It is currently not possible to directly map a drive letter to a redirected folder when connecting to a server using Microsoft RDP. Most programs do not require a drive letter but in case you do need a "local path", you can create a symlink in order to achieve this.
MKLINK /D C:\MyFolder \\tsclient\MyFolder
This will create a "symlinked" folder on your C-drive, which you can then use to work with files and folders of the redirected folder. The symlink is persistent across reboots.
You may get the following error when trying to uninstall HP Client Security:
The solution, albeit a very odd one, is to disable all CD/DVD drives on your HP system through Device Manager (Start → Run → devmgmt.msc).
After the uninstallation, you can re-enable the device.
You can turn off the highlighting of new and recently installed programs in Start menu/Start Screen. There's no direct group policy but you can use a GPP to insert a registry value that does the same thing:
After uninstalling Malwarebytes Anti-Malware from a domain-joined computer, you may get the following error each time the computer reboots:
To resolve the issue, you need to manually remove a registry key using regedit:
Remove the value with name Malwarebytes Anti-Malware.
You can disable the keyboard shortcuts, the so-called sticky keys, through a group policy. This is a user setting, and although there's no true policy for this, you can disable it through a group policy preference registry entry:
User Configuration → Preferences → Windows Settings → Registry
There, create a new entry:
From an IT management point-of-view, Google Chrome does not play nice: users that have limited rights on the computer system they work on (a standalone computer or on a Terminal server) can simply install Google Chrome without an admin's consent, totally bypassing any kind of approval. Luckily, this can be countered by setting up software restrictions through a group policy.
I found this article explaining how: http://windowsitpro.com/windows/how-stop-users-installing-google-chrome
This one-liner will output a list of installed programs, similar to what you get when looking it up through Control Panel → Add/Remove Programs.
Get-WmiObject -Class Win32_Product | Select-Object -Property Name
The advantage of this cmdlet is that you can dump it to a text file:
Get-WmiObject -Class Win32_Product | Select-Object -Property Name > Software.txt
And through PS remoting, you can also run this on remote systems.
There are two methods to specifically target 32-bit or 64-bit OS'es in group policies.
Another method is to check the value of the %Processor_Architecture% variable:
|RSAT for...||Fully supported server OS||Download|
|Windows 10||2012 R2 and below||Download|
|Windows 8.1||2012 R2 and below||Download|
|Windows 8||2012 and below||Download|
|Windows 7 SP1||2008 R2||Download|
A newer RSAT version is always backwards compatible with older server OS versions. For example, all Windows versions from 2012 R2 and below are fully supported by RSAT for Windows 10.
Older RSAT versions can manage newer server OS versions, but only features that are also present in older OS versions can be managed properly. For example, RSAT for Windows 7 partially supports 2012 R2: features that are present on 2008 R2 can be managed, but features unique to 2012 or 2012 R2 cannot).