5 most important Group Policy settings to configure

Discussion in 'Windows Small Business Server' started by Ross, Oct 3, 2006.

  1. Ross

    Ross Guest

    Hi all,

    Sorry for all the questions today -

    After installing a new sbs2003 sp1 server and having XP clients what are
    your first edits to the group policy you set? Im just looking for ideas in
    case im missing something important.

    so what do you deem to be the most important Group Policy changes to make?
     
    Ross, Oct 3, 2006
    #1
    1. Advertisements

  2. I try to avoid changing the existing GPOs as much as possible, and prefer
    to create my own additional ones as needed.

    The key policies I almost always add are:

    * a Windows Firewall exception for Anti-Virus software,
    * software deployment for Adobe Reader and now also Opera.

    Another useful one if (like me) you don't run users as local
    administrators, and therefore don't allocate users to PCs is:

    * use Restricted Groups to add the domain "RWW users" group to the local
    group "BUILTIN\Remote Desktop Users"
     
    Steve Foster [SBS MVP], Oct 3, 2006
    #2
    1. Advertisements

  3. In
    Oh, really? Got anything to back that up? I leave the firewall enabled
    everywhere, with the appropriate exceptions for localsubnet.
     
    Lanwench [MVP - Exchange], Oct 3, 2006
    #3
  4. In
    Disable offline files (I don't use 'em, ptui)
    Force Windows XP to classic mode & classic start menu
    Folder redirection (I use my own custom GPO for this) for My Documents, and
    prevent user from changing that path
    Password complexity & expiration
    Add Administrators to roaming profiles folder(s).

    I do more than that, but you asked for 5. :)
     
    Lanwench [MVP - Exchange], Oct 3, 2006
    #4
  5. Ross

    Alan Guest

    "Lanwench [MVP - Exchange]"
    I for one would be very interested in your full list if you are
    willing to share...

    :)

    Thanks,

    Alan.
    --

    The views expressed are my own, and not those of my employer or anyone
    else associated with me.

    My current valid email address is:



    This is valid as is. It is not munged, or altered at all.

    It will be valid for AT LEAST one month from the date of this post.

    If you are trying to contact me after that time,
    it MAY still be valid, but may also have been
    deactivated due to spam. If so, and you want
    to contact me by email, try searching for a
    more recent post by me to find my current
    email address.

    The following is a (probably!) totally unique
    and meaningless string of characters that you
    can use to find posts by me in a search engine:

    ewygchvboocno43vb674b6nq46tvb
     
    Alan, Oct 4, 2006
    #5
  6. Don't be silly. Turning it off is more likely to increase traffic (since
    anything can then flow).

    I routinely run networks with the Windows Firewall on. It provides a
    little bit of extra protection against malware, etc. to your network.

    SBS2003 R2 handles this for you, if you're on that. Note that upgrading to
    R2 will kill any existing WSUS configuration you may have done.
     
    Steve Foster [SBS MVP], Oct 5, 2006
    #6
  7. In
    You'll need to provide more info, I'm afraid. What exactly slows down? The
    Windows firewall does not block outbound traffic. Perhaps you should look in
    your workstations' event logs.
     
    Lanwench [MVP - Exchange], Oct 13, 2006
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.