GPO SOFTWARE SETTINGS

Software Settings

The software settings are not the most impressive of the GPO settings, but there are some benefits of using a GPO to deploy software. The best advice I can give here is that if you don’t need to track the software installation for licensing or making sure it is installed (not key line of business application), then this is a great solution.
You can push out either MSI or EXE, but the only way you can push out an EXE is to wrap it in a ZAP file. There is a Software Settings section under both Computer and User Configuration.

Scripts

There are four types of scripts that you can configure using Group Policy. Two reside under the Computer Configuration section and two reside under the User Configuration section. The concepts of the scripts are that you can make configurations when the “object” being targeted starts and then ends.

Administrative Templates Settings

All of the Administrative Template Settings are Registry modifications. There are many settings in many sections. Some settings fall under both Computer and User, where others are only for one of the object types.
Control Panel
Add or Remove Programs (User Configuration only)
Display (User Configuration only)
Printers (User Configuration only)
Programs (User Configuration only)
Regional and Language Options
User Accounts (Computer Configuration only)
Desktop (User Configuration only)
Active Directory
Desktop
Network
Background Intelligent Transfer Services (BITS) (Computer Configuration only)
DNS Client (Computer Configuration only)
Link-Layer Topology Discovery (Computer Configuration only)
Microsoft Peer-to-Peer Networking Services (Computer Configuration only)
Network Connections
Offline Files
QoS Packet Scheduler (Computer Configuration only)
SNMP (Computer Configuration only
SSL Configuration Settings (Computer Configuration only)
Windows Connect Now
Printers (Computer Configuration only)
Shared Folders (User Configuration only)
Start Menu and Taskbar (User Configuration only)
System
Credentials Delegation (Computer Configuration only)
Ctrl+Alt+Del Options (U
Disk Quotas (Computer Configuration only)
Distributed COM (Computer Configuration only)
Driver Installation
Folder Redirection
Group Policy
Internet Communication Management
iSCSI (Computer Configuration only)
KDC (Computer Configuration only)
Kerberos (Computer Configuration only)
Locale Services
Logon
Net Logon (Computer Configuration only)
NTFS Filesystem (Computer Configuration only)Performance Control Panel
Power Management
Remote Assistance (Computer Configuration only)
Remote Procedure Call (Computer Configuration only)
Removable Storage Access
Scripts
Server Manager (Computer Configuration only)
Shutdown Options (Computer Configuration only)
System Restore (Computer Configuration only)
Troubleshooting and Diagnostics (Computer Configuration only)
Trusted Platform Module Services (Computer Configuration only)
User Profiles
Windows File Protection (Computer Configuration only)
Windows HotStart
Windows Time Service (Computer Configuration only)
Windows Components
Active Directory Federation Services (Computer Configuration only)
ActiveX Installer Service (Computer Configuration only)
Application Compatibility
Attachment Manager (U
AutoPlay Policies
Backup
BitLocker Drive Encryption (Computer Configuration only)
Credential User Interface (Computer Configuration only)
Desktop Window Manager
Digital Locker
Event Forwarding (Computer Configuration only)
Event Log Service (Computer Configuration only)
Event Viewer (Computer Configuration only)
Game Explorer (Computer Configuration only)
Imprt Video
Instant Search (Computer Configuration only)
Internet Explorer
Internet Information Services (Computer Configuration only)
Microsoft Management Console (U
NetMeeting
Network Access Protection (Computer Configuration only)
Network Projector
Network Sharing (U
Online Assistance (Computer Configuration only)
Parental Controls (Computer Configuration only)
Password Synchronization (Computer Configuration only)
Presentation Settings
RSS Feeds
Search Security Center (Computer Configuration only)
Server for NIS (Computer Configuration only)
Shutdown Options (Computer Configuration only)
Smart Card (Computer Configuration only)
Sound Recorder
Tablet PC
Task Scheduler
Terminal Services
Windows Calendar
Windows Color System
Windows Customer Experience Improvement Program (Computer Configuration only)
Windows Defender (Computer Configuration only)
Windows Error Reporting
Windows Explorer
Windows Installer
Windows Logon Options
Windows Mail
Windows Media Center
Windows Media Digital Rights Management (Computer Configuration only)
Windows Media Player
Windows Meeting Space
Windows Messenger
Windows Mobility Center
Windows Movie Maker
Windows PowerShell
Windows Remote Management (WinRM) (Computer Configuration only)
Windows Remote Shell (Computer Configuration only)
Windows Sidebar
Windows SideShow
Windows System Resource Manager (Computer Configuration only)
Windows Update

Security Settings

The key subnodes that you will find under the security settings node include Account Policies, User Rights Assignment, Restricted Groups, and Software Restriction Policies. You will notice that the Security Settings under the Computer Configuration section has many more settings compared to the User Configuration section. Security areas include:
Account Policies
Audit Policy
User Rights
Security Options
Event Logs
Restricted Groups
System Services
Registry
File System
Wired Network (IEEE 802.3)
Windows Firewall with Advanced Security
Wireless Network (IEEE 802.11)
Public Key Policies
Software Restriction Policies
Network Access Protection
IP Security Policies
Folder Redirection
Internet Explorer Maintenance
You will find a long list of security settings under the Computer Configuration|Policies|Windows Settings|Security Settings|Local Policies|Security Options node. These are excellent for locking down desktops and servers.

Preferences Settings

The Preferences section provides control over areas that the other Group Policy sections don’t cover well. Here you will find the ability to configure the “actual GUI interface” for the technology you are controlling, as well as configure Item-Level Targeting for any of the settings you control. (For more in Item-Level Targeting, refer to this article). Group Policy Preferences allow control over:
Applications
Drive Maps
Environment
Files
Folders
Ini Files
Registry
Network shares
Shortcuts
Data Sources
Devices
Folder Options
Internet Settings
Local Users and Groups
Network Options
Power Options
Printers
Regional Options
Scheduled Tasks
Services
Start Menu

Resources

With any technology as sophisticated and complex as Group Policy, you will need to test, research, discover, and try them for yourself. I find that when an administrator needs to solve a problem is when Group Policy really shines. The key is knowing where to go for answers and how to put the technology to work for you. I get about 10 questions a month on Group Policy solutions and encourage you to send me your questions and issues, as well as refer to the following references for guidance.

Summary

There are thousands of settings in a single GPO. Knowing what is available, where to find the setting, and how to look for your setting is important. This article gives you many angles for finding and knowing what is available in a GPO. If you still can’t find your setting, please don’t hesitate to contact me at derekm@braincore.net. BTW, you can also get my book on Group Policy at here
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)