Using a WMI filter, you can apply a group policy based on the client’s TCP/IP subnet. 1. In Group Policy Management, right-click the WMI Filters folder and click New. 2. Name your new WMI policy, give it a description if you wish. 3. Click the Add button, leave the Namespace at the default setting “root\CIMv2”…
Read On…
Archive for the ‘Active Directory’ Category
How To Create And Manage Password Settings Objects (PSO)
With Windows Server 2008, Microsoft introduced Fine-Grained Password policies which utilizes a new Active Directory object called Password Settings Object (PSO). These objects allow you to more easily create and assign password policies to subsets of users, albeit with a bit of an unpolished implementation method compared to the old method via group policy (GPO). If…
Read On…
Windows File Share Permissions – Allow: Read, Write, Delete – Deny: List
Let’s say you have an application that has a flat file repository for files attached to records. In other words, the application uses a simple Windows share for its file repository. And all users of this application need the ability to read, write, and delete files in this directory, but given the sensitive nature of…
Read On…
PowerShell: Compare Membership Of Two Active Directory Groups
At my company we have a web filtering solution (McAfee Web Protection) where we use Active Directory groups assigned to specific web filtering policies. Even though these groups are not supposed to have duplicate user accounts, over time, with multiple people administering them, that is exactly what has occurred. I needed a quick way to compare…
Read On…
Active Directory Shadow Groups: How To Automatically Add OU Users To Security Groups
Remember Novell? Remember NDS or eDirectory as it later became known? NDS might be mostly dead, in favor of AD (Active Directory), but NDS did have many advantages over AD, and one of them was the ability to assign rights (permissions) via OU membership. Want to give users in a specific OU access to a…
Read On…
Active Directory: Account Lockout Policy – Think Twice Before Applying
The Account Lockout Policy in Active Directory is not what it seems. Oh sure, at first glance it appears simple enough. Set a threshold, set a counter, and when that threshold is tripped in the allotted time, account locked out. What could be simpler right? Well, as with most things in IT, what should be simple isn’t….
Read On…
Active Directory: Workstation Logon Restrictions (Log On To)
I think the “Log On To” setting within the Account tab of an Active Directory user could easily be overlooked. As simple as this setting is, it’s very easy to forget about it in favor of something more elaborate when attempting to restrict user access to specific computers. Let’s say you want to allow a…
Read On…