This is a section where there is something for everyone. But before
you start, think strategically, decide whether to implement the settings
here at the Computer Configuration folder, or whether to manage similar Group Policies from
the Users Configuration folder.
What do you think about the new feature - *
Shutdown event tracker? Windows Server 2003 asks you
for a reason why the machine is shutdown, if this feature annoys you, then
control via the policy ' Display Shutdown Event Tracker ' - Disable.
If the Shutdown Event Tracker policy does not work, then try adding this
DWORD to the registry:
It is annoying when you Add or Remove program and the installation engine
cannot find the \i386 folder, however there is a policy where you can manage
the files: '
Specify Windows
installation file location '.
Another feature that drives people mad is when CDs autoplay. So
control the CD's behaviour with a Group Policy: ' Turn off Autoplay '.
I am a great fan of roaming profiles, especially for we administrators.
With these settings you can alleviate worries that roaming profiles generate
too much network traffic by imposing limits on the size of the profiles and
the directories to include in the roaming profile.
Nothing much here, perhaps you would want to run script visibly if you
are testing, or if it had information for the users, but otherwise a section to
ignore. By all means run legacy scripts hidden, but why not upgrade
those Batch files to VBScript?
There are two ideas here that are worth a look. Firstly, would
there be any programs that clients always need? If so, then configure the
' Run Programs at Logon ' setting. Secondly, have you been
caught by viruses exploiting the ' Run Once ' registry setting? Well if
so then you can
block the registry RunOnce key with this Group Policy.
Disk Quotas has been on network manager's wish list for a number of
years. Do set a limit if only to make the users aware that there are
limits to disk storage. Perhaps I should not say this, but you could
set limits then play the hero by increasing them when users complain.
Guy
Recommends: Permissions Analyzer - Free Active Directory Tool
I like the
Permissions Monitor because it enables me to see quickly WHO has permissions
to do WHAT. When you launch this tool it analyzes a users effective NTFS
permissions for a specific file or folder, takes into account network share
access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are
troubleshooting authorization problems for users access to a resource.
* ' Group Policy Slow
Link Detection ', people often ask me what is a slow link? 56K, 256K?
Well here you can decide based on the experience of how long Group Policy settings
take to apply when a client logs on remotely. Incidentally, this may be a Group Policy to enable for your Laptops OU.
The other settings here are to assist administrators who are configuring
Group Policies.
Rather like the Event Shutdown Tracker, you may take a view on whether
those messages wanting to report errors are useful or a pain. Should
you wish to limit the messages to specific programs, then here are your
policies to gain that control.
Kiwi Syslog Server
Free Utility to Analyze Your Network Messages
Syslog messages contain useful information for troubleshooting network
problems. When something goes wrong then surely there will be an
error message in the syslog datagram - if only we can find that record
and interpret the event.
Here is a utility to capture and analyze
network messages. The Kiwi Syslog Server filters messages and
creates advanced alerts. View your syslog data via web access.
Possibly you may wish to control RPC calls as part of your security
initiative.
Guy Recommends: SolarWinds Engineer's Toolset v10
This Engineer's Toolset v10 provides a comprehensive console of utilities
for troubleshooting computer problems. Guy says it helps me
monitor what's occurring on the network, and each tool teaches me more about how the
underlying system operates.
If you are fed up with those Win32 Time errors in the Event Log then why
not use a Group Policy to configure the Time Servers. In Windows
Server 2003 domains Kerberos relies on time synchronization between servers,
otherwise it thinks that a hacker has intercepted a packet and then put it
back on the network 10 minutes later.
Guy Recommends: Orion's NPM - Network Performance Monitor
Orion's performance monitor is designed for detecting network outages. NPM makes it easy to see what's working, and what needs your attention.
This utility guides you through creating network maps. It also helps troubleshooting by indicating whether the root cause is faulty equipment, or resource overload.
