Presentation is loading. Please wait.

Presentation is loading. Please wait.

Section 8: Configuring the Desktop Environment with Group Policy Exploring Script Types and Controlling Script Execution Defining the Desktop, Start Menu,

Published byVeronica Merritt Modified over 8 years ago

Similar presentations

Presentation on theme: "Section 8: Configuring the Desktop Environment with Group Policy Exploring Script Types and Controlling Script Execution Defining the Desktop, Start Menu,"— Presentation transcript:

1 Section 8: Configuring the Desktop Environment with Group Policy Exploring Script Types and Controlling Script Execution Defining the Desktop, Start Menu, and Taskbar Settings Defining the Control Panel Settings Defining the Windows Components Settings Configuring the Printer Management and Pruning Settings Defining Network Settings New Settings for Windows 8 Client and Windows Server 2012 Managing Windows Environments with Group Policy

2 © 2013 Global Knowledge Training LLC. All rights reserved. Section Objectives After completing this section, you will be able to: Describe the startup, shutdown, logon, and logoff scripts and settings Identify the many ways to control the user desktop, Start menu, and taskbar settings Explain how to restrict the Control Panel settings Explain how to restrict the operations that users can perform in Windows Explorer, Windows Internet Explorer, and Remote Desktop Services Explain how to configure the printer management and pruning settings Describe the network settings 8-2

3 © 2013 Global Knowledge Training LLC. All rights reserved. Exploring Script Types and Controlling Script Execution 8-3 Script Types Controlling Script Processing Delegating Script Management

4 © 2013 Global Knowledge Training LLC. All rights reserved. Script Types Active Directory domains support four types of scripts: Computer Startup Computer Shutdown User Logon User Logoff 8-4

5 © 2013 Global Knowledge Training LLC. All rights reserved. Computer Startup and Shutdown Scripts Startup and shutdown scripts run in the context of the computer account. A user account is not logged on. These scripts must not require user input. 8-5

6 © 2013 Global Knowledge Training LLC. All rights reserved. User Logon and Logoff Scripts (1) A logon script runs when a user logs on to a Windows computer, using the user security context. A logoff script runs when the user logs off, again using the user security context. Scripts can be: PowerShell VBScript BAT CMD EXE 8-6

7 © 2013 Global Knowledge Training LLC. All rights reserved. User Logon and Logoff Scripts (2) 8-7 If Windows PowerShell is used to write logon scripts, the scripts will have to be signed or the Script Execution policy will have to be relaxed.

8 © 2013 Global Knowledge Training LLC. All rights reserved. User Logon and Logoff Scripts (3) 8-8 This is an example of a PowerShell logon script that maps a drive and displays a message box.

9 © 2013 Global Knowledge Training LLC. All rights reserved. Controlling Script Processing Run logon scripts synchronously Run startup scripts synchronously Run startup scripts visible Run shutdown scripts visible Maximum wait time for Group Policy scripts 8-9

10 © 2013 Global Knowledge Training LLC. All rights reserved. Delegating Script Management Control which users can configure scripts by limiting the MMC snap-in using the following Administrative Templates settings: User Configuration, Administrative Templates, Windows Components, Microsoft Management Console, Restricted/Permitted snap-ins, Group Policy, Scripts (Logon/Logoff), Scripts (Startup/Shutdown) User Configuration, Administrative Templates, Windows Components, Microsoft Management Console, Restrict users to the explicitly permitted list of snap-ins 8-12

11 © 2013 Global Knowledge Training LLC. All rights reserved. Defining the Desktop, Start Menu, and Taskbar Settings Control icons on the desktop. Customize and set the Start menu. Set access to taskbar settings. 8-13

12 © 2013 Global Knowledge Training LLC. All rights reserved. Defining the Control Panel Settings Restrict access completely. Control access to Add/Remove Programs. Restrict the display properties. Control printer management. Customize or set language options. 8-19

13 © 2013 Global Knowledge Training LLC. All rights reserved. Defining the Windows Components Settings 8-23 File Explorer Settings Internet Explorer Settings Remote Desktop Services Settings Other Notable Windows Components

14 © 2013 Global Knowledge Training LLC. All rights reserved. File Explorer Settings 8-23 The File Explorer section contains many settings dealing with the desktop and the File Explorer.

