Feeds

Windows on the Desktop? There's a group policy for that

Managing by the book

Gartner critical capabilities for enterprise endpoint backup

Desktops are important and need managing with the same care as servers. If you are using Windows many of the tools you need are built into Active Directory, which lets you define individual users and computers along with their roles and the groups they fall into.

This division makes managing Windows PCs relatively easy.

The key to managing a suite of desktops centrally is Group Policy, which give you the ability to define rules that target the users and groups you want, locking down the desktop for task workers and opening it up for knowledge workers.

No tweaking

Windows features a surprising number of different group policies: Windows Vista has more than 3,000, Windows XP has about 1,800 and Windows 7 has more than 3,300.

Drilling down into the available Group Policies (there’s a useful online reference here), you will see that you can manage nearly everything on a PC, from defining the screen backdrop and look-and-feel to controlling how the machine handles encrypted files.

You can hide system utilities, making sure users don’t inadvertently mis-configure their machines, and control whether or not they can install software.

Preventing desktops from being customised makes it easier to manage a large number of them, reducing the risk of drift from your baseline system images. It also helps to keep users productive, as they won’t be spending time tweaking their PCs (especially if you have removed access to Minesweeper and Solitaire).

Express your preferences

While you can handle user security as part of an Active Directory user profile, Group Policies let you drill down into the Windows Firewall so you can control the open ports and the applications that have access to the network. Locking down applications that expose corporate data is important – especially if you are in a regulated industry.

Other security options control access to removable drives, as well as managing Windows’ built-in whole disk encryption BitLocker (including enforcing encryption on USB drives).

There is no point in chewing watts just to power screensavers

If there is something you want to manage that is not in the standard set of Group Policy Objects, you can use Group Policy Preferences to extend your reach. One option gives you control over a desktop’s scheduled tasks, so you can, for example, ensure that PCs are backed up regularly.

Group policies can do a lot more than handling user directories, application whitelists and security requirements.

Sweet dreams

Why not use them to push out power policies to desktops? There is no point in leaving PCs on overnight, chewing watts just to power screensavers. Recent versions of Windows let you use Group Policy Preferences to force shut down, hibernation or low-power sleep states on PCs out of working hours. There is no need to learn new scripting techniques as you work with familiar control panels.

Group Policies simplify complex tasks and make it easy to control specific users and groups. With this great power comes great responsibility, so make sure you have tested the policies you are planning on deploying before you add them to your Active Directory. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Why has the web gone to hell? Market chaos and HUMAN NATURE
Tim Berners-Lee isn't happy, but we should be
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Microsoft boots 1,500 dodgy apps from the Windows Store
DEVELOPERS! DEVELOPERS! DEVELOPERS! Naughty, misleading developers!
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Uber, Lyft and cutting corners: The true face of the Sharing Economy
Casual labour and tired ideas = not really web-tastic
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.