Windows 2008 has built in policy GPO for wireless setting management.
You can configure your network setting using Certificates. It is the most recommended and secure way
But if you like to deploy the wireless settings using static key, you will have to use other way.

The steps bellow describe the way to deploy Wireless LAN settings with a Pre-Shared Key
The purpose is to Automate Adding Wireless Profile in Windows.

Preparations

• Configure Wireless settings on one workstation
• from command prompt run
  netsh wlan export profile name="NameOfyourProfile" folder=c:temp interface="wirelesssettings”
• Confirm that under c:temp you have wirelesssettings.xml file
• Open wirelesssettings.xml file locate the following line
  <protected>true</protected>
• Change it to <protected>false</protected>
• Under you will see encrypted line <keyMaterial>01000000D08C9DDF0115D1118</keyMaterial>
• Change it to your key like that <keyMaterial>Yourkey</keyMaterial>
  

  Note: It means that your wireless key will be in clear text and everyone who has access to the file will be able to read your wireless key"

Deployment

• Copy your wireless settings xml file to NETLOGON
• Create a bat or cmd file with the following line
  netsh wlan add profile filename="\yourserverNETLOGONwirelesssettings.xml" user=all
• Run the bat file from some domain member computer and confirm that it works

After finishing all steps above you can deploy the script from GPO

Note: Setting are applicable for Windows Vista Windows 7 and Windows 2008 Only

In Previous version we used to work with CPL File Names  to define which one of control panel applets will be displayed.

In order to make it work Use Canonical names instead.
It should Look like that

You can get the full list from here

There is no 100% foolproof  solution that blocks local admin users access the option of disjoining their computer from domain , but you can make it harder to get to system menu.

I remove the "properties" from when you right click on my computer.
Then i also remove system applet from control panel menu ,and disable registry editing.

To disable right click on my computer go to Group Policy.
Navigate to  User Configuration>Administrative templates>Desktop
Locate “Remove Properties from the My Computer context menu” and set it to “Enable”

You should check also How disable  Right Click Properties on my computer on windows 7/Vista

Than navigate to User Configuration>Administrative templates>Control PanelLocate “Hide specified Control Panel applets”Set it to “Enabled” and add Sysdm.cpl to the list of disallowed Control Panel applets.

To block Sysdm.cpl  from executing

Navigate to User Configuration>Administrative Templates>System

Navigate to “Don’t run specified Windows application” set it to “Enabled” and add Sysdm.cpl  to the list of disallowed applications

• Open Group Policy Editor:
• Link Policy to relevant OU
• Navigate to User Configuration>Administrative Templates>Start menu and taskbar.
• Edit “Prevent Changes to Taskbar and Start Menu Settings”
• Set it to enable
  
• Pres OK

Note: To enforce group policy: Navigate to Start>Run type gpupdate /force and hit Enter

Recently I installed 2 2008 terminal servers , and when I started configuring them I realized that I can’t use lot of new features that are available only via 2008 Group Policy . The network was 2003 , and adding or upgrading current DC to 2008 domain controller rises project costs ( 2008 CAL’s for entire domain ) I had to look for other solution .

Since windows 2008 GPO templates changed their format from ADM to ADMX I couldn’t import windows 2008 templates to windows 2003 DC.

So here how you solve this.

You must use Vista +sp1 Desktop

First , you need to extend your schema to 2008
The first schema updates need to be applied to the Active Directory Forest. In order to apply them you need to run the adprep application from the domain controller that holds the schema role master. To run the forest schema updates use the following command: adprep /forestprep

Once the forest updates have been updates, the next step is to run the adprep for each domain in the forest. This should be run on the domain controller that holds the Infrastructure operations master role. The command to run is: adprep /domainprep

After you finish with with schema expansion

Go to your Vista desktop.
Download RSAT tool for vista x64 and for vista x86 and install it

After instalation is completed.

• Go to Control Panel click on Program & Features
• Locate and click on Turn Windows features on or off
• Install relevant Feature Administration and Role Administration tools (For group policy install Group Policy Management Tools)

Now you can use all Windows 2008 and Vista  GPO goodies on your windows 2003 domain .

When user is trying to save attachment from outlook or save word/excell file usualy hi is directly redirected to his “My Documents”  folder set in his profile.
When you work on Terminal server and want to restrict C: drive access it becomes a problem . User receives multiple errors when he try’s to save file or email attachment.

