Windows 2003 – Group Policy Overview

Microsoft Group Policy Overview

Each new operating system brings with it a paradox.  On the one hand the new version is meant to be easier, whilst on the other hand it brings more features to master, more sub menus to explore and more settings to configure.  When I apply this paradox to Group Policies, my conclusion is this:  Windows 2003 produces a significantly better managed desktop than NT or even Windows 2000, however, Group Policies are more difficult to master because there are more features, components and settings.

Topics for Microsoft Group Policy in Windows Server 2003


The Big Picture

The concept behind Group Policies is that administrators configure settings just once, and then the settings apply continuously to the users.  Furthermore, you can apply Group Policies to computers, the benefit is that you can control the settings no matter who logs on.  Such a locked down machine is often referred to as a ‘Kiosk’.

The old saying ‘Prevention is better than cure’, definitely applies to Group Policies. A good Group Policy provides greater productivity for the users, and reduce your time fixing silly problems. Think of all the damage and time wasting caused by users fiddling with control panel settings. I once saw a user set the screen refresh rate faster than the monitor hardware would support, his screen literally went up in smoke!  If only the administrator had set a Group Policy that disabled the Display Tab and thus prevented an expensive blown monitor.

Group Policy – Strategy

Just wading through the 100’s of Policies is a Herculean task.  My suggestion is that you commission two opposite approaches.  Firstly, ask a ‘Techie’ who understands Windows 2003 to go through the policies and select those settings that he thinks appropriate.  Secondly, invite a manager to produce a vision, or wish list of what he believes a user’s desktop should look like.  Finally, bring the two disparate mind sets together and weld them into your Group Policy.

One neglected aspect of Group Policy is positive thinking.  I have known many administrators become obsessed with locking down the desktop and ignore settings which could help the users.  Take that previous display example, if people discover that the default refresh rate of 60 Hz literally gives them a headache, then the administrator should be pro-active and created a policy that set the refresh rate to 80 Hz.

Everyone loves deploying Group Policies.  To do the job justice you need at least 15 man-days even for a smallish domain.  I say man-days because it is better to have a team of 2/3 than leave it all to one individual.

Guy Recommends: Permissions Analyzer – Free Active Directory ToolFree Permissions Analyzer for Active Directory

I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT.  When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource.  Give this permissions monitor a try – it’s free!

Download Permissions Analyser – Free Active Directory Tool

Assigning Software

Make your mantra: ‘If there is a business case for an application, then create a Policy which delivers that package to the Start Menu.’  Techies like this approach because they can apply service packs and upgrades from one central place, and no longer need to visit each desktop to upgrade a program.  Such polices operate from the Software Settings folder.  If you want everyone who logs on to use an application, then Assign it to a computer; however if the user needs special software wherever they logon, Assign it at the User Configuration folder.  If you are undecided, favour the Assigning to Users rather than Computers.Group Policy - Overview

See more on Assigning software here

Getting Started – Create a Group Policy

This is how you begin with Group Policies. Navigate to the Active Directory Users and Computers. right-click the Domain object, Properties, Group Policy (Tab) now ‘click’ the edit (button) and you will see the policy settings.

A less risky method of easing your way into Group Policies would be to create a test OU, and then make a brand new policy.

Summary of Microsoft Group Policy

I recommend two different approaches to Microsoft Group Polices, firstly take a leaf out of Bill Gates’ book and develop a vision for what your corporate desktop should look like.  Secondly take the classical technical, even analytical view and trawl though the Group Policies, saying ‘Yes we must have this one’ or I understand the policy, but not for us.

Group Policy ebook Windows 2003Download my ‘Master Group Policies’ ebook only $6.25

The extra features you get in your eBook include: Spreadsheet with over 850 policies.  Printer friendly version over Word A4 pages in Word.

See more Group Policies for Windows Users

Group Policies   •GPO Internet Explorer   • Group Policy Block Inheritance   •Logon Script Policies

Start Menu Group Policies   • Network Policies  •GPMC   •Troubleshooting Group Policies

Group Policy Overview  •Group Policy Results  • System Group Policies   • Software Installation

If you like this page then please share it with your friends