Group Policy – System
This is a section where there is something for everyone. But before you start, think strategically, decide whether to implement the settings here at the Computer Configuration folder, or whether to manage similar Group Policies from the Users Configuration folder.
Group Policy Topics
Administrative Templates
Windows Components
- User Profiles
- Scripts
- Logon
- Disk Quotas
- Group Policy
- Remote Assistance
- System Restore
- Error Reporting
- Windows File Protection
- Remote Procedure
- Power Management
- Windows Time Service
‡
* Guy’s Top Four System Group Policies
System (Root)
What do you think about the new feature – * Shutdown event tracker? Windows Server 2003 asks you for a reason why the machine is shutdown, if this feature annoys you, then control via the policy ‘ Display Shutdown Event Tracker ‘ – Disable.
If the Shutdown Event Tracker policy does not work, then try adding this DWORD to the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability
Add a Reg_DWORD ShutdownReasonUI
Value: (0 = disabled, 1 = enabled)
See more on disable Shutdown Event Tracker Server 2012
It is annoying when you Add or Remove program and the installation engine cannot find the \i386 folder, however there is a policy where you can manage the files: ‘ Specify Windows installation file location ‘.
Another feature that drives people mad is when CDs autoplay. So control the CD’s behaviour with a Group Policy: ‘ Turn off Autoplay ‘.
User Profiles
I am a great fan of roaming profiles, especially for we administrators. With these settings you can alleviate worries that roaming profiles generate too much network traffic by imposing limits on the size of the profiles and the directories to include in the roaming profile.
Scripts
Nothing much here, perhaps you would want to run script visibly if you are testing, or if it had information for the users, but otherwise a section to ignore. By all means run legacy scripts hidden, but why not upgrade those Batch files to VBScript?
*Logon
There are two ideas here that are worth a look. Firstly, would there be any programs that clients always need? If so, then configure the ‘ Run Programs at Logon ‘ setting. Secondly, have you been caught by viruses exploiting the ‘ Run Once ‘ registry setting? Well if so then you can block the registry RunOnce key with this Group Policy.
Disk Quotas
Disk Quotas has been on network manager’s wish list for a number of years. Do set a limit if only to make the users aware that there are limits to disk storage. Perhaps I should not say this, but you could set limits then play the hero by increasing them when users complain.
Guy Recommends: Permissions Analyzer – Free Active Directory Tool
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
Download Permissions Analyser – Free Active Directory Tool
Group Policy
* ‘ Group Policy Slow Link Detection ‘, people often ask me what is a slow link? 56K, 256K? Well here you can decide based on the experience of how long Group Policy settings take to apply when a client logs on remotely. Incidentally, this may be a Group Policy to enable for your Laptops OU.
The other settings here are to assist administrators who are configuring Group Policies.
Remote Assistance
Decide who can solicit remote assistance, also who do you trust to offer help.
System Restore
Occasionally, you may need to turn off System Restore, for instance when a virus has got through your defences and keeps re-infecting client machines.
Error Reporting
Rather like the Event Shutdown Tracker, you may take a view on whether those messages wanting to report errors are useful or a pain. Should you wish to limit the messages to specific programs, then here are your policies to gain that control.
Kiwi Syslog Server
Free Utility to Analyze Your Network Messages
Syslog messages contain useful information for troubleshooting network problems. When something goes wrong then surely there will be an error message in the syslog datagram – if only we can find that record and interpret the event.
Here is a utility to capture and analyze network messages. The Kiwi Syslog Server filters messages and creates advanced alerts. View your syslog data via web access.
Download your free download of Kiwi Syslog Server
Windows File Protection
By default files are only scanned at start-up, if your machine is up and running for months then you may wish to configure a weekly scan.
Remote Procedure
Possibly you may wish to control RPC calls as part of your security initiative.
Guy Recommends: SolarWinds Engineer’s Toolset v10
This Engineer’s Toolset v10 provides a comprehensive console of 50 utilities for troubleshooting computer problems. Guy says it helps me monitor what’s occurring on the network, and each tool teaches me more about how the underlying system operates.
There are so many good gadgets; it’s like having free rein of a sweetshop. Thankfully the utilities are displayed logically: monitoring, network discovery, diagnostic, and Cisco tools. Try the SolarWinds Engineer’s Toolset now!
Download your fully functional trial copy of the Engineer’s Toolset v10
Windows Time Service
If you are fed up with those Win32 Time errors in the Event Log then why not use a Group Policy to configure the Time Servers. In Windows Server 2003 domains Kerberos relies on time synchronization between servers, otherwise it thinks that a hacker has intercepted a packet and then put it back on the network 10 minutes later.
Setting: Enable NTP Server Enabled
Download my ‘Master Group Policies’ ebook only $6.25
The extra features you get in your eBook include: Spreadsheet with over 850 policies. Printer friendly version over Word A4 pages in Word.
See more Computer Group Policies
•Troubleshooting Group Policies • Software Installation • Terminal Services Group Policy Settings
• Group Policies • Windows Components • Windows Settings •Computer Network Policies
• Computer Printer Policies • Computer Administrative Templates •Computer System Policies
If you like this page then please share it with your friends