In Previous version we used to work with CPL File Names  to define which one of control panel applets will be displayed.

In order to make it work Use Canonical names instead.
It should Look like that

You can get the full list from here

Related Articles

• How to apply Windows 2008 gpo when you have 2003 DC’s only (8)
• Update KB931836 fails to install (0)
• Windows 7 Search in Start Menu bar is broken (0)
• Prevent users from disjoining from domain using GPO (0)
• Prevent users from deleting start menu items via GPO (0)
• Windows Vista Telnet Is Missing (0)
• Reset and Fix Windows Vista default file extention type associations (3)
• Windows Control Panel Applets (0)
• Change default save as location for Office 2007 via GPO (0)
• Terminal Server 2008 Sounds and Beeps on errors (0)

You can easily disable access to My Computer context menu through AD Group Policy.
This solution doesn’t block access to menus, only hides it from right click. Menu  can still be accessed Windows key + Pause/Break key.

To disable it Open Group Policy Manager
Navigate to User Configuration > Policies > Administrative Templates > Desktop
Double Click on “Remove Properties from the Computer icon context menu” and change it to “Enabled”

Windows 7 Trial Download

Read more

• Tips and Tricks for Your BlackBerry Device – Part 1 (25)
• ***** MAKING MEGA VIRUS 2008 DESTROY WINDOWS ***** (25)
• BlackBerry 8320 Curve – Tips & Tricks (25)
• Windows Server 2008 Hyper-V Demo on Quad-Core Intel Xeon (24)
• W32.BAGLE virus – wintems.exe hldrrr.exe srosa.sys (23)
• Add custom field to ADUC- Employee ID (17)
• Exchange 2003 Interview Questions (12)
• How blackberry email reconciliation-(Deleting Emails) works. (12)
• How to configure GMail IMAP for Outlook 2007 (11)
• "The Integrated Remote Console is unavailable; it is already in use by a different client." (9)

There is no 100% foolproof  solution that blocks local admin users access the option of disjoining their computer from domain , but you can make it harder to get to system menu.

I remove the "properties" from when you right click on my computer.
Then i also remove system applet from control panel menu ,and disable registry editing.

To disable right click on my computer go to Group Policy.
Navigate to  User Configuration>Administrative templates>Desktop
Locate “Remove Properties from the My Computer context menu” and set it to “Enable”

You should check also How disable  Right Click Properties on my computer on windows 7/Vista

Than navigate to User Configuration>Administrative templates>Control PanelLocate “Hide specified Control Panel applets”Set it to “Enabled” and add Sysdm.cpl to the list of disallowed Control Panel applets.

To block Sysdm.cpl  from executing

Navigate to User Configuration>Administrative Templates>System

Navigate to “Don’t run specified Windows application” set it to “Enabled” and add Sysdm.cpl  to the list of disallowed applications

Related Articles

• Show only specified Control Panel items GPO doesn’t apply on Windows 2008R2 Terminal Servers (0)
• Windows Control Panel CPL Files list and description (2)
• Top Windows 7 Icons Download Sources (0)
• ***** MAKING MEGA VIRUS 2008 DESTROY WINDOWS ***** (25)
• Windows Server 2008 Hyper-V Demo on Quad-Core Intel Xeon (24)
• Prevent users from deleting start menu items via GPO (0)
• How to apply Windows 2008 gpo when you have 2003 DC’s only (8)
• Change default save as location for Office 2007 via GPO (0)
• Terminal Server 2008 Sounds and Beeps on errors (0)
• Disable File And Folder Sharing, via GPO (5)

Microsoft have a article on how to fix it , but in there guide they recommend usage of Information Store Viewer (MDBVu32).

I prefer to use PFDAVAdmin that can be downloaded from here it is much easier .

1. Run PFDAVAdmin
2. Press on file>connect
3. Fill your DC settings like on screenshot bellow (don’t forget to select public folders)
   
4. Navigate to problematic folder – schedule free busy for example
   
5. Right click on it and chose “property editor”
   
6. Select PRF_PF_PROXY from property dropdown
   mark clear and press execute.
   

That’s it, that should fix the problem.

