Configure Microsoft Windows Desktop Search 4.0 settings via group policy (GPO)

  1. Download and extract Windows Desktop Search 4.0 administrative template file search.adm
  2. Open Group Policy Management Console > Right click on Group Policy ObjectsNew > Enter name and click OK
  3. Right click on your new GPO > Edit
  4. Right click on Administrative Templates in Computer configuration > Add/Remove Templates > Add > select extracted search.adm file > Open
  5. Close Add/Remove Templates dialog.
  6. In GPO expand Computer Configuration > Administrative Templates > Windows Components > Search
  7. Edit required settings and deploy GPO as usual.


Windows Server 2003 domain

Configure Outlook 2010 settings via group policy

This example shows how to configure Exchange Outlook Anywhere settings in Group Policy, but the same method can be used to manage pretty much any part of Outlook via Group Policy.

Steps 1 to 4 need to be completed only once.

  1. Download and extract Outlook 2010 Group Policy administrative template files.
    outlk14.adm is the main Microsoft Outlook 2010 GPO template
    2426686_template.adm contains Outlook Anywhere settings which for some reason are not present in outlk14.adm
    For other MS Office 2010 GPO templates and other languages check here.
  2. Open Group Policy Management Console > Right click on Group Policy ObjectsNew > Enter name and click OK
    Create new GPO

  3. Right click on your new GPO > Edit
    Group Policy Management Console
  4. Right click on Administrative Templates in User configuration > Add/Remove Templates > Add > select  outlk14.adm file > Open
    The same way add 2426686_template.adm and close Add/Remove Templates dialog.
    Add administrative templates

  5. In GPO expand User Configuration > Administrative Templates > Microsoft Outlook 2010
    (Outlook Anywhere settings are located in Account Settings > Exchange)
    expand User Configuration > Administrative Templates > Microsoft Outlook 2010

  6. Edit required settings and deploy GPO as usual.


Windows Server 2003 domain

Group policy software installation not applied due to a network adaptor issue

Background:

  • DELL Optiplex 780 workstation  with new Windows XP SP3 installation
  • Windows Small Business 2008 domain

Problem:

After adding the computer to the SBS domain I noticed that group policy software deployment is not processed.
Quick check in the event logs revealed following errors on startup:

Event ID: 5719
Type: Error
Source: NETLOGON
Description:
No Domain Controller is available for domain [DOMAIN] due to the following:
There are currently no logon servers available to service the logon request. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.



Event ID: 1054
Type: Error
Source: Userenv
Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Group Policy Results also reported similar error:

Group Policy Infrastructure failed due to the error listed below.
The specified domain either does not exist or could not be contacted.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 21/09/2011 20:20:20 and 21/09/2011 20:20:20.


Running gpupdate and gpupdate /force event logs didn’t reveal any additional errors.

Tried following approaches:
  • Added DNS suffix for  the network connection
    Local Area Connection > Properties > Internet Protocol (TCP/IP) > Properties > Advanced > DNS
  • Run ipconfig /all and double checked that all details are correct
  • Used static IP address instead of DHCP
Nothing made any difference. Then tried to adding WINS server to the network connection (used SBS server IP).
Local Area Connection > Properties > Internet Protocol (TCP/IP) > Properties > Advanced > WINS
Didn’t really expect this to make any difference, but to my surprise after the reboot GP Software Installation was successfully applied! It may have been a complete confidence though as all the errors listed above were still present.

Another look into Windows event logs revealed following suspicious entries on startup:

Event ID: 4202
Type: Information
Source: Tcpip
Description:
The system detected that network adapter \DEVICE\TCPIP_{E379BB67-97F1-4DB9-B540-BD33EB89765B} was disconnected from the network, and the adapter's network configuration has been released. If the network adapter was not disconnected, this may indicate that it has malfunctioned. Please contact your vendor for updated drivers.

Event ID: 1054
Type: Error
Source: Userenv
Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address XXXXXXXXXXXX.  The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.


This raised a suspicion that problem is caused by a network adapter not initiating in a timely fashion on startup.

Having this in mind tried following:
  • Enabled "Always wait for the network at computer startup and logon" via group policy
    Computer Configuration > Policies > Administrative Templates > System > Logon > Always wait for the network at computer startup and logon
  • Updated network card drivers
  • Changed network cable
  • Tried connecting to another wall network socket
Nothing made any difference

Solution:

Even if none of the above actions resolved the problem in this particular case, I left them here as they may help somebody else.

Final solution which fixed the problem was
Disable the Media Sensing feature for TCP/IP in Windows

This is done in registry:
Start > Run > regedit
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
Create a new DWORD entry:
Name: DisableDHCPMediaSense
Value: 1

From Microsoft kb-239924 article:
On a Windows-based computer that uses TCP/IP, you can use the Media Sensing feature to detect whether the network media are in a link state. Ethernet network adapters and hubs typically have a "link" light that indicates the connection status. This status is the same condition that Windows interprets as a link state. Whenever Windows detects a "down" state, it removes the bound protocols from that adapter until it is detected as "up" again. Sometimes, you may not want the network adapter to detect this state. You can set this configuration by modifying the registry.

After a reboot all the errors and warnings were gone including Group Policy Results error. 

Disable Adobe Flash Auto Update Notifications using Group Policy

Adobe Flash Player

By default Adobe Flash Player periodically checks for new versions and gives users option to update. This may be not a desirable behaviour if flash player is deployed centrally. This also may cause a problem if users do not have local administrator rights. Installation not only fails but often breaks existing installation.

To disable auto update you need to create file mms.cfg and place it in C:\WINDOWS\system32\Macromed\Flash on every client computer (32bit).
On 64bit machines location is C:\Windows\SysWOW64\Macromed\Flash

The file should have only one line of text
AutoUpdateDisable=1
It must be saved in UTF-8 encoding. You can choose encoding in a notepad after pressing "Save As..."

mms.cfg file can be distributed using Group Policy.

Read more: Disable Adobe Flash Auto Update Notifications using Group Policy