I’ve had a few queries from friends about group policy since my last post so I thought why not answer these queries here on my blog? And, yes, a few of them were about group precedences, hence this short FAQ.
I’ve prepared an illustration which I hope will help to understand the order of precedence for Group Policy.
While this illustration may be self-explanatory (at least I hope it is) there’s actually more to the story…
The administrative templates for Windows 10 15111 were released by Microsoft a couple of months ago but I only just got round to installing it on my lab domain. Here’s the procedure how to do this, if anybody wants to know.
1) To begin with, download the Windows 10 1511 administrative templates from Microsoft and run the installer on your domain controller
2) Make a note of the folder it’s being installed on. By default this is set to C:\Program Files (x86)\Microsoft Group Policy\Windows 10 Version 1511\
3) Browse to the folder you just installed the administrative templates on. Open the “Policy Definitions” folder.
4) Open a new Explorer window and browse to your domain’s Group Policy Central Store. You can do this from a Run command window – type in the path to your central store in the format of \\Domain.com\SYSVOL\Domain.com\Policies\PolicyDefinitions
5) Copy everything from the “Policy Definitions” folder you opened in step 4 and paste it into your Group Policy central store which you opened in step 5. If you have the Windows 10 RTM admin templates in the central store make sure you replace the files in the destination.
The updated admin templates also include the following brand new templates:
The FeedbackNotifications.admx template, for example, provides the following setting:
Computer Configuration > Policies > Administrative Templates > Windows Components > Data Collection and Preview Builds > Do not show feedback notifications
Open a GPO and browse to the above setting to verify the new administrative templates have been installed successfully.
I believe we learn as much from our mistakes as we do from our conscious learning efforts, if not more. We sometimes end up learning a lot more in the process that ensues to right our wrongs and mistakes. This post is about one of those times.
When I initially configured the domain in my network I chose emeneye.co.uk as the domain name. I say “chose” but I didn’t really give it much thought at the time, which turned into a learning opportunity for me as I went about renaming the domain name.
To provide brief background information, the Active Directory domain in my Lab is part of a broader hands-on learning project which includes improving my working knowledge of Active Directory and Windows server administration. When it came to designing the OU structure I thought it best to use an educational setting as the domain environment to guide my design decisions. My IT support experience has largely been in an educational environment so I thought it best to stick to what I know best. With that in mind, the .co.uk in the domain name didn’t seem suitable. So the task at hand was to change the name to emeneye.ac.uk. Continue reading
Having installed Active Directory, WDS, and MDT 2012 on my server, one of the first things I done was to build my own custom console combining a few frequently used snap-ins for easier access. With this to hand I won’t have to go back and forth between Deployment Workbench and Windows Deployment Services when I’m working with MDT 2012, for example.
Here’s a look at my console:
As you can see I have combined quite a few snap-ins in my console, which corresponds to my learning objectives for this project. I will elaborate more on this sometime real soon as I feel this subject needs a dedicated post of its own.
As promised here’s an update on what I’ve been getting up to with MDT 2010, starting from the basic first:
I wasn’t content with deploying Windows 7 to standalone PC’s so I decided to take this a step further. With an Active Directory domain already set up beforehand, I delved into deploying Windows 7 in a domain environment:
It’s been great fun working with MDT 2010 and especially exploring some of the advanced deployment scenarios using the MDT database. I’ve been updating some documentation on the work I’ve been doing with the intention to adapt them into blog posts some time in the future. I will be coming up with these soon but, unlike my previous how to posts, they won’t be step by step instructions. I find writing these instructions take up too much of my time so I’ll take a different approach with the new posts from here on.
I would now like to spend some time with Active Directory. Actually, I’ve already started working on designing and implementing my domain. I’ll elaborate more in a new blog post soon.
I wrote a post only a few days ago how I combined a few MMC snap-ins in a console for easier access in one place. Well, today I started experiencing a problem where an error message such as the one produced below would randomly pop up while using the console.
A quick search on Google seemed to suggest this problem does not affect 32-bit snap-ins and so with that in mind I used a Run command to launch the console with 32-bit snap-ins. And sure enough 32-bit snap-ins works just fine and I haven’t seen that error pop up again. I then opted to create a shortcut on my desktop to launch the console instead.
