Feeds

Windows group policies in the real world

Trevor's technical tidbits

  • alert
  • submit to reddit

HP ProLiant Gen8: Integrated lifecycle automation

Sysadmin Blog I admit: group policy is a pretty dry subject. If you are reading an article about group policy, you aren’t here for my sense of humour. This means that you are seeking a few technical tidbits. In Windows, it's not easy to do this.

Group policy changes with every iteration of Windows. Some group policy topics can be approached in a general sense, but to really have a conversation about Group Policy Objects (GPOs) then we need to set some boundaries. I’ll be talking a lot about NT5 - Windows 2000, 2003 and all flavours of XP - and NT6. Bear in mind that I haven’t really used Windows 2000 in about five years. I am assuming that most of what works in 2003 and XP applies to 2000 - primarily because they really weren’t that different.

I am not going to make any such assumptions about NT6. While NT6 consists of Vista, 7, Server 2008 and Server 2008R2, I am going to pretend that Vista and Server 2008 simply didn’t happen. I’ll be honest; by and large, I skipped both Vista and Server 2008. Admittedly I did use them, but only enough to be very glad that I stuck with XP, and now I am deep into Server 2008 R2 and Windows 7.

Certain features, such as bit locker or Hyper-V are native to the NT6 set of operating systems, and lacking in NT5. To manage these features, GPOs were added to the collection that existed with NT5; there are also new systems management features in NT6.

The first feature: including the Group Policy Management Console (GPMC) in the default install of NT6. For those of you who remember Server 2000 - or Server 2003 before you downloaded and installed the GPMC - group policy management pre-GPMC was a terrifying nightmare. If you had a single inheritance or precedence problem, you could easily spend hours fighting with your GPOs. GPMC, combined with Resultant Set of Policy (RSoP) make administering GPOs significantly easier.

GPO logging is similar. While GPO events could be tracked previously, far more information about deployment is now recorded as a matter of course in NT6 event logs. The error messages are still cryptic or incomprehensible. Google them.

Next: GPOs relating to printers. I’ve not tried it yet, but there’s plenty of literature on using NT6 to push network printers out via GPOs. This is really an extension of the excellent Server 2003 R2 Print Management Console (PMC). If you are using NT6, you can use the PMC to connect to your print server of choice. Just right-click and “deploy via GPO”

While the PMC offers Server 2003 R2 the ability to do nifty things like host NT6 printer drivers on an NT5 print server, you can’t push network printers to NT5 operating systems via the PMC. At least, not out of the box. If you dig around in Server 2008’s system32 folder, you’ll run across “pushprinterconnections.exe.” Add this to a logon script, and it will push these printers out to NT6.

Another neat “addition” is that folder redirection for NT6 systems has been expanded from allowing you to redirect only five folders to ten. This is still a long way from the granular control that I want, but it’s a baby step in the right direction.

Eight steps to building an HP BladeSystem

More from The Register

next story
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Now that's a LOT of porn or pirated movies. Or, you know, other consumer stuff
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
Seagate chances ARM with NAS boxes for the SOHO crowd
There's an Atom-powered offering, too
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.