Feeds

Windows group policies in the real world

Trevor's technical tidbits

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Sysadmin Blog I admit: group policy is a pretty dry subject. If you are reading an article about group policy, you aren’t here for my sense of humour. This means that you are seeking a few technical tidbits. In Windows, it's not easy to do this.

Group policy changes with every iteration of Windows. Some group policy topics can be approached in a general sense, but to really have a conversation about Group Policy Objects (GPOs) then we need to set some boundaries. I’ll be talking a lot about NT5 - Windows 2000, 2003 and all flavours of XP - and NT6. Bear in mind that I haven’t really used Windows 2000 in about five years. I am assuming that most of what works in 2003 and XP applies to 2000 - primarily because they really weren’t that different.

I am not going to make any such assumptions about NT6. While NT6 consists of Vista, 7, Server 2008 and Server 2008R2, I am going to pretend that Vista and Server 2008 simply didn’t happen. I’ll be honest; by and large, I skipped both Vista and Server 2008. Admittedly I did use them, but only enough to be very glad that I stuck with XP, and now I am deep into Server 2008 R2 and Windows 7.

Certain features, such as bit locker or Hyper-V are native to the NT6 set of operating systems, and lacking in NT5. To manage these features, GPOs were added to the collection that existed with NT5; there are also new systems management features in NT6.

The first feature: including the Group Policy Management Console (GPMC) in the default install of NT6. For those of you who remember Server 2000 - or Server 2003 before you downloaded and installed the GPMC - group policy management pre-GPMC was a terrifying nightmare. If you had a single inheritance or precedence problem, you could easily spend hours fighting with your GPOs. GPMC, combined with Resultant Set of Policy (RSoP) make administering GPOs significantly easier.

GPO logging is similar. While GPO events could be tracked previously, far more information about deployment is now recorded as a matter of course in NT6 event logs. The error messages are still cryptic or incomprehensible. Google them.

Next: GPOs relating to printers. I’ve not tried it yet, but there’s plenty of literature on using NT6 to push network printers out via GPOs. This is really an extension of the excellent Server 2003 R2 Print Management Console (PMC). If you are using NT6, you can use the PMC to connect to your print server of choice. Just right-click and “deploy via GPO”

While the PMC offers Server 2003 R2 the ability to do nifty things like host NT6 printer drivers on an NT5 print server, you can’t push network printers to NT5 operating systems via the PMC. At least, not out of the box. If you dig around in Server 2008’s system32 folder, you’ll run across “pushprinterconnections.exe.” Add this to a logon script, and it will push these printers out to NT6.

Another neat “addition” is that folder redirection for NT6 systems has been expanded from allowing you to redirect only five folders to ten. This is still a long way from the granular control that I want, but it’s a baby step in the right direction.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
Students playing with impressive racks? Yes, it's cluster comp time
The most comprehensive coverage the world has ever seen. Ever
Run little spreadsheet, run! IBM's Watson is coming to gobble you up
Big Blue's big super's big appetite for big data in big clouds for big analytics
Seagate's triple-headed Cerberus could SAVE the DISK WORLD
... and possibly bring us even more HAMR time. Yay!
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.