There are many ways to prevent Active Directory users from logging on to certain computers. For large and more complicated scenarios it’s best to use Group Policy. But if I need to create a few “email only” user accounts I normally do following:

To disable User Account Control (UAC) via Group Policy (GPO) configure following GPO policies:

To enable GPO startup / shutdown / log-on / log-off logging: Open registry editor (regedit.exe) and navigate to:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\DiagnosticsCreate key “Diagnostics” if it does not exist. Create new DWORD Value called GPSvcDebugLevel and set value (HEX) to 0x30002 Restart the PC Windows 7

Changing Windows Server Domain Controller static IP address is a simple operation. You can do this using Internet Protocol (TCP/IP) Properties GUI, as you would for any other Server or Client PC. After changing the IP address, run ipconfig /registerdns and dcdiag /fix.

There are 2 ways to rename Windows Server 2008 domain controllers: Using command line tool Netdom Using System Properties GUI Both methods are supported, but Microsoft recommends using Netdom command line tool because it reduces delay before clients can use the renamed domain controller (if you use GUI, you have to wait for AD/DNS replication…

Deleting an orphaned Active Directory Domain Controller fails with error: Windows cannot delete object LDAP:// ……………………Access is denied. First obvious step is to make sure that your user account has permissions to delete objects in the OU in question.

When deleting an object (computer, user, etc) using Active Directory Users and Computers MMC snap-in you may get the following warning: Confirm Subtree DeletionObject <objectname> contains other objects. Are you sure you want to delete <objectname> and all the objects it contains? If you cancel the running deletion, the objects deleted thus far will not…

Here are 5 FSMO (Flexible Single Master Operations) roles and GUI tools that can be used to move these roles between Domain Controllers. Schema Master – controls all updates and modifications to the Active Directory schema.This role can transferred using Active Directory Schema snap-in.If Active Directory Schema snap-in is not available you need to register…

When .msi package installation via Group Policy fails and there are no good clues in Windows System or Application logs, it is good idea to enable verbose Windows Installer logging. This can be done either via Group Policy or Registry.

Microsoft no longer supports desktop gadgets and even recommends disabling them. In Active Directory domain gadgets can be easily disabled via group policy. Open Group Policy Management Editor Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Desktop Gadgets Enable Turn off desktop gadgets policy Save changes and deploy policy to…

I was recently setting up Group Policy software deployment on Windows Server 2008 R2. Everything went fine until I came to Adobe Reader 10.1. Server was refusing to add the package with following error. Add operation failed. Unable to extract deployment information from the package. Run validation to the package to ensure that the package…

ADSI Edit can be very useful and powerful toll in right hands, but it can also cause lots of problems if used incorrectly. Before making any changes using ADSI Edit it is always recommended to perform a full Active Directory backup (using ntbackup or a third party backup software). It can also be a good…