Archive for category Group Policy Object
HOWTO: Add a Local User to Windows 10 Using Group Policy (Add it To Local Administrators Group)
Posted by edwgon in 64-bit, Active Directory, credentials, Group Policy Object, Local Group, local user, Windows 10, windows 7 on November 4, 2020
Since there are some outdated information about this topic, I’m going to give the steps necessary to create a local user to a Windows 10 machine using AD Group Policy, and then add this user to the local Administrator group.
First, create a new policy using Group Policy Management Editor and follow this screenshot:
Next, click on New and select Local User. In the Action field, select Update. For the other fields, select the options you need.
Click OK button and that’s basically how it’s done.
Next, I’m going to assign this user to the local Administrator group. I will be using the same group policy to achieve this.
Right-click on Restricted Groups and then click on Add Group…
Next, you’re going to type the username we created in the previous step.

Click OK to go to the next crucial step. You’re going to a work with This group is a member of section and click Add button
Next, type Administrators and click OK
The properties should look like the following screenshot
That’s all there is to it.
Slow Logon And Logoff With Folder Redirection, Roaming Profiles And Offline Files
Ever since we upgraded to Windows 7 Enterprise, our branch office users started complaining about extremely slow logon and logoff. In some instances, a user logon or logoff could take over ten minutes!
- Folder redirection (Desktop, Favorites, Links, Documents, Pictures, Videos, Searches and Contacts folders are redirected to a file server in our datacenter)
- Roaming profiles (Users’ roaming profile folders are located on a file server in our datacenter)
- Offline Files (Users’ home folders were set as offline files/folders)
As of 9/30/2014, the AppData re-direction workaround broke Internet Explorer browsing – pages take a very long time to load while browsing using IE (10 and up). I opened a case with Microsoft and it looks like the slow down of IE is by design because we’re re-directing AppData and AppData, in our environment, isn’t on a local server to the users’ network. We moved AppData to our central file server located on our data center in a co-location. Again, this bit of information isn’t found on Microsoft’s documentation, so be careful before you go re-directing AppData!
We’re now looking into possibly removing roaming profiles and AppData re-direction because this is affecting productivity for our users.
No OST for Outlook 2010 on a Terminal Server
Posted by edwgon in Group Policy Object, http://schemas.google.com/blogger/2008/kind#post, loopback processing mode, MS Office 2010, OST, OST files, outlook 2010, terminal server, Windows Server 2008 on July 9, 2013
We had installed Microsoft Office 2010 on our Windows 2008 R2 Terminal Servers, and we didn’t customize the Office 2010 installation. I was looking for a way to prevent Outlook from generating a new OST file whenever a new user logged on to our Terminal Servers, in addition, I wanted the Outlook profile to be generated automatically.
Enter Group Policy Objects!
Since these policies are applied only for the TS servers, I moved the the computer accounts to a new Organization Unit (OU) that I created for these servers. I linked the new GPO to this OU. There are many documents that show how to do these steps, so I won’t be going over this.
The key point to remember for this GPO to work is: loopback processing mode
The above is true especially if your TS servers inherit policies from top level GPOs.
In my case, I was concerned about making changes to the user configuration section, to be more specific, to the Outlook 2010 settings.
The screenshot basically shows what needs to be done in order to achieve this goal.
From a GUID to its GPO name.
Posted by edwgon in Group Policy Object, GUID, http://schemas.google.com/blogger/2008/kind#post, PowerShell, Windows Server 2008 on December 11, 2012
Numerous times I had the issue, when troubleshooting a group policy object error, in which I only had the GPO’s GUID, but not its actual name. Well, it turns out that there is a powershell applet that performs a search in AD, using the GUID, and it returns the GPO’s full description for you.
- Open Widnows PowerShell Modules
- Type: get-gpo
- Paste that GUID and press ENTER
Recent Comments