2,187
edits
Difference between revisions of "Group Policy (Active Directory)"
Jump to navigation
Jump to search
m
Group Policy (Active Directory) (view source)
Revision as of 15:28, 19 September 2013
, 15:28, 19 September 2013→Common Policy Paths: Added "Remote Desktop"
m (→Logon Screen: Added note) |
m (→Common Policy Paths: Added "Remote Desktop") |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 26: | Line 26: | ||
To see the results of the last refresh (open the created HTML file) | To see the results of the last refresh (open the created HTML file) | ||
* <code> gpresult /H GPreport.html </code> | * <code> gpresult /H GPreport.html </code> | ||
=== Filter by Security Group === | |||
To only apply to certain to groups | |||
# On the '''Scope''' tab, within the '''Security Filtering''' field | |||
# Remove the ''Authenticated Users'' groups | |||
# Add the appropriate groups | |||
To prevent application to certain groups | |||
# On the '''Delegation''' tab, and click on the '''Advanced...''' tab | |||
# Add the appropriate group(s) and for '''Apply group policy''' check '''Deny''' | |||
== Policy vs Preference == | |||
Within both the User and Computer configuration sections of a GPO are two sub-sections, Policies and Preferences | |||
* Policies | |||
** Are enforced on users and cannot be changed or overridden by them | |||
* Preferences | |||
** Are applied, but can be changed by the user. However they will be applied when the policy refreshes, unless the ''Apply once and do not reapply'' is selected | |||
== Precedence == | |||
Policy's that get applied 1st (have a lower Precedence number when viewed in the ''Group Policy Inheritance'' tab of an OU) overrule any subsequent policies. Therefore any policy applied to an OU, will take precedence of an inherited rule from a parent OU. | |||
= Common Policy Paths = | = Common Policy Paths = | ||
| Line 45: | Line 66: | ||
| User Configuration<nowiki>|</nowiki> Policies <nowiki>|</nowiki> Windows Settings <nowiki>|</nowiki> Internet Explorer Maintenance <nowiki>|</nowiki> Connection <nowiki>|</nowiki> Proxy Settings | | User Configuration<nowiki>|</nowiki> Policies <nowiki>|</nowiki> Windows Settings <nowiki>|</nowiki> Internet Explorer Maintenance <nowiki>|</nowiki> Connection <nowiki>|</nowiki> Proxy Settings | ||
|- | |- | ||
! Screen Saver | ! Remote Desktop | ||
| Computer Configuration <nowiki>|</nowiki> Polices <nowiki>|</nowiki> Administrative Templates <nowiki>|</nowiki> Windows Components <nowiki>|</nowiki> Remote Desktop Services <nowiki>|</nowiki> Remote Desktop Session Host <nowiki>|</nowiki> Connections | |||
|- | |||
! [[#Screen_Saver|Screen Saver]] | |||
| User Configuration <nowiki>|</nowiki> Polices <nowiki>|</nowiki> Administrative Templates <nowiki>|</nowiki> Control Panel <nowiki>|</nowiki> Personalization <nowiki>|</nowiki> Enable screen saver | | User Configuration <nowiki>|</nowiki> Polices <nowiki>|</nowiki> Administrative Templates <nowiki>|</nowiki> Control Panel <nowiki>|</nowiki> Personalization <nowiki>|</nowiki> Enable screen saver | ||
|- | |- | ||
! Security Policy Options | ! Security Policy Options | ||
| Computer Configuration <nowiki>|</nowiki> Polices <nowiki>|</nowiki> Windows Settings <nowiki>|</nowiki> Security Settings <nowiki>|</nowiki> Local Polices <nowiki>|</nowiki> Security Options | | Computer Configuration <nowiki>|</nowiki> Polices <nowiki>|</nowiki> Windows Settings <nowiki>|</nowiki> Security Settings <nowiki>|</nowiki> Local Polices <nowiki>|</nowiki> Security Options | ||
|- | |||
! Windows Update | |||
| Computer Configuration <nowiki>|</nowiki> Polices <nowiki>|</nowiki> Administrative Templates <nowiki>|</nowiki> Windows Components <nowiki>|</nowiki> Windows Update | |||
