10 Ways to Manage Desktops With Group Policy
-
Upload
birhanu-atnafu -
Category
Documents
-
view
213 -
download
0
Transcript of 10 Ways to Manage Desktops With Group Policy
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 1/15
10 Ways to Manage Desktops with Group Policy
Group Policy, when properly planned and implemented, can be an
indispensable tool for managing Windows desktop systems. ut two obstacles
pre!ent administrators from e"ecti!ely using Group Policy. #irst is an
incomplete understanding of what Group Policy is and how to apply it. $econdis not being clear about what you want to accomplish with Group Policy. %t&s
easy to be o!erwhelmed by Group Policy because of the large number of
settings and the !ariety of ways you can apply those settings. 'nderstanding
Group Policy really isn&t di(cult, howe!er. )nce you ha!e a feel for it you *ust
need some ideas for putting it into action. With that in mind, let&s walk
through a basic course in Group Policy. +hen, %&ll show you 10 ways you can
begin using Group Policy to manage the desktop systems in your
en!ironment.
Group Policy 101
Group Policy gi!es you central control o!er certain aspects of the beha!ior of
the desktops in your Windows $er!er domain. +he Microsoft Management
onsole -MM Group Policy snap/in contains etensions and se!en main
nodes. +he nodes are the management entry point for each etension.
dministrati!e +emplates. dministrati!e +emplates are registry/based
policies that you use to alter registry settings that control the beha!ior and
appearance of the desktop, components, and applications. #i!e defaultdministrati!e +emplates load with a new Group Policy )b*ect -GP)2
$ystem.adm for the Windows $er!er 3004 family, Windows 3000, and
Windows 5P6 %netres.adm for %nternet 7plorer -%7 settings6 Wmplayer.adm
for Windows Media Player -WMP6 onf.adm for 8etMeeting 4.016 and
Wuau.adm for Windows 'pdate.
$ecurity $ettings. +he $ecurity $ettings node speci9es local computer,
domain, and network security settings.
$oftware %nstallation. +he $oftware %nstallation node assigns and publishes
software to users and assigns software to computers.
$cripts. +he $cripts node can a"ect computer startup and shutdown and user
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 2/15
logon and logo". :ou can place any Windows $cript ;ost -W$;<supported
language into a script ob*ect.
=emote %nstallation $er!ices -=%$. +he settings in this node control how the
=emote )perating $ystem %nstallation feature is presented to client
computers.
%nternet 7plorer Maintenance. +he %nternet 7plorer Maintenance node
settings manage %nternet 7plorer -%7 and customi>e its beha!ior.
#older =edirection. +his node&s settings redirect Windows special folders -i.e.,
My Documents, pplication Data, Desktop, and $tart Menu to an alternatelocation on the network.
dministrators use Group Policy 7ditor -GP7 to con9gure policy information
or settings, which are stored in a GP). %n turn, GP)s link to appropriate sites,
domains, or organi>ational units -)'s in cti!e Directory -D to determine
the computers or users to which the settings in the GP) will apply. :ou apply
most GP)s for managing desktop systems and users to an )' that contains
either user or computer ob*ects. :ou can also use $ecurity Group and
Windows Management %nstrumentation -WM% 9ltering to further narrow thescope of ob*ects to which a gi!en policy will be applied. +he ?earning Path for
this article directs you to more detailed information about using Group Policy.
?et&s get started le!eraging the power of Group Policy to manage your
desktop systems.
1. lways Wait for 8etwork at $tartup and ?ogon
+his setting a"ects the Group Policy engine and determines whether GP)s
are applied synchronously or asynchronously. Win3@ applies GP)s
synchronously. 5P Professional introduced a re9ned asynchronous processingmode to speed up both boot and login times. s a side e"ect, howe!er, in 5P
Pro, Group Policy settings that take a speci9c action according to security
group membership can take two or e!en three logons to become e"ecti!e.
