We have a number of different default Group Policy Objects that are set up and linked to specific Organizational Units.
With the advent of a flat OU setup in Windows Server Essentials we made an active decision to maintain a similar OU structure to Small Business Server Standard as it made more sense from so many perspectives.
One of our default GPOs that is created and linked at the domain level is the Default Domain User Security Policy. Once created we edit the GPO’s properties to disable Computer Configuration settings and set a comment in place for the date created and by whom.
In this GPO we have a number of settings but the one we are focusing on here has to do with the recent RTF zero-day vulnerability we are hearing about.
Under User Configuration –> Preferences –> Control Panel Settings –> Folder Options we see the above.
We set Show hidden files and folders and uncheck Hide extensions for known file types.
Since these settings are user oriented they will be picked up by users on their next logon.
Note that while these settings help users to understand what they are seeing nothing replaces training users to hover over links, not click on links in an e-mail, or be cautious about the sites they visit.
Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business