Group Policies in Windows Server 2003
Do you use Group Policies?
Best Practice (Litmus Test)
Professionals: Use Group Policies to configure the desktop
Amateurs: Use mandatory profiles to control the users
In Windows Server 2003, Group Policies are second in importance only to Active Directory. Group Policies are also fun to configure. The key thinking behind Group Policies is 'prevention is better than cure'. Restrict users settings and so prevent them from causing problems. Group Policies are like putting blinkers on the users. Policies make users concentrate on their job tasks, while stopping them from playing with all the extra Windows settings that there is no business case for using. As a result of a good group policy the users are more productive and you get less support calls to the help desk.
Professionals master Group Policies. Amateurs either ignore them or get into a mess because the do not appreciate the intricacies of setting a good policy.
With Group Policies not only can you be Mr Nasty (screwing down the desktop), but you can also be Mr Nice. Mr Nice provides just the programs users need, but no extras. So when an accountant logs on they get office XP and accountant software. When ordinary users log on they get only the office suite. What is more if the program break then the intellimirror software automatically restores the original settings.
Having established the need, the next problem with setting up System Policy is time to experiment. You need a week experimenting with a group of test machines before you think of rolling out to the production network.
Policies can be applied at the Domain, OU and Site level. My advice is to set your security at the domain level, but control the desktop at the OUs. Avoid setting policies at the Site level, it is not necessary and only adds an extra layer of complexity.
Tips to Make you a Group Policy Expert
Example Group Policy: Internet Explorer Autocomplete
Be careful with 'Disable AutoComplete forms', this is designed to stop forms saving passwords and usernames that people use regularly. I say be careful, because I really like being able to save my username and password, that way, I do not having to keep typing it in every time I visit a site.
Manual steps to 'walk through' IE AutoComplete
Group Policies v Logon Script Strategy
In my opinion logon scripts are gradually being replaced by system policies. For example, mapping home drives via a logon script, can now be replaced by policy which redirects the 'My Documents' to a server. However, it is often a case that there is more than one way to achieve the desktop that you want. If a logon script gets it done then fine, but if not then do consider a policy. Group policies are here to stay, Windows 2000 has about 400 and XP has an extra 200 policies. Now in Server 2003, there are yet more policies and the splendid GPMC to manage the settings.
Many large companies write their own policies, once you remember that policies control either the USER or HKLM part of the registry then you can see that virtually any registry setting can be written into a policy.
The modern group policy method of drive mapping does not require any knowledge of either VBScript or PowerShell. In Windows Server 2008 you can launch the GPMC and configure Drive Maps in the Preferences section. See more on Group Policy Drive Maps.
Windows 8 Group Policy Settings
One way of creating workable group policies is to combine the thoughts of two experienced members of staff with different view points of view. My suggestion would be to pair a techie, who knows the group policies, with a manager who has a vision of what the company's Windows 8 computers interface should provide for the users. See more on Windows 8 Group Policy settings.
Guy's Litmus test is a concept that you can apply anywhere. Each test gives you an instant answer to the simple question:- 'Are you dealing with a professional, or are they an amateur? Is this the real deal, or is it a turkey?' The Litmus Test concept is rather like Best Practice, but it reduces a 27 page report to one sentence.
Learn about Windows 8 and Active Directory
Over 40 of Guy's litmus tests. Have fun while you learn about aspects of computing. Stacks of ideas to check your servers, networks and security.
Your eBook has printer friendly pages and lots more screen shots.