Computer Performance

Guy recommends :
Free Solarwinds
VM Console

Solarwinds VM Console Free Download

Find out which of your VMs are a waste of space and which VMs need more resources.

Group Policies in Windows Server 2003

Do you use Group Policies?

Litmus Test

 

Guy recommends:
Free Solarwinds
VM Console

Free Download VM Console

 A free desktop tool that monitors, or restarts, your VMware virtual machines.  Download your free VM Console

 

Best Practice (Litmus Test)

Professionals: Use Group Policies to configure the desktop

Amateurs: Use mandatory profiles to control the users

Group Policy

In Windows Server 2003, Group Policies are second in importance only to Active Directory.  Group Policies are also fun to configure.  The key thinking behind Group Policies is 'prevention is better than cure'.  Restrict users settings and so prevent them from causing problems.  Group Policies are like putting blinkers on the users.  Policies make users concentrate on their job tasks, while stopping them from playing with all the extra Windows settings that there is no business case for using.  As a result of a good group policy the users are more productive and you get less support calls to the help desk.

Professionals master Group Policies.  Amateurs either ignore them or get into a mess because the do not appreciate the intricacies of setting a good policy.

With Group Policies not only can you be Mr Nasty (screwing down the desktop), but you can also be Mr Nice.  Mr Nice provides just the programs users need, but no extras.  So when an accountant logs on they get office XP and accountant software.  When ordinary users log on they get only the office suite.  What is more if the program break then the intellimirror software automatically restores the original settings.

Having established the need, the next problem with setting up System Policy is time to experiment.  You need a week experimenting with a group of test machines before you think of rolling out to the production network.

Policies can be applied at the Domain, OU and Site level.  My advice is to set your security at the domain level, but control the desktop at the OUs.  Avoid setting policies at the Site level, it is not necessary and only adds an extra layer of complexity.

Tip for Group Policy Tips to make you a Group Policy expert

  • When you experiment with Group Policies, create and use a special test account
  • Create a special OU (Organisation Unit) for testing Group Policies
  • Take the time to investigate all the Group Policy settings
  • Consider mastering the Group Policy templates to apply your settings at the Domain level
  • Use 'No Override' and 'Block Inheritance' to isolate a problem
  • Create a 'VISION' of the desktop your users should have

Example Group Policy: Internet Explorer Autocomplete

Be careful with 'Disable AutoComplete forms', this is designed to stop forms saving passwords and usernames that people use regularly.  I say be careful, because I really like being able to save my username and password, that way, I do not having to keep typing it in every time I visit a site.

Manual steps to 'walk through' IE AutoComplete

  1. Launch Internet Explorer.
  2. Seek the Tools menu / button and click on Internet Options.
  3. In the Internet Options window click the Content tab.
  4. Click the AutoComplete button.
  5. Check or uncheck the options you wish have or not have AutoComplete.
  • Web page addresses - AutoComplete refers to the address you type in the address bar.
  • Forms - Fill out fields that are commonly completed such as email, phone number and address
  • User names and passwords on forms - The main Internet Explorer AutoComplete setting: Any forms that require usernames.  

See more on Internet Explorer AutoComplete

Group Policies v Logon Script Strategy

In my opinion logon scripts are gradually being replaced by system policies.  For example, mapping home drives via a logon script, can now be replaced by policy which redirects the 'My Documents' to a server.  However, it is often a case that there is more than one way to achieve the desktop that you want. If a logon script gets it done then fine, but if not then do consider a policy. Group policies are here to stay, Windows 2000 has about 400 and XP has an extra 200 policies.  Now in Server 2003, there are yet more policies and the splendid GPMC to manage the settings.

Many large companies write their own policies, once you remember that policies control either the USER or HKLM part of the registry then you can see that virtually any registry setting can be written into a policy.

Click here for features of Group Polices in Windows Server 2003

Group Policy Drive MapsGroup Policy Map Drive

The modern group policy method of drive mapping does not require any knowledge of either VBScript or PowerShell.  In Windows Server 2008 you can launch the GPMC and configure Drive Maps in the Preferences section.  See more on Group Policy Drive Maps.


Download my Jumbo Litmus Test eBook $5.95

Litmus TestsOver 40 of Guy's litmus tests.  Have fun while you learn about Windows Server 2003.  Stacks of ideas to check your servers, networks and security.

Your eBook has printer friendly pages and lots more screen shots.

 

 

Try another Litmus Test

See more about Windows 8

Windows 8 New Features   • Windows 8 Remote Desktop   • When will Windows 8 Expire?

Windows 8 Performance  • Windows 8 Explorer Ribbon

 *

Custom Search

Guy Recommends: SolarWinds Free IP SLA MonitorSolarwinds IP Sla Monitor

SolarWinds IP SLA Monitor offers so much more than just uncovering network bottlenecks, the real joy is learning about router traffic.

To find out what's happening on the network between your computers and their routers, download your free copy of the of IP SLA Monitor.

Home Copyright © 1999-2012 Computer Performance LTD All rights reserved

Please report a broken link, or an error.