Group Policy – Windows Settings Section
This Windows Settings section probably has the widest range of Group Policies, including one or two surprises.
Group Policy Topics
- Remote Installation Services
- Scripts (Logon / Logoff)
- Security Settings (Set elsewhere)
- Folder Redirection
- Internet Explorer Maintenance
* Guy’s Top three Policies for Windows Settings
Sadly, for most people, RIS will be a matter of saying, ‘Yes I understand what the settings are for, but actually, I do not need them’. Sad, because RIS is one of THE great services, however since Ghost is so well established administrators are unwilling to believe there is a better solution. More about RIS.
If you are using RIS, then I would recommend enabling ‘Automatic Restart’, it’s helpful if the service fails for RIS to try again. The only other setting I would change is disabling the ‘Custom Setup’, you do not want users fiddling with your installation.
The modern group policy method of drive mapping does not require any knowledge of either VBScript or PowerShell. In Windows Server 2008 you can launch the GPMC and configure Drive Maps in the Preferences section. See more on Group Policy Drive Maps.
* Scripts (Logon / Logoff) has its own page
This icon is not what it seems. The main security settings are not configured here but from the Computer Configuration. Moreover, settings such as password length are set at the Domain level, not at the OUs.
The security settings here are merely a shell for consistency, there is little if anything to be gained by setting policies here. If you need account policies settings such as passwords, then go to the Default Domain policy, Computer Configuration. That means navigating away from the test OU.
When I research these seemingly useless settings, I discovered they are used in one specialist scenario, when users authenticate locally in the SAM database, rather than logging on to the domain. In other words, if users select the machine name rather than the domain name in the logon box, then these settings bite. One possible use for these settings is SQL Member servers.
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
Folder Redirection has its own page
Internet Explorer Maintenance has its own page
See more Group Policies for Windows Users
If you like this page then please share it with your friends