Related Articles

• Outlook status shows disconnected. (6)
• Outlook 2007 free/busy works slow or could not be retrieved (1)
• How To Install Exchange 2007 (3)
• How To Have Multiple Domain Hosted in Exchange 2003 (Add a Recipient Policy) (0)
• How To Add a Mailbox in Exchange 2003 [adaugare casuta de email] (0)
• Phil Schiller – iPhone and Microsoft Exchange Demo (0)
• New User Mailbox is Created in Wrong Mailbox Store or Storage Group (0)
• How to create new conference room (Meeting Room) resource (0)
• BlackBerry Enterprise Server: Users Not Receiving Messages to Handheld After Mailbox Move (1)
• Exchange 2003 Event log ID:8206 with 0×80150856 Error (0)

To fix the issue:

1. Open ADSI Edit.
2. Double-click the Configuration container
3. Expand CN=Services
4. Expand CN=Microsoft Exchange,
5. Expand CN=<Your ExchangeOrganizationName>.
6. Click CN=System Policies.
7. In the right pane, right-click CN=Mailbox Enable User, and then click Properties.
8. Scroll down to select the purportedSearch attribute, and then click Edit.
9. Clear the attribute, and then use the following filter to configure the attribute:
   (&(objectCategory=person)(objectClass=user)(mailnickname=*)(homeMdb=*))
10. Click OK .

Solution was been created with the help of the following article:http://technet.microsoft.com/en-us/library/aa998426.aspx

note:You must enter the attribute without any spaces, exactly as it is.

Related Articles

• c1038a21 PR_PF_PROXY exchange 2003 public folders error (0)
• How To Install Exchange 2007 (3)
• How To Have Multiple Domain Hosted in Exchange 2003 (Add a Recipient Policy) (0)
• How To Add a Mailbox in Exchange 2003 [adaugare casuta de email] (0)
• Phil Schiller – iPhone and Microsoft Exchange Demo (0)
• How to create new conference room (Meeting Room) resource (0)
• BlackBerry Enterprise Server: Users Not Receiving Messages to Handheld After Mailbox Move (1)
• User can’t receive meeting requests ,updates and cancelations in exchange 2003/2007 (0)
• Outlook status shows disconnected. (6)

get-qaduser –disabled

Create a new Active Directory user:

new-QADUser -name '<User CN>' -parentContainer '<Parent DN>' -UserPassword
'<Password>' -FirstName '<User First Name>' -LastName '<User Last Name>'
-UserPrincipalName '<User UPN>'

Create multiple users in Active Directory:

$parentDN = “<ParentDN>" $strPass = “userPaswd” For ($i = 1; $i -le 1000; $i++) { $strUserName = “User” + $i New-QADUser -name $strUserName -parentContainer $parentDN -UserPassword $strPass }

Modify Attributes for several users:

$strfileServer = "\\Servername\"
$objOU = [ADSI] "LDAP://<OU DN>"
$objOU.psbase.Children |% {
    $uac = [int](($_.userAccountControl).ToString())
    if (($_.objectClass -eq "user") -and (($uac -band 2) -eq 0))
    {
        $_.put("homeDirectory", $strFileServer + $_.sAMAccountName)
        $_.SetInfo()
    }
}

Delete user in Active Directory

remove-QADObject -identity <User DN>

Set user profile in Active Directory

get-QADUser -identity "<User DN>" |
set-QADUser -HomeDirectory '\\Servername\Katrin' -HomeDrive
'H:' -ProfilePath '\\server1\profiles\jsmith'
-scriptpath '\\dcname\netlogon\logonscript.vbs'

Move User to other OU

move-QADObject -Identity <UserDN> -NewParentContainerName <New OU DN>

Find Locked User Accounts

Get-QADuser -locked

Unlock User Account

Unlock-QADUser -Identity <UserDN>

Retrieve Password lockout policy

Get-QADObject domainname.com | format-list Name, *password*, *lockout*

Related Articles

• PowerShell script to find all Local Users on a remote computer (0)
• Exchange 2007 CCR Database Move Examples (0)
• How to update exchange 2007 Offline Address List (0)
• Exchange 2007 ADD Powershell CmdLets (0)
• Move Domain Controller to other site – PowerShell (0)
• PowerShell Script To Create Snapshot of All VMs – Hyper-V (0)
• Rename all Domain Local Administrator Username Via Script (2)
• Windows 2008 Identify all AD admins script (0)
• Find user group membership Powershell script (0)
• Windows programs shortcuts (0)

