My-Technet

Create a new WMI Filter from the Group Policy Management Console.

Add a new filter using Namespace root\CIMv2

Select * from Win32_OperatingSystem Where Caption Like "%Windows% %Server%”

Test the WMI filter – Example: wmic path Win32_OperatingSystem Where Caption Like "%Windows% %Server% get Caption

Create a new batch file in the netlogon folder and save the file.

@ECHO OFF

REM * Deploy and Config BGINFO *
if exist %systemroot%\bginfo.exe goto tools
copy "\\DOMAINNAME\netlogon\bginfo\BGINFO.EXE" %SYSTEMROOT% /Y
:tools
start %SYSTEMROOT%\bginfo.exe /i"\\DOMAINNAME\netlogon\bginfo\bginfo.bgi" /timer:0 /silent /NOLICPROMPT

Copy BGINFO.EXE to a folder named BGINFO on the NETLOGON share.

Save the BGInfo.bgi config to the same folder.

Create a new GPO for a User Logon Script and point to the batch file created above and use the WMI Filter on this GPO.

SELECT * FROM Win32_Product WHERE Caption LIKE “Microsoft Office%2003%” OR Caption LIKE “Microsoft Office%2000%” OR Caption LIKE “Microsoft Office%XP%”

How to Configure Power Settings for Windows 7 PCs via Group Policy

If server is Windows 2008 (R1) the following steps need to be taken:

1:  Copy the “Policy Definitions” folder on a Windows 7 PC from the C:\Windows directory to \\Domain.local\SYSVOL\Policies Folder.

2:  On a Windows 7 PC download and install RSAT (Remote Server Administration Tools) for Windows 7.

From a Windows 2008 R2 server or the Windows 7 PC with RSAT installed:

1: Create a New GPO.

2: Navigate to “Computer Configuration\Preferences\Control Panel Settings\Power Options”

3: Right Click and Create new “Power Plan (Windows Vista and later)”

4: Change the Action to “New” and name the Policy.

5: Configure the power settings.

6:  Make sure the Group Policy is applied to the correct OU.  Close the Group Policy Manger.

7:  From a Windows 7 PC.  Update Group Policy with the “gpupdate /force” command.

8:  Find the power scheme you just created by using the “powercfg /list” command. 

9:  Copy the GUID of the power scheme.

10:  Open the Group Policy Management Console again and edit GPO you created for the Windows 7 Power Settings.

11:  Navigate to: Computer Configuration\Policies\Administrative Templates\System\Power Management\Specify a Custom Active Power Plan

12:  Enable the Policy and Paste your GUID into the Options.

13: After Group Policy updates the PC’s Power Settings should look like this:

For folder redirection to work properly, the destination shared folder NTFS and Share Permissions must be properly configured.  If redirecting a folder to a location that the end user should not change, i.e. the Start Menu or Locked Down Desktop the following permissions should be applied:

• Share Permissions:
  • Everyone – Full Control
  • Administrators – Full Control
  • System – Full Control
• NTFS Permissions:
  • Everyone – Read and Execute
  • Administrators – Full Control
  • System – Full Control

If Group Policy is configured to redirect to a location where the GPO will automatically create the destination folder, i.e. user’s individual Application Data, Desktop or My Documents folders the following permissions should be applied to the parent folder:

• Share Permissions:
  • Everyone – Full Control
  • Administrators – Full Control
  • System – Full Control
• NTFS Permissions:
  • Everyone – Create Folder/Append Data (This Folder Only)
  • Everyone – List Folder/Read Data (This Folder Only)
  • Everyone – Read Attributes (This Folder Only)
  • Everyone – Traverse Folder/Execute File (This Folder Only)
  • CREATOR OWNER – Full Control (Subfolders and Files Only)
  • System – Full Control (This Folder, Subfolders and Files)
  • Domain Admins – Full Control (This Folder, Subfolders and Files)

It’s important to note that when redirecting folders such as My Documents to a location that already exists, i.e. the User’s Home Folder there is another setting to consider, ownership. If the user is not the owner of the destination directory, folder redirection will fail with the default Folder Redirection settings. When this is the case, one must deselect “Grant the user exclusive rights to My Documents”