THUNDERBIRD | GPO or Registry | Certificate handling

Basics:   Via Registry: HKCU\Software\Policies\Mozilla\Thunderbird\Certificates\Install\1 = “mycert.der” or Software\Policies\Mozilla\Thunderbird\Certificates\Install\2 = “\\MYHOST\Users\username\mycert.pem” or Software\Policies\Mozilla\Thunderbird\Certificates\Install\3 = “C:\CERTS\mycert.pem” as REG_EXPAND_SZ. If you define only a file name without a path Thunderbird searches %USERPROFILE%\AppData\Local\Thunderbird\Certificates%USERPROFILE%\AppData\Roaming\Thunderbird\Certificates for your files. Via GPO: Use the user branch. Define full path file location or file names only. If you specify only a file […]

Windows 10 | WSUS update problems

Your machines can’t connect to your WSUS? Maybe you upgraded your Windows version (ie 1909 > 2004) and your old GPOs don’t fit the new version. Solution: remove your old Update GPOs, add the new admx files from an freshly upgraded windows machine to your DCs PoliciyDefinitions and reconstruct your GPOs.

Hide Shutdown + Reboot buttons in Windows 10 via GPO

These policy settings are available in Administrative Templates\Start Menu and Taskbar under User Configuration. Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands or in German: Befehle “Herunterfahren”, “Neu starten”, “Energie sparen” und “Ruhezustand” entfernen und Zugriff darauf verweigern

GPO | MSOffice | Macro handling

Office 20100-16 ADMX Files installieren. GPO erzeugen. GPO editieren. Regeln: Microsoft Office 2010-16 | Sicherheitseinstellungen | VBA für Office-Anwendungen deaktivieren: Deaktiviert [Wenn aktiviert, werden ALLE Makros deaktiviert. Ausnahmen über ‘Vertrauenswürdige Speicherorte’ sind nicht möglich.] Microsoft Office 20100-16 | Sicherheitseinstellungen | Sicherheitscenter | Mischung aus Richtlinien- und Benutzerspeicherorten zulassen: Deaktiviert Microsoft Office 20100-16 | Sicherheitseinstellungen | […]

GPO | WMI filtering for users and/or machines

Setting some user branch rules for specific users on specific machines only. Forget old school loopback mode – use WMI Filtering instead. Create a WMI Rule. Syntax is like select * from Win32_ComputerSystem where ( Name like ‘MACHINE%’ or Name = ‘SERVERX’) and (UserName like ‘mueller%’ or Username = ‘meier’ ) or select * from […]