+he shortcomings to this approach are ob!ious, especially when you use
Group Policy as part of your security strategy. :ou can, howe!er, guarantee
application of targeted policies in a single boot or login by enabling the
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 3/15
lways wait for the network at computer startup and logon setting.
+he $etting2
omputer on9gurationA dministrati!e +emplatesA $ystemA ?ogonA lwayswait for the network at computer startup and logon
3. utomated )$ %nstallation !ia =%$
What better way to le!erage Group Policy than to start using it right away as
you deploy client systemsB =%$, which showed up initially in Win3@ $er!er, is
an optional component that lets administrators create automated installation
images for Windows 3004, 5P, and Win3@. :ou can deploy these images to
clients and ser!ers. :ou use the =emote %nstallation $er!ices node of GP7 tocontrol the hoice $creen )ptions that Windows pro!ides to =%$ clients. #rom
the hoice )ptions Properties screen you can con9gure the utomatic $etup,
ustom $etup, =estart $etup, and +ools options for =%$.
+he $etting2
'ser on9gurationA Windows $ettingsA =emote %nstallation $er!icesA hoice
)ptions
4. $tartup, $hutdown, ?ogon, and ?ogo" $cripts
%f you think logon scripts are old news for managing desktops and user
en!ironments, you&re only partially correct. Group Policy gi!es you much
more control o!er where and when scripts can be run. %n addition to
specifying the traditional logon script, which runs when a user logs on to the
domain, you can specify a script to run when a user logs o" the system. :ou
can also specify indi!idual scripts to run both when a computer starts up and
when it shuts down. +hese four types of script triggers gi!e you much more
Ceibility to perform tasks that *ust don&t 9t in the traditional logon scriptparadigm.
+he $ettings2
omputer on9guration A Windows $ettings A $cripts -$tartup$hutdown
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 4/15
'ser on9guration A Windows $ettings A $cripts -?ogon?ogo"
E. $tandardi>e )$ F?ook and #eelF $ettings
:ou can use a combination of Group Policy settings to create and maintain astandard look and feel for your users& systems. $uch standardi>ation can be
helpful in de!eloping consistent and e"ecti!e approaches to training and
support. :ou can control a myriad of settingstoo many to list here. +he
following locations and settings, howe!er, will pro!ide some guidance and
food for thought.
+he $ettings2
'ser on9gurationA dministrati!e +emplatesA $tart Menu H +askbar
A=emo!e #a!orites menu from $tart Menu
A+urn o" personali>ed menus AIin Windows 3004 and 5P $P3AJ6 ADisable
Personali>ed menus AIin 5P and Win3@ $er!erAJ
APre!ent changes to +askbar and $tart Menu $ettings AIin Windows 3004 and
5P 3P3AJ6 ADisable changes to +askbar and $tart Menu $ettings AIin 5P and
Win3@ $er!erAJ
'ser on9gurationA dministrati!e +emplatesA Windows omponentsA
Windows 7plorer
A+urn on lassic $hell
A=emo!e the #older )ptions menu item from the +ools menu
A=emo!e FMap 8etwork Dri!eF and FDisconnect 8etwork Dri!eF
A8o F7ntire 8etworkF in My 8etwork Places
'ser on9gurationA dministrati!e +emplatesA Desktop
A;ide and disable all items on the desktop
A;ide My 8etwork Places icon on desktop
A=emo!e the Desktop leanup Wi>ard
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 5/15
'ser on9gurationA dministrati!e +emplatesA ontrol PanelA $how only
speci9ed ontrol Panel applets
'ser on9gurationA dministrati!e +emplatesA ontrol PanelA dd or =emo!e
ProgramsA ;ide hange or =emo!e Programs page
'ser on9gurationA dministrati!e +emplatesA ontrol PanelA DisplayA Desktop
+hemes
A=emo!e +heme option
A ?oad a speci9c !isual style 9le or force Windows lassic
K. on9gure Windows #irewall $ettings for 5P $ystems
+he !ast ma*ority of settings for controlling Windows #irewall were only
recently made a!ailable in 5P $er!ice Pack 3 -$P3. ut before we di!e into
those settings, it&s worth noting that you do ha!e a modicum of control o!er
how 5P&s original %nternet onnection #irewall beha!es. :ou eercise this
control by using the Prohibit use of %nternet onnection #irewall setting on
your D8$ domain network6 you&ll 9nd the setting under omputer
on9gurationA dministrati!e +emplatesA 8etworkA 8etwork onnections.
