Bart's Weblog

Just a blog…

Archive for the ‘Group Policy’ Category

Microsoft BPA’s on Windows Server 2008 R2

Posted by bartvdw on 1313/0808/2011

They are now installed when you add a role to a Windows Server 2008 R2 installation, updates are released through MU. Use them to have a check on your configuration settings!!

Best Practices Analyzer
http://technet.microsoft.com/en-us/library/dd759260.aspx

Running and Filtering Scans in Best Practices Analyzer
http://technet.microsoft.com/en-us/library/dd759206.aspx

Posted in Active Directory, Exchange, Group Policy, Windows | Leave a Comment »

NetWrix Freeware Tools

Posted by bartvdw on 2525/0707/2011

Note: I do not provide any support for these tools, nor do I guarantee anything. Test them yourself before usage, this is for your information post only.

NetWrix Freeware Products
http://www.netwrix.com/freeware_products.html

Posted in Active Directory, Exchange, Group Policy, VMware, Windows | Leave a Comment »

Deploying printers using GPP

Posted by bartvdw on 1111/0606/2011

When you deploy printers using GPP, you can receive following error:

‘0x80070bcb The specified printer driver was not found on the system and needs to be downloaded.’

To prevent this, add following options in your policy:
– Computer Configuration\Administrative Templates\Printers\Point and Print Restrictions – set to "Disabled"
– User Configuration\Administrative Templates\Control Panel\Printers\point and Print Restrictions – set to "Disabled"

Posted in Active Directory, Group Policy | 1 Comment »

IPv6: How to configure with GPO

Posted by bartvdw on 1313/0303/2011

By default as from Vista/2008 on, IPv6 is enabled. You can configure this through the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents (32-bit DWORD value)

  1. Type 0 to enable all IPv6 components.
    Note The value "0" is the default setting.
  2. Type 0xffffffff to disable all IPv6 components, except the IPv6 loopback interface. This value also configures Windows Vista to use Internet Protocol version 4 (IPv4) instead of IPv6 in prefix policies.
  3. Type 0x20 to use IPv4 instead of IPv6 in prefix policies.
  4. Type 0x10 to disable native IPv6 interfaces.
  5. Type 0x01 to disable all tunnel IPv6 interfaces.
  6. Type 0x11 to disable all IPv6 interfaces except for the IPv6 loopback interface.

Download the IPv6Configuration.zip file, extracted and copy the files like listed below:

  • IPv6Configuration.admx – Copy this file to %SYSTEMROOT%\PolicyDefinitions
  • IPv6Configuration.adml – Copy this file to %SYSTEMROOT%\PolicyDefinitions\en-US (Replace en-US with your country’s language, as necessary)

Now you can add these in your GPO editor to configure the values described in the MS KB (see link below). Possible values:

  • Enable all IPv6 components (Windows default)
  • Disable all IPv6 components (the setting you probably want)
  • Disable 6to4
  • Disable ISATAP
  • Disable Teredo
  • Disable Teredo and 6to4
  • Disable all tunnel interfaces
  • Disable all LAN and PPP interfaces
  • Disable all LAN, PPP and tunnel interfaces
  • Prefer IPv4 over IPv6

 

How to Configure IPv6 Using Group Policy
http://www.expta.com/2009/02/how-to-configure-ipv6-using-group.html

How to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista, Windows 7 and Windows Server 2008
http://support.microsoft.com/kb/929852/en-us

Posted in Group Policy, Windows | Leave a Comment »