What group-policies have you applied?

group-policy

I have set about 10 group-policies, and it works OK. Although, it would be interesting to see what kind of things IT-administrators enforce.

If you have a ton of policies, just show some, that you feel really changes something.

I guess you could avoid "default permit" -> block everything you can, and only keep things unlocked, that is directly needed.

This question refers to Windows Servers :) Although I won't shun Mac nor Linux administrators.


Solution 1:

I love Group Policy. It makes me able to do my job and to allow my company to leverage the collective talents of 3 people over more than 1,000 PCs and server computers in multiple Customer sites.

Nearly every one of my Customers has the majority of the following uses of Group Policy:

  • Install software with Software Installation policy
  • Install software with startup scripts
  • "Work over" machines' factory Windows installations after their initial domain membership with a one-time startup script (Add/Remove Windows components, clean up the start menu, reomve unwanted vendor-provided software, etc)
  • Setup the "user environment" (Folder Redirection, Group Policy preferences to put out registry preferences, desktop shortcuts, etc)
  • When appropriate, "locking down" the user environment (for kiosks, special-purpose PCs, etc)
  • Directing computers to WSUS servers and setting update policies
  • Setting IPSEC policy settings
  • Deploying wireless Ethernet settings (the corporate SSID and security configuration, etc)
  • Logon scripts to "map" "drives"
  • Logon scripts to clean out per-user "temp" directories, and startup scripts to clean out per-machine "temp" directories
  • Restricted group policy to populate local groups with domain groups
  • Control third-party applications that use registry settings to influence their behaviour through creation of custom Administrative Templates
  • Doing ANY type of misc. maintenance, either per-machine or per-user, that I need to do via startup or logon scripts

That's my "off the top of my head" list. I'll come back and revise if I think of more.

Solution 2:

We use group policy to:

  1. Point workstations to our WSUS server
  2. Run a program that checks if the antivirus software is installed and if not, install it
  3. Disable registry editing
  4. Set Office security level
  5. Set ODBC connections
  6. Redirect a user's Desktop and My Documents to a file server
  7. Map network drives
  8. Set power saving settings (out monitors, hard drives and computer to sleep after xx minutes)
  9. Check versions of in-house applications
  10. Disable iTunes, Windows Media Player, VLC, etc.
  11. Set disk space quotas

[EDIT] Added the following:

  1. Enforce password policy
  2. Standardize desktop wallpaper and screen savers

And a few others I can't remember off the top of my head.

Related

Apache SSL VirtualHosts on a single IP using UCC/SAN certificate
How do I get my HP servers to email me when a drive fails?
Backup MySQL Server
How to build a high availability Postfix system?
switch apache from prefork to event in Ubuntu 16, get php 7 working
Mysql - Access denied for user 'root'@'x.x.x.x' [duplicate]
What does registry setting EnableLinkedConnections do on a technical level?
How can I create a user only for sftp?
How to log the ip addresses trying to connect to a port?
How can I configure Postfix to retain copies of all email sent through it?
There is any monitoring hosted solution? [closed]
How to divert traffic based on hostname using HAProxy?