%n 5P $P3, Windows #irewall is accompanied by an array of Group Policy<
controllable features. +he Group Policy options for Windows #irewall in 5P $P3
let an administrator con9gure two di"erent sets of 9rewall con9gurations,
known as pro9les. :ou use the Domain pro9le when the client is connected to
the network on which the client&s domain controllers are located. :ou use the
$tandard pro9le when the client is connected through an alternate network.
:ou can create a more restricti!e set of 9rewall options in the $tandard pro9le
for when systems don&t ha!e the bene9t of a corporate 9rewall. :ou can also
con9gure eceptions in the Domain pro9le that facilitate connections from
internal systems management tools. #or these and other 5P $P3 settings, youneed to implement 5P $P3 dministrati!e +emplates, as the Microsoft +ech8et
article FDeploying Windows 5P $er!ice Pack 3 in 7nterprise 7n!ironmentsF
discusses
-http2www.microsoft.comtechnetprodtechnolwinpprodeploysp3entdp.ms
p.
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 6/15
+he $ettings2
omputer on9gurationA dministrati!e +emplatesA 8etwork8etwork
onnectionsA Windows #irewallA Domain Pro9le
omputer on9gurationA dministrati!e +emplatesA 8etwork8etwork
onnectionsA Windows #irewallA $tandard Pro9le
L. $trengthen Desktop $ecurity
%mplementing secure desktop clients reuires a multifaceted management
approach, and Group Policy can help ensure a consistent, stable foundation
on which to build your security strategy. Group Policy gi!es you the ability to
centrally manage and enforce a wide range of security settings and policiesrelated to desktop computers and their users. +here are four general areas
you can focus your security e"orts on2 security settings, %P $ecurity -%P$ec
policies, software restriction policies, and wireless network policies. ecause
con9guring these policies reuires a thorough understanding of their possible
e"ects and plenty of testing before you implement them in a production
en!ironment, % won&t attempt to eplain the details here. :ou can read more
about con9guring these settings at
http2www.microsoft.comresourcesdocumentationWindows$er!3004allde
ployguideenusDefault.aspBurlNresources
documentationwindowsser!3004alldeployguideenusdmebgOdspOd*or.asp.
:ou use security settings to con9gure security/related )$ speci9cs such as
9le and registry ?s, audit policy, password policy, e!ent logging, and
ser!ice startup modes. :ou can import a security template into a GP), which
lets you organi>e security settings in a single, easily managed package.
Default templates are located in systemrootA$ecurityA+emplates and ha!e
an .inf etension.
+he $etting2
omputer on9gurationA Windows $ettingsA $ecurity $ettings
%P$ec is a relati!ely complicated security feature for 9ltering, authenticating,
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 7/15
and encrypting network tra(c. +o access an etensi!e list of resources for
learning more about %P$ec, check out the Microsoft Windows $er!er 3004
%P$ec +echnology enter at
http2www.microsoft.comwindowsser!er3004technologiesnetworkingipsec
default.msp.
+he $etting2
omputer on9gurationA Windows $ettingsA $ecurity $ettingsA %P $ecurity
Policies on cti!e Directory
$oftware restriction policies are self/eplanatory. +hey let you specify
applications that you want to allow or deny on a per/user or per/computer
basis.
