Author: Alan Burchill
Group Policy Setting of the Week 2 – Verbose vs normal status messages
This weeks Group Policy Setting of the Week (GPSW) can be found under Computer > Policies > Administrative Templates > System and is called “Verbose vs normal status messageâ€. It is a really simple setting that doesn’t actually do much but I dub this setting the “Make my computer start faster†setting which give users the illusion that their computer are working faster.
So what does it do and how does it make my Computer start faster? This setting displays a number of extra status messages during the start up and shutdown of the computer and when the user is logging on and off.
Some of the verbose status messages you will see are (but not limited to):
Mapping Drives
Playing Logon Sound
Mapping Printers
Applying Power Settings
Stopping Services
You will still see your Applying Computer settings and Preparing Desktop messages however these will be shown for a lot shorter time.
Unfortunately it will not actually make your computer start any quicker but I have generally found that by enabling this option users seem to perceive that their computers are starting up quicker. Why? Well I think its because the extra status messages are holding their attention for a few seconds each time a new one is displayed something like the opposite of watching grass grow or a watched pot that never boils… In any case this is still a handy setting to enable as at the very least will help your IT support troubleshoot logon performance issues.
This setting will work on Windows 2000 and above and it will also show the processing of newer Group Policy Preferences.
Group Policy Setting of the Week 1 – How to remove old user profiles after X days
(This will hopefully be the first of many Group Policy Setting of the Week (or GPSW) articles where I will showcase one policy setting and what it does.)
I just read about this cool new policy setting on the “Ask the Performance Team†blog that will help address the issues of computers hard drives filling up over time with multiple user profiles. Previously you either had the option to purge the local users profile on log off or keep a cached copy of the profile forever. Either users would have to download their profile every time they logon to the computer which could greatly slow down the logon process or their cached profiles was never deleted which resulted in the system drive running out of space. This new setting “Delete user profiles older than a specified number of days on system restart†allows you to set a timer on the local cached profiles so that they will be purged X number of days after being used. This means users who commonly logon to a particular computer will still have their profile cached but users that logon seldomly will have their files cleaned up thus saving precious disk space.
This might sound like a great setting to implement on a Terminal Server however note the clean up wont happen until the server is rebooted. This restriction should not be so bad as Terminal Servers are probably rebooted at least once a month any way for patching (you do patch your terminal servers don’t you?).
This setting can be found under Computer Configuration \ Policies \ Administrative Templates \ System \ User Profiles
Source: http://blogs.technet.com/askperf/archive/2009/11/03/just-me-and-my-profile-part-2.aspx
See my Group Policy article re-published Here and HERE!!
My recent Group Policy showing how to apply different power plan’s in Windows using Group Policy during different times of the day has picked up some traction and it has now been re-blogged twice.
First mention was on the Green IT Strategy (see below)
See the whole article at http://www.greenitstrategy.com/blog/67-power-management/162-alan-burchill-how-to-use-group-policy-preferences-to-manage-windows-power-plans
And the second has been on the Microsoft Group Policy Team which has re-published my article in full… AWESOME!!!!
See the whole article at http://blogs.technet.com/grouppolicy/archive/2009/09/30/configuring-a-power-plan-with-group-policy-preferences-by-alan-burchill.aspx
NSW Government uses Group Policy AppLocker to build an ‘unhackable’ Netbook
The NSW Department of Education and Training (DET) has come out and said that due to the new features in Windows 7 they were able to essentially build a computer to survive “the most hostile environment you can roll computers into”.
“DET also uses the AppLocker functionality within Windows 7 to dictate which applications can be installed on the device.â€
AppLocker is a new feature with Windows 7 that allows IT administrators to lock down application to specific product and/or vendors with having to specific the specific version. This feature allows them to only allow a specific white list of application on the computers. This essentially prevents anyone from running any non-authorised code on the computer thus making it VERY difficult to prevent people hacking the computer with third-party tools or malware. What is really nice with this feature is that it does not stop computer from running applications after they have been updated with hot fixes and service packs as AppLocker works on the digital signature on the file and not a hash of the file itself. This makes the IT Administrators overhead far less as they no longer need to add every possible version of an application to the white list when they want it to work.
While DET does seem to have done a lot in securing the devices to the Nth degree I still reckon it wont take long for someone to find some hack or workaround. I think the itNews headline is just inviting trouble by calling it “Unhackableâ€. I call it the “If something is said to be “unhackable†then it is far from being secure†maximum. ( More info about Security Maximum’s can be found at http://whysecurityfails.com/maxims.html ). But don’t get me wrong I don’t think that this will be a flaw in the technology but more a security issue with them forgetting to lock down some or even leaking the default BIOS password.
Source: NSW seeks to build ‘unhackable’ netbook network – Security – Technology – News – iTnews.com.au
Technorati Tags: Group Policy,AppLocker
TechNet Edge – Power Management and Troubleshooting Group Policy
Adam Bomb sat down with Michael Kleef and Mark Gray in the Group Policy team to talk about the kind of settings in Windows 7 that can be controlled by policy. Mark also gives us a primer on how to troubleshoot group policy issues by turning on GP logging on the client. Find out the latest about Group Policy by…
TechNet Edge – Using Group Policy to set default printers in Windows 7
Adam Bomb had a recent visit with the Group Policy program managers, Michael explained the challenges that used to be involved in setting printers via group policy, and Lilia walks through the steps to easily do so today. You can follow Michaels blog at http://blogs.technet.com/mkleef, and Lilia contributes to the Group Policy team blog.
PolicyMaker to Group Policy Preference migration tool released. Finally!
 After about 18 months since Group Policy Preference were released with Windows Server 2008 Microsoft has finally release a migration tool to convert you PolicyMaker Group Policies to Group Policy Preferences. Here is the link to download the tool http://www.microsoft.com/downloads/details.aspx?FamilyID=35791cb6-710b-48c4-aaa1-90db170bcf2a&displaylang=en Source: Group Policy Team Blog : How do I migrate PolicyMaker Items to Group Policy Preference Items?
TechNet Edge – What’s New in Group Policy?
The Group Policy team hasn’t been sitting idly by, they’ve added a bunch of new features to Group Policy and Group Policy Preferences, and Adam Bomb sat down with Michael and Lilia to go over some of them. They cover PowerShell integration, new functionality in Directory Services, Auditing, new policies to cover new features like Direct Access, and UI enhancements…