April 14th, 2011 by Awinish Vishwakarma and tagged Folder Redirection
I always wanted to include folder redirection materials on my blog especially for my reference & for others too. I have seen lot of questions related with folder redirection in various blogs/forum like what is the permission on redirected folder should be, is folder to be manually created or let folder redirection creates it automatically during first log on. Here i would say let the folder be created automatically. The other question is even administrator can’t access home folder created by folder redirection, the reason is its by design & an administrator has to be manually granted explicit rights.
Enabling the administrator to have access to redirected folders
http://support.microsoft.com/kb/288991
Automatic creation of user folders for home, roaming profile and redirected folders.
http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx
NTFS permissions for Redirected Folders
http://support.microsoft.com/kb/274443
Profile Version in XP & below is V1 where as profile Version for Vista & above is V2, so when you migrate the profile from XP to WIN7 a new profile is created even though profile still exists & other reason is windows XP & Win7 have different folder architecture for profiles like XP it stores the profile under document & settings where as in Vista & above its C:users.
Managing Roaming User Data Deployment Guide
http://technet.microsoft.com/en-us/library/cc766489%28WS.10%29.aspx
One of the article, i personally used in the past understanding & configuring folder redirection is below by Ace Fekay, the reason is its been well documented with the supporting links. Thanks to Ace for wonderful article.
http://msmvps.com/blogs/acefekay/archive/2009/09/08/folder-redirection.aspx
Posted in Group Policy | 2 Comments »
November 11th, 2010 by Awinish Vishwakarma and tagged Group Policy, Loopback GPO
Loopback group policy are used to apply user configuration settings on the computer. The loopback policy comes to rescue when you want to apply users configuration settings to the computer irrespective of what what users are login to the particular system.There is two mode basically one is Replace and other Merge mode. When you select replace mode in the loopback GPO, computer and user configuration configured in that OU will be applied irrespective of the which OU user belongs to and what user configuration GPO has defined in that OU. When you select Merge mode, user and computer configuration configured in the loopback GPO as well as user configuration GPO for the user belongs to the different OU will be applied. In case of conflict user configuration from the loopback GPO will win.
http://social.technet.microsoft.com/wiki/contents/articles/windows-server-understand-user-group-policy-loopback-processing-mode.aspx
Loopback policy is very effective GPO setting, but it requires proper understanding & planning,before it can be implemented in the live environment. I always believe without proper understand or something new to be tried has to go via lab testing else your production environment will become testing environment and can cause serious business loss to the clients. For testing,create a independent lab which can be either using virtual PC or VMware software. Always, test the GPO before applying to the production because reverting the changes requires time and may not be as simple as applying.
Additional references to help you better understand.
http://technet.microsoft.com/en-us/library/cc782810%28WS.10%29.aspx
http://cbfive.com/blog/post/Demystifying-Loopback-Policy-Processing.aspx
http://kudratsapaev.blogspot.in/2009/07/loopback-processing-of-group-policy.html
Posted in Directory Services, DNS/DHCP, Group Policy | No Comments »
November 9th, 2010 by Awinish Vishwakarma and tagged Active Directory, FGPP, Fine-Grained Password Policy
Windows 2003 and below supports only single password policy in the domain and it wasn’t possible to configure multiple or different password or account lockout policy for the different set of users or groups within the same domain. The different password policy sometimes force to create different domain if you are hosting AD for the multiple clients due to their requirements. Windows 2008/R2 supports multiple password policy in the domain, which was most requested features in the newest OS. Microsoft heard it & introduced the different password policy in windows 2008 & above called as Fine Grained Password Policy(FGPP).
The requirement for implementing the Fine Grained Password Policy(FGPP) is domain functional level required to be windows at 2008 & above. This means your all the DC in the particular domain where you want to implement FGPP should be running DC’s in windows 2008 & above.
Windows Server 2008 – Fine Grained Password Policy Walkthrough
http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password-policy-walkthrough.aspx
Here is the step by step link to configure Windows 2008 Fine Grained Policy.
http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx
Tool to manage fined grained password policy using GUI.
http://www.specopssoft.com/documentation/specops-password-policy-basic-documentation
AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc770842.aspx
AD DS: Fine-Grained Password Policies
http://technet.microsoft.com/en-us/library/cc770394%28v=ws.10%29.aspx
Posted in Directory Services, Group Policy | No Comments »
