Microsoft Group Policy Overview
Each new operating system brings with it a paradox. On the one hand the new version is meant to be easier, whilst on the other hand it brings more features to master, more sub menus to explore and more settings to configure. When I apply this paradox to Group Policies, my conclusion is this: Windows 2003 produces a significantly better managed desktop than NT or even Windows 2000, however, Group Policies are more difficult to master because there are more features, components and settings.
Topics for Microsoft Group Policy in Windows Server 2003
- The Big Picture
- Group Policy – Strategy
- Assigning Software
- Windows 8 Group Policy
- Getting Started
- Add-WindowsFeature GPMC
The concept behind Group Policies is that administrators configure settings just once, and then the settings apply continuously to the users. Furthermore, you can apply Group Policies to computers, the benefit is that you can control the settings no matter who logs on. Such a locked down machine is often referred to as a ‘Kiosk’.
The old saying ‘Prevention is better than cure’, definitely applies to Group Policies. A good Group Policy provides greater productivity for the users, and reduce your time fixing silly problems. Think of all the damage and time wasting caused by users fiddling with control panel settings. I once saw a user set the screen refresh rate faster than the monitor hardware would support, his screen literally went up in smoke! If only the administrator had set a Group Policy that disabled the Display Tab and thus prevented an expensive blown monitor.
Just wading through the 100’s of Policies is a Herculean task. My suggestion is that you commission two opposite approaches. Firstly, ask a ‘Techie’ who understands Windows 2003 to go through the policies and select those settings that he thinks appropriate. Secondly, invite a manager to produce a vision, or wish list of what he believes a user’s desktop should look like. Finally, bring the two disparate mind sets together and weld them into your Group Policy.
One neglected aspect of Group Policy is positive thinking. I have known many administrators become obsessed with locking down the desktop and ignore settings which could help the users. Take that previous display example, if people discover that the default refresh rate of 60 Hz literally gives them a headache, then the administrator should be pro-active and created a policy that set the refresh rate to 80 Hz.
Everyone loves deploying Group Policies. To do the job justice you need at least 15 man-days even for a smallish domain. I say man-days because it is better to have a team of 2/3 than leave it all to one individual.
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
Make your mantra: ‘If there is a business case for an application, then create a Policy which delivers that package to the Start Menu.’ Techies like this approach because they can apply service packs and upgrades from one central place, and no longer need to visit each desktop to upgrade a program. Such polices operate from the Software Settings folder. If you want everyone who logs on to use an application, then Assign it to a computer; however if the user needs special software wherever they logon, Assign it at the User Configuration folder. If you are undecided, favour the Assigning to Users rather than Computers.
This is how you begin with Group Policies. Navigate to the Active Directory Users and Computers. right-click the Domain object, Properties, Group Policy (Tab) now ‘click’ the edit (button) and you will see the policy settings.
A less risky method of easing your way into Group Policies would be to create a test OU, and then make a brand new policy.
Summary of Microsoft Group Policy
I recommend two different approaches to Microsoft Group Polices, firstly take a leaf out of Bill Gates’ book and develop a vision for what your corporate desktop should look like. Secondly take the classical technical, even analytical view and trawl though the Group Policies, saying ‘Yes we must have this one’ or I understand the policy, but not for us.
See more Group Policies for Windows Users
If you like this page then please share it with your friends