Category Archives: General

Adding Domain Users To The Local Administrators Group Using Group Policy

Adding AD users to the local administrators group on multiple computers is simple using Group Policy.  In this post I’ll describe the process.

Create a fresh group policy object (GPO) and link it to a test Organisation Unit (OU).  Add a test server to the OU.

Open the GPO and navigate to Computer Configuration -> Policies -> Windows Settings   -> Security Settings -> Restricted Groups.

RestrictedGroups1

 

Right click and choose Add Group.  If you want to add users to the local administrators group enter Administrators.  In the next window under “Members of this group:” click Add and choose the users to add to the local administrators group.  Note that any users that are currently in the local administrators group will be removed and replaced with the users you select here.  If that is what you want click OK and close the GPO.

RestrictedGroups2

The second method allows you to add an AD security group to the local administrators group.  This process is additive and users and groups that are currently in the local administrators group are untouched.

Navigate to Restricted Groups as previous, right click and choose Add Group.  This time enter the name of the AD security group you wish to add to the local administrators group.  Click Ok and on the next screen in the “This group is a member of:” section click Add.  Enter Administrators to add the group to the local administrators group. Click OK and close the GPO to save changes.  You can add additional users to the domain group and they will automatically be part of the local administrators group on servers that apply the GPO.

Advertisements

Troubleshooting Hyper-V Integration Component Issues

Three old virtual servers were showing as VM Additions Not Detected in System Center Virtual Machine Manger 2012 SP1 (VMM).

Hyper-V_Int1

Choosing to Install Virtual Guest services didn’t resolve the problem as they were already listed in Add Remove Programs and installed.  Mouse integration was working without having to use CTRL-ALT-LEFT, but I was unable to use the Shut Down command from VMM.

Device Manager showed no errors, but the Event Log was showing errors for the failure of the following services to start: Hyper-V Heartbeat, Hyper-V Data Exchange, Hyper-V Guest Shutdown, Hyper-V Time Synchronization and Hyper-V Volume Shadow Copy Requestor.

A closer looked showed two Hyper-V integration components entries in Add Remove Programs: Hyper-V Integration Services (version 6.2.9200.16384) and Microsoft Hyper-V Guest Components.

Hyper-V_Int2I chose to uninstall both components.  Following a reboot I re-installed the Hyper-V Integration Services using VMM.  Following this everything worked correctly.

How To Specify Alternate File Location For Features On Demand In Server 2012

In Windows Server 2012 the binaries for Features on Demand e.g. the .Net Framework 3.5 are not installed as part of Windows.  When you enable this type of feature Windows will attempt to contact Windows Update to download the required files.  If you’re working on a server that’s not connected to the internet this can be problematic.  One work around is to use Group Policy to specify an ISO file as an alternate file source.

Mount the Windows Server ISO into the virtual machine

Open the local Group Policy editor by typing gpedit.msc at the Start Screen

Navigate to Computer Configuration -> Administrative Templates -> System

Open the “Specify settings for optional component installation and component repair” setting

Enable the setting and type the path to the sxs folder on your ISO file.

GP1 GP2

 

View this KB for further information http://support.microsoft.com/kb/2734782/en-gb

 

Prevent Reboots During An Unattended Installation Of Office 2010

Office 2010 is installed as part of our standard Windows 7 System Center Configuration Manager (SCCM) task sequence.  Office installed correctly all our PC models except the Dell Latitude E6320 and E6330.  These models rebooted during the Office installation, stopping the task sequence and leaving the laptop unusable.  If you have the same problem the resolution is easy.

Open your existing MSP file that controls the Office installation by running Setup.exe /Admin.

Open the “Modify Setup properties” section and add a new property.  The property name needs to be SETUP_REBOOT and the value Never.

Office 2010 MSP No Reboot

Save your changes to the MSP and Office will no longer reboot.

Microsoft Outlook: Cannot start Microsoft Outlook

Following the installation of an Outlook add-in I received the message “Cannot start Microsoft Outlook” when I attempted to open Outlook.

Outlook Error

I tried to open Outlook in Safe Mode by holding down CTRL when clicking the Outlook icon.  However, this didn’t solve the problem.  Next I opened Control Panel and received the message “Your system needs more memory or system resources”.  This didn’t make sense as I had GBs of free RAM.

In order to solve the problem, I opened registry editor and renamed

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem

to Windows Messaging Subsystem – BAK.  I was then able to open Outlook and create a new profile.

New Outlook Profile

 

 

Disable Controls In Office 2010 Using Group Policy

As part of an Office 2010 deployment I needed to remove the Recent Documents option from Word.  It’s possible to do this using the Office 2010 Group Policy settings.

Download and extract the Office 2010 Administrative Template files http://www.microsoft.com/en-us/download/details.aspx?id=18968

Download and extract the Office 2010 Help Files: Office Fluent User Interface Control Identifiers http://www.microsoft.com/en-gb/download/details.aspx?id=6627

Open the Group Policy Object you wish to use to manage Office 2010.  Expand User Configuration, Policies and right-click on Administrative Templates.  Choose Add/Remove Templates…

Select the Office 2010 adm files and click Close

Go to the location to which you extracted the Office 2010 Help Files: Office Fluent User Interface Control Identifiers.  Open the Excel spreadsheet for the appropriate application.

Search the spreadsheet for the control you wish to disable.  I wanted to remove access to Recent documents, so noted control IDs 21439 and 19950.

Expand User Configuration, Policies, Microsoft Word 2010, Disable Items in User Interface, Custom and open Disable commands

In Disable commands choose enable, click Show and enter the control IDs you wish to disable.  Separate multiple values with a comma. Click OK and close the Group Policy editor.

 

Recent document is now disabled

Windows 7 Desktop Configuration

As part of a Windows 7 deployment I’ve needed to make a few changes to the look and feel of the desktop.  Here are a few useful tips

Remove the Windows Media Player icon from taskbar

In your unattend.xml file, add Microsoft-Windows-Shell-Setup to the OOBE system pass.  There’s  a setting called ShowWindowsMediaPlayer.  Set the value of this setting to FALSE

Deploy pinned taskbar icons using Group Policy

The files are stored in %APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar and registry settings are stored in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband

Configure the task bar on a Windows 7 PC

Import the registry settings from HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband into Group Policy Preferences

Copy the files from %APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar to a shared folder and use Group Policy Preferences to apply them to other PCs

Change the Start Menu to “Combine when taskbar is full”

Use Group Policy Preferences to apply the registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\TaskbarGlomLevel  Set the value of  TaskbarGlomLevel  to 1

Remove the IE welcome message 

Change the setting in Group Policy called “Prevent performance of First Run Customize Settings” to “Go directly to home page”

Remove the Lync welcome message

Use Group Policy Preferences to set HKCU\Software\Microsoft\Communicator\FirstRunPlayed to 1