Monthly Archives: September 2011

How to Change Local Administrator Password with Group Policy


بسم الله الرحمن الرحيم

We will use Group Policy Preferences to set password on local user accounts.

  • Click StartAll programs – Administrative Tools – Group Policy Management.
  • Create or Edit Group Policy Objects.
  • Expand Computer ConfigurationPreferences – Control Panel Settings.
  • Right click on Local Users and Groups – New – Local User.

Note: Group policy update will take 90 min (Default)

If you want change this time follow this method:

  • Expand Computer ConfigurationAdministrative Templates –System – Group policy
  • Enable Group policy refresh interval for computers and set any time you want (Recommended 5 – 10 min)

Or Run this command on clients gpupdate /force

How to Prevent Users from Connecting to a USB Storage Device by Group Policy


بسم الله الرحمن الرحيم

To prevent users from connecting to USB storage devices by group policy

 If a USB storage device is already installed on the computer:

  1.  Click Start –  All programs  – Administrative Tools – Group Policy Management.
  2. Create or Edit Group Policy Objects
  3. Expand Computer ConfigurationPreferencesWindows Settings.
  4. Right click RegistryNewRegistry Item.
  5. General Tab.
  • Action : Update
  • Hive : HKEY_LOCAL_MACHINE
  • Key path : SYSTEM\CurrentControlSet\Services\UsbStor
  • Value name : Start
  • Value type : REG_DWORD
  • Value data : 00000004

Notes: You can apply this method on User Configration too.

If a USB storage device is not already installed on the computer:

  1. Click Start –  All programs  – Administrative Tools – Group Policy Managment.
  2. Create or Edit Group Policy Objects
  3. Expand Computer ConfigurationPolice Windows Settings – Security Settings .
  4. Right click File SystemAdd file or folder.
  5. Browse to this file
  • %SystemRoot%\Inf\Usbstor.pnf
  • assign the user or the group and the local SYSTEM account Deny permissions.

6. Browse to this file too.

  • %SystemRoot%\Inf\Usbstor.inf
  • assign the user or the group and the local SYSTEM account Deny permissions.

     

Restoring All Systems Collection in SCCM 2007


بسم الله الرحمن الرحيم

Sometimes we accidentally deleted important things.I deleted the All System Collection from SCCM 2007 console. I search for restoring the All System Collection with the appropriate ID SMS00001. I found many solutions but this solution is the best one.

Here’s how to restore the All System Collection with the appropriate ID SMS00001

VBS script that will do the restore:

####begin script

strSMSServer = “.”  
strParentCollID = “COLLROOT”   
‘This example creates the collection in the collection root.    
‘Replace COLLROOT with the CollectionID of an existing collection to make the new collection a child.

strCollectionName = “All Systems”  
strCollectionComment = “This is the All Systems Collection.”   
Set objLoc = CreateObject(“WbemScripting.SWbemLocator”)   
Set objSMS = objloc.ConnectServer(strSMSServer, “root\sms”)   
Set Results = objSMS.ExecQuery (“SELECT * From SMS_ProviderLocation WHERE ProviderForLocalSite = true”)

For each Loc in Results  
If Loc.ProviderForLocalSite = True Then   
  Set objSMS = objLoc.ConnectServer(Loc.Machine, “root\sms\site_” & Loc.SiteCode)   
End if   
Next

Set newCollection = objSMS.Get(“SMS_Collection”).SpawnInstance_()

‘Create new “All Systems” collection  
newCollection.Name = “All Systems”   
newCollection.OwnedByThisSite = True   
newCollection.Comment = strCollectionComment   
newCollection.CollectionID = “SMS00001”   
path = newCollection.Put_

‘Set the Relationship  
Set newCollectionRelation = objSMS.Get(“SMS_CollectToSubCollect”).SpawnInstance_()   
newCollectionRelation.parentCollectionID = strParentCollID   
newCollectionRelation.subCollectionID = (“SMS00001”)   
newCollectionRelation.Put_

####end script

How to make this script?

1- Create New Text Document on your Desktop and copy script on New Text Document and save it.

2- Rename New Text Document.txt to RestoringAllSystemsCollection.vbs (.TXT to .VBS)

3- Run the command  C:\Users\administrator\Desktop>cscript.exe “RestoringAllSystemsCollection.vbs”

You will found the All System Collection with the appropriate ID under Collections node in SCCM console. But you will need to import the All Systems query for your membership rules.

Follow these steps to import the All Systems query : 

                            

       

There is an easy way. Re-apply SP2 (or SP1) and the collection will get re-create with the right ID SMS00001

Reference:

http://myitforum.com/cs2/blogs/cnackers/archive/2010/03/17/restoring-deleted-all-systems-collection.aspx