Create a “Capture” organizational unit and policy

To complete a successful capture, it is recommended that a “Capture” organizational unit be created. This organizational unit should block other Group Policy Objects in the domain so that they cannot interfere with the capture process. You should also create a Group Policy Object within the “Capture” organizational unit that enables the following connections through the Windows Firewall.

  • Remote Registry service
  • Remote Procedure Call (RPC)
  • Windows Management Instrumentation (WMI)
  • Internet Control Message Protocol (ICMP), also known as Ping

Client computers should be added to the organizational unit to ensure a clean image after capture. It is important to use a virtual machine, as opposed to a physical machine, when completing the below steps.

  1. In the GPMC, right-click your domain node, and click New Organizational Unit.
  2. In the text field, enter a name for the organizational unit (eg. “Specops_Deploy_Capture_Settings”).
  3. Click OK.
  4. Right-click on the organizational unit, and click Block Inheritance.
  5. Right-click on the organizational unit, and click Create a GPO in this domain and Link it here.
  6. In the text field, enter a name for the GPO, and click OK.
  7. Right-click on the newly created GPO, and click Edit.
  8. You will need to edit the GPO with the following settings:
    Option
    Enable Remote Registry

    1. In the Group Policy Management Editor expand Computer Configuration, Policies, Windows Settings, Security Settings, and click System Services.
    2. In the Service Name tab, right-click Remote Registry and select Properties.
    3. Enable Define this policy setting.
    4. Enable Automatic.
    5. Click OK.
    Option
    Enable Remote Registry

    1. In the Group Policy Management Editor expand Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security.
    2. Right click Inbound Rules and select New Rule…
    3. Enable Predefined.
    4. From the drop-down menu, select Remote Service Management, and click Next.
    5. Verify that all the rules are enabled, and click Next.
    6. Verify that Allow the Connection is enabled and click Finish.
    Option
    Enable Remote Registry

    1. In the Group Policy Management Editor expand Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security.
    2. Right click on Inbound Rules and select New Rule…
    3. Enable Predefined.
    4. From the drop-down menu, select Windows Management Instrumentation, and click Next.
    5. Verify that all the rules are enabled, and click Next.
    6. Verify that Allow the Connection is enabled and click Finish.
    Option
    Enable Remote Registry

    1. In the Group Policy Management Editor expand Computer Configuration, Policies, Administrative Templates, Control Panel, Network, Network Connections, Windows Firewall, and click Domain Profile.
    2. In the Settings tab, right-click Windows Firewall: Allow ICMP exception and select Edit.
    3. Select the Enabled checkbox, and click OK.