Here’s what I used for the shortcut:
mmc.exe "%systemdrive%:\Users\%username%\Desktop\Server Management Console.msc" /32
It’s more a workaround than a fix but hey, it works!
I came across this problem while installing the DHCP server role on my Windows Server 2008 VM on my ESXi host. I was preoccupied with trying to fix this that the thought of writing about it didn’t come to mind hence I never took a screenshot of the error message. I can’t remember exactly what the error message said (something about RPC call having failed) but I do have the error code – 0x800706be.
I found a fix in a TechNet forum which I thought would be useful to post here for anyone who experiences the exact same problem. So here’s the fix:
Alternatively for a one-click fix simply copy the following commands in a batch file and run it on your server.
net stop wuauserv net stop Cryptsvc cd /d %windir%\SoftwareDistribution rd /s /q DataStore ren %windir%\system32\catroot2 catroot2.old net start wuauserv net start Cryptsvc
After a quick reboot you should find the DHCP server role installs just fine. Hope someone somewhere finds this useful. PS. I can only vouch that this fix will work if you had the error code while attempting to install the DHCP server role (which was what happened in my case). Having trawled through the various forums looking for this fix it seems other people have come across the same error code but in different situations.
This post is intended as a guide for anyone who wants to install MDT 2010 along with Windows Deployment Services on a Windows Server 2008 R2 machine in a home network.
As a ‘start to finish’ guide I will base this on a freshly installed Windows Server 2008 R2 installation and begin with installing AD Domain Services, DNS and DHCP server roles before moving onto WDS and installing and configuring MDT 2010. All on the same server.
Important: You need to configure a static IP address on your server and also make sure the the DNS server address is pointing to your server’s IP address (i.e. DNS server address should be the same as the static IP address you assigned to the server) . This will allow the installation wizard to install the DNS server along with the Active Directory Domain Services role on the same server.
I’ve broken down the entire process into several steps and provided the instructions for each step in PowerPoint slides. I’m purposely skipping the instructions on installing the server OS (which is no different to installing Windows 7) since I want to concentrate on the WDS and MDT side of things.
1 – Install the Active Directory Domain Services and DNS Server roles
The process of installing the Active Directory Domain Services role will also install the DNS server role as one process.
2 – Install the DHCP Server role
You may have a broadband router which provides DHCP services but you will still have to install the DHCP server role on your server.
After having installed the prerequisites (AD DS, DHCP and DNS) the next step is to install and configure the WDS role.
The final instructions here will install MDT 2010 and configure a deployment share, add a PXE-boot image and enable the multicast feature.
I hope this comes in use to someone.
I’ve put together a couple of how-to instructions intended as a guide to install Active Directory on a Windows Server 2008 R2 server from scratch – that is installing a first domain in a new forest.
Make sure you have a static IP address on your server machine before proceeding with these instructions.
Part 2 – Installing and Configuring a DHCP Server
The first part is to install the Active Directory Doman Services role, and to then promote the server to a Domain Controller. This ‘promotion’ phase is where you actually install configure an Active domain along with a DNS server. You can’t continue with installing an Active Directory domain without a compatible DNS server. Since we’re starting from scratch we don’t have a DNS server (one that is compatible with Active Directory), we get to install both in one step.
The second part will install the DHCP server role on the Domain Controller and configure a DHCP scope, i.e. the range of IP addresses the server will lease to clients connected to your network.
I thought now’s a good time to provide an update on exploring my interests in Windows Deployment.
So, I started from the ground up with the WAIK and experimenting with unattended.xml and Sysyprep, with the intention to get a good foundation of the tools Microsoft Deployment Toolkit was built upon before moving onto MDT 2010. I spent a lot of time with building unattend.xml answer files using Windows SIM, Sysprep’ing computers, Windows PE, DISM and imagex,
Here are a few links to some of the posts I’ve written on the subject:
I recently installed MDT 2010 on an evaluation version of Windows Server 2008 R2 with a WDS role. (Of course that included installing and configuring Active Directory, DNS and DHCP server roles since they are pre-requisites to installing WDS).
I want to concentrate more on MDT 2010 than writing instructions from here on. I’ll update again with my progress with in due course.
Me, Myself and IT 