I thought about why managing printing in an enterprise is so frustrating and came to a conclusion that the solutions available (and available to my budget) do not fill end users requirements but IT administrators requirements. Ultimately users what to print something, to the closest printer without having to install printers/drivers or speak to IT, where as IT administrators want to control deployment, configure default settings and centrally control access.
gpo
Automatically generate description field for computers in Active Directory
Having worked in help-desk roles in the past I know the importance of knowing which user has logged onto which computer. Its simple stuff really, but unless you have 3rd party systems like System Center 2012 (SC12) or client agents, its either hard or time consuming to find out the relation between users and computers. What we needed was an easy way to find out what the last logged on user was for every machine.
Deploying Adobe Flash Player 11.2 with auto-updating in an enterprise
Adobe have come to the mercy of IT administrators by introducing an auto updating feature for Flash Player. This is excellent news but now we need to get it to work in the real world
With the below configuration the end device should be able to automatically update without granting users extra permissions. The service can automatically update the files without user intervention and even if a browser window is open, it will update as soon as the browser is closed.
How to deploy mms.cfg config file to your Adobe Flash Player clients?
You have just downloaded the Adobe Flash Player distributable, created an mms.cfg configure file and you want to push it out to your network. You might be scratching your head on how to do this if you don’t have an enterprise software deployment solution?
Don’t worry – there is no need for that – all you need is Group Policy Preferences to push out your mms.cfg config file to your clients!
Adobe Flash 11 Deployment via GPO
At last Adobe have come to the party and released Adobe Flash 11 that comes as 32-Bit and the long awaited 64-Bit versions. This is great news to me because I can now try to use IE 64-Bit browser as my main browser.
Now we have to understand how to deploy Flash 11 using Group Policy for both 32 and 64 bit versions to your clients in a manageable way. This guide will be about deploying Adobe Flash ActiveX version, however the plug-in version would work just the same.
There is a new article which covers the auto-updating aspect of Adobe Flash for enterprise. Read it here:
https://ivan.dretvic.com/2012/05/deploying-adobe-flash-player-11-2-with-auto-updating-in-an-enterprise/
Adobe Flash 10.3 deployment via GPO
This article has been superseded by a new article that includes Adobe Flash 11 (including 32Bit and 64Bit deployments)
https://ivan.dretvic.com/2011/10/adobe-flash-11-deployment-via-gpo/
So we need to update Adobe Flash for our users…again. With all the security vulnerabilities this one I like to keep on top of as much as I can even though it slips from time to time. Below is a quick summary of how I deploy Adobe Flash using Group Policy.
In brief i will document:
- Where to download the distribution version
- How to deploy it via GPO
- How to prevent the automatic updating
What is GPRESULT and how it helps you
GPRESULT, or otherwise known as Resultant Set of Policy Queries is a tool used to provide client end information of Group Policy settings.
The utility ships with all current versions of Windows and is used to aid administrators in troubleshooting group policy problems. The policy is very similar between all versions of Windows, however Windows Vista and Windows 7 requires elevation.
Who on your network is a Local Admin?
So I wanted an answer to a very simple question. Who on my network has been given Local Admin rights?
We have had requirements in the past where users had to be administrators for whatever reason, usually due to applications not working. Now i want to get a better understanding of who has access so we can try and minimise this (as I find it to be a security risk).
I did some searching around and it looks like i have found the a very simple solution. In short its a simple 2 line script that checks domain users (other than Domain Admins) and saves them in a file called %computername%.txt. It then searches that file for the user names and creates a new file for each user name in a different file called %username%.txt.
GPO: How to redeploy software to an individual machine
So i come across this every now and then where i have a machine that successfully had the software installed, but through an automatic update or user removing it the software needs to be reinstalled. Wouldnt it be great to be able to just push out the GPO to that user again? Well you cant exactly… If you redeploy a GPO software from GPMC it will force a reinstall for everyone. Below are the steps you need to do.