+he $ettings2
omputer on9gurationA Windows $ettingsA $ecurity $ettingsA $oftware
=estriction Policies
'ser on9gurationA Windows $ettingsA $ecurity $ettingsA $oftware =estriction
Policies
Wireless network policies let you con9gure settings that control the beha!ior
of the Wireless on9guration $er!ice in 5P through the Wireless 8etwork
Policies 7tension in a Windows 3004 en!ironment.
+he $etting2
omputer on9gurationA Windows $ettingsA $ecurity $ettingsA Wireless8etwork -%777 Q03.11 Policies
R. ontrol Windows 'pdate and utomatic 'pdates
Generally speaking, 5P&s Windows 'pdate and utomatic 'pdates are great
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 8/15
features. %n a corporate en!ironment, though, there are good reasons to
control their a!ailability and beha!ior. :ou can disable utomatic 'pdates and
remo!e user access to Windows 'pdate through Group Policy. )f course,
you&ll likely only do this if you ha!e a centrali>ed update distribution
mechanism such as $oftware 'pdate $er!ices -$'$ or its soon/to/be/
released successor Windows 'pdate $er!ices -W'$. oth $'$ and W'$ arecontrollable through Group Policy but might reuire an updated !ersion of the
Wuau.adm administrati!e template. +he settings for the built/in update tools
are user/speci9c. $'$ and W'$ settings are computer/based.
+he $ettings2
'ser on9gurationA dministrati!e +emplatesA $ystemA Windows utomatic
'pdates
'ser on9gurationA dministrati!e +emplatesA $ystemA Windows 'pdate
omputer on9gurationA dministrati!e +emplatesA Windows omponentsA
Windows 'pdate
Q. #older =edirection
#older =edirection lets you redirect the path of special folders such as My
Documents, Desktop, and pplication Data to a network location. $toring
these folders and their contents on a 9le ser!er a"ords them the superiorprotection that ser!er class hardware inherently pro!ides and also makes the
data a!ailable to users from multiple workstations. separate but
complementary technology is 5P&s )Sine #iles, which automatically makes
9les a!ailable oSine when you redirect them from a special folder. #or more
information about implementing #older =edirection, see F'sing %ntelliMirror to
Manage 'ser Data and $ettingsF -Tuly 3004, %nstantDoc %D 4U1U4.
+he $ettings2
'ser on9gurationA Windows $ettingsA #older =edirection
'ser on9gurationA 8etworkA )Sine #iles
U. $tandardi>e and $ecure %7
%7 is one of the most freuently used tools on many users& systems6
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 9/15
unfortunately, it&s also one of the most misused. %n addition, %7 presents an
oft/eploited a!enue for malware and other threats to security and pri!acy.
lthough there is no bulletproof solution to these risks when %7 is so widely
used, there are Group Policy settings to shore up security and better control
how %7 is used. %7 subkeys under 'ser on9guration and omputer
on9guration in GP7 let you customi>e settings and set restrictions on a per/user or per/computer basis -the ma*ority of settings are beneath 'ser
on9guration. ustomi>ations you can make include but aren&t limited to2
hanging the appearance of the browser interface
$etting custom '=?s for fa!orites, search page, and home page
on9guring default program for handling tasks such as email and
newsgroup acti!ities
ontrolling security >ones and content rating settings
on9guring connection settings for ?8 and dial/up
:ou can also restrict user access to certain %7 settings, menu items, and
con9guration pages to enforce consistency and bolster security. +ake a
minute to read the 7plain tab for the settings you con9gure to a!oid
confusion about what will happen when you enable or disable a setting. 5P
$P3 dramatically epands the %7 security options that Group Policy cancontrol. +he new features include M%M7 sni(ng safety, >one ele!ation
protection, cti!e5 installation restrictions, 9le download restrictions, and
dd/on management.
