Feeds

Windows on the Desktop? There's a group policy for that

Managing by the book

Providing a secure and efficient Helpdesk

Desktops are important and need managing with the same care as servers. If you are using Windows many of the tools you need are built into Active Directory, which lets you define individual users and computers along with their roles and the groups they fall into.

This division makes managing Windows PCs relatively easy.

The key to managing a suite of desktops centrally is Group Policy, which give you the ability to define rules that target the users and groups you want, locking down the desktop for task workers and opening it up for knowledge workers.

No tweaking

Windows features a surprising number of different group policies: Windows Vista has more than 3,000, Windows XP has about 1,800 and Windows 7 has more than 3,300.

Drilling down into the available Group Policies (there’s a useful online reference here), you will see that you can manage nearly everything on a PC, from defining the screen backdrop and look-and-feel to controlling how the machine handles encrypted files.

You can hide system utilities, making sure users don’t inadvertently mis-configure their machines, and control whether or not they can install software.

Preventing desktops from being customised makes it easier to manage a large number of them, reducing the risk of drift from your baseline system images. It also helps to keep users productive, as they won’t be spending time tweaking their PCs (especially if you have removed access to Minesweeper and Solitaire).

Express your preferences

While you can handle user security as part of an Active Directory user profile, Group Policies let you drill down into the Windows Firewall so you can control the open ports and the applications that have access to the network. Locking down applications that expose corporate data is important – especially if you are in a regulated industry.

Other security options control access to removable drives, as well as managing Windows’ built-in whole disk encryption BitLocker (including enforcing encryption on USB drives).

There is no point in chewing watts just to power screensavers

If there is something you want to manage that is not in the standard set of Group Policy Objects, you can use Group Policy Preferences to extend your reach. One option gives you control over a desktop’s scheduled tasks, so you can, for example, ensure that PCs are backed up regularly.

Group policies can do a lot more than handling user directories, application whitelists and security requirements.

Sweet dreams

Why not use them to push out power policies to desktops? There is no point in leaving PCs on overnight, chewing watts just to power screensavers. Recent versions of Windows let you use Group Policy Preferences to force shut down, hibernation or low-power sleep states on PCs out of working hours. There is no need to learn new scripting techniques as you work with familiar control panels.

Group Policies simplify complex tasks and make it easy to control specific users and groups. With this great power comes great responsibility, so make sure you have tested the policies you are planning on deploying before you add them to your Active Directory. ®

Beginner's guide to SSL certificates

More from The Register

next story
ONE MILLION people already running Windows 10
A third of them are doing it in VMs, but early feedback focuses on frippery
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Sway: Microsoft's new Office app doesn't have an Undo function
Content aggregation, meet the workplace ... oh
Sign off my IT project or I’ll PHONE your MUM
Honestly, it’s a piece of piss
Do Moan! MONSTER 6-day EMAIL OUTAGE hits Domain Monster
Customers freaked out by frightful service
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
NetWare sales revive in China thanks to that man Snowden
If it ain't Microsoft, it's in fashion behind the Great Firewall
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.