GPO to map drive. Better than scripts in many ways.

The best way to map a drive is to use Group Policy Preferences, introduced in Windows Server 2008. Group Policy Preferences removes many of the reasons we had to use scripts in the past.

1. Open an existing Group Policy Object (GPO) (or create a new one linked to the domain or OU you want to map to).

2. Navigate to User Configuration, Preferences, Windows Settings, Drive Maps.

3. Right-click Drive Maps and select New, Mapped Drive.

4. To add a new mapped drive for users, select Create (or select Replace to replace an existing map drive that might already exist with the same letter).

5. Close Group Policy.

6. Enter the details for the share, a name, and letter, then click OK (see the screen shot below).

drivemapgpo_0

At next Group Policy refresh, during logon, the drive will be mapped.

Windows 7 Automatic Restart–Windows Update

The functionality of Windows Update automatic restarts has changed from the way it functioned in Windows XP. We all remember the postpone function that could be done indefinitely. Now in Windows 7 without the user interacting with the dialog, it will reboot the PC even if it’s locked or simply idle. I personally don’t see an issue, maybe an annoyance as you’d have to rearrange your windows again, but the state of requiring a reboot is not one to just “hang out” in. In short, don’t get up from your desk without saving that paper or spreadsheet you’ve been working on all day.

Here’s a way to Enable or Disable Windows Updates from Automatically Restarting the Computer.

Discovery Steps

Been doing a lot of client discovery recently for Managed Services client on-boarding, and documentation of existing clients. This is a somewhat time consuming process as its balance between trusting what’s provided by the client (often from the out-going System admin or company) and finding out for yourself. I tend to use the provided documents to confirm what I have found, with a ton of help from teammates and coworkers.

I don’t pretend to be a Network layer expert I understand the process and can find my way around a bit but I really rely on a top notch Networking coworker. His task really is to look around and find everything from the firewall to the routing and switching. I need from him; the ranges that my tools should scan and the SNMP to be configured to let me discover and eventually monitor.

After I get that email or better yet spreadsheet, onto the infrastructure work and then to the preferred tools…

Well not quite… first its DNS. DNS must be clean and up to date. Best way to do this is Scavenge DNS.

Checking all DNS servers in a Domain and setting up the scavenging attempt frequency, and record aging.

Get a list of DCs in the Domain by…

nltest /dclist:domain.local replacing domain.local with the actual domain.

Under the Advanced Properties of the DNS Servers check the “Enable automatic scavenging of stale records” checkbox and Set the scavenging period. Default is 7 days I think, which is fine in most cases as long as its at least as long as the DHCP lease interval.

Next “Set Aging/Scavenging for All Zones…” check the Scavenge stale resource records, and I like to chose 3 days for No-Refresh intervals and 4 days for Refresh intervals. In the box that appears check the “Apply these settings to the existing Active Directory-integrated zones.

 

 

WMI! Without it almost every discovery and management tool is useless.

 

Microsoft Assessment and Planning toolkit (MAP Toolkit)

ADTD and Visio

Secure non-Microsoft applications by publishing 3rd-party updates to WSUS

This article is really good. It is a must for enterprises that use standard users and have these 3rd-party apps (Adobe, Java, etc.). We’ve also suppressed the notifications at most clients using custom ADMX.

Secure non-Microsoft applications by publishing 3rd-party updates to WSUS

How to refresh the Group Policy Settings on remote computers

I’ve been asked this question so many times that I can’t even count them. GPOs are powerful admins want them to work NOW!

How to refresh the Group Policy Settings on remote computers

Support guidelines for migrating roaming user profiles data to Windows Vista or to Windows Server 2008

 

Support guidelines for migrating roaming user profiles data to Windows Vista or to Windows Server 2008

Restricted Groups – Making domain users administrators of their own PCs

I’m not a big fan of an everyday user being in total control of their own PC, because when something is wrong with it the buck doesn’t stop there it falls in the lap of the IT guy.

 

In case it’s ever needed this is the best method, not the MS method.

 

http://abouteverythingsite.com/computer-networking/group-policy-restricted-groups.html

ADM files for Group Policy

http://thelazyadmin.com/blogs/thelazyadmin/archive/2005/07/05/Creating-Custom-ADM-Templates.aspx

This is a great blog for just about every System Admin task you can think of.

Group Policy Essentials No Sys Admin Can Live Without

This is a great starter. A must read if you’re just looking to understand how GPOs work.

Group Policy Essentials No Sys Admin Can Live Without.