Group Policy – Windows Settings Section
This Windows Settings section probably has the widest range of Group Policies, including one or two surprises.
Group Policy Topics
User Configuration
Windows Settings
- Remote Installation Services
- Scripts (Logon / Logoff)
- Security Settings (Set elsewhere)
- Folder Redirection
- Internet Explorer Maintenance
* Guy’s Top three Policies for Windows Settings
Remote Installation Services (RIS)
Sadly, for most people, RIS will be a matter of saying, ‘Yes I understand what the settings are for, but actually, I do not need them’. Sad, because RIS is one of THE great services, however since Ghost is so well established administrators are unwilling to believe there is a better solution. More about RIS.
If you are using RIS, then I would recommend enabling ‘Automatic Restart’, it’s helpful if the service fails for RIS to try again. The only other setting I would change is disabling the ‘Custom Setup’, you do not want users fiddling with your installation.
Group Policy Drive Maps
The modern group policy method of drive mapping does not require any knowledge of either VBScript or PowerShell. In Windows Server 2008 you can launch the GPMC and configure Drive Maps in the Preferences section. See more on Group Policy Drive Maps.
* Scripts (Logon / Logoff) has its own page
‡
Security Settings
This icon is not what it seems. The main security settings are not configured here but from the Computer Configuration. Moreover, settings such as password length are set at the Domain level, not at the OUs.
The security settings here are merely a shell for consistency, there is little if anything to be gained by setting policies here. If you need account policies settings such as passwords, then go to the Default Domain policy, Computer Configuration. That means navigating away from the test OU.
When I research these seemingly useless settings, I discovered they are used in one specialist scenario, when users authenticate locally in the SAM database, rather than logging on to the domain. In other words, if users select the machine name rather than the domain name in the logon box, then these settings bite. One possible use for these settings is SQL Member servers.
Guy Recommends: Permissions Analyzer – Free Active Directory Tool
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
Download Permissions Analyser – Free Active Directory Tool
Folder Redirection has its own page
Internet Explorer Maintenance has its own page
Download my ‘Master Group Policies’ ebook only $6.25
The extra features you get in your eBook include: Spreadsheet with over 850 policies. Printer friendly version over Word A4 pages in Word.
See more Group Policies for Windows Users
• Group Policies •GPO Internet Explorer • Group Policy Block Inheritance •Logon Script Policies
• Start Menu Group Policies • Network Policies •GPMC •Troubleshooting Group Policies
• Group Policy Overview •Group Policy Results • System Group Policies • Software Installation
If you like this page then please share it with your friends