Tag Archives: Group Policy

Disable Windows 10 First Sign-in Animation

  1. Run the Local Group Policy Editor (Start > type gpedit.msc)
  2. Navigate to Computer Configuration > Administrative Templates > System

  3. Select Logon

  4. Double-click Show first sign-in animation
  5. In the Show first sign-in animation windowselect Disabled and click OK
  6. Close the Local Group Policy Editor

Restrict Access to Only Email/OWA Access

An existing user in a Windows domain was moving companies (to a parent company) that is not part of the infrastructure.  After the employee left his account was to be terminated but still be able to access email only, so no login/remote access to systems, computers on the network.

By disabling the account, this would prevent authentication for Exchange needs so I couldn’t do that.

Create a Security Group

I created a new Security Group, Email Only.

2014-08-06_092620

I added this specific user to the newly created Security Group.

2014-08-06_092640

Create a Group Policy

Next, I created a new Group Policy for the domain and applied it to the Computers OU.

Group Policy:  Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny Log on Locally

2014-08-06_092519

I modified Deny Log on Locally policy and added my newly created Security Group, Email Only.

2014-08-06_092818

Testing

To test functionality, I logged on as an administrator to a PC in the domain and ran gpupdate /force.  This updates the group policy on that computer.  Then I logged off and tried logging back on as the user that I added to the Security Distribution Group.  Login failed, so this worked.

Next, I tested OWA, Outlook Anywhere, and Outlook.  I was able to successfully authenticate and send/receive email without an issue.

Now this user has access to OWA and Outlook Anywhere or Outlook without the ability to log on locally to a computer in the domain.

 

Disable Address Bar in IE8

Working on some thinstations with XP/IE8 today and needed to implement removal of Address/NavBar and could not find it in the GPO.  Came across someone who created the magic and I will share this information.

NOTE: There is an extra line feed at the bottom; make sure you include this in your file. =)

Create a new file in notepad and save the following as DisableIENav.adm, for example…

class user

category IESettings

policy "disable/hide IE command bar"
keyname "softwarepoliciesmicrosoftinternet explorertoolbarsrestrictions"
explain "here is the explaination"
valuename "NoCommandBar"
valueon numeric 1
valueoff numeric 0
end policy

policy "disable/hide IE nav bar"
keyname "SoftwarePoliciesMicrosoftInternet ExplorerToolbarsRestrictions"
explain "here is the explaination"
valuename "NoNavBar"
valueon numeric 1
valueoff numeric 0
end policy

end category