Managing User Environments with Group Policy

1
Chapter 11

• Managing User Environments with Group Policy

2
Learning Objectives

• Use scripts to apply configuration settings to
  users and computers
• Control the user environment through
  administrative techniques
• Use folder redirection to move user files to a
  server

3
Using Scripts to Apply Configuration Settings to
Users and Computers

• Overview of scripts
• Windows Scripting Host (WSH)
• Assigning scripts through Group Policy

4
Overview of Scripts

• Scripts can be run at
• Startup
• Logon
• Logoff
• Shutdown

5
Windows Scripting Host

• Allows VBScript or JavaScript to be run natively
  on 32-bit Windows platforms
• WSH version 2 shipped with Windows 2000
• WSH comes with two executable files
• WScript - GUI version of WSH
• CScript - command-line version of WSH
• Other engines - perl

6
Windows Scripting Host

• Options

7
WSF vs WSH

• WSF
• Single file
• Multiple Jobs
• XML - based

• WSH
• Multiple files
• Configuration file
• Script file (.vbs, .js)
• Single Job

8
WSH
Logon.wsh ScriptFilePathh\csci450\logon.vbs
OptionsTimeout0DisplayLogo1BatchMode0


Logon.vbs MsgBox Hello World
9
WSF
Logon.wsf ltjobgtltscript languageVBScriptgtmsgBox
"Hello World" lt/scriptgtlt/jobgt
10
Benefits of WSF

• Multiple engine support
• Multiple jobs
• Support for include files
• Support for type libraries
• Support for xml editing tools

11
Windows Scripting Host

• Assigning scripts through Group Policy

12
Windows Scripting Host

• Assigning scripts through Group Policy

Scripts can be stored in any folder recommended
not to change default location FRS will
replicate
13
Windows Scripting Host

• Assigning scripts through Group Policy

14
Windows Scripting Host

• Assigning scripts through Group Policy

15
Controlling the User Environment through
Administrative Templates

• ADM files
• Computer templates
• User templates

16
ADM Files

• Administrative templates are text files that
  define Registry settings containing the desired
  configurations
• These templates also define how GP settings are
  displayed under the Admin Templates nodes in the
  Group Policy Editor
• Stored in systemroot\system32\GroupPolicy\ADM

17
ADM Files

• ADM Files comprise these templates
• They include
• System.adm
• Windows 2000 client policy
• Inetres.adm
• Internet Explorer setting
• Windows.adm
• Windows 9.x UI settings used with poledit
• Winnt.adm
• UI setting for WINNT 4
• Common.adm
• Settings common to both 9.x and WINNT 4

18
ADM Files
19
ADM Files

• CLASS
• User or Machine
• CATEGORY
• Node name
• POLICY
• Valuename options
• Keyname Registry entry
• EXPLAIN
• Contextual Help

• STRING
• Text strings policy description
• PART
• UI option
• PartTypes
• Advance UI options
• NUMERIC
• Edit field that wil accept numeric only

20
ADM Files
21
Computer Templates

• The default nodes within the Computer
  Configuration Administrative Templates
• Affects HKEY_LOCAL_MACHINE
• Windows Components
• System
• Network
• Printers

22
Computer Templates

• Windows Components
• NetMeeting
• Internet Explorer
• Task Scheduler
• Windows Installer

23
Computer Templates

• System
• Logon
• Disk Quotas
• DNS Client
• Group Policy
• Windows File Protection
• prevents the replacement of protected system
  files
• detects attempts by other programs to replace or
  move a protected system file

24
Computer Templates

• Network
• Offline Files
• Local copies of files stored on network drives
• Network and Dialup Connections
• Aloows or prohibits connection sharing

25
Computer Templates

• Printers
• No subnodes, but you can configure policy
  settings
• Configure settings such as
• Should printers be published in AD
• Enable Web-Based printing
• Allow printer browsing, etc

26
User Templates

• The following nodes exist by default in
  Administrative Templates under the User
  Configuration node
• Sets HKEY_USER
• Windows Components
• Start Menu Taskbar
• Desktop
• Control Panel
• Network
• System

27
User Templates

• Windows Components
• NetMeeting
• Internet Explorer
• Windows Explorer
• Microsoft Management Console (MMC)
• Allow author mode
• Ability add snap-ins
• Task Scheduler
• Windows Installer

28
User Templates

• Start Menu Taskbar
• this node can be used to severely restrict and
  limit what a user can do by eliminating choices
  from the taskbars and Start menu

29
User Templates

• Desktop
• Active Desktop
• Enable/disable various desktop setting
• Active Directory
• Restrict user ability to interact with AD

30
User Templates

• Control Panel
• Add/Remove Programs
• Display
• Printers
• Regional Options

31
User Templates

• Network
• Offline files
• Network and dialup connections

32
User Templates

• System
• Logon/Logoff
• Group Policy
• Behavior of group policy as it pertains to slow
  connections

33
Using Folder Redirection to Move User Files to a
Server

• An extension within Group Policy
• User \ Windows Settings
• Access settings my right click

34
Using Folder Redirection to Move User Files to a
Server

• Only the following folders can be redirected
• Application Data
• Desktop
• My Documents
• My Pictures
• Start Menu
• \Documents and Settings\username\folder

35
Using Folder Redirection to Move User Files to a
Server

• BasicRedirect Everyones Folder To The Same
  Location

36
Using Folder Redirection to Move User Files to a
Server

• AdvancedSpecify Locations For Various Groups

37
Using Folder Redirection to Move User Files to a
Server

• Available settings
• Grant The User Exclusive Rights To ?special
  folder?
• Move The Contents Of ?special folder? To The New
  Location
• Policy Removal

38
Using Folder Redirection to Move User Files to a
Server

• Consider