Here on this page I will guide you through the full list of Windows Component policy folders. While each folder has numerous application specific policies, I anticipate that you will only need a handful of these settings. Our problem is that each system needs a different set of policies, so you need to check through each section identifying the best policies for your domain.
Group Policy Topics
- Internet Explorer
- Application Compatibility
- Internet Information Server
- Task Scheduler
- Terminal Services
- Windows Installer
- Windows Messenger
- Windows Media
- Windows Update
* Guy’s Top Group Policy
This is what I mean by a specialist policy. Not everyone uses Netmeeting and even those who do, may not need to lock down the settings. Also there is not much here, because most of the settings are in the User Configuration.
One of several instances where you should decide whether to configure for the Computer or the User. Once you have made up your mind, then you can start tightening up on security by disabling zones.
The most positive and useful Internet Explorer settings are found here.
If you wish to prevent legacy programs running then it is better to turn off both the Compatibility Wizard and the Engine. I see no harm in leaving these setting and controlling which programs are allowed through Software Setting policies.
Guy Recommends: The Free IP Address Tracker (IPAT)
Calculating IP Address ranges is a black art, which many network managers solve by creating custom Excel spreadsheets. IPAT cracks this problem of allocating IP addresses in networks in two ways:
For Mr Organized there is a nifty subnet calculator, you enter the network address and the subnet mask, then IPAT works out the usable addresses and their ranges. For Mr Lazy IPAT discovers and then displays the IP addresses of existing computers.
‘Prevent IIS Installation’ This is a Group Policy for servers that do not need IIS, for example file and print servers.
This is the Task Scheduler (not Task Manager). The question is what tasks have been scheduled on their workstations? Backup? Your decision here depend on the level of responsibility that you give to users, I would imagine the bigger the company the less they need Task Scheduler, therefore you could ‘Hide the property pages’. See also Windows 8 Task Scheduler »
Terminal services has such a comprehensive selection of group polices that I have given them their own page.
* ‘Always install with elevated privileges‘ will ensure that programs will install properly using system account rights. Be aware that you must also enable this policy in the User Configuration.
Also be aware that power users may try and abuse these elevated privileges. To some extent you can curb their powers by setting policies which stop them browsing for source during install. If there is no reason to add software then you can disable the installer all together.
Here are two useful Group Policy settings to control how Windows Messenger behaves. Firstly, are you going to allow Messenger to run – at all? If you do permit the Messenger to operate, would you want it to start automatically?
Two specialist folders to control the Media player and digital rights. Policies include specifying proxy settings, also restrictions to hide unnecessary tabs.
Do you like it? Well if you hate it here is your chance to disable the Update service searching for new patches.
See more Computer Group Policy Settings
If you like this page then please share it with your friends