Feeds

Windows group policies in the real world

Trevor's technical tidbits

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Sysadmin Blog I admit: group policy is a pretty dry subject. If you are reading an article about group policy, you aren’t here for my sense of humour. This means that you are seeking a few technical tidbits. In Windows, it's not easy to do this.

Group policy changes with every iteration of Windows. Some group policy topics can be approached in a general sense, but to really have a conversation about Group Policy Objects (GPOs) then we need to set some boundaries. I’ll be talking a lot about NT5 - Windows 2000, 2003 and all flavours of XP - and NT6. Bear in mind that I haven’t really used Windows 2000 in about five years. I am assuming that most of what works in 2003 and XP applies to 2000 - primarily because they really weren’t that different.

I am not going to make any such assumptions about NT6. While NT6 consists of Vista, 7, Server 2008 and Server 2008R2, I am going to pretend that Vista and Server 2008 simply didn’t happen. I’ll be honest; by and large, I skipped both Vista and Server 2008. Admittedly I did use them, but only enough to be very glad that I stuck with XP, and now I am deep into Server 2008 R2 and Windows 7.

Certain features, such as bit locker or Hyper-V are native to the NT6 set of operating systems, and lacking in NT5. To manage these features, GPOs were added to the collection that existed with NT5; there are also new systems management features in NT6.

The first feature: including the Group Policy Management Console (GPMC) in the default install of NT6. For those of you who remember Server 2000 - or Server 2003 before you downloaded and installed the GPMC - group policy management pre-GPMC was a terrifying nightmare. If you had a single inheritance or precedence problem, you could easily spend hours fighting with your GPOs. GPMC, combined with Resultant Set of Policy (RSoP) make administering GPOs significantly easier.

GPO logging is similar. While GPO events could be tracked previously, far more information about deployment is now recorded as a matter of course in NT6 event logs. The error messages are still cryptic or incomprehensible. Google them.

Next: GPOs relating to printers. I’ve not tried it yet, but there’s plenty of literature on using NT6 to push network printers out via GPOs. This is really an extension of the excellent Server 2003 R2 Print Management Console (PMC). If you are using NT6, you can use the PMC to connect to your print server of choice. Just right-click and “deploy via GPO”

While the PMC offers Server 2003 R2 the ability to do nifty things like host NT6 printer drivers on an NT5 print server, you can’t push network printers to NT5 operating systems via the PMC. At least, not out of the box. If you dig around in Server 2008’s system32 folder, you’ll run across “pushprinterconnections.exe.” Add this to a logon script, and it will push these printers out to NT6.

Another neat “addition” is that folder redirection for NT6 systems has been expanded from allowing you to redirect only five folders to ten. This is still a long way from the granular control that I want, but it’s a baby step in the right direction.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ellison: Sparc M7 is Oracle's most important silicon EVER
'Acceleration engines' key to performance, security, Larry says
Linux? Bah! Red Hat has its eye on the CLOUD – and it wants to own it
CEO says it will be 'undisputed leader' in enterprise cloud tech
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Hey, what's a STORAGE company doing working on Internet-of-Cars?
Boo - it's not a terabyte car, it's just predictive maintenance and that
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.