Group Policy Blog by Darren Mar-Elia (The “GPOGUY”)
Comparing Group Policy (GPO) Settings from PowerShell
One of the cool things we added in the new version of GPO Compare 2.0 was support for a PowerShell interface. GPO Compare 2.0 is all about letting you compare GPO settings across two live or backed up GPOs. The PowerShell interface lets you perform these comparisons...
Disabling Print Screen through Group Policy
Recently someone asked if it was possible to disable the print screen functionality on their keyboard through Group Policy. My initial response was that I had never seen a policy setting to do this, and indeed I figured that you would need to do some low level...
VDI Skepticism
In a bit of a departure from my normal Group Policy banter, I wanted to talk a little bit about VDI, or Virtual Desktop Infrastructure. Like most things around virtualization, there's a ton of hype about the promise of virtualizing desktops. Companies are starting to...
Using GP Preferences to protect against the zero-day shortcut vulnerability
Microsoft recently announced a new security vulnerability in Windows shortcuts that affects all versions of Windows since XP! Its references here: http://support.microsoft.com/kb/2286198. This particular vulnerability takes advantage of the icon that appears in...
Backing up and restoring the Local GPO
Some of you may have seen a twitter post I did a while back letting folks know about the Security Compliance Manager, which is a tool from Microsoft that lets you manage, edit, report, search and export security templates and baselines. This tool is pretty cool, but...
GPO Compare 2.0 and GPO Exporter 1.0 Ship!
This last week, we (SDM Software) released a new version of GPO Compare and a brand new product in GPO Exporter. Why are these significant? Well, first off, GPO Compare now provides full support for all GP settings that were included in Win7 and Server 2008-R2,...
Controlling shares on Windows systems
remove Windows shares easily using Group Policy Preferences
MS Releases Hotfix for Software Restriction Policy Reporting Bug
Thanks to reader Ryan Steele for bringing my attention to the fact that MS has released a hotfix to resolve the GPMC reporting bug that was introduced when Win7 and Server 2008, R2 shipped. I had documented this bug in an earlier blog post. Ryan let me know that MS...
Why Win32_Product is Bad News!
This entry isn't strictly related to Group Policy, but something I came across in that context a few days ago. There is a WMI class called Win32_Product. Querying this class lets you enumerate all installed MSI applications on a given system. This might sound useful...
More on Group Policy Backups and Version Compatibility
GPO Backups and Windows version sensitivity