Traditionally login scripts were used to perform this task, but more recently I have used Policy. Maker by Desktop. Standard. When Microsoft bought Desktop. Standard and repackaged Policy. Maker as “Group Policy Client Side Extensions” (GPCSE) I was keen to deploy and use it. Unfortunately this proved harder that it should have been. Despite approving the update (KB9. WSUS I found that it wasn’t being deployed to a large proportion of my systems – with WSUS reporting that the update was “not needed”. Further investigation revealed that I wasn’t the only person with this problem and a solution wasn’t forthcoming. So I gave up on using WSUS to deploy and used an MSI based installation via Group Policy. Typically it’s not possible to deploy command- line type installations (i. However MSI packages can contain command line actions as a “Custom Action”. To apply a GPO to a group of computers, Group Policy relies on Active Directory. There is a set of group policy setting extensions that were previously known as PolicyMaker. The Group Policy settings that you create. Client computers running on OS versions Windows XP, Windows 7. All GPO-based deployment is managed using the Group Policy Management Console. To start the Group Policy. Configuring Default User Settings – Full. A tool called CopyProfile was even created to script this process during unattended installations of Windows XP. GP preferences consist of more than 20 Group Policy extensions. Most Group Policy extensions have these two extension implementation pairs; a CSE that applies policy settings. The GUID enables the core Group Policy engine on the Group Policy client to locate and invoke the CSE. Use Group Policy to disable USB. How to use Group Policy to disable USB drives on Windows XP http://is.gd/8vmSd. Common for all OSes : : Articles & Tutorials : : Windows. As Group Policy becomes more important for managing desktops and servers in Active Directory, it makes sense that the details around Group Policy need. So all we need to do is create a basic “empty” MSI package and modify it with some Custom Actions to actually perform the installation. Preparation. Before progressing it should be noted that the package actually installs two updates. The first is “XML Lite” which is a prerequisite for the actual GPCSE update proper. To create the new MSI package you can use Caphyon’s Advanced Installer http: //www. This comes in Free, Professional, Enterprise and Java versions. You get 3. 0 days to try all the Enterprise features after which you will be limited to the Free version only – which is fine for our needs. To modify the MSI package use “Orca” from Microsoft. This is best downloaded as part of the Windows. This article, http: //support. Orca. You will also need to download the GPCSE and XML Lite updates: GPCSE and XML Lite. Create the MSI Package. Run the Advanced Installer program and follow the “New Project” wizard. Choose the option to create “Simple” project. The options are pretty self- explanatory. I would suggest that you use “Group Policy Preference Client Side Extensions for Windows XP” as the application name and choose the option to create an MSI file. When you get to the “Add files to your project”, browse for the folder containing the downloaded GPCSE and XML Lite installation files. Advanced Installer Project Window. After the wizard is complete you will be presented with the project window. In the left- hand pane there are various options pages for you to select. You only need to modify a few settings on a few pages. These are the ones that I use: Project Details: Product. Exit the program. Modify the MSI Package. Right- click on the MSI file created by Advanced Installer and choose “Edit with Orca”. The program window will display the contents of the MSI file as a list of tables. Orca. Clicking on a table from the list on the left- hand side displays the contents of the table (as rows of data) on the right- hand pane. You need to add a few rows to the “Custom. Action” and “Install. Execute. Sequence” tables (CTRL+R). The row data that you need to add is listed below. Custom. Action Table: Action. Type. Source. Target. SET. If so, just make sure that the sequence numbers of your added rows are greater than the “Install. Execute” action sequence number, but less than the “Install. Finalize” action sequnce number. After making the changes, save the file. You should now be able to use the MSI file for deployment in your GPO. Caveats. Just be aware that, if you re- open your Advanced Installer project to make any modifications, then rebuild, you will also need to modify the MSI again using Orca. There are a couple of ways around this: 1. Use a transform file. Instead of modifying the MSI file directly, create a transform file in Orca. The steps to do this are: Open original (unedited) MSI file for editing. Select Transform/”New Transform” from the menu. Add row data just as described above. Select Transform/”Generate Transform”When using the MSI file for GPO install you will then need to add the MST file to the “Modifications” tab. Use Advanced Installer Professional. If you played with the Professional version of the product within the trial period you may have noticed that it includes functionality for Custom Actions natively. I haven’t tried it myself yet but it should be possible to eliminate the need for editing the MSI in Orca by making use of this functionality. Finally, there are a few limitations to this technique that you should be aware of. Not all Windows Installer actions are implemented with these custom actions. Install and remove are fine, but there is no contingency for rollback, for example if part of the install fails or is cancelled. In the real world I’ve no problems with this limitation, but you may need to take it into consideration. Roundup. I been using this technique for a while now with no issues. Hope this post helps others in the same position. Configuring Default User Settings . Some examples of these are folder settings, desktop wallpaper, and screen saver