Deploy Google Chrome via GPO

Google Chrome Download from this site

https://www.google.com/chrome/eula.html?msi=true

then deploy this msi file to GPO

Prevent Multiple Logins via Group Policy in Server 2008

The below loing.bat file is given to userlogin script GPMC

Login.bat

If Exist \\server\logons\%username%.txt Goto notlogon

Echo %username% logged in from %computername% > \\server\logons\%username%.txt

Echo %username% logged in from %computername% > \\server\logons\%computername%.txt

Goto end

:notlogon

Logoff

:end

The below logout.bat file is given to user logout script GPMC

Listing 2: Logout.bat

If Not Exist \\rafetpc\logons\%computername%.txt goto notlogon

Del \\server\logons\%username%.txt

Del \\server\logons\%computername%.txt

Goto end

:notlogon

Logoff

:end

Limit Login script for Windows Server 2008

net use Y: \\newton\%username%$

if errorlevel 1 goto logoff

goto continue

:logoff

net send localhost "You are logged in elsewhere. Please log off a the other terminal before trying again."

logoff

:continue

setx homedrive "Y:"

setx homepath "\"

save the above lines to bat file use GPO login script file.

updated script if Y drive already exists

if exist Y:\ goto continue
:logoff
net send localhost "You are logged in elsewhere. Please log off a the other terminal before trying again."
logoff
exit
:continue
setx homedrive "Y:"
setx homepath "\"
exit

How to assign local admin rights to domain user

To use Group Policy to grant local administrative privileges to a domain account, complete the following steps:

1. On the domain controller, go to Administrative Tools > Active Directory Users and Computers (you must be running with Domain Administrator privileges).
2. Right-click on the Organizational Unit (OU) upon which you want to apply the Group Policy. Click Properties.
3. The Group Policy Properties panel is displayed. Select the Group Policy tab and click New to create a new Group Policy.
4. Designate a name for the new Group Policy. Select the new Group Policy and click Edit.
5. The Group Policy Object Editor panel is displayed. Go to New Group Policy Object > Computer Configuration > Windows Settings > Security Settings > Restricted Groups. Right-click on Restricted Groups. Click Add Group.
6. For example, name the new group "Administrators." Under "Properties", add the user "Administrator","Domain Admin" and the domain accounts or groups upon which you want the Group Policy in effect for. For example, you can add "yourdomain\Local Administrator group". Click OK.
7. Add these user rights to the domain account:
   • Act as part of the operating system
   • Log on as a service
   In the Group Policy Object Editor, go to New Group Policy Object > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignments. In the right pane, select "Log on as a service" and double-click. Add the domain user for whom you are granting the user right for and click OK. Repeat this step for "Act as part of the operating system."
8. The group policy is now enforced for the Organizational Unit to include the domain accounts and groups specified under the local Administrators group on each computer in the Organizational Unit. In addition, the domain user has been granted the necessary rights. To verify this, log into a domain computer and open the Computer Management console. Select Groups, double-click on the Administrators group, and verify the membership of the domain users.