Each Windows Component folder has
specific policies for that application, for example, timeouts for Terminal
Services. Whilst there are numerous settings here, I
anticipate that you will only need a handful of these policies, the trouble
is that each system requires different applications and so there is no one
size fits all.
To date, I have found that the only way to start NetMeeting is: Start, Run,
Conf. When I see NetMeeting, I think of training sessions, however I
am sure that there are business functions for this program.
Meanwhile back at Group Policies, we find the usual array of
'Disable' settings so that users cannot fiddle with the buttons when they should be
watching the conference. If your Network only makes casual use of this conferencing program, then
I would not bother configuring these policies.
Internet Explorer
There are so many important settings for Internet Explorer, that it has its own IE pages.
Just one setting here - Disable 16-bit applications. Why would you need this?
One answer would be to prevent old programs destabilizing the operating system. Other than the
observation - 'Why would you need a 16-bit program in 2004?' - I would ignore this
folder.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
Solarwinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
Perhaps the NPM's best feature is the way it suggests solutions to network
problems. Its
second best feature is the ability to monitor the health of individual VMWare
virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you take advantage of Solarwinds' offer.
Again, only one setting - * 'Do not allow the
'Did You Know' content to appear'. This section of the Help Center
is only available if you have internet connection. So, if your users
cannot connect to the internet, then changing this setting will speed up
'Help and Support'. Beware of double negatives, you really must test
that your logic matches the policy's logic.
More than 30 settings, including the classic - *
'Remove "Map Network Drive".' Lots of other restrictive policies, consider removing tabs such as DFS, Security and
Hardware from the explorer.
The key is to balance users ability to browse for vital resources, while
preventing them from getting into mischief. Make decisions here
based on your overall philosophy of the desktop, rather than in isolation.
By that I mean, if you restrict browsing the network, then
compensate by providing mapped
network drives.
This is about restricting which Snap-ins are available to the MMC.
Keep in mind that many of the Snap-ins will not function in the hands of
non-administrators, so what you are doing here is tightening up the selection of
what administrators will see if they try and create an MMC. Guy's
advice, ignore this section.
The settings here are virtually identical to the Computer Configuration.
However the question remains, do you give users the responsibility of scheduling
maintenance programs like backup? Probably not.
It has to be a good idea to set idle time-outs. In fact, this whole
Terminal Services section is a chance to be positive and improve the user's experience.
For example, * 'Start a program on
connection'. Note there is a much bigger collection of Terminal Services policies under Computer Configuration.
* 'Always install with
elevated privileges' will ensure that programs will install properly
without you having to logon as administrator. I have seen
administrators placing users
in powerful administrative groups, just because they did not know about this
elevated privilege setting.
Trap: 'Elevated privileges' must also be enabled in the Computer
Configuration for it to be effective.
Guy
Recommends: Permissions Analyzer - Free Active Directory Tool
I like the
Permissions Monitor because it enables me to see quickly WHO has permissions
to do WHAT. When you launch this tool it analyzes a users effective NTFS
permissions for a specific file or folder, takes into account network share
access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are
troubleshooting authorization problems for users access to a resource.
Here are two useful settings to control how Windows Messenger behaves.
Firstly, are you going to allow Messenger to run - at all? If you do
permit the Messenger to operate, would you wish it to start automatically?
This section provides all the Group Policies necessary to create the optimum
Media Player environment. Helpful features include specifying proxy settings, coupled
with restrictions to hide unnecessary tabs. Incidentally, this
policies in this folder are controlled by its own .adm template called
WMPlayer.adm.
The Windows Component folder in Group Policies has
specific policies for a variety of Windows Applications, for example, timeouts for Terminal
Services. You do need to trawl through all the settings, but I expect that you will only need a handful of these policies for your circumstances.
If you like this page then please share it with your friends
*
Custom Search
Guy Recommends: Orion's NPM - Network Performance Monitor
Orion's performance monitor is designed for detecting network outages. NPM makes it easy to see what's working, and what needs your attention.
This utility guides you through creating network maps. It also helps troubleshooting by indicating whether the root cause is faulty equipment, or resource overload.