+he $ettings2
omputer on9gurationA dministrati!e +emplatesA Windows omponentsA
%nternet 7plorer
'ser on9gurationA dministrati!e +emplatesA Windows omponentsA %nternet7plorer
10. $oftware %nstallation Policy for utomated pplication Deployments
$oftware installation and maintenance are part of Microsoft&s %ntelliMirror
functionality, and you can control both with Group Policy. :ou can con9gure
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 10/15
settings within GP7 to assign or publish an application to users or computers.
$oftware installation and maintenance functionality works with programs that
use Windows %nstaller technology -i.e., .msi 9les. )f course, Microsoft
applications such as )(ce use Windows %nstaller technology for their
installation process, which means you can assign )(ce to a user or computer
population and ha!e it installed automatically. :ou can create custominstallations using msi transforms and use security group 9ltering to target
speci9c groups of users to which the custom installation will be applied. nd
in case you&re wondering, you can also use software installation and
maintenance functionality to deploy 5P $P3. :ou can assign 5P $P3&s
'pdate.msi only to machines6 assigning to users isn&t supported. #or more
information, see the Microsoft article Fest Practices for 'sing 'pdate.msi to
deploy $er!ice Packs,F http2www.support.microsoft.comBkbidN3RQK04.
+he $ettings2
'ser on9gurationA $oftware %nstallation
omputer on9gurationA $oftware %nstallation
Good Policy
8ow you know that some policies are simple and others, such as #older
=edirection, reuire preparation and testing to implement. +he best way to
approach policy creation is from the perspecti!e of sol!ing a particularproblem or pro!iding a particular ser!ice. Determine the appropriate settings
to accomplish the task at hand. =ead the description under the 7plain tab
when !iewing the properties for a setting within GP7 to make sure you fully
understand a setting&s impact and beha!ior before you turn it on. nd 9nally,
make sure you fully test both the result of the settings in your GP) as well as
your scope targeting method before putting a policy into production.
reprints
#a!orite
7M%?
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 11/15
in$hare
Discuss this rticle U
nonymous 'ser -not !eri9ed
on pr 3R, 300K
;ardware V Dial/'p onnection V Portable omputer V attery Present V
PM% Present V P' $peed V Disk $pace V =M !ailable V M ddress
=ange %dentity V %P ddress =ange V D?DP uery V DomainWorkgroup V
)rgani>ational 'nit V $ite Membership V omputerD8$ 8ame V $ecurity
Group V 'ser Match $oftware V )perating $ystem V $er!ice Pack V +erminal
$ession V $ystem'ser ?anguage V #ile match V =egistry Match V 7n!ironment
Xariable )ther V #ilter Group V Message o V M$% Packages V =ecur 7!ery V
=un )nce V +ime =ange V WM% uery dditionally, Group Policy pro!ides arich delegation and hierarchical management model so that organi>ations
can make the system support the way they do business. ll in all Group Policy
has practically unlimited potential and tremendous =)%. %tYs well integrated,
etensible, hugely scalable and by far the most widely deployed desktop
management system for cti!e Directory networks. 7ric
?og %n or =egister to post comments
nonymous 'ser -not !eri9ed
on pr Q, 300K
Dude you&re lame / this is an article comment section, not your opportunity
for a personal shameless plug.
?og %n or =egister to post comments
nonymous 'ser -not !eri9ed
on pr 1E, 300K
dam, +hanks for your thoughtful response. ;a!ing worked with %+ Pro -and
predecessors for many years, this is the type of in/depth discussion % would
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 12/15
epect readers to appreciate the most. Group Policy is an epansi!e and
!aluable topic, and itYs hard to get enough depth e!en in a feature article.