|} | |} | ||
| Line 96: | Line 123: | ||
# Put your background file on a share that can be read by all | # Put your background file on a share that can be read by all | ||
# Configure a rule to copy the file to the local machine | # Configure a rule to copy the file to the local machine | ||
# | #* <code> Computer Configuration <nowiki>|</nowiki> Preferences <nowiki>|</nowiki> Windows Settings <nowiki>|</nowiki> Files </code> | ||
# | #** EG ''Source'' - <code>\\file-svr\priv$\Branding\MyCompany_1680x1050.jpg</code> - update as required | ||
# | #** EG ''Destination'' - <code>C:\Backgrounds\MyCompany_1680x1050.jpg</code> - note that you must specify the filename, even if its unchanged by the copy | ||
# Configure a rule to update the registry | # Configure a rule to update the registry | ||
## <code> User Configuration <nowiki>|</nowiki> Polices <nowiki>|</nowiki> Administrative Templates <nowiki>|</nowiki> Desktop <nowiki>|</nowiki> Desktop</code> | ## <code> User Configuration <nowiki>|</nowiki> Polices <nowiki>|</nowiki> Administrative Templates <nowiki>|</nowiki> Desktop <nowiki>|</nowiki> Desktop</code> | ||
| Line 133: | Line 160: | ||
#* Links (which appear in the Favorites bar above the webpage in IE, if viewable) can be added to the '''Links''' section | #* Links (which appear in the Favorites bar above the webpage in IE, if viewable) can be added to the '''Links''' section | ||
#* Don't check ''Delete existing Favorites and Links, if present'' unless you're sure users won't have their own links there already | #* Don't check ''Delete existing Favorites and Links, if present'' unless you're sure users won't have their own links there already | ||
== Fonts == | |||
In order to deploy/install fonts to client machines you need to do two things... | |||
# Copy the font file(s) to <code>C:\Windows\Fonts</code> | |||
# Create a registry value to make the font available to the system (in <code>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts</code>) | |||
This is very laborious if you need to deploy a large number of font files, but it does work. Note that <code>gpupdate /force</code> doesn't always succeed in making the fonts available to Word etc, restart the client machine in question. | |||
To set-up... | |||
# Install the font(s) onto an example machine 1st | |||
#* This enables you to copy the registry keys required | |||
# Put the font file(s) on a share that can be read by all | |||
# Configure a rule to copy the file(s) to the local machine | |||
#* <code> Computer Configuration <nowiki>|</nowiki> Preferences <nowiki>|</nowiki> Windows Settings <nowiki>|</nowiki> Files </code> | |||
#** EG Source - <code>\\file-svr\priv$\Branding\Fonts\LTYPO.TTF</code> - update as required | |||
#** EG Destination - <code>%windir%\Fonts\LTYPO.TTF</code> | |||
#** Suppress errors on individual file actions - Check | |||
# Configure a rule to create the required registry values (using the registry on the example machine as a reference) | |||
#* <code> Computer Configuration <nowiki>|</nowiki> Preferences <nowiki>|</nowiki> Windows Settings <nowiki>|</nowiki> Registry </code> | |||
#** ''Hive'' - <code>HKEY_LOCAL_MACHINE</code> | |||
#** ''Key Path'' - <code>SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts</code> | |||
#** ''Value name'' - <code>Example Font (TrueType)</code> - update as required | |||
#** ''Value'' - <code>REG_SZ LTYPO.TTF</code> - update as required | |||
[[Category:Microsoft]] | [[Category:Microsoft]] | ||
[[Category:Windows]] | [[Category:Windows]] | ||
[[Category:Active Directory]] | [[Category:Active Directory]] | ||