Information Technology aid for Windows, Linux, and OS X users, solid SysAdmin advice, troubleshooting links, job assistance, and more for technology pros.
Richard and I talk to Greg Lamothe at RunAs Radio about Windows SteadyState. SteadyState allows administrators to configure PCs to roll back to a base configuration after every reboot. Combined with Group Policy for restricting access to resources, you can create the perfect kiosk computer that cleans off all traces of the previous user, ready […]
If your network contains a single domain and a couple of DCs, and all computers are on the same network, you really don’t have to concern yourself with indicating the correct target DC when making changes to the group policy. However, if you have multiple domains, DCs, and users with the ability to change the […]
Another important question to ask is ‘how are GPOs applied over slow links?’. Although most users log on over a relatively high-bandwidth connection such as a LAN, remote and roaming users often log on through low-bandwidth dial-up connections. Other factors can affect connection bandwidth as well. During group policy processing, Windows Server 2003 uses a […]
By default, GPO processing is synchronous, which means that the processing of one GPO must be complete before processing of the next one begins. Computer Configuration policies apply at system startup, and User Configuration policies apply at logon and complete prior to the user interface becoming available to the user.
In most cases, you’ll want to […]
Windows Server 2003 automatically refreshes GPOs every 90 minutes by default, although it applies a randomized 30-minute offset interval to the refresh period to ensure that large groups of users don’t refresh their GPOs at the same time. Refreshing the GPOs ensures that changes to group policies are implemented in a timely manner.
You can tailor […]
In most cases, a user who logs on from a workstation should have his group policies applied based primarily on the settings defined by the user object in the Active Directory rather than their computer object. A user who logs on from a computer that’s part of the server’s OU, however, should take his settings […]
In a previous series of articles on Windows Server 2003 group policy, I described what group policies are and how they work. The next question to ask is ‘How does Windows Server 2003 apply group policies?’
Before you can fully understand the implications of group policies, you need to see how Windows Server 2003 […]
Once you have configured Security Zone to meet security requirements, you may need to distribute settings to workstations throughout a network. While you can use the Internet Explorer Administration Kit’s Profile Manager to do the job, you can avoid having to install additional software if you use the method provided by the Group Policy editor. […]
Assume that you’ve just spent several days creating a GPO to link to a particular OU and have tested and verified that the policies it contains are correct. Also assume that you have two other OUs that need to use the same policies. You don’t really want to re-create those policies twice more, do you? […]
Simply creating a GPO doesn’t modify any policy settings. If you don’t modify any settings, the GPO won’t have any effect. So now it’s time to set some policies in each of the test GPOs you just created. As mentioned before, you can get to the GPO through the properties for the object where the […]
You modify GPOs through the Group Policy editor, an MMC snap-in. You can open the Group Policy snap-in directly through the MMC or access it through the properties for the AD container to which you want to link the GPO or whose existing GPO you want to modify.
For example, open the Active Directory Sites […]
In previous series of articles, I introduced you to the concept of Windows Server 2003 group policies. In this series of articles, I’ll dig deeper into group policies by showing you how to create and work with them. I’ll cover the nuts and bolts of group policy object (GPO) creation and application to help you […]
Group policies enable you to control a wide range of capabilities and actions. The ones you address depend on your situation and how they impact your users and systems. The following list summarizes the key issues to address:
Hardware changes: You can use change control to prevent users from changing existing hardware settings such as display […]
In the previous installment of this article, I discussed how to classify the different types of users in an organization, as well as the systems they use. Why is an understanding of how each user works and the types of systems they use important to applying change control? Classifying users by their job area will […]
Many technical-related problems stem from personnel who are poorly trained, careless, or don’t follow established procedures. Also, there is still the possibility for accidents, even with the most conscientious and careful users and administrators.
Compounding the potential problems, most users don’t understand the possible implications of the changes they make. As if that isn’t enough, […]
Change control and distributed security are two issues that affect not only large organizations but also small ones. In some respects, they can be even more important in a small organization than in a larger one. If you allow a key employee to change settings at will, the result could be a toasted system when […]
Through the Microsoft Management Console (MMC) and group policies you can configure a Windows Server 2003 server to automatically distribute software to Windows clients by either assigning or publishing applications. Although the basics of this process are fairly straightforward, there are situations that will require you to use advanced publish and assign options.
For example, if […]
Through the Microsoft Management Console (MMC) and group policies you can configure a Windows Server 2003 server to automatically distribute software to Windows clients by either assigning or publishing applications. Although the basics of this process are fairly straightforward, there are situations that will require you to use advanced publish and assign options.
For example, if […]
The previous installment of this article outlined how to grant a security group the right to log on locally as well as read/write permission to the Sysvol. In addition, you need appropriate administrative permission to the site, domain, or organizational unit (OU) in which the Group Policy Object (GPO) resides. To delegate administration:
Open Active […]
Before you delegate administrative control over a Group Policy Object (GPO), you need to grant the appropriate group the right to log on locally as well as read/write access to the Sysvol.
In order to manage group policies, you must have access to a domain controller (DC) for the Active Directory (AD) in which the Group […]