Microsoft accounts that are associated to domain accounts can help users (or network administrators) to transfer settings of their workplace between computers. For administrators it is also possible to disable the ability to use Microsoft accounts with Group Policy. The Group Policy setting used to disable Microsoft account use is named Accounts: Block Microsoft accounts, and the setting is found in Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options. You can choose from three different settings: This policy is disabled: If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows. Users can’…
All posts in Group Policy
A common question in forums about Group Policy Objects is how to exclude (deny) a GPO for certain users or a security group. However, there are multiple other ways to have the GPO only apply to certain users (link only to certain OUs, security filtering, item-level targeting, etc), the method shown in this post should only be used as a last resort. First open Group Policy Management from the Server Manager Tools or Administrative Tools. Select the GPO that need some exclusions and open the Delegation tab. Click on Advanced… Click on Add… Select the Active Directory objects for which…
You got a virusscanner and maybe also some other mitigation tools to protect your or company computers, but still viruses and malware can get thru into the system. Here is a method to create an extra layer of defense for your systems. We’ll be using Software Restriction Policies that can be found in the Local Security Policy for standalone PC’s or in the Group Policy Management for domain joined systems. We will be gonna use this for blocking executables from %APPDATA% and %USERPROFILE% directories, but also from compressed archives that can be mailed with an executable…