Group Policy Implementation - After

The interactive logon text message has been removed.

Effect of Disjoining Domain to Group Policy Implementation - After

 

Group Policy Settings for Test Computers

Test-the-effect-move-to-workgroup

Test-the-effect-move-to-workgroup

June 7, 2009

Remote Server Administration Tools on Windows Vista

If you want to do remote management using Windows client computers, you should install RSAT. Unfortunately, this tool only available for Windows Vista.

You can download and find more detailed information from here:
http://support.microsoft.com/kb/941314

Install the RSAT

RSAT Setup

While updating process still run, I examine the Administrative Tools on Windows Vista to show you the previous condition.

Administrative Tools before RSAT Installed

Go to Control Panel, Programs, Programs and Features, and then click Turn Windows features on or off. You will see the differences.

Turn Windows Features On or Off after RSAT

Here is the Administrative Tools program group after I turned on some of the RSAT features.

Administrative Tools After RSAT Installed

June 6, 2009

Change the Local Administrator Password Using Group Policy

Filed under: Group Policy,Windows Server 2008 — Daniel Ramawidjaja @ 11:41 pm
Tags: ,

This tip can be implemented if you have already install Group Policy Client Side Extensions (CSEs) on targetted computers. If not, download from here: http://support.microsoft.com/?kbid=943729
The minimum supported is Windows XP SP2.

By following the steps on the pictures below, you can configure the Group Policy to change local administrator’s password on multiple machines.

Group Policy Preference to Change Admin Local Password - 1

Group Policy Preference to Change Admin Local Password - 2

Group Policy Preference to Change Admin Local Password - 3

Group Policy Preferences on Windows Vista with SP2

Filed under: Group Policy,Windows Vista — Daniel Ramawidjaja @ 3:55 pm
Tags: ,

For Group Policy Preferences (GPP) to apply on Windows Vista, you need to install Group Policy Client Side Extensions (CSEs). You can download from here:
http://support.microsoft.com/?kbid=943729

Unfortunately, try to install Group Policy Client Site Extension on Windows Vista with SP2 will end up with the message say, “This update does not apply to this system”
Hope Microsoft release the update for Windows Vista with SP2 as soon as possible.

Update Does Not Apply to This System

But you can force the installation of a Windows update by this way, for example, to force install Group Policy Preferences Client Side Extensions:
> mkdir KB943729
> expand -F:* Windows6.0-KB943729-x64.msu KB943729\
> start /w pkgmgr /ip /m:KB943729\Windows6.0-KB943729-x64.cab

Force Install of the Update

I find that it works, but the update is not full compatible with Windows Vista SP2. Here the result of ‘gpupdate /force’:

gpupdate /force

Although not fully compatible, the goal is achieved. Here the Group Policy Preferences settings:

Group Policy Preference

Group Policy Preference

Here is the snapshot of the result on Windows Vista with SP2.
I got a folder with the same name and attributes as I set on the Group Policy Preferences.

Group Policy Preference on Vista SP2

June 3, 2009

Configure IPv6 Using Group Policy

Filed under: Group Policy,Windows Server 2008 — Daniel Ramawidjaja @ 7:56 am
Tags: ,

Actually this is a test of solution offered from this site:
How to Configure IPv6 Using Group Policy
http://www.expta.com/2009/02/how-to-configure-ipv6-using-group.html

You can download the Active Directory template here:
IPv6Configuration.zip

Read the original web site for more information. Here I just test the solution using group policy.

The result on Group Policy Management Editor

ADMX-Test-034

ADMX-Test-036


Testing on Windows Vista
Before the policy applied:

ADMX-Test-037

After run gpupdate /force and restart the computer:

ADMX-Test-039

ADMX Migrator

ADMX Migrator, which is created and supported by FullArmor, enables you to convert ADM files to the ADMX format and take advantage of the additional capabilities that it provides. The new XML-based format includes multilanguage support, an optional centralized datastore, and version control capabilities.

ADM
ADM is
Administrative Template files included by default in Windows operating system and service pack releases, beginning with Windows 2000, for managing group policy.

ADMX
If you’ve started using Windows Vista and Windows Server 2008 in your environment, you may have noticed the new Group Policy ADMX format. This new format for Group Policy templates takes advantage of new features and capabilities.
The new ADMX format for displaying registry-based policy settings are defined using XML now, instead of the proprietary format that ADM files used. The new templates come with a lot more settings, almost 2,400 in Windows Vista, which is several hundred more than Windows XP.

ADMX Migrator
I need this tool when I want to convert a customized ADM files to ADMX format that is used in Windows Server 2008.

You can download ADMX Migrator here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0F1EEC3D-10C4-4B5F-9625-97C2F731090C&displaylang=en

An Example of ADM File

This is the content of my ADM file:

CLASS USER
CATEGORY !!DisableWindowsTour

	KEYNAME "Software\Microsoft\Windows\CurrentVersion\Applets\Tour"

	POLICY !!DisableWindowsTour

		VALUENAME "RunCount"
		VALUEON NUMERIC 1
		VALUEOFF NUMERIC 0

	END POLICY

END CATEGORY

[strings]
DisableWindowsTour="Disable Windows Tour"


Migrate the ADMX File Using ADMX Migrator

ADMX-Test-018

No problem with this warning. You can add the support information later.

ADMX-Test-020

When prompted to load it to ADMX Editor, click Yes.

By default, the template was saved to the current userprofile, you can save as to your preferred folder.

ADMX-Test-023

Verify the template

ADMX-Test-025

ADMX-Test-026

Enter the supported definition

ADMX-Test-027

ADMX-Test-028

ADMX-Test-029

Copy the ADMX file to %SystemRoot%\PolicyDefinitions and en-US\ADML file to %SystemRoot%\PolicyDefinitions\en-US

ADMX-Test-016

Here is the result when opening Group Policy Management Editor.

ADMX-Test-005

ADMX-Test-006

Create a free website or blog at WordPress.com.