October 2, 2005
@ 09:39 PM
Comments [0]
Things you can do with Group Policy

Set Internet Explorer Homepage. Stop your home page being changed. It is changed back each time you login. Will affect all users of your machine.

User Configuration: Windows Settings: Internet Explorer Maintenance: URLs: Home Page

Disable External Branding of Internet Explorer. Fed up with "Internet Explorer Provided by..." all over your browser. Turn it off with this change:

User Configuration: Administrative Templates: Windows Components: Internet Explorer: Disabled External Branding

Disable Auto Play. Turn off auto play of new CD-ROMs and music CD's:

User Configuration: Administrative Templates: System: Disable Auto Play
Computer Configuration: Administrative Templates: System: Disable Auto Play

Remove CD Burning Features (Windows XP). If you have 3rd Party CD burning software, then the built in tools can get in the way. Turn them off.

User Configuration: Administrative Templates: Windows Components: Windows Explorer: Remove CD Burning Features

Turn Off Personalised Menus. Does the start menu annoy you by not showing everything? Turn off personalised menus for all users by enabling this setting.

User Configuration: Administrative Templates: Windows Components: Start Menu and Task Bar: Disable Personalised Menus

Turn off the "Set Program Access and Defaults" options. Introduced with the latest service packs was the option to change the default programs on Windows. You may want to disable this option.

User Configuration: Administrative Templates: Control Panel: Add or Remove Programs: Hide Set Program Access and Defaults page

Recovery Console - Allow Floppy Copy and Access to all drives and folders. If you have installed the recovery console, then you need to make this change before the recovery console needs to be used. It will give you access to the entire machine should you need to use the recovery console.

Computer Configuration, Windows Settings, Security Settings, Security Options, Recovery Console, Allow Floppy Copy and Access to all drives and folders.

Disable Shutdown Event Tracker (Windows XP and Windows 2003 Server). If you have used Windows 2003 server you will have seen the new "Shutdown Event Tracker" facility where you have to choose a reason for shutting down the server. It can also be enabled in Windows XP. This is for statistic collection. If you want to turn this new feature off on all machines, then make the following change.

Local Computer Policy, Computer Configuration, Administrative Templates, System, where you will find it under "display event tracker".


--------------------------------------------------------------------------------

Applying Internet Explorer Security Settings to All Machines

One of the features of Group Policy is its ability to apply security settings to Internet Explorer that takes affect on all machines in the OU. The most useful of this is to add Intranet sites to the list so that Integrated Windows Authentication Works.

However the capability to do this is not that clear. However you can set it how you like.

Open the Group Policy editor for the domain.
Go to the following location in the Group Policy location: User Configuration, Windows Settings, Internet Explorer Maintenance, Security.
In the right window you will see an object called "Security Zones and Content Ratings". Double-click it to open it.
The "Security Zones and Content Ratings" window will open. In the section labelled "Security Zones and Privacy" there are two radio buttons. Choose the second one - "Import the current security zones and privacy settings" so that "Modify Settings" becomes enabled.
Click on "Modify Settings".
The Internet Explorer security window will be opened and you can change the settings to what you wish.
For example, if you want to add an address to to the list of sites in the Intranet zone (allowing you to use Windows Integrated Authentication) you need to do the following.
Click on "Local Intranet" so that the "Sites" button becomes enabled.
Click on the "Sites" button.
You will see three options already enabled. Leave those alone and click on the "Advanced..." button below them.
Enter the addresses of the sites you want to include.
Note. You can use wildcards. Therefore if you have sites called home.domain.com and intranet.domain.com you might want to enter *.domain.com instead.
If you are using a certificate on these sites, then you could enable "Require server verification (https:) for all sites in the zone" but you should test first.
Once you have finished making your changes just click "OK" until you are back to the Group Policy window again.
You will need to log off and log back on again for the changes to take affect on workstations.
These settings override any that the users may have put in themselves, so be aware before you enable the features.


--------------------------------------------------------------------------------

Third Party and Other Application GPO Plugins

Third parties are now starting to provide Group Policy controls.

Diskeeper: The latest version (9.0) has introduced group policy control.

Power Saving Options: You cannot control the power options via Group Policy, but the Energy Star group in the US have produced group policy addins that offer this facility. You can download them from here:http://www.energystar.gov/index.cfm?c=power_mgt.pr_pm_ez_gpo

Microsoft Office: Don't forget that if you download and install the Office Resource Kit (free download from MS) then you get control over Office applications as well. If you are using mixed versions of Office then you will need to install the ResKit for each version and set the GPO options appropriately.


 
Categories: IT

« IBM A50 ThinkCentre and RIS | Home | WD3200SD on an Adaptec 1210SA »