If you’re interested in learning more and seeing if it’s for you, here’s a quick overview of the high-level benefits for keeping it enabled.

• It allows you to personalize your feed and stay up to date
• Get Weather reports for multiple locations throughout the world

Here is the Microsoft Doc for more how to’s with the app.

Remove News and Interests via Group Policy

Option 1 – Being able to disable news and interest via Group Policy (GPO) would be preferred for those who want to commit this change across a group (or all) users in your environment. In my lab I’m running Server 2019 Domain Controllers and the admx template for the settings are not there by default. However, on my Windows 10 20H2 machine running the RSAT tools, the settings are there so you can get by with using a machine with those tools installed. If you’re interested, see how to install RSAT for Windows 10 1903 and Later
 

This is a computer setting so to disable the feature using a GPO, follow these steps as they’re laid out here.

• Edit an existing policy or create a new policy and name it: Disable News and Interest
• Navigate to Computer Configuration -> Administrative Templates -> Windows Components -> News and interests
• Open the setting Enable news and interests on the taskbar to edit policy
• Set the setting to Disabled and click OK
• Deploy the policy as needed. You can also use the local gpedit.msc to make this change on a single computer

Disable News and Interests via Group Policy

Remove News and Interests via Registry

Option 2 – The next option which is just as prominent is to disable News and Interest via Registry.

• Go to Start -> type Regedit to open the local registry edit
• Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Feeds
• Open ShellFeedsTaskbarViewMode to edit the setting
• Set the value to 2 to remove News and Interests

Disable News and Interests via Registry

There are 3 options for that we can set when using the registry.

• 0 – Shows icon and text
• 1 – Show only icon
• 2 – Hide News and Interests

How To Remove Weather From Taskbar Using Powershell

Option 3 – Building on top of our regedit option, here’s a quick snippet to remove News and Interest using Powershell.

#Get Current Setting before change
Get-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds" | select ShellFeedsTaskbarViewMode

#Remove News and Interest Using Powershell
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds" -Name "ShellFeedsTaskbarViewMode" -Value 2

#Get Current Setting after change
Get-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds" | select ShellFeedsTaskbarViewMode

Disable News and Interests using Powershell

Remove Weather From Taskbar Windows 10

Option 4 – Our last option is probably the one that might be the quickest and easiest on a per user basis, but definitely not something that can be scaled across the environment. If you’re wanting to make this change across the environment, the other options would definitely be better suited for this. It does however offer the quickest solution to the problem so that works too.

• Right click the taskbar
• Hover over News and Interest
• Select Turn off

Remove Weather From Taskbar Windows 10

Conclusion

Hopefully this article was able to inform you on the multiple ways for how to remove News and Interests a.k.a remove weather from taskbar in Windows 10. I know for some it can be incredibly annoying and in my opinion I think it’s a little too intrusive for a Enterprise environment.

The post How To Remove News and Interests In Windows 10 appeared first on the Sysadmin Channel.

I’m going to assume in this article that you have the permissions to create/modify Group Policies so that’s not going to be in the scope of this guide. If you have any questions, feel free to drop me a comment and I’ll do my best to get back to you.

Enable Ping Using Group Policy (GPO)

• Open up Group Policy Management Console (GPMC)
• Modify an existing GPO or Create a New Group Policy Object and name it Enable Ping
• Navigate to: Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Inbound Rules and Create a New Rule. Screenshot below

• Select Predefined -> File and Printer Sharing in the New Inbound Rule Wizard

• Select File and Printer Sharing (Echo Request – ICMPv4-In)

• Finally, select Allow the connection and click finish

 
Once that is complete, we just need to give the machines plenty of time to be able to update the policy. To speed up the process you can go on the destination machine and run a gpupdate /force to force the policy update.

The post How To Enable Ping Using Group Policy (GPO) appeared first on the Sysadmin Channel.