Generating discussion on the topic of whatYs missing is a great approach to
this problem. Please forgi!e me if % got the wrong impression regarding
sponsorship of the article, but itYs easy to come to this conclusion gi!en the
contents of the Z%nteract[ section at the top of the article -in both print andonline !ersions. % assumed that was a paid position associated with the
article < which of course was the co!er story for the pril print edition. My
mistake. % donYt know a lot about the $? product, but from what % understand
itYs dependent on @i5tart scripting, not Group Policy. +here are many ways to
accomplish management tasks in a distributed network < scripting, script
generators, !arious utility products and tools, infrastructure in!estments such
as \78works, $M$, +i!oli, ltiris, etc. $ome of these claim to ha!e association
with Group Policy. ;owe!er to actually pro!ide new Group Policy features
reuires implementing MicrosoftYs etensi!e speci9cation for Group Policy
7tension, including Group Policy )b*ect 7ditor etensions, =esultant $et of
Policy snap/in etensions, GPM integration, and lient $ide 7tensions. +his
is how the Microsoft etensions work. %tYs hard for me to come up with an
eample of desktop management functionality that cannot be managed
easily using a Group Policy etension. )f course there is not a Group Policy
etension to co!er e!ery concei!able management task, yet this is true of all
management products. $hould holes in nati!e functionality be 9lled by non/
Group Policy utilities if there are capable etensions a!ailableB +hatYs an
indi!idual decision, but one that should be made with an understanding of
the options. %n fairness, rian did state that third party products -presumably
etensions are reuired to 9ll the holes in Group Policy < but thatYs by design.
=eusing my own analogy, one wouldnYt argue that %7 was Ztoo limited[because Microsoft didnYt pro!ide all of the plug/ins. Tust the opposite is true.
Group Policy is practically VunlimitedV because itYs etensible and the
etensibility model is supported. +his isnYt true of most other desktop
management systems. rian missed an opportunity to point out a legitimate
limitation of Group Policy < it doesnYt support Windows 8+ E or Windows U
desktops. s % understand $? predates Group Policy and supports these
platforms. % assume he has a good product and %Ym sure it can 9ll some of the
holes left by nati!e Group Policy e!en on current platforms. ;owe!er, people
looking for Group Policy solutions should be aware that there are in fact true
Group Policy etensions that more than handle the issues raised. +herefore, %guess % should answer the other part of your uestion, ZWhat are some
speci9c eamples of desktop management functionality that ] can be done
easily with a Group Policy etensionB[ +hatYs a mighty long list, and this is
already getting too long < so %Yll follow up a little later. =egards, 7ric
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 13/15
?og %n or =egister to post comments
dam -not !eri9ed
on Mar 3U, 300K
rian $tyles of $cript?ogic also has some thoughts about Group Policy. ;e
hopes to hear your thoughts and share more of his with this article. rian&s
comments2 Policy based control o!er desktop settings are a great starting
point to standardi>e and streamline the user&s en!ironment. +hey employ the
ability to make changes on multiple machines with a single administrati!e
change. ;owe!er, Group Policies are simply not enough for comprehensi!e
desktop administration for two reasons2 -1 limited scope of administrati!e
ability and -3 limited granularity of distribution. +he scope of administration
Group Policies master are limited to )$/ and -some application/speci9c
settings. +hird party solutions are reuired to handle the multitude of other
aspects that are reuired by the administrator to control the users
en!ironment. ?ike the administrati!e scope, granularity of policy distribution
is also etremely limited in that you ha!e only users, groups, computers and
)'s to use to di"erentiate policy deployment. )'s and ob*ect types are only
a few of the long list of methods you can use to categori>e and identify users.
%t should come as no surprise to %+ professionals that $cript?ogic would ha!e
an opinion on Group Policies gi!en that $cript?ogic has made a business out
of de!eloping intuiti!e management solutions in the areas of desktop
administration, cti!e Directory and Group Policy management. 8ow it&s your
turn to gi!e us your feedback. $hare with us your eperiences of using GroupPolicies to manage Windows clients and feel free to post your uestions. We&ll
be monitoring your feedback and posting replies. / rian $tyles
?og %n or =egister to post comments
nonymous 'ser -not !eri9ed
on pr 3R, 300K
dam, +hese are the etensions that are a!ailable when you install the
PolicyMaker suite. 8ati!e -Microsoft Group Policy etensions make up *ust 14
of these. +he dministrati!e +emplates etension includes hundreds of
indi!idual security and other operating system con9guration parameters.
