Braindump: ADDS NTP Configuration via GPO

There’s a great article on the Microsoft AD team blog about configuring the authoritative time server automatically via group policy and WMI filters. This may save you from domain time sync issues if your PDC emulator role eventually ends up moving to a different server.

Their article covers how to set up the WMI filter, but doesn’t address the settings for NTP. Those are listed in detail under this support note.

These are the settings I’ve implemented in my GPO using Admin Templates->System->Windows Time Service:

Windows Registry Editor Version 5.00

Use Group Policy Preferences to hide a physical drive

Just saw this note whilst browsing the help on Drive Maps in Group Policy Preferences:

You can use a Drive Map preference item to configure the visibility of a physical drive rather than a mapped drive. To do so, select the Update action, leave the Location field blank, select the drive letter of the physical drive, and then configure the Hide/Show this drive and Hide/Show all drives options.

So, to hide “A” drive (in this example), you’d configure the dialog box as follows:


I didn’t know this was possible. This may come in handy one day, if you want to hide something like an OEM partition that has had a drive letter assigned.

Vista: Print spooler crashing repeatedly

Had a problem today where a printer driver became corrupted on our print server. This, in turn was causing the Print Spooler service on the workstations to crash repeatedly. I was unable to delete the mapped printers through the normal Printers and Faxes/Printers/Devices and Printers interface because the spooler kept crashing.

As part of the investigation process, I first used Group Policy Preferences to set the recovery options for the Print Spooler process on each workstation to always restart:

Group policy management - modifying the print spooler service recovery properties

The resolution for the problem is quite a brute-force solution as the problem was confined to only a few workstations. If the problem had been more widespread, I would have narrowed down which dll was causing the problem, and then removed it via GPP using the “Apply once and do not reapply” option or via a PowerShell script.

What I then did was re-install the latest printer drivers for each of the printers that I suspected to be the cause of the problem. This is done on the print server by going to Control Panel, Printers and Faxes, File menu, Server Properties, Drivers tab. You can then select the printer driver in question and click the Reinstall button.

The solution on each workstation was as follows:

  1. On the local workstation, start a command prompt as Administrator (Start, “cmd”, ctrl+shift+enter). Enter your admin credentials.
  2. Go to c:WindowsSystem32spooldriversw32x863 (this applies to 32bit Windows/drivers only)
  3. Delete all files within the above folder (del c:WindowsSystem32spooldriversw32x863*.*)
  4. Restart the spooler. If you don’t do so, you’ll experience errors about Windows being unable to locate the correct driver (net start spooler)
  5. That’s it. Close the command prompt window (exit)

Go to Start, Printers, and verify that they’re all there. The Print Spooler service should no longer crash upon viewing the mapped printers. Some printers may have a status of “opening” for a while as they need to re-download their drivers from the print server.