Windows Server 2008 Manageability Feature: Group Policy Preferences: Part 3 Local Groups

Another use of Local Users and Group preference extension to enable us to add a specific domain groups or accounts to the local machine group. for this example I’m going to add all manila employees as administrators of local machines, to do this you must navigate from  the GPMC and to the Group Policy editor, editing the GPO that we need to add the preference, like what we did on my first post. Like the second post, navigate to the Computer Configuration, Preferences Control panel settings and right click Local Users and Groups, choose New – Local Group.

 

On the Group Action I will chose to update this because we already have built-in administrators on local computers, you can now click the add button and type in the member name or navigate with the ellipsis. I will chose to add this new members to the current group and to apply just click ok twice.

 

 

A simple yet powerful extension from Group policy preferences for adding / deleting a domain OU to a local machine group.

Windows Server 2008 Manageability Features: Group Policy Preferences, Part 2 The Local Administrator

On my previous post, I had a chance to take on Group Policy Preferences with a very quick very humble description of it. On our part 2 we will demo on "How to manage local administrator accounts on machines" which has been a one of the favorite topics on the web before, even at the Microsoft Philippines Community Forum way back 2007.  Before what we do is create a script to do this and run thru GPO, now with Windows Server 2008 Group Policy Preferences, we can do it in just a few clicks.

To start open your Group Policy Management Console and Create or Edit the GPO you want to use.

 

On the Computer Configuration, Go to the Preferences, and Expand Control Panel Settings:

 

Right Click Local users and Groups and Select New Local User.

 

 

 

 

 

 

 

Chose the action to UPDATE the Built-in Administrator Account.

I also chose that the local built-in administrator cannot change its password and it never expires. You can also chose to disable it if you want to. In order to assign a new password to it, fill up the Password and the Confirm password. Apply or click Okay and there, you have successfully deployed a GPO that updates Built-in Local Administrator and its passwords for all of the machines that this GPO applies to.

If you have not visited my first post, here is a link for more info on Group Policy Preferences.

Windows Server 2008 Manageability Feature: Group Policy Preferences

Group Policy Preference is a new feature to the Windows Server 2008 that enables you to configure other computer or user preferences that are not covered with Group Policy Settings. An example of which is the mapping network drives, which traditionally we use a logon script that is being executed by a Group Policy Settings.

Quick Overview:

Making this overview short, Group Policy Preferences are initial configurations and can be re-configured by the end user , while the Group Policy Settings are strictly enforced to the target object (a user / machine). This makes your environment FLEXIBLE and HUMAN FRIENDLY. Also. flexibility is most exampled in the scenario where you can apply once and do not re-apply again. This also helps with deployment if you are deploying hundreds of machines but with different group initial preferences which can be configured by the end user.

Group Policy Preference Extensions:

The Group Policy Preference can be used thru the Server manager Feature Snap in.

 

But most administrators, like me, most of us don’t really like going to the server room or going remote desktop, if you are like me (having Vista Enterprise, Business for clients + Server 2008 Forest) you can use the Remote Server Administration Tool, RSAT: A how to is described in this link. I would really recommend this if you are managing a whole forest say with 5 local domain and 1 global domain.

If you still do not have an RSAT you can also download the Group Policy Preference Client Side Extensions for Windows Vista x64 Edition (KB943729)

 

 

 

Quick Note: you must have a Genuine Vista in order to download this update.

 

 

 

 

 

 

Launch the Group Policy Management Console from your Administrative Tools

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

I already created my GPO which is called "Preferences" (to create this just right click on the level you want to apply the GP, then either Create a GPO or link an existing GPO) . This sample GPO will be our test bed for our Group Policy Preferences. You can right click it and on the context menu, select edit.

  

 

 

 

just a quick side by side comparison on the Group Policy with Preferences and Policies group with the local Group Policy. you will notice that there is a new grouping and that’s what separates the Policies and the Preferences. There is this usual Computer and User groups and is being used still even with the introduction of preferences making our configurations more flexible.

