Normally, if a GPO is linked to an OU containing only computers, the user portion does not run. Loopback Mode makes it run. In GPMC, look here:
Computer Configuration, Policies, Administrative Templates, System, Group Policy, “Configure user Group Policy loopback processing mode”
Five of the better places to start:
Sling.com, the Internet TV service, has lots of optional add-ons. To add them or remove them from your account, here’s the URL:
Chocolatey is a great way to get the fundamentals into a new install of Windows. First we install it:
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"
And then we get everything we want in:
choco install -y GoogleChrome Firefox jre8 adobereader flashplayerplugin flashplayeractivex adobeair adobereader-update flashplayerppapi adobeshockwaveplayer
Beautiful!
There is a strong tendency to want to use %username% as a macro in GPOs, to get the user’s name in. However, this doesn’t work in GPO. One has to use %LogonUser%. To get the whole list of macros, press F3 while the cursor is in the GPO setup field.
In most supported versions of Windows to date, we browse here in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
change DWORD SecurityLayer to zero (0), and we’re done. In Server 2016, we have to change DWORD UserAuthentication to zero.
Administrative processes, including CMD, don’t see mapped drive letters anymore, unless you do this:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee844140(v=ws.10)
In this registry area:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
create DWORD EnableLinkedConnections, value of 1.
By default, Google tracks user location. To stop this, we log in here:
In Personal Info & Privacy, then My Activity, then Activity Controls, then Web & App Activity. Turn Web & App Activity off, and Location History also.
Then we may want to go here:
and also here:
https://maps.google.com/timeline
to delete data Google has amassed.
I am amazed to be informed by the amazing Steven Wynne, two minutes ago, of Windows To Go, a supported inclusion in Microsoft Windows 10 Enterprise and Education editions, which builds a complete running Windows system on a large (>32G) USB stick, driver-independence and all. The stick has to have more than 32G actual space, which 32G-nominal sticks usually don’t. But it’s real, and there are reportedly ways to do this with any edition of 10 and 8.1, though not supported by Microsoft. On a supported platform, all you have to do is use desktop search on “Windows To Go”, and it will bring up the creation wizard, which will immediately detect your media and determine compatibility.
Flatpak appears currently the best supported. Many apps and tools can be loaded through it. The Snap system is not at this writing satisfactorily supported under Arch Linux, but it alone appears to contain PowerShell.
To use Flatpak under Arch, first you’ll need to install the Flatpak system:
pacman -S flatpak
and then you’ll want to download a .flatpakref file from flathub.org. Once you have that, run this:
flatpak install *.flatpakref
and the install will commence, it will install runtime prerequisites as needed.