Group Policy Central

If you have have been using the some what simple hack I mentioned to make Group Policy Preference work with Internet Explorer 9 you will be relieved to know that Microsoft have now fixed an official hotfix to make this work.

You can get read the full Microsoft Kb article at http://support.microsoft.com/kb/2530309 .

However you should take special attention at the two notes:

This update does not re-write the version information for existing settings. Instead, you must define a new set of Internet Explorer settings in a new or existing Group Policy Object.

Meaning you will need to re-created the Group Policy Preference before the policy will apply to a computer running IE9.

This update does not create a new Internet Explorer 9 UI item. However, when define new Group Policy Preferences settings, and you select the Internet Explorer 8 option, this setting now applies both to Internet Explorer 8 and to Internet Explorer 9

This means that you will NOT see an Internet Explorer 9 option in the Internet Settings menu (see image below), however using the IE8 option will work with IE9.

If we take a closer look at the “InternetSettings.xml” after the hotfix has been applied shows the maximum version number is now set to “10.0.0.0” where previously this version was “9.0.0.0”. However you existing Internet Explorer Preferences will remain unaffected…

Thanks to Mark Feetham [MSFT] for leaving a comment on my previous blog post about this new hotfix.

Download it now from http://support.microsoft.com/kb/2530309

In this screencast I show you how to use the Group Policy Preferences Shortcuts Extension to deploy shortcuts to a users desktop. This video also demonstrates how you can configure the shortcut to only apply once for the users and how you can configure them to automatically be cleaned up when no longer required.

I just read an article that showed you how to set this really cool registry key that allows you to change how the drive letter is displayed in Windows Explorer. As this hack is only a registry key I thought I would do a quick how to deploy this this feature using Group Policy Preferences Registry Extension.

Below is an example of the options you have to show the drive letters:

After (Default)	None
Mixed (Local After, Network Before)	Before

The registry key that you use to configure this option is called “ShowDriveLettersFirst” and it can be applied in either the user or the machine.

Note: According to this Microsoft KB Article KB330193 it will only work as a Machine setting in Windows Vista.

ShowDriveLettersFirst

Key (User): HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Key (Machine): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Value: ShowDriveLettersFirst (REG_DWORD32)
Data: 0 (After)
Data: 1 (Mixed)
Data: 2 (None)
Data: 4 (Before)

Step 1. Edit a Group Policy Object that is targeted either to a user or a computer that you want to apply this setting.

Step 2. Create a New Registry Item using the above Registry details

Step 3. Click on the “Common” tab and tick “Remove” this item when it is no longer applied”. I would also put in a comment in the description field explaining the valid numbers and what they do for the setting so someone else looking at this policy know how to re-configure this option if needed.

Explanation: This will ensure the setting reverts to defaults if the computer no longer has this setting applied.

For more information on this registry key check out Microsoft KB330193 

Source GHacks: Windows Explorer: Display Drive Letters Before Drive Names (via LifeHacker: Show Drive Letters Before The Drive Name In Windows Explorer )

I have previously talked about the new  Group Policy for IE9 ,however I mention that one of the issues was that there is currently no “official” support of Group Policy Preferences… Unfortunately there is still no “official” support but it is now possible if you do some really easy XML editing…

Mark Heitbrink (fellow Group Policy MVP) has published an article which explains why it does not work and explains briefly how to modify the XML file for Group Policy Preferences so it will apply setting to IE9.

Therefore taking Mark excellent information I have gone thought the process step by step below showing what I think is the easiest way to find and edit the XML file to enable GPP for IE9.

Step by Step enabling GPP for IE9

Step 1. Setup a IE8 Internet Explorer Extension setting that has the setting you want to apply to IE9. (e.g. Home Page)

Step 2. In the same Group Policy Object navigate to User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff) and double click on the Logon (or logoff) option. Then click on the “Show Files” button.

Step 3. Click on “Users” in the Address bar.

Step 4. Then click on the “Preferences” and then “InternetSettings” folder and then right click on the “InternetSettings” file and click on “Edit”.

Now we are looking at the XML that is used to apply the Group Policy Preferences settings. This is where we need to change the version number to support IE9.

Tip: Enable “Word Wrap” in notepad to see the text on multiple lines.

Step 5. Change “max=9.0.0.0” to “9.1.0.0” (see below)
Before:

After:

Step 6. Save the file and you are done.

Now you can have the goodness of Group Policy Preferences with IE9, however as the article also said this is NOT supported so please test carefully.

What is also nice about this change is that it will be persistence, so if you make subsequent changes to the same setting you do not need to edit the XML again however you will need to make this change each time you make a new GPP IE Policy setting.

Source: Internet Explorer 9(IE9) Group Policy Preferences (GPP) (Via GPOGuy )

In this second of what I am sure are many FAQ posts, I am going to show you how you can use Group Policy Preferences to map printers in your organisation to help you do away with mapping printers via logon scrips.

Firstly this is only a brief introduction to printer mappings. If you want a more advanced tutorial on using Printer Preference then I recommend you take a look at my other post How to use Group Policy Preferences to dynamically map printers with Roaming Profiles.

Firstly you will need to check that you have already have got the Group Policy Preference Prerequisites installed and you also have the Group policy Management Console Installed on a management computer in your environment.

Now to map the printers all you need to do is go to the Printer Extension option of the Group Policy you want to apply the setting from (see below).

All you need to do now is put the UNC Path of the printer in the “Shared path:” text field and your done. No more batch files, vbscripts or KIX scripts to edit and maintain for mapping printers…. NICE!!!

Also remember that you can also target this setting using Preference Item-Level Targeting using the traditional Security Group Targeting or you can be a little more dynamic and use IP Address Range Targeting or Site Targeting.