$oftware 'pdate pro!ides Group Policy patch management using $'$W'$
data. Printers pro!ides mapping of shared printers or connection of %P
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 14/15
printers. +he solutions possible with these etensions and the numerous
policy types they include are innumerable. V7n!ironment Xariables V?ocal
'sers and Groups Vpplication $ecurity VDe!ice =estrictions VWireless
V8etwork )ptions VDri!e Maps V#older =edirection Vdministrati!e +emplates
VMicrosoft Disk uota Vo$ Packet $cheduler V$cripts V$ecurity V%nternet
7plorer randing V7#$ reco!ery V$oftware %nstallation V$oftware 'pdate V%P$ecurity V#olders V#iles VData $ources V%ni #iles VWindows $er!ices V#older
)ptions V$cheduled +asks V=egistry Vpplications VPrinters V$hortcuts VMail
Pro9les V%nternet $ettings V$tart Menu $ettings V=egional )ptions VPower
)ptions )ne of the strengths of Group Policy is its ability to target groups of
settings in a GP) to users andor computers by site, domain, and
organi>ational unit. dditionally, GP)s can be 9ltered by security group and
WM% 9lters. PolicyMaker etensions add to this Ceibility by implement per/
setting targeting using a graphical drag and drop 9lter interface common to
all etensions and settings. +his allows administrators to create a much
smaller number of GP)s and target contained settings more granularly. #ilter
classes include2
?og %n or =egister to post comments
nonymous 'ser -not !eri9ed
on pr R, 300K
ob, +hanks for the plug. learly Group Policy is the most widely utili>eddesktop management technology system < and the beast feature of cti!e
Directory. s far as % know the only scoping limitations are that machines
must be Windows 3000 or later, and for central management they must be
*oined to D. 7!eryone with an cti!e Directory network is already using
Group Policy. 'nfortunately some people miss out on the rich possibilities by
focusing entirely on the etensions that are pro!ided with Windows. +hatYs
like complaining that %7 canYt !iew a PD# 9le. Group Policy is an etensible
architecture by design. +he 11 etensions that ship with Windows 5P include
security settings, software deployment and more. ;owe!er, when we
introduced the 9rst product based on this speci9cation, a whole new world oftrue Group Policy was opened up. )ur PolicyMaker suite includes a total of 34
etensions -e.g. printers, dri!e maps, patching, local users and groups
management, power options, least pri!ilege security, )utlook pro9les, and
much more, and each supports the full speci9cation < including GPM
integration, backup and restore, planning and logging modes, delegation, and
more. +here are no ser!ers or ser!ices to install, it all works inside the
eisting architecture. We implement a number of common features in our
7/23/2019 10 Ways to Manage Desktops With Group Policy
http://slidepdf.com/reader/full/10-ways-to-manage-desktops-with-group-policy 15/15
etensions, including drag/and/drop 5M? importeport, 3K categories of
graphical per/setting 9lters -no limit to granularity, per/setting
documentation, en!ironment !ariable integration, etension/le!el delegation,
and much more. )ur customers 9nd that Group Policy pro!ides the ideal
combination of Ceibility, power, control, and operating system integration <
a combination that cannot be found in scripting, script generators, or utilityproducts. +his article is a great introduction, and for more information on
Group Policy, etensions, architecture, third party products, etc., check out
the following wiki site2 http2www.grouppolicy.org #or more information on
PolicyMaker, see2 http2www.desktopstandard.compolicymaker 7ric Xoskuil,
+) Desktop$tandard orporation MXP -Windows $er!er < Management