May 20 2011

Group Policy Loopback Processing

Until recently I hadn’t ever played with loopback processing in group policies. I was having problems with group policies not being applied and found that this setting was enabled. When I looked into it this is what I found.

There are two settings for the Loopback Processing settings (detailed below).

  • Merge Mode
    In this mode, when the user logs on, the user’s list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer’s location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer’s GPOs to have higher precedence than the user’s GPOs. In this example, the list of GPOs for the computer is added to the user’s list.
  • Replace Mode
    In this mode, the user’s list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.

More information can be found at Microsoft support (http://support.microsoft.com/kb/231287).

May 19 2011

PowerGUI

PowerGUIOne of the best tools I have found out there for easily manipulating Powershell queries would have to be PowerGUI (http://www.powergui.org/index.jspa). This somewhat intuitive application is great for viewing and manipulating content in a few key applications.

The one source that I find it extremely helpful is with Active Directory. Although,  the way it searched AD is a little slow (corrected with AD 2008) it is extemely useful.

Combined with an LDAP Browser (http://www.ldapadministrator.com/) and ADModify.NET (http://admodify.codeplex.com/) you can make some quick changes to AD to fulfil changes to users, computer and any other AD objects extremely quickly.

I recently had to perform a large migration from quite a messy AD hierarchy. This tool along with the other mentioned above, saved me quite a bit of time in the moving of objects and renaming certain fields.

I am sure that there is tools out there to make the whole process a lot quicker, but from what I can see this combination were the only free tools out there to get the job done quickly.

May 18 2011

Login Error

You may experience an error message such as shown below. This error comes from Windows XP, and it took me quite a bit of time in troubleshooting.

Windows Boot Error

This message was caused by a simple error in the user properties page in AD whereby a space was entered in the login script dialogue box. This simple error which was hard to find, caused this message to pop up each time the user logged into their PC.

To ensure that you do not receive such an error, ensure that all your user property fields are filled in correct, and if they are blank, ensure that they are actually empty.

Error Message Text:
Windows cannot find ‘/idlist,:232:2632,\\{SERVERNAME}\NETLOGON’. Make sure you types the name correctly and then try again. To search for a file, click the Start button, and then click Search.

May 18 2011

Numlock on Boot

I have had a request a number of times that users would like NUMLOCK to be enabled on Windows boot. I looked it up (http://support.microsoft.com/kb/154529) and found a simple registry hack to enable this.

To achieve this desired outcome, you will need to enter into the registry and make a small modification.

  1. Run Registry Editor.
  2. Move to HKEY_USERS\.Default\Control Panel\Keyboard.
  3. Change the value for InitialKeyboardIndicators from 0 to 2

This will enable the NUMLOCK, but will require a reboot to see your results.

May 13 2011

Group Policy Order

Group Policy (GP) ordering is not that difficult, but is could be a little confusing to understand when you first look at it.

Group Policies are applied in order from the root of the tree down. This way, a preference setting at a lower layer in the true can override a setting applied at a more “generic” level.

The order of a Policy can be altered, but only within the Organisational Unit for which the GP’s exist. This can be achieved by selecting the Organisational Unit (OU) in question, and then choosing the “Linked Group Policy Objects” tab on the right hand side of the window.

Group Policy Settings

Once this has been selected, you should see the list of Group Policies enabled at this level. You can move these order of application by clicking the arrows on the left hand side of this pane. The application order of policies is from the bottom up. Meaning that an Policy with a link order of 5 will get applied before one with a link order of 1. This can be seen by selecting the “Group Policy Inheritance” button

Group Policy InheritanceHere you will see a total list of all group policies that apply to the respective level in the order of there application.

Official Link: http://technet.microsoft.com/en-us/library/cc778890(WS.10).aspx

» Newer posts

Fetch more items