ASPE-IT Web Seminar Presenter Pete Zerger provides some new thoughts.
If your organization is a Windows shop at the desktop, then Active Directory and group policy are probably something you’re familiar with. But in Windows 2008, a new feature was released you may not be familiar with – Group Policy Preferences (GPP). So before we start talking group policy specifics, perhaps we should discuss Group Policy Preferences first.
Microsoft introduced “Group Policy Preferences”, which extend more than 20 Group Policy categories within a Group Policy Object (GPO) and enable IT professionals to configure, deploy, and manage operating system and application settings not previously accessible in Group Policy. Settings configurable through Group Policy Preferences include mapped drives, scheduled tasks, power options, files and/or folders, printers, folder options and Start menu settings for Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP systems.
The white paper below describes some of these new features and describes how you can use Group Policy Preferences to better deploy and manage computer and user preferences.
Windows Server 2008 includes Group Policy Preferences by default as part of the Group Policy Management Console (GPMC). To learn about Group Policy Preferences in depth, see the “Group Policy Preferences white paper“.
Extending GPP to Legacy Desktops – You can extend Group Policy Preferences to downlevel server and client desktops with GPP client side extensions from Microsoft. You can download Group Policy Preferences client side extensions (CSE) from Microsoft at http://support.microsoft.com/kb/943729
What is the difference between Group Policy and Group Policy Preferences? Preferences are not policy settings, which mean they are not enforced—just applied. Users with the proper privileges may have the ability to change the preference setting to another selection. However, you can control whether preference item settings return on the next Group Policy refresh, or are only enforced once as a ‘soft default’.
Okay, enough with the preliminaries, let’s get to the Group Policy Tips!
1) Configure Power Options with Windows 2008 Group Policy Preferences
Talk about green IT is a hot topic these days, and GPP make it easy to be green! It’s possible with GPP to configure the power schemes on Windows 7 and legacy desktops. In the figure below, you can see the properties on a Power Option preference item. This is one of my favorite features with GPP; the interface you use to configure the settings very closely resembles the screen you actually use on the operating system itself.
See the 4-part series “Managing Power with Group Policy” on the Microsoft website at http://blogs.technet.com/b/askds/archive/2008/03/17/managing-power-with-group-policy-part-1-of-3.aspx
2) Block ALL USB Devices with Group Policy
While USB drives and other portable media are convenient, data protection policies may prohibit administrators or other individuals from connecting storage devices to servers. Windows Server 2008 introduces a Group Policy setting that can prohibit the read or write activities of floppy, CD and DVD drives, tape, and devices such as cameras, mobile phones and MP3 players. They can be collectively prohibited as well, so all classes of removable storage can be applied to this rule. Dan Stolts has documented this process nicely in the following article:
3) Get Rid of Logon Scripts with Group Policy Preferences
GPP bring many of the elements traditionally controlled through logon scripts under your control in a script-free, user-friendly interface. Settings such as mapped drives, files and/or folders, printers, folder options and Start menu settings can all be controlled through GPP. No logon scripts means faster logons AND easier maintenance of desktop settings.
Windows 7 includes many new group policy settings you’ll want your IT support teams to get familiar with. You can learn more about these at Windows 7 and Windows Server 2008 R2 Group Policy – New features.
More Tips on Managing Windows 7 Group Policy
What we’ve covered in this article is only the tip of the iceberg. Want to learn more about how to streamline Windows 7 desktop management with Group Policy and Group Policy Preferences? Join us for our next free webinar Streamlining Desktop Mgmt with Windows 2008 Group Policy. You can register for this free event HERE.
Pete Zerger is an IT consultant, blogger, author, speaker and Microsoft MVP focusing on MS Microsoft System Center and enterprise virtualization. He is a co-founder of systemcentercentral.com a web community dedicated to support of Microsoft System Center management technologies.