Group Policy for Windows 7 and Windows Server 2008 R2

Microsoft Advanced Group Policy Management (AGPM) 4.0 advance control and management feature for computers running Windows 7 and Windows Server 2008 R2. Systems administrator will be able to do change control on each features deployed through GPO. AGPM 4.0 introduces the ability to filter and search the list of GPOs that it displays. GPMC is also an integral part of Microsoft Desktop Optimization Pack (MDOP). Microsoft Advanced Group Policy Management (AGPM) is the MDOP application that can help you overcome the challenges that can affect complex Group Policy management in any IT infrastructure. AGPM supports effective change control by providing version tracking, history capture, and quick rollback of deployed GPO changes. Microsoft created such a nice tool to establish tight command and control relation between servers and clients. 

Computers on which you want to install and run AGPM with complete functionality must meet the following Systems requirement:

Server: Windows Server 2008 R2

In the Windows Server 2008 R2, the following Windows features are required by AGPM Server and will   automatically be installed if they are not present:

· WCF Activation; Non-HTTP Activation

· Windows Process Activation Service

· Process Model

· The .NET Environment 3.5 or later

· Configuration APIs

Client: Windows 7

In Windows 7 .Net Framework 3.5 will also automatically be installed. It is by default compatible with new GPMC.  

Windows Server 2008 and Windows Vista SP1 are supported but can not report or edit policy settings.

Management Tools: You have to download and install Remote Server Administration Tools on a Windows 7 Admin PC to administer and manage roles and features that are installed on computers that are running Windows Server 2008 R2, Windows Server 2008 and Windows Server 2003. If you are migrating from Windows 2003 Active Directory to Windows Server 2008 R2 Active Directory, then entire group policy object will automatically be migrated to new Active Directory and GPO.

Added features:

Computer Configuration | Preferences | Windows Settings & Control Panel settings

User Configuration | Preferences | Windows Settings & Control Panel settings

Screen Shots:

 

Further Study:

Microsoft GPO

Group Policy Management Console Sample Scripts

Operation Guide

Keywords: GPO, MDOP, Windows7, Windows Server 2008 R2

Ban portable application/games through GPO

Ø Open GPO management console

Ø Right click and edit the specific GPO or Create and link new GPO and Edit

Ø User Configuration>Security Settings>Software Restriction Policies

Ø Right Click Software restriction policies>create

Ø Right click on Additional Rules>New Hash Rule>Browse and select application exe/icon>open

Ø Apply>ok

Ø Close GPO

You are laughing now!

Screen Shot Example:

How to create Admin image of Solidworks 2009 and deploy through GPO or command prompt

you must have solidworks license server installed and running before you prepare admin image.

Step1

Open a Command Prompt window (in Windows, click Start, Run, type cmd, and click OK) and enter:

msiexec /a \\yourserver\solidworks2009\swwi\data\English_i386_SolidWorks.msi

In the SolidWorks Setup Wizard, follow the on-screen instructions.

Step2

Go to the folder that contains the administrative image from Command Prompt window. Type following. The command should be in the format:

\\yourserver\solidworks2009\solidworks\SWCreateMST.exe “\\yourserver\solidworks2009\solidworks\english_i386_SolidWorks.msi” INSTALLDIR=”C:\Program Files\Solidworks” SOLIDWORKSSERIALNUMBER=”xxxx xxxx xxxx xxxx” ADDLOCAL=SolidWorks,English,Manuals,Intel_Modules_AgeiaX86 OFFICEOPTION=0

Here, xxxx-xxxx is serial number. The transform file, English_i386_SolidWorks.mst, is created in the folder that contains the administrative image.

Step3

3. In the Active Directory, edit the Published Apps policy for the group or groups to deploy the SolidWorks software.

4. In the Group Policy dialog box, expand Computer Configuration and Software Settings.

5. Right-click Software installation and select New, Package.

6. Browse to the administrative image and click Open.

7. In the Deploy Software dialog box, select Advanced published or assigned, then click OK.

8. In the SolidWorks Properties dialog box, on the Modifications tab:

a. Click Add.

b. Browse to the .mst file.

c. Click Open.

Click OK.

 Command prompt deploy:

msiexec /i \\yourserver\Solidworks2009MSI\Solidworks\English_i386_SolidWorks.msi /qn TRANSFORMS=”\\yourserver\Solidworks2009MSI\Solidworks\English_i386_SolidWorks.mst”