A solution to monitor, manage and archive thousands of
events that are generated by devices across the entire network. Download FREE
trial
Group Policy - Windows Components
Each Windows Component folder has
specific policies for that application, for example, timeouts for Terminal
Services. Whilst there are numerous settings here, I
anticipate that you will only need a handful of these policies, the trouble
is that each system requires different applications and so there is no one
size fits all.
Troubleshooting Group Policies is tricky. As an MCT trainer, I can thoroughly recommend TrainSignal because they
provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example Group Policy or go for
a combination of modules.
See more about Group Policy training here
* Guy's Top Five Group Policies for Windows Components
To date, I have found that the only way to start NetMeeting is: Start, Run,
Conf. When I see NetMeeting, I think of training sessions, however I
am sure that there are business functions for this program.
Meanwhile back at Group Policies, we find the usual array of
'Disable' settings so that users cannot fiddle with the buttons when they should be
watching the conference. If your Network only makes casual use of this conferencing program, then
I would not bother configuring these policies.
Internet Explorer
There are so many important settings for Internet Explorer, that it has its own IE pages.
Just one setting here - Disable 16-bit applications. Why would you need this?
One answer would be to prevent old programs destabilizing the operating system. Other than the
observation - 'Why would you need a 16-bit program in 2004?' - I would ignore this
folder.
Again, only one setting - * 'Do not allow the
'Did You Know' content to appear'. This section of the Help Center
is only available if you have internet connection. So, if your users
cannot connect to the internet, then changing this setting will speed up
'Help and Support'. Beware of double negatives, you really must test
that your logic matches the policy's logic.
More than 30 settings, including the classic - *
'Remove "Map Network Drive".' Lots of other restrictive policies, consider removing tabs such as DFS, Security and
Hardware from the explorer.
The key is to balance users ability to browse for vital resources, while
preventing them from getting into mischief. Make decisions here
based on your overall philosophy of the desktop, rather than in isolation.
By that I mean, if you restrict browsing the network, then
compensate by providing mapped
network drives.
This is about restricting which Snap-ins are available to the MMC.
Keep in mind that many of the Snap-ins will not function in the hands of
non-administrators, so what you are doing here is tightening up the selection of
what administrators will see if they try and create an MMC. Guy's
advice, ignore this section.
The settings here are virtually identical to the Computer Configuration.
However the question remains, do you give users the responsibility of scheduling
maintenance programs like backup? Probably not.
It has to be a good idea to set idle time-outs. In fact, this whole
Terminal Services section is a chance to be positive and improve the user's experience.
For example, * 'Start a program on
connection'. Note there is a much bigger collection of Terminal Services policies under Computer Configuration.
* 'Always install with
elevated privileges' will ensure that programs will install properly
without you having to logon as administrator. I have seen
administrators placing users
in powerful administrative groups, just because they did not know about this
elevated privilege setting.
Trap: 'Elevated privileges' must also be enabled in the Computer
Configuration for it to be effective.
Here are two useful settings to control how Windows Messenger behaves.
Firstly, are you going to allow Messenger to run - at all? If you do
permit the Messenger to operate, would you wish it to start automatically?
This section provides all the Group Policies necessary to create the optimum
Media Player environment. Helpful features include specifying proxy settings, coupled
with restrictions to hide unnecessary tabs. Incidentally, this
policies in this folder are controlled by its own .adm template called
WMPlayer.adm.
The Windows Component folder in Group Policies has
specific policies for a variety of Windows Applications, for example, timeouts for Terminal
Services. You do need to trawl through all the settings, but I expect that you will only need a handful of these policies for your circumstances.
Troubleshooting Group Policies is tricky. As an MCT trainer, I can thoroughly recommend TrainSignal because they
provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example Group Policy or go for
a combination of modules.
See more about Group Policy training here