This was recently the case for me, I had to block internet access to a Windows 10 user so I decided what a perfect time to share with you the steps that it takes. I should mention that the GPO works for Server 2016 as well as Server 2012R2. It is a user policy and it works with other browsers.
 

How To Restrict Internet Access Using Group Policy (GPO)

Now let’s walk through the steps to restrict internet access using group policy. I’m going to assume you already created the Organization Unit that you want to apply the policy to so we can skip that part.

If you would rather watch how this is configured, there is a video demo at the bottom of this article.

• Open up Group Policy Management Console (GPMC).
• Create a New Group Policy Object and name it Restrict Internet Access.
• Edit and navigate to: User Configuration -> Preferences -> Windows Settings -> Registry and create a New Registry Item.
• There are 4 registry items we need to create/update: ProxyEnable, ProxyServer, ProxyOverride, AutoDetect

The EnableProxy key will check the box to force the browser to use the proxy settings.

• Under the General Tab for the New Registry Properties:
• Action: Update. This will also create the reg key if it doesn’t exist.
• Hive: HKEY_CURRENT_USER
• Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
• Value Name: ProxyEnable
• Value Type: REG_DWORD
• Value Data: 1
• Base: Hexadecimal

Repeat the same steps to create an additional registry item. The ProxyServer will point to the localhost, 127.0.0.1.

• Action: Update.
• Hive: HKEY_CURRENT_USER
• Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
• Value Name: ProxyServer
• Value Type: REG_SZ
• Value Data: 127.0.0.1:80

The next reg key will allow you to bypass the proxy server and let you view sites. Typically, you should allow your own domain name so the users can gain access to internal links and any sub-domains if applicable.

• Action: Update.
• Hive: HKEY_CURRENT_USER
• Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
• Value Name: ProxyOverride
• Value Type: REG_SZ
• Value Data: *theSysadminChannel.com; <local>

The last registry item will disable/uncheck the “Automatically Detect Settings” part.

• Action: Update. This will also create the reg key if it doesn’t exist.
• Hive: HKEY_CURRENT_USER
• Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
• Value Name: AutoDetect
• Value Type: REG_DWORD
• Value Data: 0
• Base: Hexadecimal

With those 4 registry settings implemented it should look like this once it has all been added.

 

Testing the Restrict Internet GPO

Once you add those registry keys you can see that within Internet Explorer -> Internet Options -> Connections -> LAN Settings -> the proxy settings we applied are now set. The only problem is that anyone can come in and simply overwrite the settings. Let’s fix that!

So still within Group Policy let’s navigate to User Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet Explorer set the following.

• Disable Changing Automatic Configuration Settings: Set to Enabled
• Prevent Changing Proxy Settings: Set to Enabled

On a computer with the policy applied you will now see that the same settings are greyed out and the user is getting a proxy server isn’t responding error.

 

Block Internet Access with Group Policy (GPO) Video Demo

 
I hope this post was informative and gave you an easy to follow, step by step guide on How To Restrict Internet Access Using Group Policy (GPO).

The post How To Restrict Internet Access Using Group Policy (GPO) appeared first on the Sysadmin Channel.

Best Practices is an admin that has a DA account should have the following accounts with privileges.

• Domain Admin: Used for very limited tasks that actually require DA access.
• Server Admin: Used for logging into servers. This account is NOT a Domain Admin and is not an admin on any workstations.
• Workstation Admin: Used for administering end user workstations. This account is NOT a Domain Admin and is not an admin on any Servers.
• Regular Account: Account used for email and general day to day tasks. This account is not an admin on any servers or any end user workstations.

 
Typically, I find that it is generally easy to remember if you insert a prefix along with your username.

• da-bsmith: Domain Admin Account.
• sa-bsmith: Server Admin Account.
• wa-bsmith: Workstation Admin Account.
• bsmith: Regular everyday account.

Add Local Administrators via GPO (Group Policy)

So unless you already have delegated privileges, you will need Domain Admin access to enable or create group policies (ironically enough). Here are the steps to add local administrators via GPO.

