Windows 7 builds on top of the improvements made with Windows Vista, and arguably improves upon Vista by cleaning up some of the mess it added over XP. However, one aspect of the evolution of Windows that hasn’t taken any steps backwards is Group Policy. Vista added Group Policy Preferences (with Windows Server 2008 Active Directory), as well as a boat-load of new GPO settings and options. Windows 7 adds even more settings and options and improvements to Group Policy Preferences as well, and if you have some flavor of Windows Server 2008 in your AD environment, even in mixed mode, the better.
This article is focused on using Group Policy settings in an Active Directory environment. Whether you use Windows Small Business Server or Windows Server Essentials doesn’t matter.
What I’ve tried to do here is put on my small business IT manager hat and focus on a top-10 settings list that would likely come in handy for such environments. These may not apply to every small business environment, nor would they likely fit into a large, enterprise environment. But at least it should give you a place to start, if nothing else. Remember: User Configuration settings apply to users not computers, so be mindful of where your user account resides in AD (which OU or container) and where your other users’ accounts reside. Computer settings depend on where the computer itself resides in AD. Just a reminder.
1. Hiding/Showing Things on the users’ Start Menu and Desktop
User Configuration / Administrative Templates / Start Menu and Taskbar
User Configuration / Administrative Templates / Desktop
2. Turn AutoPlay On or Off
User Configuration / Administrative Templates / Windows Components / AutoPlay Policies
3. Enable / Disable Desktop Gadgets
User Configuration / Administrative Templates / Windows Components / Desktop Gadgets
4. Control Access to CD/DVD, and other Removable Media Devices
User Configuration / Administrative Templates / System / Removable Storage Access
5. Turn off Anytime Upgrade
User Configuration / Administrative Templates / Windows Components / Windows Anytime Upgrade
6. Configure Windows Explorer Features
User Configuration / Administrative Templates / Windows Components / Windows Explorer
7. Configure Event Forwarding to a Server (for centralized monitoring and reporting)
Computer Configuration / Administrative Templates / Windows Components / Event Forwarding
8. Disable InPrivate Browsing in Internet Explorer 8
Computer Configuration / Administrative Templates / Windows Components / Internet Explorer / InPrivate
9. Enable Parental Controls while in Domain environment
Computer Configuration / Administrative Templates / Windows Components / Parental Controls
and my personal Favorite is a long-awaited feature…
10. Force Disconnect, Lock or Logoff When Logon Hours Expire
Note: This is NOT the same as it was with Windows XP, etc. You can now tell Windows what to do when the user’s logon hour expires. You can choose to force a disconnect, a lock or a logoff.
User Configuration / Administrative Templates / Windows Components / Windows Logon Options
No comments:
Post a Comment