Feeds

Windows group policies in the real world

Trevor's technical tidbits

  • alert
  • submit to reddit

Reducing the cost and complexity of web vulnerability management

Sysadmin Blog I admit: group policy is a pretty dry subject. If you are reading an article about group policy, you aren’t here for my sense of humour. This means that you are seeking a few technical tidbits. In Windows, it's not easy to do this.

Group policy changes with every iteration of Windows. Some group policy topics can be approached in a general sense, but to really have a conversation about Group Policy Objects (GPOs) then we need to set some boundaries. I’ll be talking a lot about NT5 - Windows 2000, 2003 and all flavours of XP - and NT6. Bear in mind that I haven’t really used Windows 2000 in about five years. I am assuming that most of what works in 2003 and XP applies to 2000 - primarily because they really weren’t that different.

I am not going to make any such assumptions about NT6. While NT6 consists of Vista, 7, Server 2008 and Server 2008R2, I am going to pretend that Vista and Server 2008 simply didn’t happen. I’ll be honest; by and large, I skipped both Vista and Server 2008. Admittedly I did use them, but only enough to be very glad that I stuck with XP, and now I am deep into Server 2008 R2 and Windows 7.

Certain features, such as bit locker or Hyper-V are native to the NT6 set of operating systems, and lacking in NT5. To manage these features, GPOs were added to the collection that existed with NT5; there are also new systems management features in NT6.

The first feature: including the Group Policy Management Console (GPMC) in the default install of NT6. For those of you who remember Server 2000 - or Server 2003 before you downloaded and installed the GPMC - group policy management pre-GPMC was a terrifying nightmare. If you had a single inheritance or precedence problem, you could easily spend hours fighting with your GPOs. GPMC, combined with Resultant Set of Policy (RSoP) make administering GPOs significantly easier.

GPO logging is similar. While GPO events could be tracked previously, far more information about deployment is now recorded as a matter of course in NT6 event logs. The error messages are still cryptic or incomprehensible. Google them.

Next: GPOs relating to printers. I’ve not tried it yet, but there’s plenty of literature on using NT6 to push network printers out via GPOs. This is really an extension of the excellent Server 2003 R2 Print Management Console (PMC). If you are using NT6, you can use the PMC to connect to your print server of choice. Just right-click and “deploy via GPO”

While the PMC offers Server 2003 R2 the ability to do nifty things like host NT6 printer drivers on an NT5 print server, you can’t push network printers to NT5 operating systems via the PMC. At least, not out of the box. If you dig around in Server 2008’s system32 folder, you’ll run across “pushprinterconnections.exe.” Add this to a logon script, and it will push these printers out to NT6.

Another neat “addition” is that folder redirection for NT6 systems has been expanded from allowing you to redirect only five folders to ten. This is still a long way from the granular control that I want, but it’s a baby step in the right direction.

Choosing a cloud hosting partner with confidence

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.