Feeds

Windows group policies in the real world

Trevor's technical tidbits

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

Sysadmin Blog I admit: group policy is a pretty dry subject. If you are reading an article about group policy, you aren’t here for my sense of humour. This means that you are seeking a few technical tidbits. In Windows, it's not easy to do this.

Group policy changes with every iteration of Windows. Some group policy topics can be approached in a general sense, but to really have a conversation about Group Policy Objects (GPOs) then we need to set some boundaries. I’ll be talking a lot about NT5 - Windows 2000, 2003 and all flavours of XP - and NT6. Bear in mind that I haven’t really used Windows 2000 in about five years. I am assuming that most of what works in 2003 and XP applies to 2000 - primarily because they really weren’t that different.

I am not going to make any such assumptions about NT6. While NT6 consists of Vista, 7, Server 2008 and Server 2008R2, I am going to pretend that Vista and Server 2008 simply didn’t happen. I’ll be honest; by and large, I skipped both Vista and Server 2008. Admittedly I did use them, but only enough to be very glad that I stuck with XP, and now I am deep into Server 2008 R2 and Windows 7.

Certain features, such as bit locker or Hyper-V are native to the NT6 set of operating systems, and lacking in NT5. To manage these features, GPOs were added to the collection that existed with NT5; there are also new systems management features in NT6.

The first feature: including the Group Policy Management Console (GPMC) in the default install of NT6. For those of you who remember Server 2000 - or Server 2003 before you downloaded and installed the GPMC - group policy management pre-GPMC was a terrifying nightmare. If you had a single inheritance or precedence problem, you could easily spend hours fighting with your GPOs. GPMC, combined with Resultant Set of Policy (RSoP) make administering GPOs significantly easier.

GPO logging is similar. While GPO events could be tracked previously, far more information about deployment is now recorded as a matter of course in NT6 event logs. The error messages are still cryptic or incomprehensible. Google them.

Next: GPOs relating to printers. I’ve not tried it yet, but there’s plenty of literature on using NT6 to push network printers out via GPOs. This is really an extension of the excellent Server 2003 R2 Print Management Console (PMC). If you are using NT6, you can use the PMC to connect to your print server of choice. Just right-click and “deploy via GPO”

While the PMC offers Server 2003 R2 the ability to do nifty things like host NT6 printer drivers on an NT5 print server, you can’t push network printers to NT5 operating systems via the PMC. At least, not out of the box. If you dig around in Server 2008’s system32 folder, you’ll run across “pushprinterconnections.exe.” Add this to a logon script, and it will push these printers out to NT6.

Another neat “addition” is that folder redirection for NT6 systems has been expanded from allowing you to redirect only five folders to ten. This is still a long way from the granular control that I want, but it’s a baby step in the right direction.

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.