Where DomainDNSName – Enter your DNS domain name

Related Articles

• 2010 DST updates Exchange Windows and Blackberry (1)
• Exchange 2007 CCR Database Move Examples (0)
• How to update exchange 2007 Offline Address List (0)
• Exchange 2007 ADD Powershell CmdLets (0)
• Find Windows , SQL or Office Product Key (1)
• How to Change and set Default Windows Installation Path (0)
• Useful AD PowerShell Commands (1)
• PowerShell Script To Create Snapshot of All VMs – Hyper-V (0)
• Delete Windows User Profile in Registry (3)
• Folder Redirection to NTFS share Permissions (0)

1. Install Active Directory Migration Tool
2. Open the ADMT MMC snap-in it is located in Administrative Tools.
3. Chose source and destination domains and click Next.
4. On the Group Selection screen, chose the group that you want to migrate and click Next.
5. On the next screen, select Browse and locate the desired OU.
6. On the Group Options screen, select one or more of the following and click Next:

   Update user rights: Copies any user rights that are assigned in the source domain to the target domain.

   Copy group members:Specifies whether the user objects that belong to the group should be migrated along with the group.

   Adds the security identifiers (SIDs) of the migrated group accounts in the source domain to the SID history of the new group in the target domain.

• On the Naming Conflicts screen, select whether you want to migrate group objects that conflict with objects in the target domain and click Next.
• Follow the remainder of the wizard to complete the migration.

Related Articles

• Add custom field to ADUC- Employee ID (17)
• Windows 2008 Server Roles (0)
• How to find and disable Active Directory unused accounts (0)
• Create Group Using PowerShell ADUC, dsadd or admod (0)
• Windows 2008 Identify all AD admins script (0)
• Find user group membership Powershell script (0)
• Migrate Windows 2003 Domain Controler To New Hardware (0)
• Find Active Directory Failed Login Users – Power Shell Script (1)
• Find Email in Active Directory Domain Using CSVDE/LDIFDE (0)
• How to delete a protected OU in ADUC Windows 2008 (7)

Creator Owner => Full Control on “Subfolders and Files Only”

Security group of users needing to put data on share => List Folder/Read Data, Create Folders/Append Data  on “This Folder Only”

System =>  Full Control, on “This Folder, Subfolders and Files”

In addition you can add Domain Admins security group to have permissions on user folders:

• Open Group Policy Management
• Navigate to Computer Configuration>Administrative Templates>System>User Profiles
• Set “Add the Administrator security group to the roaming user profile share” to enabled

Related Articles

• 2010 DST updates Exchange Windows and Blackberry (1)
• Find Windows , SQL or Office Product Key (1)
• How to Change and set Default Windows Installation Path (0)
• Move Domain Controller to other site – PowerShell (0)
• Delete Windows User Profile in Registry (3)
• Prevent users from deleting start menu items via GPO (0)
• Desktop Icon Disappeared? Learn how to restore. (0)
• Manage services from command prompt in Windows XP,Vista,2003,2008 (0)
• Mstsc /console switch is replaced in “Windows Xp+sp 3 – Vista+sp1 and Windows 2008 ” by mstsc /admin (2)
• Terminal Server 2008 Easy Print Feature (0)

Set it to enable

Note: To enforce group policy: Navigate to Start>Run type gpupdate /force and hit Enter

Related Articles

• Terminal Server 2008 Sounds and Beeps on errors (0)
• Show only specified Control Panel items GPO doesn’t apply on Windows 2008R2 Terminal Servers (0)
• 2010 DST updates Exchange Windows and Blackberry (1)
• Prevent users from disjoining from domain using GPO (0)
• Find Windows , SQL or Office Product Key (1)
• How to Change and set Default Windows Installation Path (0)
• Move Domain Controller to other site – PowerShell (0)
• Delete Windows User Profile in Registry (3)
• Folder Redirection to NTFS share Permissions (0)
• Desktop Icon Disappeared? Learn how to restore. (0)