 

 

 

 

For the first preferences that we will configure I have chosen to map a network share thru Group Policy Preference, which otherwise we are going to configure and deploy using a combination of standard GPO and a batch file.

With the Group Policy Preferences, we can now deploy Mapped Network Drives by just going to the User Configuration, navigate to the PREFERENCES, then expand Windows Settings. On the Map Drives icon, right click new and then Click Map Drive.

From there everything is straight forward, you can create, replace, update and delete existing network drive. Put your network location, specify drive letter and thats it.

You can also specify the account that will be used to connect to this drive.

Summary:

Group Policy References is available on Windows Server 2008,

Group Policy Preferences are initial configurations and can be re-configured by the end user , while the Group Policy Settings are strictly enforced to the target object (a user / machine).

Can be managed using Server Manager Feature snap-in, Vista RSAT or via Group Policy Preference Client Side Extensions for Windows Vista .

This gives more ease of management, rather than thinking if the script we wrote will run at all, we now focus on the business objectives which is far more important.

More information is available about Group Policy preferences here:  http://www.microsoft.com/downloads/details.aspx?FamilyID=42e30e3f-6f01-4610-9d6e-f6e0fb7a0790&DisplayLang=en

PHIWUG Monthly Meeting – March 2009

The Philippine Windows Users Group has just had its Monthly meeting and for March 2009 we had a chance to talk with the GUYS and what can I say more, this would be a busy but exiting month for PHIWUG, there would be alot of community activities and TechNet sessions such as Interoperability of Windows Server 2008 and a tech talk on Windows Server 2008 / Windows 7 Security. I hope this all push thru, including the Windows 7 day install fest day. And We need to update our website!

Also there now 2 mythological things that PHIWUG has formulated, aside from the demo gods, Windows 7 has a spirit that seemingly and magically heals it self 😀 (The story goes that an application launched on W7, it did not worked on the 4th time it did without any of us configuring or even re-installing it, we will demystify this, right Faelmar?)

Hey guys thanks for the Burger moments at burger king in Glorieta 3, see ya all in our planned events!

PHIWUG is @ the Computer World Magazine, get your March 2009 Copy!

Have you already seen the March 2009 copy of the Computer World mag?http://www.computerworld.com.ph/?_s=4&_ss=312 

 

PHIWUG is featured in the Industry Group Column of the Computer World, and its a 3 page article about what really is PHIWUG, why we do this and what is our definition of the word COMMUNITY. Also featured in this article are our events like as the our TechNet Session on Terminal Services and the Hyper-V event.

  

Community Sharing. As their slogan says, “Where IT pros in the Philippines meet together,” the Philippine Windows Users Group or PHIWUG is a relatively new group that sprang from the desire to have a venue where ideas and useful information can be shared.

Thanks to Computer World for featuring PHIWUG, hope we can do this again.

Makati TechNet Session: Windows Server 2008 Manageability Features

 

Thank you so much for attending another TechNet session with the Philippine Windows User Group last March 24 2009. The Session about Windows Server 2008 Manageability Features.

 

 

 

 

 

 

In this event we had a very intimate sharing session on how we manage Windows Server 2008 from the basic Server Manager to Monad’s WMI capabilities up to enterprise class management using System Center Operations Manager 2007 and it was a blast!

 

 

 

 

Elczar Adame on his Microsoft IO slides, as PHIWUG’s initiatives on Infrastructure Optimization.

 

Its a life, without walls 😀

 

 

Installing, configuring and managing! 

A demo on Server Manager.

Any body, for some monad scripts?

Jay Paloma, (fresh from Singapore) gave a quick overview of Windows Deployment and free assessment tools for deploying Server, Clients and Office systems.

The event is recorded, oh my 😛

It was a good attendance which includes of course the PHIWUG members.

 

The rest of our event photos are here, go check it out 😀

 

 

 

So again and in Behalf of the PHILIPPINE WINDOWS USERS GROUP, thank you so much for attending hope to see you all in another of our TechNet Sessions! There is more where these came from!