IT Consultant Everyday Notes

Just some problems/solutions storage

Category Archives: GPO

IE 11: How to use an IE Enterprise Mode site list, located on a local drive

Microsoft has a nice article about Interprise Mode implementation.

Unfortunately an example for a local file location is wrong. You should put the following value in your GPO:

basically:    “sitelist”=file://c:\Users\<user>\Documents\testList.xml   instead of “SiteList”=file:///c:\\Users\\<user>\\Documents\\testList.xml “ as in the article.


for example:


How to add a group to Local Administrators (without wiping out)


1. Create a global security group

2. Create a GPO for ‘Restricted Group’ and add the new group there

3. in properties of the Group in GPO select “member of another group” and select Administrators (Built-in group)

4. Update GPO on target machines

5. Populate the group with accounts you want to be Local Admins


more details here

SCCM 2012: Force SCCM Client Site assignment

SCCM 2012 Client is smart enough to do not connect to pre-2012 site servers even being set with SMSSITECODE=AUTO. In reality it may happen even when you specifically set the site name but have pre-2012 sites in the same boundaries.

Of course, the best solution is do not have overlapping boundaries for sites (at least for site assignment, as it is supported in 2012 now), but in some situations (especially during migration) it is not possible unfortunately…

Another approach is to force SCCM Client Site assignment via GPO.

Microsoft provides us with two templates located on installation media in \SMSSETUP\Tools\ConfigMgrADMTEmplates folder. One of them is used to force site assignment to SCCM Client. The idea is to use this template to create a GPO with WMI filters to get it applied to machines with SCCM 2012  client installed only.

1. Create a new GPO and Add Admin Template to it:


2. Enable the site assignment settings and save the GPO


3. Create WMI filter and assign it to the GPO. Note: the filter looks for the ccmexec.exe file in c:\Windows\CCM folder. If you have the Client installed somewhere else please change accordingly.



4. Link the GPO to an OU containing your computers

5. Run GPRESULT (GPRESULT –r for Windows 7) to see if GPO is applied