Showing posts with label Group Policy Preference. Show all posts
Showing posts with label Group Policy Preference. Show all posts

Thursday 11 January 2018

How To : Group Policy Processing ( GPP ) : Add / Edit / Remove INI FIle

It is a common practice for applications to have configurations set in INI file. It may contain information such as language, key, connection setting, version, and so forth. Updating INI file might not affect the application coding, but it may affect on how the application behave. There are multiple ways to update the file, one of it is by using Group Policy Preference ( GPP ). 

 In this example, I want to update a key file at a specific location with a specific information.

 Information : 

  • File Location : C:\Temp\key\keyfile.key
  • Content of AppsKey.key :
          [Setup]
          Key=XXXX-XXXX-XXXX-XXXX

As mentioned by Microsoft here, below format must be followed :
[SectionName]
PropertyName1=PropertyValue1
PropertyName2=PropertyValue2

 How To Do :
  1.  Edit the policy. Navigate to Preference | Windows Settings



  2.  Right click INI Files | New | Ini File




  3.  This screen will appear...


    Action = Different action will do different thing. Refer to the table below
    File Path = where to put the file. If the folder does not exist, the folder will be created. If the file does not exist, the file will be created. If the file exists, the action will affect the INI file content.
    SectionName = In which section the key will resides
    PropertyName = the property of the key
    PropertyValue = value of the key

    4.
  4. Therefore...
    Action = Replace
    File Path = C:\Temp\key\keyfile.key
    SectionName = Setup
    PropertyName = ApplicationKey
    PropertyValue = XXXX-XXXX-XXXX-XXXX




    5.
  5.  If there are more keys needed, create more entries. Note that, Update and Replace will give the same result.


Share:
                 No comments    

Monday 17 July 2017

Suppress Adobe Product Improvement Program Pop-Up by Using Microsoft Group Policy Preference or AppSense Environment Manager


I implemented this a few years back, when I needed to eliminate any unneeded pop-up to my users. In this case, it was for Adobe Reader. Newly created profiles will have this automatically pop-up when they launched Adobe Reader  for the first time.
Adobe Product Improvement Program - Help Improve the Adobe Reader Experience.


The screen also can be triggered by going to Help | Improvement Program Options...

These steps will help to disable the Improvement Program Options menu, and consequently suppress the pop-up. Note that it requires registry editing, so be extremely careful. Note that the steps mentioned are for Adobe Reader 11. If oy used different version, ensure your key path refers to correct version (SOFTWARE\Policies\Adobe\Acrobat Reader\11.0)


Using GPP : 
  1.  Launch GPMC, and go to target GPO.  Edit the policy, and navigate to Computer Configuration | Preference | Windows Settings | Registry, right click at Registry, hover to New and click at Registry Item



  2.  Ensure Hive is changed to HKEY_LOCAL_MACHINE

  3. Use below info to fill up the form :
    Key Path : SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
    Value Name : bUsageMeasurement
    Value Type : REG_DWORD
    Value Data : 0
    Base : Decimal


  4.  Reboot the target machine. Once it is up, log in to computer, and launch Adobe Reader. No Improvement Program pop-up appeared, and Improvement Program Options... is no longer listed  in Help menu.

     
Using AppSense Environment Manager : 
  1. Launch AppSense Environment Manager, right click at Process Started | choose Node


  2.  Change the information for Condition and Match accordingly, then click OK
    Condition : Equal to
    Match : AcroRd32.exe


  3. At workspace on the right side, right click at the Process condition, and navigate to Conditions | Registry | and choose Registry Value Exists. This step is to check whether the needed value is existed or not.

  4. Fill up all needed info by following below information :
    Hive : HKEY_LOCAL_MACHINE
    Key : SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
    Value Name : bUsageMeasurement
    Value Type : REG_DWORD
    Comparison : Not Equal To
    Value Data : 0
    Base : Decimal


  5. You may also want to give a bit of description and notes to the setting. Select OK.


  6.  This is the outcomes, so far.

Share:
           , , , , ,       No comments    

Thursday 15 September 2016

Group Policy Preference ( GPP ) : GPP Is Not Working, There Are Red and Green Dots / circle At The Settings

Group Policy Processing has been introduced since Server 2008, and Microsoft recommends to use GPP instead of normal GPO. To me, I prefer to use GPP as well, as it is more convenience to configure and troubleshoot. 

However, in some cases, the configuration may not get reflected, no matter how many times you perform gpupdate (gpupdate /force as well), or even reboot the machines. Your settings are all good, linked enabled to appropriate OU, Block Inheritance already enabled (to ensure policies assigned to parent OU not conflicting with your policies, just in case), there were no similar setting in Site and Domain policies, policies already being enforced (oh wait, do you really need to enforce?). 

What else could it be then? Oh wait, just before you planned to kill someone, you realized there were red dots / circles at the configurations, and those configurations (with red dots / circles ) were the one who drove you crazy! Configurations with green straight lines / circles were working as expected! 


So yes, it is how GPP works, actually. To simplify things, Microsoft (by default) disabled some configurations, so Administrators won't accidentally make changes. They need to enable those changes first, before the changes working as expected. In order to enable / disable those changes, one need to press :

  • F5 - Enable all configurations
  • F6 - Enable that specific configuration 
  • F7 - Disable that specific configuration 
  • F8 - Disable all configurations


To demonstrate some examples :


This is default configurations, some are enabled, some are not.






You pressed F5 (all enabled with green straight lines)






You pressed F8 (all enabled with red dots)



































You clicked at some setting, and pressed F6 or F7 (pressing F6 will enable it, F7 will disable it)






Now we go to Advanced setting, to see on green / red circles.

We pressed F8.




































We pressed F6 on some settings.

































Share:
           , , , , , , ,       No comments    

Friday 9 January 2015

How To Hide Windows Local Disk Drives From Users

In some organizations, Management may want to hide certain server local drives from being accessed by Citrix users. There are a few methods to do so, but in this post, we will be using GPP. 

Note that this step will only HIDE but not prevent users from acecssing to it. The configured drive will only be hide from WIndows Explorer. Thus, users still can access to the drive via Command prompt, Run command etc.

Description :
Hide certain drives from being accessed by users.



How To Do :


  1.  Launch Group Policy Management Console. Depending on how your AD is structured, right click at the OU, and choose " Create a GPO in this domain, and Link it here... "

  2.  Give it a name, and press OK.

  3.  Then you can see the GPO created.

  4.  Right click at the GPO, and choose Edit.

  5.   Expand to User Configuration > Preference > Windows Settings, click at Drive Maps

  6.  Right click at Drive Maps, hover to New and click at Mapped Drive

  7.  In here, follow below instructions:
    Action : Update
    Drive Letter : Existing, and choose desired drive (in this example, it is D: drive

    Press Apply and OK.



Share:
           , , , , , ,       No comments