Category Archives: Group Policy

SCCM Current Branch Installation Prerequisite Failure – Site server computer account administrative rights


Running the install for SCCM Current Branch (1702) and the Prerequisite Checker was failing on an issue with admin rights on the target SCCM Site Server.  This one was really annoying as I had double-checked everything before running the installer.


The appropriate accounts had been given admin rights to all the SCCM Site System Servers using the Restricted Groups Active Directory Group Policy setting (under Security Settings, under Windows Settings, under Computer Policies) .  The SCCM server had not been restarted since the policy was applied.

Restarting the server fixed the issue!

Active Directory Group Policy Restricted Groups

I use a Group Policy setting to ensure certain users or groups are always administrators on every machine I add to my test domain.   This is a reminder to myself how I do this.

Open the GP Editor and navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups.

  • Right-click and select Add Group.
  • Browse to the appropriate group, select it and click OK twice.

The membership dialogue appears.

  • In the This Group is a Member of:  section click Add.
  • Select Administrators.

The group will now be a member of the Administrators group on all computers the policy is applied to.

More info:


Administrative Templates for Windows 8.1 Update and Windows Server 2012 R2 Update 1

Procedure to follow to enable the new Administrative Templates for Windows 8.1 Update 1 and Windows Server 2012 R2 Update 1.

  • Install the .MSI on the Domain Controller (DC).
  • Once the install is done navigate to:  C:\Program Files (x86)\Microsoft Group Policy\Windows Server 2012\PolicyDefinitions to see the actual policy files.
  • On the DC create a new folder called PolicyDefinitions under C:\Windows\SYSVOL\domain\Policies.
  • Copy all the files from C:\Program Files (x86)\Microsoft Group Policy\Windows Server 2012\PolicyDefinitions to the C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions, excluding any language folders that are not required.

Wait a few minutes and the new policies will be available for use.