TechShizz | All posts tagged 'Group Policy'

Allow Domain Users to install their own printers

To do this you need to create a GPO scoped to the Domain Computers group and assign the following policies.

1.Computer Config\Administrative Templates\Printers\Point and Print Restrictions

2. Computer Config\Policies\Windows Settings\Security Settings\Local Policies\Security Options\

3.Computer Configuration\Policies\Administrative Templates\System\Driver Installation

The setting is called "Allow non-administrators to install drivers for these devices setup classes".
You will need to add thedevice class GUID of printers:  {4d36e979-e325-11ce-bfc1-08002be10318}

Removing Office 365 via Group Policy

This guide assumes you have a software distribution point set up for you office 365 deployment.
Computers should have UAC disabled and user should have local admin rights. To achieve this use group policy.

1. Change the configuration.xml file to this:

<Configuration> <Remove All="TRUE"/> </Configuration>

2. Create or use your existing group policy to run the startup script for your office 365 deployment.
3. Reboot the machines which need Office 365 removing, the software will be uninstalled on logon.

Deploying Office via Group Policy

Before installing office like this you need to ensure that office has been removed from all target machines.

1. Create a software distribution share on the local network and share to all users
2. Download and configure office for deployment using the Office Deployment tools. Ensure the correct version, language, update path and architecture is configured in the configuration.xml.
3. Create two group policies: The first is to give users local admin rights and remove UAC. The second is to deploy the software.

The the permissions policy you must disable UAC and create an entry in the restricted groups as below. This policy will apply to all computers that the software is deployed to.

The second policy simply adds a login script to point to the UNC path of the Install.bat for the deployment tool.
For more info on this see Installing office with Click to Run.

Group Policy Central Store

In an environment with multiple domain controllers it's better to centralize your group policy templates. For this they can be stored in the sysvol folder and they will be replicated over avtive directory.

To create a cental store, create a folder called PolicyDefinitions in the \\FQDN\SYSVOL\FQDN\Policies path. Next, copy all of the files from the %systemroot%\PolicyDefinitions folder of a domain controller to the sysvol PolicyDefinitions folder.

Setting up Branch Cache

DC1 - Install Branch cache feature
DC1 - add a LOCAL policy at Computer > Admin Temps > Lanman Server > Hash Publication for Branch cache. Enable for all branch cache folders.
DC1- Set a Local QoS policy to limit bandwidth (to 100K to simulate slow link)
DC1 - Create a Share on c:\Share - Enable Sharing, Caching, enable branch cache checkbox.
DC1 - Copy some content to the share
DC1 - AD Group Policy - Default domain policy > Windows Settings > Security Settings > Windows Firewall > Add Rule > Predefined > Branch Cache HTTP > Nxt nxt allow
Dc1 - Same again but Add Brach Cashe Peer descovery pre-defined rule

Svr1 - Add the Branch Cache Feature
DC1 - Create an OU called branch cache host and put Svr1 into it.
DC1 - Enable Block Inheritence on the OU
Svr1 - Reboot
Svr1 - netsh branchcache set service mode=hostedserver
Svr1 - netsh branchcache show status

DC1 - Gpedit.msc > Default Domain Policy > Comp > Admin > Netowrk > Branch Cache > "Turn on Branch Cache" Enable.
"Enable Automatic Hosted Cache Discovery by Service Connection Point" Enabled.
"Configure Branch Cache for Network Files" Enabled.(Set latency to 0)
Client1 - gpupdate /force reboot
Client1 - netsh branchcache show status all