This content has been updated since the original publication. You can find all of our updated protection techniques in our Ransomware Prevention Kit. http://www.thirdtier.net/ransomware-prevention-kit/
With the recent publication of our Cryptolocker Prevention Kit concerns have been raised over how to install software now that the computers are members of a Group Policy that most likely prevents it. Well it’s going to be an extra step in your process but a necessary one. It won’t take you much additional time. Here is how you go about moving the computer you’d like to deploy software to out of the policy that is preventing it.
Group Policy structures are mostly a mirror of your Active Directory structure with one notable exception – Containers aren’t included, only Organizational Units. This is because Group Policy’s can’t be applied to Containers.
Our AD looks like this. The objects with the file inside the folder are the OU’s. The ones without them are the Containers. In our example the highlighted in yellow Computers is a Container and highlighted in blue SBSComputers is an OU.
And our GPO structure looks like this. Our GPO is applied to the SBSComputers OU.
If we need to install software to the computer that is blocked by this policy, then we simply move the computer that we are working on into the Computers container. We install and configure our software. Then we move it back. To move a computer just drag and drop it from the OU it is in into the Computer container. You’ll get the message below reminding you that this will prevent group policy’s from applying to that computer.
On the computer from an elevated command prompt run gpupdate /force to update the policies applied to the computer. Now you can proceed to install the software package. When you are done installing simply drag the computer from the Computers container back into the OU from where it came. You can run gupdate /force again on that computer to update the policies back onto the computer again.
It should take you much less than 5 minutes to perform this task. The benefits of Group Policy far outweigh the inconvenience of this procedure.
If you find this kind of material useful considering joining the SMBKitchen Project. You can find out more about us at http://www.thirdtier.net
I can’t tell you how much time and money I’ve wasted on explaining my business to CPA’s. I recommend you don’t do that and instead hire Rayanne to Tech Your Books. She can solve problems and get your books setup so you can make money. She’s an MCSE and an Accounting professional. A rare combination that means she can Tech Your Books. http://www.thirdtier.net/tech-your-books/