Windows Group Policy Settings Section
 From the policy creator's point of view, this section is disappointing.
Why so? Because almost all the security settings are configured at the
domain level, not the OU. Whilst logon scripts are still useful, most
of the scripts are assigned under the User Configuration, rather than the Computer Configuration.
In contrast to this page, the
User Configuration, Windows Settings has a much richer seam of Group Policy
folders.
Group Policy Topics
Computer Configuration
Windows Settings
‡
Scripts
Whilst logon scripts have been around for ever, Startup and Shutdown
scripts are new in Active Directory.
In truth, I am still waiting for a 'killer application' for Startup and
Shutdown scripts.
Most of the scripting jobs are carried out in by
Logon and Logoff scripts in the User Configuration settings.
With scripts there are three distinct tasks.
- Deciding what the script will do.
- Writing the script using VBScript. See Logon Script Section.
- Assigning the Startup scripts via Group Policies.
 Presuming that the scripts have been
written, all we have to do is
add the .VBS file to the policy box. I find that it is much better to
copy the script into memory before you open the policy box, than to try and
navigate once the box is open.
My point is that I would prefer to right click and paste, rather than use the Open
and Browse option.
As I mentioned earlier, I am still waiting for a major use for this type
of computer script.
Trap: Security policies for domain users must be applied at the domain
level. Do not be deceived into thinking that you can have different
password length and lockout policies for each OU. Wrong. I
repeat, you cannot use the settings in an Organizational Unit to apply
security policies. In fact I was so enraged that I researched the
matter, apparently these OU security policies only affect people who logon
with LOCAL accounts - not domain accounts.
So,
most of these settings are deceptive in that they will not 'bite' on domain
users.
Guy
Recommends: A Free tool from SolarWinds: Config Generator
Config Generator (CG) is a free tool, which puts you in charge of
controlling changes to network routers and other SNMP devices.
Boost your network performance by activating network device features
that you've already paid for.
Guy says that for newbies the biggest benefit of this free tool is that
it will provide the impetus for you to learn more about configuring the SNMP
service with its 'Traps' and 'Communities'.
Download your free copy of the Config Generator
Perhaps the one Group Policy setting that you could profitably employ would be the
Event Log size.
The picture shows how to increase the Security Log to 16 Mb. If you
prefer bigger logs, then you could
repeat this procedure for the Application Log.
Do remember the old trap, this policy only applies to computers in THIS
OU and not to those in the default Computers Container. One answer is to create a top level OU for Servers, then assign this policy to that location. Also remember where your domain controllers are stored - in the Domain Controllers
folder. Unlike the Users folder, the Domain Controllers container has its
own Default Group Policy.
 Troubleshooting
Group Policies is tricky
As an MCT trainer, I can thoroughly recommend TrainSignal because they
provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example Group Policy or go for
a combination of modules.
See more about Group Policy training here
Next:
Security Account Policy |
Download my
'Master Group Policies' ebook only $6.25