options. Most of these will be initial settings for user preferences that users will be able to change (unlike policies which are enforced). This is done so that users will have a consistent, known experience when logging on to any client computer for the first time. This can be done in a number of ways. Implementing Default User Settings by modifying the Default User Profile. There are three main methods that have been used to configure the Default User profile. Manual or scripted copy of a configured profile over the Default User profile (unsupported)The traditional solution for this (developed during the Windows NT Workstation days) was to configure the Administrator account (or another designated account) with the settings, then copy the Administrator (or designated account) user profile over the Default User profile. However, there are problems with using this procedure. Also, the Default User profile contains some single run actions that occur when the user logs in for the first time, which then setup that user by running those custom actions. The manual profile copy process can cause issues such as: Their list of most frequently run programs is not cleared Whether the user has been introduced to the Start menu (will be set to TRUE for the source account, but should be FALSE for new users). Windows Explorer does some special things the first time you log on to introduce you to the Start menu and other new features. Whether the user is an administrator (and should therefore see the Administrative Tools, etc). The personalized name for “My Documents” will be incorrect. All users documents folders will be called “Administrator’s Documents”. The default download directory for IE will be set to the Administrator’s Desktop folder. The default Save and Open locations for some application with point to the Administrator’s documents folder. Windows 7 Libraries are broken. Because of these issues, this process is no longer supported in Windows XP and all later operating systems. At this time the only supported way to configure the the Default User profile using a copy of a configured profile is to use the next method described here, the automated profile copy associated with using Sysprep. Automated profile copy with Sysprep (supported)First introduced in Windows XP Service Pack 2 (http: //support. Minisetup was modified so that it will copy customizations from the local administrator account to the default user profile. One final important point to remember is the difference in behavior between Windows XP/Windows Server 2. Windows Vista and higher with respect to when the answer file setting must be present for the automated profile copy to occur. Targeted changes to the Default User Registry hive and profile folders. I used to use this method in the before the automated profile copy existed. Identify the needed Registry changes. Copy only needed files or shortcuts to the Default User profile folder. This has the advantage that all changes to Default User are known and predictable. Registry or file system changes, no manual configuration). This method can also be used to make changes to the Default User profile for machines that are already deployed in production. You should exercise caution using this method. Implementing Default User Settings by Using Scripts or Group Policy. The following methods are not for configuring the Default user Profile directly. Local logon script in the Run. Once Registry key. This is documented in “How to run a logon script one time when a new user logs on” (http: //support. There are several advantages to using a script in the default user Run. Once key. Local or Domain GPO logon script. A Group Policy logon script can be used to set “default settings” once by having the script set a flag after it first runs (perhaps an HKCU Registry entry) that it will look for and exit if found on subsequent runs. Group Policy Preferences. Group Policy preferences first shipped as part of the Group Policy Management Console (GPMC) in Windows Server 2. Many of these extensions can configure settings that are commonly configured as default settings in a desktop image. Unlike policies, GP preferences can be changed by the user in most cases. Also, GP preferences can be configured to “apply once and do not reapply”. This allows them to behave exactly like initial default settings configured in an image but has the benefit of being centrally managed and updated. GP preferences cover many of the areas where default settings are usually configured such as: Environment Variables Files Folders INI File Settings Registry Shortcuts ODBC Data Sources Folder Options Internet Settings Local Users and Groups Network Options Power Options Regional Options Scheduled Tasks Start Menu The main disadvantages GP preferences are that it requires either Windows Server 2. Windows Server 2. R2, the Remote Server Administration Tools (RSAT) update for Windows Vista with Service Pack 1 or higher, or the RSAT update for Windows 7 to manage them and client- side extensions (CSEs) have to be installed for Windows Vista RTM, Windows XP with Service Pack 2, and Windows Server 2. Service Pack 1 or higher. I believe that GP preferences will likely be the best way to manage this going forward. Simply create GPOs using GP preferences, target them as needed, install the CSEs into the image(s) as needed, and you no longer need to worry about configuring these settings in the client image(s). For information about Group Policy preferences see the following web resources: Group Policy Preferences Overview http: //www. Family. ID=4. 2e. Group Policy Preferences Frequently Asked Questions (FAQ) http: //technet. Disclaimer: The information on this site is provided “AS IS” with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified in the Terms of Use. This post was provided by Michael Murgolo a Senior Consultant with Microsoft Services, U. S. I have written several posts on this topic before. Updated November 8, 2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2017
Categories |