• Open Group Policy Management Editor (GPMC)
• Create a New Group Policy Object and name it Local Administrators – Servers
• Navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Restricted Groups. Right Click on the right panel and select Add Group

• Browse for the Active Directory Group you wish to add as a local admin
• Select This group is a member of (#1 Below) – This step is extremely important. Selecting Members of this group will wipe out all current admins.

• Select Browse (#2)
• Type Administrators (#3) – Note: Be sure to add “s” at the end
• Click Check Names (#4) to make sure it resolves and click OK
• Close out of the window
• Highlight the Local Administrators – Server Policy and go to the Details Tab. On the GPO Status Dropdown select User Configuration Settings Disabled
• The final GPO should look like my screenshot below

Apply the Group Policy to your Organizational Unit

• Right Click your preferred OU and select Link an Existing GPO
• Select Local Administrators – Servers GPO
• Close out of GPMC.

Verifying Your Group Policy Works

• Login to any server in the OU you applied the policy to
• Open up a command prompt or Powershell Window
• Type GPUpdate /force
• Check Local Adminstrators Group and you group should be added

Add Local Administrators via GPO Video Demo

The post How To Add Local Administrators via GPO (Group Policy) appeared first on the Sysadmin Channel.

Credential Guard is a feature introduced in Windows 10 Enterprise and Windows Server 2016 that essentially protects your machine from attacks such as pass the hash and other potential credential theft threats. It uses what’s called virtualization-based security to isolate secrets so that only privileged system software can access them. In other words, this creates a “bubble” so that only key processes have access and separates regular Operating System processes from having access to it. Credential Guard must be turned on and deployed in your organization since it is not enabled by default.

Enable Credential Guard via GPO (Group Policy)

• Open Group Policy Management Console (GPMC) or GPEdit.msc for a local machine
• Go to Computer Configuration -> Administrative Templates -> System -> Device Guard
• Double click on Turn On Virtualization Based Security
• Select Secure Boot and DMA Protection
• Select Enabled with UEFI lock on both the code integrity and credential guard configuration settings
• Click Ok and close out of GPMC

“Enabled with UEFI lock” allows it so the setting cannot be disabled remotely. Also, if the Group Policy setting is not found, you will need to update your ADMX templates to Server 2016.

As always, don’t forget to check out our Youtube Channel for more sysadmin video content and awesome how-to’s.

The post Enable Credential Guard in Windows 10 via Group Policy (GPO) appeared first on the Sysadmin Channel.

Enable Remote Desktop via Group Policy

The biggest problem you could be potentially faced with, is actual permissions to modify any GPOs. I’m going to assume you have the permissions so we’ll just continue on with a bullet list that’s easy peasy for you to understand.

• Open up Group Policy Management Console (GPMC).
• Create a New Group Policy Object and name it Enable Remote Desktop.
• Navigate to: Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Inbound Rules and Create a New Rule. Screenshot below.

• Select Port in the New Inbound Rule Wizard.
• Ensure TCP and Specific Local Port : 3389

• Allow the Connection and only select Domain and Private Profiles.
• Name this rule – Inbound Rule for RDP Port 3389

Now that we have added the local ports, we’ll need to enable the Remote Desktop Session Host policies.

• Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections
•  Allow users to connect remotely by using Remote Desktop Services to Enable.

• Now we’re going to enable Network Level Authentication.  This is highly recommended and has many security advantages.  However, that’s out of the scope of this article so I won’t go in to the details now.
• Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security
• Set Require user authentication for remote connections by using Network Level Authentication to Enable.

• Last but certainly not least, we need to apply the newly created GPO to an Organizational Unit so it actually works.
• Close out of GPMC.  There aren’t any more settings to configure.

Enable Remote Desktop using Group Policy (GPO) Video Demo

 
Last but certainly not least be sure to check out our YouTube Channel for awesome How-To’s and other Sysadmin related content.

The post How To Enable Remote Desktop Via Group Policy (GPO) appeared first on the Sysadmin Channel.