October 2023


Archive for Group Policy

Active Directory/GPO Guides

July 2nd, 2011 by and tagged , ,

Post-Graduate AD Studies

Infrastructure Planning and Design

Active Directory Domain Services Operations Guide

Windows Server 2008 Step-by-Step Guides

Active Directory Design Guide by Microsoft

Remote Desktop Services in Windows Server 2008 R2: Step-by-Step Guides

Microsoft has released group policy for beginners. I saw the guide & found really helpful for beginners who actually wants to start from basics. It can be found at below link.

For reading it online, refer below.

Group policy master site(Videos,Guides etc.)

Group policy webcast series video


Posted in Directory Services, Group Policy | 3 Comments »

Folder Redirection

April 14th, 2011 by and tagged

I always wanted to include folder redirection materials on my blog especially for my reference & for others too. I have seen lot of questions related with folder redirection in various blogs/forum like what is the permission on redirected folder should be, is folder to be manually created or let folder redirection creates it automatically during first log on. Here i would say let the folder be created automatically. The other question is even administrator can’t access home folder created by folder redirection, the reason is its by design & an administrator has to be manually granted explicit rights.

Enabling the administrator to have access to redirected folders

Automatic creation of user folders for home, roaming profile and redirected folders.

NTFS permissions for Redirected Folders

Profile Version in XP & below is V1 where as profile Version for Vista & above is V2, so when you migrate the profile from XP to WIN7 a new profile is created even though profile still exists & other reason is windows XP & Win7 have different folder architecture for profiles like XP it stores the profile under document & settings where as in Vista & above its C:users.

Managing Roaming User Data Deployment Guide

One of the article, i personally used in the past understanding & configuring folder redirection is below by Ace Fekay, the reason is its been well documented with the supporting links. Thanks to Ace for wonderful article.


Posted in Group Policy | 2 Comments »

Loopback Group Policy Explained

November 11th, 2010 by and tagged ,

Loopback group policy are used to apply user configuration settings on the computer. The loopback policy comes to rescue when you want to apply users configuration settings to the computer irrespective of what what users are login to the particular system.There is two mode basically one is Replace and other Merge mode.  When you select replace mode in the loopback GPO, computer and user configuration configured in that OU will be applied irrespective of the which OU user belongs to and what user configuration GPO has defined in that OU. When you select Merge mode, user and computer configuration configured in the loopback GPO as well as user configuration GPO for the user belongs to the different OU will be applied. In case of conflict user configuration from the loopback GPO will win.

Loopback policy is very effective GPO setting, but it requires proper understanding & planning,before it can be implemented in the live environment. I always believe without proper understand or something new to be tried has to go via lab testing else your production environment will become testing environment and can cause serious business loss to the clients. For testing,create a independent lab which can be either using virtual PC or VMware software. Always, test the GPO before applying to the production because reverting the changes requires time and may not be as simple as applying.

Additional references to help you better understand.


Posted in Directory Services, DNS/DHCP, Group Policy | No Comments »

Fine Grained Password Policy In The Win 2008/R2

November 9th, 2010 by and tagged , ,

Windows 2003 and below supports only single password policy in the domain and it wasn’t possible to configure multiple or different password or account lockout policy for the different set of users or groups within the same domain. The different password policy sometimes force to create different domain if you are hosting AD for the multiple clients due to their requirements. Windows 2008/R2 supports multiple password policy in the domain, which was most requested features in the newest OS. Microsoft heard it & introduced the different password policy in windows 2008 & above called as Fine Grained Password Policy(FGPP).

The requirement for implementing the Fine Grained Password Policy(FGPP) is domain functional level required to be windows at 2008 & above. This means your all the DC in the particular domain where you want to implement FGPP should be running DC’s in windows 2008 & above.

Windows Server 2008 – Fine Grained Password Policy Walkthrough

Here is the step by step link to configure Windows 2008 Fine Grained Policy.

Tool to manage fined grained password policy using GUI.

AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide

AD DS: Fine-Grained Password Policies


Posted in Directory Services, Group Policy | No Comments »