In this article you will learn how to create Group Policy Objects (GPOs) by leveraging the power of Windows Management Instrumentation (WMI).

The traditional method for scoping Group Policy Objects (GPOs) in Windows Server 2008 Active Directory is to perform the following actions:

• Ensure that the GPO is linked to the appropriate Active Directory object (for instance, site, domain, OU)
• Use security filtering to ensure that the GPO affects only specified user and/or computer accounts

Security filtering a GPO

What many Windows systems administrators do not know (or may not want to know due to the learning curve involved) is that we can also use Windows Management Instrumentation (WMI) filtering to dynamically scope Group Policy.

(more…)

This article introduces Group Policy Preferences, explains how they differ from Group Policy settings, compares Preferences to logon scripts, and covers a few Group Policy Preferences gotchas.

The introduction of Group Policy Preferences into Group Policy seems to have quite a few people confused. I think that confusion has been compounded by all of the people who skipped Windows Vista, stayed with Windows XP, and are just now starting to implement Windows 7 on the desktop.

Group Policy Preferences

(more…)

Summary: Yesterday, I gave a brief overview of the Microsoft exam 70-640 subjective "Configuring DNS zone transfer and replication." In today's post I will discuss a sample practice question.

In this blog post we continue our study overview of the Microsoft 70-640 Active Directory Configuration certification exam. More to the point, we have been approaching each exam objective one at a time; today’s subject is Windows Server 2008 DNS zone transfers and replication.

The sample question

You are the administrator of an Active Directory domain named 4sysopslab.com. All servers in the organization run Windows Server 2008 R2, and all client computers run Windows 7.

The 4sysopslab.com domain includes 14 domain controllers, all of which also have the DNS Server role installed. To lighten administrative burden, you decide to create a delegated subdomain named exec.4sysopslab.com and pass the zone management to a subset of the administrative staff. However, you need to ensure that only 3 domain controllers receive the DNS zone data during replication/zone transfer.

(more…)

In this blog post we continue our study overview of the Microsoft 70-640 Active Directory Configuration certification exam. Today’s subject is Windows Server 2008 DNS zone transfers and replication.

The screenshot below shows the relevant section from the 70-640 exam blueprint on configuring DNS zone transfers and delegation.

What we will do here is cover each of the aforementioned bullet points by providing (a) very brief definitions of each technology; and (b) links to relevant Microsoft resources to foster your certification study.

Microsoft Exam 70-640 – Configuring DNS zone transfers and replication

(more…)

The third part in this series about MDT (Microsoft deployment toolkit) covers the basics of Windows deployment.

MDT Workbench

MDT has two main sections within the Workbench: Information Center and Deployment Shares. Information Center contains links to documentation, online links (news), and components, where you download software. The other section is where you can create, populate, and manage deployment shares.

MDT 2012 workbench

(more…)

The second part of the Microsoft Deployment Toolkit (MDT) series describes all the things you need to get started with OS deployment.

Before you even bother installing MDT, I suggest you install the MDT prerequisites listed in the following table, in order. For XP, you also need to install PowerShell.

MDT requirements

(more…)

This series in three parts gives an overview of the Microsoft Deployment Toolkit (MDT) to get started quickly with this free OS deployment toolset.

MDT and WAIK

Microsoft Deployment Toolkit (MDT) is Microsoft’s core tool to automate installing a Windows OS for desktops, servers, and portable or even virtual machines. Ironically, the first thing to about MDT is that it is an iceberg product; underneath the water is 1GB of code from Microsoft called the Windows Automated Installation Kit (WAIK, pronounced “wake”). The WAIK does the bulk of the heavy lifting. MDT itself is a lightweight (25MB) standalone Microsoft management console (mmc) based tool with a comprehensive deployment guide in help-file format.

MDT and WAIK tools

(more…)

In the last post I summarized the content underlying domain 2, section 1 (“Configure a forest or a domain”) in the Microsoft 70-640 Active Directory Configuration certification exam blueprint. Today I will provide a sample practice question and a detailed explanation and analysis

You are the administrator of a multi-domain Active Directory forest in which all domain controllers run Windows Server 2003. You want to introduce a new Windows Server 2008 R2 computer as a domain controller into one domain in the environment.

Sample practice question

Which of the following actions should you undertake in order to accomplish your goal?

a. Install the R2 update on all existing Windows Server 2003 domain controllers.

b. Run dcpromo /forestprep on an existing domain controller.

c. Run adprep /domainprep on an existing domain controller.

d. Run admt computer /n on the Windows Server 2008 R2 computer.

(more…)

In this poll, I'd like to find out what role monitoring plays in your network and the kind of tools you are using.

I don’t want to say much more about this poll at the moment because I somehow think that I influence readers with my introductory articles. I think, the questions speak for themselves. So, be a worthy 4sysops citizen and fulfill your voting obligations.

Note that you can select more than one answer. Feel free to tell us what monitoring solution you are using in a comment below.