Month: November 2012

Microsoft Active Directory – Domain Controller Deployment

I am currently in the process of planning the deployment of an additional domain controller (DC) in an existing Microsoft Active Directory (AD) domain. I found this Microsoft TechNet documentation that has been helpful as a practical step-by-step checklist.

http://technet.microsoft.com/en-us/library/cc759620(v=ws.10).aspx

In addition to the checklist please take into consideration any variables in your current Information Technology (IT) infrastructure when planning to deploy an additional domain controller to an existing Microsoft Active Directory domain.

Enjoy!


Group Policy Object – Enable Screen Saver after Specified Period of Inactivity

You may use the following Group Policy Object (GPO) settings to configure the screen saver settings in a Windows Server 2003 R2 Active Directory (AD) domain.

To configure the password protected screen saver after ten (10) minutes of activity open the Group Policy Management Console (GPMC) and create a Group Policy. This may be done by right clicking the Group Policy Objects organizational unit (OU) and selecting New. Additionally, you may right click the OU that contains the desktop(s) of your user(s) and selecting Create a GPO in this domain, and Link it here…. In the new New GPO dialog box name the GPO Screen Saver. Right click the newly created GPO and select Edit…from the context menu. Once the GPO opens navigate to the following setting.

User Configuration > Policies > Administrative Templates > Control Panel > Personalization

Enable the following four settings. 1) Enable Screen Saver, 2) Force Specific Screen Saver (Screen saver executable name: C:\Windows\System32\scrnsave.scr), 3) Password protect the screen saver, 4) Screen saver timeout (Seconds: 600).

In this example the screen saver chosen (scrnsave.scr) is the blank screen saver available in Windows XP and Windows 7.

Enjoy!


Group Policy Object – Remote Desktop Protocol (RDP) Configuration

You may use the following Group Policy Object (GPO) settings to configure the Remote Desktop Protocol (RDP) settings in a Windows Server 2003 R2 Active Directory (AD) domain.

To configure the Remote Desktop Protocol settings open the Group Policy Management Console (GPMC) and create a Group Policy. This may be done by right clicking the Group Policy Objects organizational unit (OU) and selecting New. Additionally, you may right click the OU that contains the desktop(s) of your user(s) and selecting Create a GPO in this domain, and Link it here…. In the new New GPO dialog box name the GPO Remote Desktop Protocol. Right click the newly created GPO and select Edit…from the context menu. Once the GPO opens navigate to the following setting.

Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Enable the setting to “Allow users to connect remotely using Remote Desktop Services“.

Additionally, you may add users or groups to the BUILTIN\Remote Desktop Users group. This will allow all of the users in that group to utilize Remote Desktop Services. To do so, navigate to the following setting.

Computer Configuration > Policies > Windows Settings > Security Settings > Restricted Groups

Right click Restricted Groups and select the option to Add Group…. In the Add Group dialog box click click Browse …. Type Remote Desktop Users in the dialog box and then click Check Names and OK. Again, you will click OK in the Add Group dialog box. Please keep in mind that this GPO is utilizing the Builtin\Remote Desktop Users group for simplicity.

In the Remote Desktop Users Properties dialog box you may add groups that you have created or make the Remote Desktop Users group a member of another group. Choose the option that works best for your environment. I recommend creating a group or group(s) and nesting them in the Remote Desktop Users group to simply the administration of your Active Directory environment.

Enjoy!