Windows 2008 has built in policy GPO for wireless setting management.
You can configure your network setting using Certificates. It is the most recommended and secure way
But if you like to deploy the wireless settings using static key, you will have to use other way.

The steps bellow describe the way to deploy Wireless LAN settings with a Pre-Shared Key
The purpose is to Automate Adding Wireless Profile in Windows.

Preparations

• Configure Wireless settings on one workstation
• from command prompt run
  netsh wlan export profile name="NameOfyourProfile" folder=c:temp interface="wirelesssettings”
• Confirm that under c:temp you have wirelesssettings.xml file
• Open wirelesssettings.xml file locate the following line
  <protected>true</protected>
• Change it to <protected>false</protected>
• Under you will see encrypted line <keyMaterial>01000000D08C9DDF0115D1118</keyMaterial>
• Change it to your key like that <keyMaterial>Yourkey</keyMaterial>
  

  Note: It means that your wireless key will be in clear text and everyone who has access to the file will be able to read your wireless key"

Deployment

• Copy your wireless settings xml file to NETLOGON
• Create a bat or cmd file with the following line
  netsh wlan add profile filename="\yourserverNETLOGONwirelesssettings.xml" user=all
• Run the bat file from some domain member computer and confirm that it works

After finishing all steps above you can deploy the script from GPO

Note: Setting are applicable for Windows Vista Windows 7 and Windows 2008 Only

In Previous version we used to work with CPL File Names  to define which one of control panel applets will be displayed.

In order to make it work Use Canonical names instead.
It should Look like that

You can get the full list from here

In System properties window you can various information about  Windows system .
You may wish to block it to prevent users from accessing it  and do changes.

You can easily disable access to My Computer context menu through AD Group Policy.
This solution doesn’t block access to menus, only hides it from right click. Menu  can still be accessed Windows key + Pause/Break key.

To disable it Open Group Policy Manager
Navigate to User Configuration > Policies > Administrative Templates > Desktop
Double Click on “Remove Properties from the Computer icon context menu” and change it to “Enabled”

Windows 7 Trial Download

There is no 100% foolproof  solution that blocks local admin users access the option of disjoining their computer from domain , but you can make it harder to get to system menu.

I remove the "properties" from when you right click on my computer.
Then i also remove system applet from control panel menu ,and disable registry editing.

To disable right click on my computer go to Group Policy.
Navigate to  User Configuration>Administrative templates>Desktop
Locate “Remove Properties from the My Computer context menu” and set it to “Enable”

You should check also How disable  Right Click Properties on my computer on windows 7/Vista

Than navigate to User Configuration>Administrative templates>Control PanelLocate “Hide specified Control Panel applets”Set it to “Enabled” and add Sysdm.cpl to the list of disallowed Control Panel applets.

To block Sysdm.cpl  from executing

Navigate to User Configuration>Administrative Templates>System

Navigate to “Don’t run specified Windows application” set it to “Enabled” and add Sysdm.cpl  to the list of disallowed applications

Error c1038a21 appears when you try to view properties of public folder system folder – Schedule + free busy or offline address book folder

Microsoft have a article on how to fix it , but in there guide they recommend usage of Information Store Viewer (MDBVu32).

I prefer to use PFDAVAdmin that can be downloaded from here it is much easier .

1. Run PFDAVAdmin
2. Press on file>connect
3. Fill your DC settings like on screenshot bellow (don’t forget to select public folders)
   
4. Navigate to problematic folder – schedule free busy for example
   
5. Right click on it and chose “property editor”
   
6. Select PRF_PF_PROXY from property dropdown
   mark clear and press execute.
   

That’s it, that should fix the problem.

The issue occurs when you are trying to create mailbox for new user using ADUC in Exchange 2003
By Microsoft the reason for the issue is : After upgrade of the forest to a 2003 native mode functional level, the Recipient Update Service may overwrite the value of the homeMDB attribute for new Microsoft Exchange Server 2003 users.

