GPO | Create a scheduled task

Create the task on a computer. Set the executional principal to ‘NT AUTHORITY\SYSTEM’. Type the string directly or search for ‘SYSTEM’ in the computers local branch. Test it locally. Export the Task as xml. Copy the xml to an accessable network share. Create a powershell script to install the task out of this xml. Example […]

GPO | MSOffice | Macro handling

Office 20100-16 ADMX Files installieren. GPO erzeugen. GPO editieren. Regeln: Microsoft Office 2010-16 | Sicherheitseinstellungen | VBA für Office-Anwendungen deaktivieren: Deaktiviert [Wenn aktiviert, werden ALLE Makros deaktiviert. Ausnahmen über ‘Vertrauenswürdige Speicherorte’ sind nicht möglich.] Microsoft Office 20100-16 | Sicherheitseinstellungen | Sicherheitscenter | Mischung aus Richtlinien- und Benutzerspeicherorten zulassen: Deaktiviert Microsoft Office 20100-16 | Sicherheitseinstellungen | […]

GPO | WMI filtering for users and/or machines

Setting some user branch rules for specific users on specific machines only. Forget old school loopback mode – use WMI Filtering instead. Create a WMI Rule. Syntax is like select * from Win32_ComputerSystem where ( Name like ‘MACHINE%’ or Name = ‘SERVERX’) and (UserName like ‘mueller%’ or Username = ‘meier’ ) You MUST (!!!) add […]

GPO | A unixers chronicles

1. GPO is not funny. 2. ALWAYS ADD Authenticated Users to the tab Delegation and grant them readable rights. (RETRIEVE the ‘pull GOP’ right!) (Via Delegation – Expanded view) Otherwise the following may happen: You add a user/group to the Security Filtering section, they appear in Delegation with all sufficient rights – but computer says […]