15 © 2013 Global Knowledge Training LLC. All rights reserved. Internet Explorer Settings Previous group policies already contained a large number of Internet Explorer settings. Now, more settings than ever are available with the latest versions of Windows Internet Explorer. 8-26

16 © 2013 Global Knowledge Training LLC. All rights reserved. Administrator Approved Controls If users are constantly having problems with add-ons to Internet Explorer, you can configure an approved list of allowed controls. 8-28

17 © 2013 Global Knowledge Training LLC. All rights reserved. Browser Menus To provide a more streamlined or restrictive interface, menu options in Internet Explorer can be disabled. 8-29

18 © 2013 Global Knowledge Training LLC. All rights reserved. Internet Control Panel Specific portions of Internet Control Panel can be disabled to prevent tampering with settings. 8-29

19 © 2013 Global Knowledge Training LLC. All rights reserved. Offline Pages Offline Pages governs the downloading and caching of pages for later viewing. 8-30

20 © 2013 Global Knowledge Training LLC. All rights reserved. Persistence Behavior Some DHTML Web pages can store an enormous amount of data in the name of “persistence.” This storage can be limited using Group Policy. 8-30

21 © 2013 Global Knowledge Training LLC. All rights reserved. Toolbars Similar to the text-based menu options, the icon-based toolbars can also be controlled. 8-31

22 © 2013 Global Knowledge Training LLC. All rights reserved. Remote Desktop Services Settings The Remote Desktop Services settings are very important for restricting what users can do while connected to a desktop interface from a server. 8-32

23 © 2013 Global Knowledge Training LLC. All rights reserved. Other Notable Windows Components Microsoft Management Console Task Scheduler Windows Installer Windows Media Player Windows Messenger Windows Update 8-33

24 © 2013 Global Knowledge Training LLC. All rights reserved. Configuring the Printer Management and Pruning Settings Pruning Purges inactive printers from Active Directory Publishing Controls the listing of printers in Active Directory 8-34

25 © 2013 Global Knowledge Training LLC. All rights reserved. Defining the Network Settings 8-36 DNS Client Offline Files Network Connections

26 © 2013 Global Knowledge Training LLC. All rights reserved. DNS Client Some of the TCP/IP settings assigned to client computers come from DHCP. Other more advanced settings can be configured centrally through a GPO. 8-36

27 © 2013 Global Knowledge Training LLC. All rights reserved. Offline Files Folder redirection is largely replacing the roaming profile. Contents are automatically synchronized to the local computer for portability. 8-37

28 © 2013 Global Knowledge Training LLC. All rights reserved. Network Connections Relaxing some of the network restrictions can allow normal users a small amount of control over their network connection. This feature is useful for individuals who travel. 8-38

29 © 2013 Global Knowledge Training LLC. All rights reserved. New Settings for Windows 8 Client and Windows Server 2012 Network Start Menu and Taskbar System Windows Components 8-39

30 © 2013 Global Knowledge Training LLC. All rights reserved. Network Remove “Work offline” command This policy setting removes the “Work offline” command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode. 8-39

31 © 2013 Global Knowledge Training LLC. All rights reserved. Start Menu and Taskbar The few new Start Menu and Taskbar settings are listed below: 8-38 Clear history of tile notifications on exit Do not allow taskbars on more than one display Prevent users from uninstalling applications from Start Show “Run as different user” command on Start Turn off notifications of network usage Turn off tile notifications Turn off toast notifications Turn off toast notifications on the lock screen

32 © 2013 Global Knowledge Training LLC. All rights reserved. System A minimal number of System settings have been added that are specific to Windows 8 Client and Windows Server 2012: 8-41 Enable optimized move of contents in Offline Files cache on Folder Redirection server path change Redirect folders on primary computers only Turn off access to the Store

33 © 2013 Global Knowledge Training LLC. All rights reserved. Windows Components (1) Almost two dozen new settings have been added within the Windows Components section: 8-42/43 Block launching desktop apps associated with a file Block launching desktop apps associated with a protocol Do not display the password reveal button Turn off switching between recent apps Turn off tracking of app usage Location where all default Library definition files for users/machines reside Start File Explorer with ribbon minimized Do not include Non-Publishing Standard Glyph in the candidate list

34 © 2013 Global Knowledge Training LLC. All rights reserved. Windows Components (2) 8-43/44 Restrict character code range of conversion Turn off custom dictionary Turn off history-based predictive input Turn off Internet search integration Turn off Open Extended Dictionary Turn off saving auto-tuning data to file Turn on misconversion logging for misconversion report Specify default connection URL Turn off storage and display of search history Turn off the Store application