• To change default save location for office applications via GPO you first must download office 2007 GPO ADM to your Domain Controler .
• Extract files to a local folder.
• Go to group policy by running gpo.msc from run.
• Navigate to User Configuration Administrative Templates.
• Pres Right Click on Administrative Templates and chose “Add/Remove templates”
• Press on “Add” and navigate to localy extracted ADM file.
• Now you should see Office 2007 settings in GPO.

To change default save location for for Excell 2007

• Navigate to Microsoft Office Excell 2007Excell OptionsSave
• On the right menu locate “Default file location” change setting to enabled and insert your save path.

To change default save location for for Power Point 2007

• Navigate to Microsoft Power Point 2007Power PointOptionsSave
• On the right menu locate “Default file location” change setting to enabled and insert your save path.

To change default save location for for Project 2007

• Navigate to Microsoft Power Project 2007Tools | OptionsSaveFile Locations
• On the right menu locate “Projects and User Templates ” change setting to enabled and insert your save path.

To change default save location for for Word 2007

• Navigate to Microsoft Word 2007Word OptionsAdvancedFile Locations
• On the right menu locate “Default file location ” change setting to enabled and insert your save path.

Outlook 2007 is little bit tricky you can’t set options via Outlook GPO , you can do that via registry or by changing default system “save in” location.

To change Outlook 2003/2007  save path via registry

• Follow Microsoft Article KB:823131

To change default system “save in” location.

• In group policy go to User Configuration Administrative TemplatesWindows ComponentsWindows Explorer
  Common Open File Dialog
• Click on “Items displayed in Places Bar”
• Add your Save Location. for example servernamesharename ( It can be mounted I: folder)
  
  

Disable sound in RDP not working in Windows Terminal Services

OK, the same bug was in Windows 2003sp1 terminal server, MS fixed it in SP 2.
The problem is that even after you disable sound redirection via GPO you still got beeps on error messages.

I found a way to fix it.

• Click Start, click Run, type regedit, and then click OK.
• Locate and edit  the following registry subkey:HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminal Server
• On the Edit menu, point to New, and then click DWORD Value.
• Type DisableBeep, and then press ENTER.
• Right-click DisableBeep, and then click Modify.
• In the Value data box, type 1, and then click OK
• Quit Registry Editor.
• Click Start, click Run, type services.msc and hit enter button.
• Locate Terminal Services service and press restart (That will drop all users connected to TS server)
• Reconnect to terminal server

Note You can disable the MessageBeep function by changing the value to 1 to enable back change to 0.

To disable the Security tab from Windows 2000/XP Professional-based workstations that are members of a Windows 2000/2003 domain:

1. Start Active Directory Users and Computers.
   
2. Right-click the domain, and then click Properties .
   
3. Click the Group Policy tab on the domain properties dialog box to view the default domain policy.
   
4. Click New . New Group Policy Object should appear in the list of objects. Rename this Policy to Remove Security Tab . Make sure this policy is positioned directly under the default domain policy.
   
5. Click Remove Security Tab , and then click Edit to start the Group Policy Editor.
   
6. Expand Computer Configuration, Windows Settings, Security Settings, and then click Registry .
   
7. Right-click in the left pane, and then click Add Key .
   
8. Paste the following key in the text box, and then click OK :
   CLASSES_ROOTCLSID{1F2E5C40-9550-11CE-99D2-00AA006E086C} Note that there may be a delay before you can proceed to the next step, and this is normal.
   
9. The Database Security Editor appears. You need to add the user or group that you want the Security tab to be removed from.
   
10. Change the permission on this key for the users and/or groups that you added in the previous step to “Deny Read.” This prevents the user from being able to instantiate the needed components to display the Security and Sharing tabs. Click OK twice to complete the settings and exit the Group Policy Editor.
    
11. Click New . New Group Policy Object should appear in the list of objects. Rename this Policy to Remove Sharing Tab . Make sure this policy is positioned directly under the default domain policy.
    
12. Click Remove Security Tab , and then click Edit to start the Group Policy Editor.
    
13. Expand Computer Configuration, Windows Settings, Security Settings, and then click Registry .
    
14. Right-click in the left pane, and then click Add Key .
    
15. Paste the following key in the text box, and then click OK :
    CLASSES_ROOTCLSID{40dd6e20-7c17-11ce-a804-00aa003ca9f6} Note that there may be a delay before you can proceed to the next step, and this is normal.
    
16. The Database Security Editor appears. You need to add the user or group that you want the Security tab to be removed from.
    
17. Change the permission on this key for the users and/or groups that you added in the previous step to “Deny Read.” This prevents the user from being able to instantiate the needed components to display the Security and Sharing tabs. Click OK twice to complete the settings and exit the Group Policy Editor.