GPO – Blogs Created by Daag van der Meer

HP Smart Scan with VPN Connected.

Change Network Settings in Group Policy Editor

To do this, follow the guidelines below:

Open Run dialog box: click Win Key + R.
In the box, type in gpedit.msc and click OK to open Group Policy Editor.

In the gpedit’s window, double-click on Computer Configuration.
Select Administrator Templates > Network > Network Isolation.
Enable the following policies: Subnet Definitions are authoritative and Private Network ranges for apps.
Input your internal IP-subnet range: 10.0.0.0/8.
Save changes and close the program.
Restart PC.

There you go, these are some simple methods that you can try if your VPN blocks Microsoft Store apps on your PC.

If our solutions didn’t work for you, try disabling your VPN temporarily or consider switching to a different VPN client.

Enable Pin code and/or fingerprint login

Go to start -> Settings

Go to Account

On the left side Sign-in Options

Now you can setup Fingerprint and/or pin code.

Enable Windows Update “Features on Demand” and “Turn Windows features on or off” in WSUS Environments

I Found this website very usefull and searched long for this.

Enable Windows Update “Features on Demand” and “Turn Windows features on or off” in WSUS Environments

If you are running Microsoft Windows in a domain environment with WSUS configured, you may notice that you’re not able to install some FODs (Features on Demand), or use the “Turn Windows features on or off”. This will stop you from installing things like the RSAT tools, .NET Framework, Language Speech packs, etc…

You may see “failure to download files”, “cannot download”, or errors like “0x800F0954” when running DISM to install packages.

To resolve this, you need to modify your domain’s group policy settings to allow your workstations to query Windows Update servers for additional content. The workstations will still use your WSUS server for approvals, downloads, and updates, however in the event content is not found, it will query Windows Update.

Enable download of “Optional features” directly from Windows Update

Open the group policy editor on your domain
Create a new GPO, or modify an existing one. Make sure it applies to the computers you’d like
Navigate to “Computer Configuration”, “Policies”, “Administrative Templates”, and then “System”.
Double click or open “Specify settings for optional component installation and component repair”
Make sure “Never attempt to download payload from Windows Update” is NOT checked
Make sure “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)” IS checked.
Wait for your GPO to update, or run “gpupdate /force” on the workstations.

Please see an example of the configuration below:

Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)

You should now be able to download/install RSAT, .NET, Speech language packs, and more!

Windows 10 Professional 1703 – Turn Off Automatic Installation of Suggested Apps

For Windows 10 Professional it is not possible to do this with GPO. So add in the GPO this to the register.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager

SilentInstalledAppsEnabled DWORD
0 = Disable
1 = Enable

I Also disabked PreInstalledAppsEnabled

Located HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager

PreInstalledAppsEnabled DWORD
0 = Disable
1 = Enable

Install Notepad++ with GPO

For a different company I needed to install Notepad++ on some systems.

Created AD group. Created a Share. Give rights to the AD group.
In the ad Group place the computers.

Created GPO and rights to the AD group only.
Added the script in startup scripts in the computer configuration.

@echo off
REM #########################################
REM ##### Created by Daag van der Meer #####
REM ##### Blog.van-daag.nl             #####
REM ##### Filename NPPInstall.cmd      #####
REM #########################################
PING 1.1.1.1 -n 1 -w 900 >NUL

SET LOGLOC=%Systemdrive%\logs


REM ############### Create Log Dir ###################
mkdir %LOGLOC%
attrib +s +h %Systemdrive%\logs
GOTO INSTALL

:INSTALL
REM ######## Check NPP Installed #############
set Logfile=%LOGLOC%\NPPfile.log
if not exist "%Logfile%" (
echo NPP is Installed on %date% at %time% >> %LogFile%
GOTO NPPSTART)

GOTO END

:NPPSTART

if exist "%programfiles%\Notepad++\uninstall.exe" GOTO END

if exist "%programfiles(x86)%\ Notepad++\uninstall.exe" GOTO END

start /wait \\<SERVER>\<SHARE>\npp.7.4.2.Installer.exe /S



:END

Policy Windows 10 – Project to this PC

How to disable the Project to this PC feature in Windows 10 1607

Using GPO, you can disable Project to this PC in the UI by settings the GPO setting Don’t allow this PC to be projected to to Enable. This settings is located under Computer configuration > (Policies) > Administrative templates > Windows Components > Connect

Policy Windows 10 – Mobile hotspot

How to disable the Mobile hotspot feature in Windows 10 1607

Using GPO, you can disable Mobile Hotspot in the UI by settings the GPO setting Prohibit use of Internet Connection sharing on your DNS domain network to Enabled. This settings is located under Computer configuration > (Policies) > Administrative templates > Network > Network Connections.