When I was a sysadmin for a small company I used to get hit with a question quite a lot regarding “how do I…” with respect to automating things or making changes to all computers with least effort. Microsoft gives us a plethora (I always wanted to use that word in a sentence) of tools and technologies for free, with which we can assemble our own solutions. The best part of this approach is that not only is it all free, but they provide an insane amount of documentation, samples, and community support to help us understand it better, and solve our own problems. Of course, Microsoft also sells solutions, but the real fun is building your own.
So, maybe you’re facing a question like this “how do I automatically map drives or printers for my users?” or “how do display a login banner?” or “how do I apply registry updates on computers?” and so forth. But you don’t know which path to take which would address these questions with the least amount of effort and cost. It all boils down to what operating systems and tools you have at hand…
| Task | XP/Vista WorkGroup | XP 2K3 AD | Vista 2K3 AD | Vista 2K8 AD | Windows 7 2K8 AD |
| Map User Drives | Script | Script | Script | GP Prefs | GP Prefs |
| Map Printers | Script | Script | Script | GP Prefs | GP Prefs |
| Desktop Settings | Local Policy | GPO, Script | GPO, Script | GP Prefs | GP Prefs |
| Registry Updates | Script | Script, GPO | Script, GPO | GP Prefs | GP Prefs |
| Clone Registry Settings | Script | Script | Script | GP Prefs | GP Prefs |
| File Cleanups | Script | Script | Script | Script | Script |
| Create/Update Shared Folders | Script | Script | Script | GP Prefs | GP Prefs |
| Create/Update Files | Script | Script | Script | GP Prefs | GP Prefs |
| Create/Update INI Files | Script | Script | Script | GP Prefs | GP Prefs |
| Create/Update Folders | Script | Script | Script | GP Prefs | GP Prefs |
| Create/Update Shortcuts | Script | Script | Script | GP Prefs | GP Prefs |
| Create/Update Env Vars | Script | Script | Script | GP Prefs | GP Prefs |
| Create/Manage Power Plans | Script | Script, GPO | Script, GPO | GP Prefs | GP Prefs |
| Create/Update Scheduled Tasks | Script | Script | Script | GP Prefs | GP Prefs |
| Register File Types | Script | Script, GPO | Script, GPO | GP Prefs | GP Prefs |
| Configure Network Settings | Script | Script | Script | GP Prefs | GP Prefs |
| Automate VPN Configs | Script | Script, GPO | Script, GPO | GP Prefs | GP Prefs |
| Create/Update DSNs | Script | Script, GPO | Script, GPO | GP Prefs | GP Prefs |
| Create Local Users/Groups | Script | Script | Script | GP Prefs | GP Prefs |
| Collect Inventory Data at Login or Startup | Script | Script | Script | Script | Script |
| Customize IE Configuration | Script | GPO | GPO | GP Prefs | GP Prefs |
| Customize Office Settings | Script | GPO | GPO | GPO/GP Prefs | GPO/GP Prefs |
| Configure Regional Options | Script | GPO | GPO | GP Prefs | GP Prefs |
| Configure Local Services | Script | GPO | GPO | GP Prefs | GP Prefs |
| Install Apps from Network Shares | Script | Script | Script | GP Prefs | GP Prefs |
| Configure Event Fwd-ing | Script | Script | Script | GPO | GPO |
Conclusion
If you have a Windows Server 2008 license in your environment, and at least some Vista or (maybe) Windows 7 clients, you’d be fool to ignore Group Policy Preferences. The features are amazingly powerful and simple to use. You can rip out tons of scripting and replace it with a few mouse clicks. I’m a scripting NUT so if I say something like that it means a lot (to those unlucky enough to know me). GP Prefs are also nowhere near as complex to learn and use as Group Policy settings. If you have half of a brain you can figure it out without having to dig into any documentation at all. It’s that easy.
Caveates and Disclaimers
This table is simply a “best option” recommendation from my own experience. It is not something developed or condoned by Microsoft in any respect. You may often find it necessary, even ideal, to mix scripting, GPO and Group Policy Preferences techniques to address your needs. One solution is not likely going to fit all or even most of your needs.
Items marked with “Script” imply user permissions constraints for login scripts. For startup scripts, you may encounter some complexity when making changes for specific user profiles, as opposed to the “all-users” profile. Startup scripts which need to access resources over a network may require additional permissions settings on those remote resources in order to allow access.
Scripting capabilities will vary by language and component dependencies. Most often KiXtart, VBScript, BAT/CMD or PowerShell.
PowerShell is not ideally suited for login scripting by itself, however it can be employed along with other scripts to perform specialized tasks with great results. PowerShell scripting requires all clients involved to have the minimum supported version of .NET framework installed.
To enjoy the comforts of Group Policy Preferences, you simply need to have at least one Windows Server 2008 domain controller in your AD environment. You do not have to change over to “native” mode. GP Prefs are built into Windows 7 but require a separate (and free) download and installation for Windows XP and Vista clients. Settings which only apply to Vista or Windows 7 are completely ignored by Windows XP clients.
All of this can be replaced or extended with the use of infrastructure management tools like SMS, System Center Configuration Manager, and so on.
No comments:
Post a Comment