Windows Components - Group Policies in Server 2003
Here on this page I will guide you through the full list of Windows Component policy folders.
While each folder has
numerous application specific policies, I
anticipate that you will only need a handful of these settings.
Our problem is that each system needs a different set of policies, so you
need to check through each section identifying the best policies for your domain.
This is what I mean by a specialist policy. Not everyone uses
Netmeeting and even those who do, may not need to lock down the settings.
Also there is not much here, because most of the settings are in the User Configuration.
One of several instances where you should decide whether to configure for
the Computer or the User. Once you have made up your mind, then you can
start tightening up on security by disabling zones.
The most positive and useful Internet Explorer settings are found here.
If you wish to prevent legacy programs running then it is better to turn
off both the Compatibility Wizard and the Engine. I see no harm in
leaving these setting and controlling which programs are allowed through
Software Setting policies.
Calculating IP Address ranges is a black art, which many network managers
solve by creating custom Excel spreadsheets. IPAT cracks this problem of
allocating IP addresses in networks in two ways:
For Mr Organized there is a nifty subnet calculator, you enter the network
address and the subnet mask, then IPAT works out the usable addresses and their
ranges. For Mr Lazy IPAT discovers and then displays the IP addresses of existing
computers.
This is the Task Scheduler (not Task Manager). The question is what
tasks have been scheduled on their workstations? Backup?
Your decision here depend on the level of responsibility that you give to users,
I would imagine the bigger the company the less they need Task Scheduler,
therefore you could 'Hide the property pages'.
* 'Always install with
elevated privileges' will ensure that programs will install properly
using system account rights. Be aware that you must also enable this
policy in the User Configuration.
Also be aware that power users may try and abuse these elevated
privileges. To some extent you can curb their powers by setting
policies which stop them browsing for source during install. If there
is no reason to add software then you can disable the installer all
together.
Here are two useful Group Policy settings to control how Windows Messenger behaves.
Firstly, are you going to allow Messenger to run - at all? If you do
permit the Messenger to operate, would you want it to start automatically?
Two specialist folders to control the Media player and digital rights.
Policies include specifying proxy settings, also restrictions to hide
unnecessary tabs.
If you like this page then please share it with your friends
*
Custom Search
Guy Recommends: Orion's NPM - Network Performance Monitor
Orion's performance monitor is designed for detecting network outages. NPM makes it easy to see what's working, and what needs your attention.
This utility guides you through creating network maps. It also helps troubleshooting by indicating whether the root cause is faulty equipment, or resource overload.
