Many posts on this blog talk about various Group Policy settings and how to implement them. Although, Group Policy main focus is to lock down settings on workstations and servers in a domain environment, you can still implement the same measures on workstations in a workgroup environment.
Data tiering or tiered storage strategies help organizations reduce the total storage costs. Costs can be reduced by separating data based on necessity and functionality. For instance, hot data that is frequently accessed by the organizations’ critical applications needs to be stored on fast storage devices while, data that is occasionally accessed can reside on slower and cheaper storage devices.
This running list categorizes best practices for Group Policy Preferences.
Group Policy Files:
- Normally, an update will create a file if it doesn’t exist and replace it if it does exist. In Files, this is not the case. An Update simply updates the file attributes (not the file itself). If you wish to create the file if it doesn’t exist and to replace it if it does exist, choose the replace option.
- To copy all of the files in a single folder, ensure that your source ends with a \* and that your destination ends with a \
Group Policy Printers:
- Delete: To prevent computers from generating Event Log errors, set preference to Apply Once and Do Not Reapply. Also configure a Item Level Target to the printer’s location in the registry. This can either be HKLM or HKCU.
Order of Processing
LSDOU: Local, Site, Organizational Unit (OU). That is the order in which Group Policy applies. All local GPOs are applied first; this is followed by any applicable ones linked to a site. Next, GPOs linked at the domain are applied. Finally, GPOs linked to each OU are processed. These GPOs are applied in a top down approach. Higher OUs or levels such as a site or domain are applied first. Let’s look at a sample environment.
I am one of those geeky people who try to follow all of Microsoft’s recommendations (including logging in with an administrator and separate standard account). When UAC was introduced, I found my new best friend! I could finally stay logged in as an administrator without having everything running as an administrator.
So Abbott and Costello were in the office one day. After a long series of emails, they noticed their inbox was completely cluttered!
Outlook, by default, sorts all email by date received. If you store email in your Inbox or are frequently CC’d, there is a better way of sorting! To make his life easier, Abbott clicked on the Arranged By: Date button and selected Conversation.
Outlook saw that all of his emails from Costello were in the same conversation and automatically grouped them together! Instead of 23 separate messages, Outlook combined them into 1 and put the newest one on top! He can even click the down arrow (next to the email subject) to see all of the previous messages individually.
Now Abbott never overlooks a message, replies to an older one by accident, and can start explaining who is on second!
Group Policy is a solid tool and is very stable. Microsoft has made constant improvements to it since Windows 2000. It allows for the configuration and deployment of pretty much anything in your Active Directory environment. From deploying software to setting the default printer, it works. But when it doesn’t, Microsoft has provided great guidelines and tools in order to troubleshoot.
Still creating accounts by hand? Yeah – we just got out of that boat! If you would like to automate your account creation – here is a sample script you can use!
The faster things become – the faster we want things to become.
For example – PowerShell. On my machine, it takes about 5-6 seconds to be fully functional. Because I link PowerShell scripts into certain MMCs, starting PowerShell quickly is very important to me!
If you use home folders and/or folder redirection, you probably are wasting some space! When a user in AD is deleted, their documents will still remain on your server. To reclaim this space, we can use a very simply PowerShell script: