For classroom machines – The JUST, SHUT UP WILL YOU, group policy!

While many of the Windows Server 2012 R2 and Windows 8.1 default policies are good (somewhat) for production environment, they will sure mess up your classroom virtual labs when doing trainings. Here is a list of settings I use for my classroom virtual machines, and sometimes the Hyper-V hosts, to prevent most of the annoying interruptions, and to make them slightly more faster.

And, yes, I initially did think have a stronger name for the title in mind, but settled for a more politically correct wording 🙂

Download a backup of the JUST, SHUT UP group policy

bequiet300x300
Windows, be quiet..

Mandatory Settings

Most of the settings I use for the classroom virtual machines come from a domain wide policy, others are configured at deployment time. Here is the list:

  • Disable "Configure Automatic Updates"
  • Maximum password age: 0   (password never expire)
  • Configure Folder Options (show path, show hidden files, show file extensions)
  • Disable IE Enhanced Security Configuration
  • Never lock the screen (done by disabling the "Turn off the display (on battery)", and "Turn off the display (plugged in)" policies under System/Power Management/Video and Display Settings.
  • System Performance Settings set to "Adjust for best performance"

In addition to the above group policy settings, I also disable the Automatic Maintenance task using the command described in my Automatic Maintenance in Windows Server 2012 R2 causes high CPU load! – Deployment Research post.

Optional Settings

It's depending on the training, but I often enable these features as well:

  • Enable Remote Desktop
  • Enable Remote Administration
  • Enable File and Printer sharing

Injecting the policy from the hyper-v host

Here is a PowerShell script that injects the "JUST, SHUT UP" policy on the domain controller, directly from the Hyper-V host.

# Check for elevation
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
    [Security.Principal.WindowsBuiltInRole] "Administrator"))
{
    Write-Warning "Oupps, you need to run this script from an elevated PowerShell prompt!`nPlease start the PowerShell prompt as an Administrator and re-run the script."
    Write-Warning "Aborting script..."
    Break
}
 
Write-Host "PowerShell runs elevated, continuing..."
 
# Set credentials and allow remote administration via PowerShell to all hosts
Write-Host "Set credentials and allow remote administration via PowerShell to all hosts"
winrm set winrm/config/client '@{TrustedHosts="*"}'
$Username = VIAMONSTRA\Administrator'
$Password = '[email protected]'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass
 
# Configure a domain policy allow remote administration
Write-Host "Configure a domain policy allow remote administration"
net use \\DC01\C$ /u:$Username $Password
Copy-Item .\DA-LAB-GPO \\DC01\C$\Setup\DA-LAB-GPO -Recurse
Invoke-Command -ComputerName DC01 -Credential $Cred -ScriptBlock {Import-GPO -BackupId CAD14E84-C3C1-440D-960A-C58F9D1BB9D5 -Path C:\Setup\DA-LAB-GPO -TargetName 'Deployment Artist LAB Settings' -CreateIfNeeded}
Invoke-Command -ComputerName DC01 -Credential $Cred -ScriptBlock {New-GPLink -Name 'Deployment Artist LAB Settings' -Target "dc=corp,dc=viamonstra,dc=com"}

/ Happy Deployment, Johan

About the author

Johan Arwidmark

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

>