Windows Group Policy Settings Section
From the policy creator’s point of view, this section is disappointing. Why so? Because almost all the security settings are configured at the domain level, not the OU. Whilst logon scripts are still useful, most of the scripts are assigned under the User Configuration, rather than the Computer Configuration.
In contrast to this page, the User Configuration, Windows Settings has a much richer seam of Group Policy folders.
Group Policy Topics
Computer Configuration
Windows Settings
‡
Scripts
Whilst logon scripts have been around for ever, Startup and Shutdown scripts are new in Active Directory.
In truth, I am still waiting for a ‘killer application’ for Startup and Shutdown scripts. Most of the scripting jobs are carried out in by Logon and Logoff scripts in the User Configuration settings.
With scripts there are three distinct tasks.
- Deciding what the script will do.
- Writing the script using VBScript. See Logon Script Section.
- Assigning the Startup scripts via Group Policies.
Startup Scripts
Presuming that the scripts have been written, all we have to do is add the .VBS file to the policy box. I find that it is much better to copy the script into memory before you open the policy box, than to try and navigate once the box is open.
My point is that I would prefer to right-click and paste, rather than use the Open and Browse option.
Shutdown Script
As I mentioned earlier, I am still waiting for a major use for this type of computer script.
Security Settings
Trap: Security policies for domain users must be applied at the domain level. Do not be deceived into thinking that you can have different password length and lockout policies for each OU. Wrong. I repeat, you cannot use the settings in an Organizational Unit to apply security policies. In fact I was so enraged that I researched the matter, apparently these OU security policies only affect people who logon with LOCAL accounts – not domain accounts.
So, most of these settings are deceptive in that they will not ‘bite’ on domain users.
Guy Recommends: The Free Config Generator
SolarWinds’ Config Generator is a free tool, which puts you in charge of controlling changes to network routers and other SNMP devices. Boost your network performance by activating network device features you’ve already paid for.
Guy says that for newbies the biggest benefit of this free tool is that it will provide the impetus for you to learn more about configuring the SNMP service with its ‘Traps’ and ‘Communities’. Try Config Generator now – it’s free!
Download your free copy of Config Generator
Event Log – Maximum size.
Perhaps the one Group Policy setting that you could profitably employ would be the Event Log size.
The picture shows how to increase the Security Log to 16 Mb. If you prefer bigger logs, then you could repeat this procedure for the Application Log.
Do remember the old trap, this policy only applies to computers in THIS OU and not to those in the default Computers Container. One answer is to create a top level OU for Servers, then assign this policy to that location. Also remember where your domain controllers are stored – in the Domain Controllers folder. Unlike the Users folder, the Domain Controllers container has its own Default Group Policy.
Download my ‘Master Group Policies’ ebook only $6.25
The extra features you get in your eBook include: Spreadsheet with over 850 policies. Printer friendly version over Word A4 pages in Word.
See more Computer Group Policies
•Troubleshooting Group Policies • Software Installation • Terminal Services Group Policy Settings
• Group Policies • Windows Components • Windows Settings •Computer Network Policies
• Computer Printer Policies • Computer Administrative Templates •Computer System Policies
If you like this page then please share it with your friends