To fix the issue:

1. Open ADSI Edit.
2. Double-click the Configuration container
3. Expand CN=Services
4. Expand CN=Microsoft Exchange,
5. Expand CN=<Your ExchangeOrganizationName>.
6. Click CN=System Policies.
7. In the right pane, right-click CN=Mailbox Enable User, and then click Properties.
8. Scroll down to select the purportedSearch attribute, and then click Edit.
9. Clear the attribute, and then use the following filter to configure the attribute:
   (&(objectCategory=person)(objectClass=user)(mailnickname=*)(homeMdb=*))
10. Click OK .

Solution was been created with the help of the following article:http://technet.microsoft.com/en-us/library/aa998426.aspx

note:You must enter the attribute without any spaces, exactly as it is.

Finding Disabled Users:

get-qaduser –disabled

Create a new Active Directory user:

new-QADUser -name '<User CN>' -parentContainer '<Parent DN>' -UserPassword
'<Password>' -FirstName '<User First Name>' -LastName '<User Last Name>'
-UserPrincipalName '<User UPN>'

Create multiple users in Active Directory:

$parentDN = “<ParentDN>" $strPass = “userPaswd” For ($i = 1; $i -le 1000; $i++) { $strUserName = “User” + $i New-QADUser -name $strUserName -parentContainer $parentDN -UserPassword $strPass }

Modify Attributes for several users:

$strfileServer = "\Servername"
$objOU = [ADSI] "LDAP://<OU DN>"
$objOU.psbase.Children |% {
    $uac = [int](($_.userAccountControl).ToString())
    if (($_.objectClass -eq "user") -and (($uac -band 2) -eq 0))
    {
        $_.put("homeDirectory", $strFileServer + $_.sAMAccountName)
        $_.SetInfo()
    }
}

Delete user in Active Directory

remove-QADObject -identity <User DN>

Set user profile in Active Directory

get-QADUser -identity "<User DN>" |
set-QADUser -HomeDirectory '\ServernameKatrin' -HomeDrive
'H:' -ProfilePath '\server1profilesjsmith'
-scriptpath '\dcnamenetlogonlogonscript.vbs'

Move User to other OU

move-QADObject -Identity <UserDN> -NewParentContainerName <New OU DN>

Find Locked User Accounts

Get-QADuser -locked

Unlock User Account

Unlock-QADUser -Identity <UserDN>

Retrieve Password lockout policy

Get-QADObject domainname.com | format-list Name, *password*, *lockout*

$dcname = <DomainDNSName>
$newSite = "NewSite Name"
$context = New-Object
System.DirectoryServices.ActiveDirectory.DirectoryContext(‘DirectoryServer’, $dcname)
$dc =
[System.DirectoryServices.ActiveDirectory.DomainController]::getDomainController ($context)
$dc.MoveToAnotherSite($newSite)

Where DomainDNSName – Enter your DNS domain name

To move windows group to other domain download ADMT Tool

1. Install Active Directory Migration Tool
2. Open the ADMT MMC snap-in it is located in Administrative Tools.
3. Chose source and destination domains and click Next.
4. On the Group Selection screen, chose the group that you want to migrate and click Next.
5. On the next screen, select Browse and locate the desired OU.
6. On the Group Options screen, select one or more of the following and click Next:

   Update user rights: Copies any user rights that are assigned in the source domain to the target domain.

   Copy group members:Specifies whether the user objects that belong to the group should be migrated along with the group.

   Adds the security identifiers (SIDs) of the migrated group accounts in the source domain to the SID history of the new group in the target domain.

• On the Naming Conflicts screen, select whether you want to migrate group objects that conflict with objects in the target domain and click Next.
• Follow the remainder of the wizard to complete the migration.

If you want to redirect domain user folders to NTFS or Storage share, you need to set the permissions like in the list bellow:

Creator Owner => Full Control on “Subfolders and Files Only”

Security group of users needing to put data on share => List Folder/Read Data, Create Folders/Append Data  on “This Folder Only”

System =>  Full Control, on “This Folder, Subfolders and Files”

In addition you can add Domain Admins security group to have permissions on user folders:

• Open Group Policy Management
• Navigate to Computer Configuration>Administrative Templates>System>User Profiles
• Set “Add the Administrator security group to the roaming user profile share” to enabled