35 © 2013 Global Knowledge Training LLC. All rights reserved. Windows Components (3) 8-44/45 Do not throttle additional data Send additional data when on battery power Send data when on connected to a restricted/costed network Set the default source path for Update-Help Turn on Module Logging

36 © 2013 Global Knowledge Training LLC. All rights reserved. Summary Computer startup and shutdown scripts: GPOs support computer-specific startup and shutdown scripts. When a workstation or server is located in an OU, it runs the assigned script in the context of the Local System account. You can use these scripts to perform cleanup or maintenance routines, even when a user is not logged on to the console of the system. 8-47

37 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) User logon and logoff scripts: Logon and logoff scripts apply to a user account that can be contained at the site, domain, or OU container, or all of these locations. These scripts are typically used to map drives or perform other activities that are not found as part of typical Group Policy settings. 8-47

38 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) To restrict the operations that users can perform on their computers, go to the Group Policy console settings under the User Configuration node. Some settings are located under the Policies subnode, while others are found under the Administrative Templates subnode. You can set many different restrictions to the following: Desktop Start menu Taskbar Control Panel Windows Explorer Windows Internet Explorer 8-47

39 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) Most of the Remote Desktop Services policies appear in the Group Policy console under the Computer Configuration node, although you can set a few timeouts in the User Configuration node. To configure the printer management and pruning settings, go to Computer Configuration, Administrative Templates, and Printers node in the Group Policy console. Some User Configuration client-side printer settings exist in Control Panel. 8-47

40 © 2013 Global Knowledge Training LLC. All rights reserved. Summary (cont.) The network settings are: DNS Client: Preset values that control the functioning of DNS, including dynamic update, DNS suffixes, Time- to-Live values, etc. Offline Files: Configure the settings for caching offline files on the local computer. Network Connections: Restrict or allow access to network settings like, TCP/IP properties, viewing network adapter properties, and disabling or enabling network adapters. 8-47

41 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check 1.Where in the Group Policy console can you configure the pruning settings? a.User Configuration, Administrative Templates, and Printers node b.User Configuration, Policies, and Printers node c.Computer Configuration, Administrative Templates, and Printers node d.Computer Configuration, Policies, and Printers node 8-48

42 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 2.If you wanted to hide specific Control Panel items, what would you do? a.Navigate to User Configuration, Policies, Administrative Templates, and Control Panel. b.Find the file name of the desired Control Panel item(.cpl extension) in %Systemroot%\System32. c.Right-click the item and select Hide. 8-48

43 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 3.Internet Explorer settings exist in three primary locations in the Group Policy console. Name them. Computer Configuration, Policies, Administrative Templates, Windows Components, and Internet Explorer User Configuration, Policies, Administrative Templates, Windows Components, and Internet Explorer Computer Configuration, Policies, Windows Settings, and Internet Explorer Maintenance 8-48

44 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 4.In which node of the Group Policy console (Computer Configuration or User Configuration) would you expect to find DNS settings? Why? Computer Configuration, because the settings apply to the computer as a whole 8-48

45 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 5.Which setting would you use to prevent users from applying patches and updates, block access to the Windows Update Web site, and remove the Windows Update hyperlink from the Start menu and from the Tools menu in Windows Internet Explorer? (Hint: Go to User Configuration, Policies, Administrative Templates, and Start Menu and Taskbar.) Remove links and access to Windows Update 8-48

46 © 2013 Global Knowledge Training LLC. All rights reserved. Knowledge Check (cont.) 6.What types of scripts does the following text describe? These scripts apply to a user account that can be contained at the site, domain, or OU container, or all of these locations. These scripts are typically used to map drives or perform other activities that are not found as part of typical Group Policy settings. User logon and logoff scripts 8-49

Download ppt "Section 8: Configuring the Desktop Environment with Group Policy Exploring Script Types and Controlling Script Execution Defining the Desktop, Start Menu,"

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Microsoft Windows Vista Chapter 5 Personalize Your Work Environment.

Microsoft Windows Vista Chapter 5 Personalize Your Work Environment.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
16.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.

16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.
Guide to MCSE 70-290, Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.

Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Windows XP 101: Using Windows XP Professional in the Classroom.

Windows XP 101: Using Windows XP Professional in the Classroom.

Similar presentations

Ads by Google