Computer Group Policy – System

Group Policy – System

This is a section where there is something for everyone.  But before you start, think strategically, decide whether to implement the settings here at the Computer Configuration folder, or whether to manage similar Group Policies from the Users Configuration folder.

Group Policy Topics

Administrative Templates

       Windows Components



* Guy’s Top Four System Group Policies

System (Root)

What do you think about the new feature – * Shutdown event tracker?  Windows Server 2003 asks you for a reason why the machine is shutdown, if this feature annoys you, then control via the policy ‘  Display Shutdown Event Tracker  ‘  – Disable.

If the Shutdown Event Tracker policy does not work, then try adding this DWORD to the registry:

Add a Reg_DWORD  ShutdownReasonUI
Value: (0 = disabled, 1 = enabled)

See more on disable Shutdown Event Tracker Server 2012

It is annoying when you Add or Remove program and the installation engine cannot find the \i386 folder, however there is a policy where you can manage the files: ‘ Specify Windows installation file location ‘.

Another feature that drives people mad is when CDs autoplay.  So control the CD’s behaviour with a Group Policy: ‘ Turn off Autoplay ‘.

User Profiles

I am a great fan of roaming profiles, especially for we administrators.  With these settings you can alleviate worries that roaming profiles generate too much network traffic by imposing limits on the size of the profiles and the directories to include in the roaming profile.


Nothing much here, perhaps you would want to run script visibly if you are testing, or if it had information for the users, but otherwise a section to ignore.  By all means run legacy scripts hidden, but why not upgrade those Batch files to VBScript?


There are two ideas here that are worth a look.  Firstly, would there be any programs that clients always need?  If so, then configure the  ‘ Run Programs at Logon ‘ setting.  Secondly, have you been caught by viruses exploiting the  ‘ Run Once ‘ registry setting?  Well if so then you can block the registry RunOnce key with this Group Policy.

Disk Quotas

Disk Quotas has been on network manager’s wish list for a number of years.  Do set a limit if only to make the users aware that there are limits to disk storage.  Perhaps I should not say this, but you could set limits then play the hero by increasing them when users complain.

Guy Recommends: Permissions Analyzer – Free Active Directory ToolFree Permissions Analyzer for Active Directory

I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT.  When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource.  Give this permissions monitor a try – it’s free!

Download Permissions Analyser – Free Active Directory Tool

Group Policy

*  ‘ Group Policy Slow Link Detection ‘, people often ask me what is a slow link?  56K, 256K?  Well here you can decide based on the experience of how long Group Policy settings take to apply when a client logs on remotely.  Incidentally, this may be a Group Policy to enable for your Laptops OU.

The other settings here are to assist administrators who are configuring Group Policies.

Remote Assistance

Decide who can solicit remote assistance, also who do you trust to offer help.

System Restore

Occasionally, you may need to turn off System Restore, for instance when a virus has got through your defences and keeps re-infecting client machines.

Error Reporting

Rather like the Event Shutdown Tracker, you may take a view on whether those messages wanting to report errors are useful or a pain.  Should you wish to limit the messages to specific programs, then here are your policies to gain that control.

Kiwi Syslog Server Kiwi Syslog Server
Free Utility to Analyze Your Network Messages

Syslog messages contain useful information for troubleshooting network problems.  When something goes wrong then surely there will be an error message in the syslog datagram – if only we can find that record and interpret the event.

Here is a utility to capture and analyze network messages.  The Kiwi Syslog Server filters messages and creates advanced alerts.  View your syslog data via web access.

Download your free download of Kiwi Syslog Server

Windows File Protection

By default files are only scanned at start-up, if your machine is up and running for months then you may wish to configure a weekly scan.

Remote Procedure

Possibly you may wish to control RPC calls as part of your security initiative.

Engineer's Toolset v10Guy Recommends: SolarWinds Engineer’s Toolset v10

This Engineer’s Toolset v10 provides a comprehensive console of 50 utilities for troubleshooting computer problems.  Guy says it helps me monitor what’s occurring on the network, and each tool teaches me more about how the underlying system operates.

There are so many good gadgets; it’s like having free rein of a sweetshop.  Thankfully the utilities are displayed logically: monitoring, network discovery, diagnostic, and Cisco tools.  Try the SolarWinds Engineer’s Toolset now!

Download your fully functional trial copy of the Engineer’s Toolset v10

Windows Time Service

If you are fed up with those Win32 Time errors in the Event Log then why not use a Group Policy to configure the Time Servers.  In Windows Server 2003 domains Kerberos relies on time synchronization between servers, otherwise it thinks that a hacker has intercepted a packet and then put it back on the network 10 minutes later.

Setting: Enable NTP Server Enabled

Group Policy ebook Windows 2003Download my ‘Master Group Policies’ ebook only $6.25

The extra features you get in your eBook include: Spreadsheet with over 850 policies.  Printer friendly version over Word A4 pages in Word.

See more Computer Group Policies

Troubleshooting Group Policies   • Software Installation   • Terminal Services Group Policy Settings

Group Policies  • Windows Components  • Windows Settings   •Computer Network Policies

Computer Printer Policies   • Computer Administrative Templates   •Computer System Policies

If you like this page then please share it with your friends