GPO Preferences experiences?
Barkley Bees
pleased with the initial results. I will be planning to deploy it on our
production network in the next month. Ahead of that I'd just like to hear
some experiences from those who have already rolled out GPP in their
production networks. Were there any pitfalls along the way (impacts to
existing Group Policies, etc)? Did you find the overall result to be
beneficial in terms of what you can now do with GPP? Thanks.
Florian Frommherz [MVP]
The voices I have heard about Preferences were almost all positive. Two
of the benefits most people mention is that you don't have to script
basic things like drive mappings and printer deployment any more. The
other thing is the easy creation of preferences as the Group Policy
Editor exposes a well-known UI. When you're configuring Folder Options,
you see an admin-config-UI that almost exactly looks like the folder
options UI. That's great.
The downsides I've come across are mainly in the deployment area of the
Client Side Extensions. Make sure you have the XML lite installed on the
clients if they're not on IE7.
cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Barkley Bees
followed by GPP client side extensions to all clients via SMS (would rather
by WSUS but I have restricted it to only "critical" and "security" updates
so it does not appear).
A couple of questions:
- Is there any problem with installing XML Lite to systems that do have IE7
installed? I tried it on a couple test clients and there doesn't "appear" to
be any issue.
- We have ~40 servers in our domain but do not plan to use GPP to manage
them, would you still recommend to install the Server 2003 GPP Client
extensions?
"Florian Frommherz [MVP]" <flo...@frickelsoft.DELETETHIS.net> wrote in
message news:ePsM9yD$IHA....@TK2MSFTNGP04.phx.gbl...
--
"Barkley Bees" <bark...@nomail.com> wrote in message
news:O2$o20B$IHA....@TK2MSFTNGP03.phx.gbl...
Mark Heitbrink [MVP]
> I found one bug in GPP - ODBC configuration not working.
It is!
The "error" (if you like to call it that way) is inside the MS SQL Driver.
The driver itself does not allow a scripted user password for security
reason, if you are using SQL Auth + Password.
So the driver can not script passwords, the GPP must fail.
It is not a error, it is security and makes sense.
There is no reason for using SQL Auth, use Windows Auth and Windows User.
Thats the trick.
But Access and a lot of the other ODBC drivers allow scripted passwords
and it works perfectly. The passwords are crypted by 256Bit AES.
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Discuss : www.freelists.org/list/gpupdate
Rytis
I got an response from MS support team that it is a bug, when I opened case
with MS.
Mark, maybe you can provide step-by-step guide how to configure ODBC with
GPP?
Thanks.
"Mark Heitbrink [MVP]" <spam...@gruppenrichtlinien.de> wrote in message
news:%234FLOxG$IHA....@TK2MSFTNGP05.phx.gbl...
Mark Heitbrink [MVP]
Rytis schrieb:
> I got an response from MS support team that it is a bug, when I opened case
> with MS.
It愀 not a bug, its just fu****g tricky ;-)
> Mark, maybe you can provide step-by-step guide how to configure ODBC with
> GPP?
The easiest way to go:
- create an ODBC connection manually in the admnistrative tools
- on this system, where you configured succesfully the connection
open GPMC and the GPEditor
- GPP -> Datasource -> create a new one.
- If you use the browse button on databasename (DSN) you can choose
the manually created one
We now have the idea, that it should work perfectly, but it does not :-(
Some more steps to do:
- drag慨悲rop the configuration to your desktop, so that you can
edit the XML File
- after d慨悲, delete the entry in GPP
- edit the XML an delete -> username="" cpassword="" from configuration,
because these "empty/wrong" flags are giving the "data sources
0x80070057" error. The problem is, because of the not scriptable
password in MS SQL Driver. Acces/MySQL whatever will work :-)
Sample XML prior editing:
--- MyDatabaseConnection.xml ---
<?xml version="1.0" encoding="utf-8"?>
<DataSource clsid="{5C209626-D820-4d69-8D50-1FACD6214488}"
name="MyDatabaseConnect" image="2" changed="2008-08-14 09:20:16"
uid="{89CD5CC2-6C10-4A0F-83E7-AFB3BBA1064A}" userContext="0"
removePolicy="0"><Properties action="U" userDSN="0" dsn="MyDatabaseConnect"
driver="SQL Server" description="none" username=""
cpassword=""><Attributes><Attribute name="SERVER"
value="DBServer-01"/><Attribute name="DATABASE"
value="NameOfDatabase"/><Attribute name="TRUSTED_CONNECTION"
value="Yes"/></Attributes></Properties></DataSource>
--- MyDatabaseConnection.xml ---
After editing:
--- MyDatabaseConnection.xml ---
<?xml version="1.0" encoding="utf-8"?>
<DataSource clsid="{5C209626-D820-4d69-8D50-1FACD6214488}"
name="MyDatabaseConnect" image="2" changed="2008-08-14 09:20:16"
uid="{89CD5CC2-6C10-4A0F-83E7-AFB3BBA1064A}" userContext="0"
removePolicy="0"><Properties action="U" userDSN="0" dsn="MyDatabaseConnect"
driver="SQL Server" description="none"><Attributes><Attribute name="SERVER"
value="DBServer-01"/><Attribute name="DATABASE"
value="NameOfDatabase"/><Attribute name="TRUSTED_CONNECTION"
value="Yes"/></Attributes></Properties></DataSource>
--- MyDatabaseConnection.xml ---
- d慨悲 the XML into your blank config of Data Sources in GPEditor
DO NOT TOUCH THE SETTING INSIDE THE GUI ANYMORE!
Or if you do, delete username="" cpassword="" again. If you open the
setting, the deleted entries will be written again and causing the
error again.
Florian Frommherz [MVP]
Mark Heitbrink [MVP] wrote:
> The easiest way to go:
> [explanation]
May I quote the whole part and use it as a blog posting? ;)
Mark Heitbrink [MVP]
Florian Frommherz [MVP] schrieb:
> May I quote the whole part and use it as a blog posting? ;)
Aber siescher datt!
