@Tim_G said in GPO Path?:

@Grey said in GPO Path?:

So, what's the current method to add a single trusted site to my intranet zone in GPO, eh? And where do I modify all of the trusted sites/zones and activex now?

I was answering the above question. Of course these will say not configured, because you haven't configured them yet.

That's the thing though; there is configuration from the previous IT Team.

I should be able to edit that and I just can't. The path shown isn't there for me.

@Dashrender said in Windows Offline Files query:

I'm guessing those 8 people didn't make any offline updates to files in that folder, so Windows never checked to see if there were new versions.

They have Read-Only access to the network folder. Another group is tasked of updating it.

@scotth said in Rolling Out Scale Driver Updates with Group Policy on Windows Server 2012 R2:

@scottalanmiller said in Rolling Out Scale Driver Updates with Group Policy on Windows Server 2012 R2:

@scotth said in Rolling Out Scale Driver Updates with Group Policy on Windows Server 2012 R2:

We are just starting to plan our hardware refresh. I'm seriously considering Scale. I like the info that I've seen so far.

We love ours, it has been great.

I'm still pulling down information..... I need a vibrant DR plan in place or decided on before I commit to a platform. It always seems to be overlooked as an afterthought.

Common approach is to get something like a Synology or a ReadyNAS and use the Scale HC3 built in snapshot and export backup functionality to push full image backups on a schedule out to the NAS.

Boy I remember when I came to the understanding that MS really wanted you to build completely separate GPs for users vs devices...

We use Cisco Any Connect that authenticates against AD, but is not tied to any kind of GPS and it works for us just fine. Except for deployment, I see no need in using GPS.

If we use GPS for anything, it's with RADIUS for our wireless network. That works in one location but not the other. And this is only because both locations have different wireless systems and in how each system implements RADIUS and authenticates a laptop against an OU.

@coliver said in Best Way to Deploy EXE Packages via Group Policy:

@coliver said in Best Way to Deploy EXE Packages via Group Policy:

If the EXE has a silent installer flag I would run it as a startup or login task the first time. Just add a check in there to see if it has already been installed.

Meant to say I would put it on a share and have a startup script execute it with the silent flag. Drop a installcomplete.txt file somewhere on the local disk and query for that at startup.

Cool, that's the direction that I was headed.

@Mike-Davis said in What should be in Powershell 101 and Group Policy 101 Sessions at MangoCon 2016?:

In the WPA2-Enterprise deployment session, I'll hit on how you push the cert and SSID to your domain joined devices to have the connect automatically to your WPA2-Enterprise SSID.

I like this idea.

yes, i'd like to apply this to all remote users.
Note: the users ONLY use Excel as a published remote app and its the Office/Excel date format that is in US when we'd like it to be UK.

Yes, i have changed as admin on the RDS server both the server time/date/regional settings and also Office Language settings.

I'd like the GPO to apply to ALL & ANYONE who logs onto the server or uses the remote app Excel.

@Dashrender said in Rename Desktop Icon via GPP:

@IRJ said in Rename Desktop Icon via GPP:

Duh!!! I can just delete and create a new one... LOL

This just means you have two entries in your GPO for while.

Yeah. I actually deleted some really old shortcut GPOs that are about a year old while I was in there. I can probably safely remove this after a month.

6 of one. It accomplishes what you wanted without having to go to each system and do it manually. Is it a full-on GPO setting? No. Will it work? Probably.

Yes, I think that RSAT might actually care as if it does the wrong thing it won't see the files.

Cached mode for 2016 is disabled just like all the rest, yeah!

I do this because calendars don't play nice when you're opening up 12 other people calendars regularly, and so are 80 other people.

No cached mode means you're working live on the system at all times, or your not working at all.

My first thought was finding the file on the server and manually editing it, but damn.. that would be dangerous.

I love ninite for personal use. Nuke/pave times drop dramatically.

@g.jacobse said:

How does Group Policy affect AD memberships or does it?

It does not. AD and GPO are separate things.

$computers = Get-Content -path C:\fso\computers.txt
$user = "aUser"
$password = "MyNewPassword!"
Foreach($computer in $computers)
{
$user = [adsi]"WinNT://$computer/$user,user"
$user.SetPassword($Password)
$user.SetInfo()
}

http://blogs.technet.com/b/heyscriptingguy/archive/2009/03/25/how-can-i-change-the-passwords-of-multiple-local-computer-accounts.aspx

It was super easy to do. I just created the folder and dropped the new ADMX files in.

I incorrectly started my GPOs in the default GP 10 years ago... like you I've moved away from this practice completely allowing me greater flexibility where needed.