Category Archives: GPO

Remove Administrative Tools from Start

Create a ADM file and add this:

CLASS USER
CATEGORY “Start Menu Administrative Tools(CustomADM)”
POLICY “Remove Administrative Tools from Start Menu”
EXPLAIN !!ADMHelp
KEYNAME Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
PART !!ADM_Configure DROPDOWNLIST REQUIRED
VALUENAME “Start_AdminToolsRoot”
ITEMLIST
NAME !!ADMoff VALUE NUMERIC 0 DEFAULT
NAME !!ADMon VALUE NUMERIC 1
END ITEMLIST
END PART
END POLICY
END CATEGORY

[strings]
ADM_Configure=”Set the Administrative Tools to:”
ADMoff=”Hidden”
ADMon=”Visible”

; explains
ADMhelp=”Set Administrative Tools to be shown or hidden on the Start Menu. No need to delete the folder off your TS now! MMills – 30/03/10″

Save the file and add it as at template in your GPO

After this you can find it under “Classic Administrative Templates (ADM)”

You have to enable it and then set the folder to be “Hidden” or “Visible”

 

Hide drives besides ABCD on Windows 2008R2

1. Using Notepad, please create a new file named hidedrives.adm with the following contents:

CLASS USER
CATEGORY !!HideDrive
KEYNAME Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

POLICY !!NoDrives
#if version >= 4
SUPPORTED !!SUPPORTED_Win2k
#endif

EXPLAIN !!NoDrives_Help
PART !!NoDrivesDropdown DROPDOWNLIST NOSORT REQUIRED
VALUENAME “NoDrives”
ITEMLIST
NAME !!ABOnly VALUE NUMERIC 3
NAME !!COnly VALUE NUMERIC 4
NAME !!DOnly VALUE NUMERIC 8
NAME !!EOnly VALUE NUMERIC 16
NAME !!FOnly VALUE NUMERIC 32
NAME !!ABConly VALUE NUMERIC 7
NAME !!ABCDOnly VALUE NUMERIC 15
NAME !!ABCDEOnly VALUE NUMERIC 31
NAME !!ABCDEFOnly VALUE NUMERIC 63
NAME !!ALLDrives VALUE NUMERIC 67108863 DEFAULT
; low 26 bits on (1 bit per drive)
NAME !!RestNoDrives VALUE NUMERIC 0
END ITEMLIST
END PART
END POLICY

END CATEGORY

[strings]
ABOnly=”Restrict A and B drives only”
ABConly=”Restrict A, B and C drives only”
ABCDOnly=”Restrict A, B, C and D drives only”
ABCDEOnly=”Restrict A, B, C, D and E drives only”
ABCDEFOnly=”Restrict A, B, C, D, E and F drives only”
ALLDrives=”Restrict all drives”
COnly=”Restrict C drive only”
DOnly=”Restrict D drive only”
EOnly=”Restrict E drive only”
FOnly=”Restrict F drive only”
HideDrive=”Hide Drives”
NoDrives=”Hide these specified drives in My Computer”
NoDrivesDropdown=”Pick one of the following combinations”
NoDrives_Help=”Removes the icons representing selected hard drives from My Computer and Windows Explorer. Also, the drive letters representing the selected drives do not appear in the standard Open dialog box.\n\nTo use this setting, select a drive or combination of drives in the drop-down list. To display all drives, disable this setting or select the “Do not restrict drives” option in the drop-down list.\n\nNote: This setting removes the drive icons. Users can still gain access to drive contents by using other methods, such as by typing the path to a directory on the drive in the Map Network Drive dialog box, in the Run dialog box, or in a command window.\n\nAlso, this setting does not prevent users from using programs to access these drives or their contents. And, it does not prevent users from using the Disk Management snap-in to view and change drive characteristics.\n\nAlso, see the “Prevent access to drives from My Computer” setting.\n\nNote: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.”
RestNoDrives=”Do not restrict drives”
SUPPORTED_Win2k=”At least Microsoft Windows 2000″

2. Edit the Group Policy Object that will hold this policy using the Group Policy Editor.

3. Under User Configuration, Right-click on Administrative Templates and choose Add/Remove Templates.

4. Click the Add button, browse to the location where you saved the file above and click Open. Click Close to dismiss the Add/Remove Templates dialog.

5. You now should have a new key under Administrative Templates named “Classic Administrative Templates (ADM)” with a Hide Drives key underneath.

6. Configure the *custom* Hide these specified drives in My Computer as desired.

7. Make certain you set the *original* Hide these specified drives in My Computer to Not Configured.

 

You can also use this program to create Administrative Templates http://www.hidecalc.co.uk/

Outlook has blocked specified files

You have to remove Level 1 attachments remove i GPO

Microsoft Office Outlook 2007 ADM
Under Microsoft Office Outlook 2010/Security/Security Form Settings
Enable Outlook Security Mode
Under Microsoft Office Outlook 2010/Security/Security Form Settings/
Attachment Security
Enable Remove file extensions blocked as Lever 1 and add the file
extenssion i.e. XNK
Enable Remove file extensions blocked as Lever 2 and add the file
extenssion i.e. XNK

Can’t print from IE9

1. Change this setting i the GPO:

Computer Configuration/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Temporary folders
Do not use temporary folders per session – has to be “enabled”

2. Create a login script for the user/GPO with this :

if exist “%temp%\low” goto :END
md “%temp%\low”
icacls “%temp%\low” /setintegritylevel L
:END

It creates the right folder that IE9 uses and sets the right settings on the folder

A program is trying to automatically send e-mail on your behalf.” in Outlook with security settings in Group Policy Issue

The Outlook Security Settings are not equivalent between Public Folders and Group Policy.

Specifically the following policies are only available in Public Folders and not in the Group Policy under Microsoft Office Outlook 2007/2010 | Security | Security Form Settings | Programmatic Security:

– When sending items via CDO
– When sending items via Simple MAPI
– When accessing the address book via CDO
– When resolving names via Simple MAPI
– When accessing address information via CDO
– When opening messages via Simple MAPI

 

Further more to enable this you have to enable this:

Microsoft Office Outlook 2007/2010 | Security | Security Form Settings | Outlook Security Mode

and choose : “Use Outlook Security Group Policy”