Feeds

Windows on the Desktop? There's a group policy for that

Managing by the book

Boost IT visibility and business value

Desktops are important and need managing with the same care as servers. If you are using Windows many of the tools you need are built into Active Directory, which lets you define individual users and computers along with their roles and the groups they fall into.

This division makes managing Windows PCs relatively easy.

The key to managing a suite of desktops centrally is Group Policy, which give you the ability to define rules that target the users and groups you want, locking down the desktop for task workers and opening it up for knowledge workers.

No tweaking

Windows features a surprising number of different group policies: Windows Vista has more than 3,000, Windows XP has about 1,800 and Windows 7 has more than 3,300.

Drilling down into the available Group Policies (there’s a useful online reference here), you will see that you can manage nearly everything on a PC, from defining the screen backdrop and look-and-feel to controlling how the machine handles encrypted files.

You can hide system utilities, making sure users don’t inadvertently mis-configure their machines, and control whether or not they can install software.

Preventing desktops from being customised makes it easier to manage a large number of them, reducing the risk of drift from your baseline system images. It also helps to keep users productive, as they won’t be spending time tweaking their PCs (especially if you have removed access to Minesweeper and Solitaire).

Express your preferences

While you can handle user security as part of an Active Directory user profile, Group Policies let you drill down into the Windows Firewall so you can control the open ports and the applications that have access to the network. Locking down applications that expose corporate data is important – especially if you are in a regulated industry.

Other security options control access to removable drives, as well as managing Windows’ built-in whole disk encryption BitLocker (including enforcing encryption on USB drives).

There is no point in chewing watts just to power screensavers

If there is something you want to manage that is not in the standard set of Group Policy Objects, you can use Group Policy Preferences to extend your reach. One option gives you control over a desktop’s scheduled tasks, so you can, for example, ensure that PCs are backed up regularly.

Group policies can do a lot more than handling user directories, application whitelists and security requirements.

Sweet dreams

Why not use them to push out power policies to desktops? There is no point in leaving PCs on overnight, chewing watts just to power screensavers. Recent versions of Windows let you use Group Policy Preferences to force shut down, hibernation or low-power sleep states on PCs out of working hours. There is no need to learn new scripting techniques as you work with familiar control panels.

Group Policies simplify complex tasks and make it easy to control specific users and groups. With this great power comes great responsibility, so make sure you have tested the policies you are planning on deploying before you add them to your Active Directory. ®

Build a business case: developing custom apps

More from The Register

next story
KDE releases ice-cream coloured Plasma 5 just in time for summer
Melty but refreshing - popular rival to Mint's Cinnamon's still a work in progress
Leaked Windows Phone 8.1 Update specs tease details of Nokia's next mobes
New screen sizes, dual SIMs, voice over LTE, and more
Mozilla keeps its Beard, hopes anti-gay marriage troubles are now over
Plenty on new CEO's todo list – starting with Firefox's slipping grasp
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
Another day, another Firefox: Version 31 is upon us ALREADY
Web devs, Mozilla really wants you to like this one
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Cloudy CoreOS Linux distro declares itself production-ready
Lightweight, container-happy Linux gets first Stable release
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.