A solution to monitor, manage and archive thousands of
events that are generated by devices across the entire network. Download FREE
trial
Group Policy - Control Panel
Unlike the Desktop, where restrictions are optional, I
would urge even the nicest of administrators to evaluate these Control Panel Policies.
Remember that old saying that, 'Prevention is better than cure'? Well,
never was prevention more appropriate than configuring a Microsoft Group Polices to stop users
destroying their monitors.
If you wish to take a less extreme view then you have two strategies;
either disable all icons, and make exceptions; or take the reverse view,
enable all icons with just a few named exceptions.
The most expensive hardware error that I have ever seen, is where a
'Psycho' user destroyed his monitor by fiddling with the settings. With
older monitors, it is possible to set the refresh rate faster than the motor
can cope with, the result is that the VDU motor burns out. I have also had
reports of users setting their screen resolution to extremely high values,
which caused the machine to keep crashing.
The answer to the above problem is a Microsoft Group Policy which * 'Hides
the Settings tab' of the Display Icon. If you put on your 'Mr Nasty' hat,
then you can 'Remove the Display Icon', or go the whole hog and disable the
entire Control Panel.
On the positive side, you can make the screen saver more effective by
setting, 'Password Protect the Screen Saver' and then entering a suitable timeout
value.
Your company culture will determine how you regard policies in the Desktop Themes sub folder.
My view is that you
must balance giving users a comfortable screen, with the potential for
time wasting by constantly adjusting the settings. My choice would be to leave
the Desktop Themes policies as 'Not Configured'.
I have a suggestion, organize your computers into OUs, the benefit is that you could have one Group Policy for laptops, and a different policy
for workstations.
Troubleshooting Group Policies is tricky. As an MCT trainer, I can thoroughly recommend TrainSignal because they
provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example Group Policy or go for
a combination of modules.
See more about Group Policy training here
This is an ideal area to prevent users from adding rogue programs to their
machines. Apart from wasting time, such programs always increase your support costs. If
there is a good
business case, then possibly you could logon as administrator and install the software.
Much better would be to use a Windows Server 2003 Group Policy to assign software using elevated
rights.
Your strategy here is either to take the ruthless view and 'Remove add or
remove programs', or else to fine tune which tabs are available.
Here we have examples of the opposing philosophies behind Group Policies.
For those who like the 'Mr Nasty' role, you can stop users adding printers.
However, this setting is not all it seems, for instance, it does not stop
users adding printers by the back door and neither does it disable Add Remove
Local printers. Would a better method be to use Windows Server 2003 permissions to control
network printer usage?
For those who prefer the 'Mr Helpful' role, you can set * 'Default
Active Directory Path when searching for printers'. If you like
these policies which customize the operating system to your network, then
check the 'Browse' settings.
There is only one setting here, what it does is specifically stop users selecting or changing the
language settings. I can only think that you would need to bother in a very specialist scenario!
