Feeds

Windows on the Desktop? There's a group policy for that

Managing by the book

High performance access to file storage

Desktops are important and need managing with the same care as servers. If you are using Windows many of the tools you need are built into Active Directory, which lets you define individual users and computers along with their roles and the groups they fall into.

This division makes managing Windows PCs relatively easy.

The key to managing a suite of desktops centrally is Group Policy, which give you the ability to define rules that target the users and groups you want, locking down the desktop for task workers and opening it up for knowledge workers.

No tweaking

Windows features a surprising number of different group policies: Windows Vista has more than 3,000, Windows XP has about 1,800 and Windows 7 has more than 3,300.

Drilling down into the available Group Policies (there’s a useful online reference here), you will see that you can manage nearly everything on a PC, from defining the screen backdrop and look-and-feel to controlling how the machine handles encrypted files.

You can hide system utilities, making sure users don’t inadvertently mis-configure their machines, and control whether or not they can install software.

Preventing desktops from being customised makes it easier to manage a large number of them, reducing the risk of drift from your baseline system images. It also helps to keep users productive, as they won’t be spending time tweaking their PCs (especially if you have removed access to Minesweeper and Solitaire).

Express your preferences

While you can handle user security as part of an Active Directory user profile, Group Policies let you drill down into the Windows Firewall so you can control the open ports and the applications that have access to the network. Locking down applications that expose corporate data is important – especially if you are in a regulated industry.

Other security options control access to removable drives, as well as managing Windows’ built-in whole disk encryption BitLocker (including enforcing encryption on USB drives).

There is no point in chewing watts just to power screensavers

If there is something you want to manage that is not in the standard set of Group Policy Objects, you can use Group Policy Preferences to extend your reach. One option gives you control over a desktop’s scheduled tasks, so you can, for example, ensure that PCs are backed up regularly.

Group policies can do a lot more than handling user directories, application whitelists and security requirements.

Sweet dreams

Why not use them to push out power policies to desktops? There is no point in leaving PCs on overnight, chewing watts just to power screensavers. Recent versions of Windows let you use Group Policy Preferences to force shut down, hibernation or low-power sleep states on PCs out of working hours. There is no need to learn new scripting techniques as you work with familiar control panels.

Group Policies simplify complex tasks and make it easy to control specific users and groups. With this great power comes great responsibility, so make sure you have tested the policies you are planning on deploying before you add them to your Active Directory. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.