Information wants to be free!
Remote Desktop Connection (RDC) has a Group Policy setting that determines which publishers are to be considered trusted when launching connections (typically .rdp files served in various ways). The publisher is identified by the SHA1 thumbprint of the certificate of the publisher (the certificate used to sign the .rdp file). You get the thumbprint from …
Continue reading “SHA1 Thumbprints for trusted .rdp publishers”
While investigating some EFS settings I needed to look at the raw data in Group Policy settings files, usually called Registry.pol and located in the SYSVOL share for each GPO. First I tried to load it as any other hive in Registry Editor, but that did not work, indicating that .pol files do not use …
Continue reading “Viewing the contents of Group Policy Registry.pol files”
WMI filters are useful to further filter Group Policy Objects (GPOs), beyond what is possible/convenient with groups. Distinguish between x86 and x64 computers: x86 Select AddressWidth from Win32_Processor where (AddressWidth=”32″) x64 Select AddressWidth from Win32_Processor where (AddressWidth=”64″) Determine Windows version: Use this filter to determine the Windows version and role: select * from Win32_OperatingSystem where …
In smaller deployments Microsoft Security Essentials (MSE) is a good, free alternative for anti-malware. If you decide to use MSE in your images, you will discover that sysprep resets the Out Of Box Experience (OOBE) settings for MSE. In other words; every user that logs on to a machine deployed from your image will see …
Continue reading “Microsoft Security Essentials, Sysprep and Group Policy”
A long time ago I created an HTML based application to calculate the numeric values required to hide specific combinations of drive letters through Group Policy. I also made a custom template file where you could enter the numeric value directly instead of editing the templates that came with Windows. I used to host these …
Continue reading “Availability of the Group Policy Hide drives calculator and associated template”
What are Restricted Groups? The Restricted Groups security setting in Group Policy allows an administrator to define two properties for security-sensitive groups (“restricted” groups). The two properties are Members and Member Of. In short it lets an Administrator decide which security principals are members of a restricted group, and which groups the restricted group is …
Continue reading “Working with Group Policy Restricted Groups policies”