+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 26 of 26
Network and Classroom Management Thread, GPO's to make a school Network in Technical; It is a very good question, however because there are hundreds of policies I'm not going to go through each ...
  1. #16

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,265
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    It is a very good question, however because there are hundreds of policies I'm not going to go through each one.

    Initially though, you need to have Active Directory installed. In here you can create multiple OUs and this is where your user and computer objects live, but also, where you apply policies. Fortunately Microsoft have included descriptions of what each policy does.
    Myself like other Network Managers have gone through each one and familiarised ourselves with what each policy does and whether it's needed. In practice it can take years to fully appreciate how powerful policies are. Windows Server 2008 has even more for me to learn and discover! There is no easy way around this, but I think that with guidance you'll learn Active Directory properly over time if you take the time to learn about policies.

  2. #17

    Join Date
    Oct 2005
    Location
    Bangkok
    Posts
    235
    Thank Post
    15
    Thanked 32 Times in 23 Posts
    Rep Power
    24
    We have a Windows 2003 network, 2 cc3 servers, we have created a vanilla OU structure that has blocked all the viruses and cc3 policies from getting through.

    This is the restricted user policy for students and some staff.


    restricted users settings
    Data collected on: 4/8/2008 11:50:47 AM

    General
    Details
    Domainwallington.internal
    OwnerWALLINGTON\Domain Admins
    Created12/27/2007 2:01:24 PM
    Modified3/14/2008 10:18:06 AM
    User Revisions122 (AD), 122 (sysvol)
    Computer Revisions3 (AD), 3 (sysvol)
    Unique ID{B0F74196-D34C-4DA9-8436-B233A9B020F8}
    GPO StatusEnabled

    Links
    LocationEnforcedLink StatusPath
    WHSGNoEnabledwallington.internal/WHSG

    This list only includes links in the domain of the GPO.
    Security Filtering
    The settings in this GPO can only apply to the following groups, users, and
    computers:Name
    NT AUTHORITY\Authenticated Users

    WMI Filtering
    WMI Filter NameNone
    DescriptionNot applicable

    Delegation
    These groups and users have the specified permission for this
    GPONameAllowed PermissionsInherited
    NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
    NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
    NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
    WALLINGTON\disCustomNo
    WALLINGTON\Domain AdminsCustomNo
    WALLINGTON\Enterprise AdminsEdit settings, delete, modify securityNo
    WALLINGTON\SAVECustomNo
    WALLINGTON\Staff {UT}CustomNo
    WALLINGTON\WHS Teaching StaffCustomNo

    Computer Configuration (Enabled)
    Administrative Templates
    System/Group Policy
    PolicySetting
    User Group Policy loopback processing modeEnabled
    Mode:Replace


    User Configuration (Enabled)
    Windows Settings
    Security Settings
    Software Restriction Policies
    Enforcement
    PolicySetting
    Apply software restriction policies toAll software files except
    libraries (such as DLLs)
    Apply software restriction policies to the following usersAll users

    Designated File Types
    File ExtensionFile Type
    ADEMicrosoft Office Access Project Extension
    ADPMicrosoft Office Access Project
    BASBAS File
    BATMS-DOS Batch File
    CHMCompiled HTML Help file
    CMDWindows NT Command Script
    COMMS-DOS Application
    CPLControl Panel extension
    CRTSecurity Certificate
    EXEApplication
    HLPHelp File
    HTAHTML Application
    INFSetup Information
    INSInternet Communication Settings
    ISPInternet Communication Settings
    LNKShortcut
    MDBMicrosoft Office Access Application
    MDEMicrosoft Office Access MDE Database
    MSCMicrosoft Common Console Document
    MSIWindows Installer Package
    MSPWindows Installer Patch
    MSTMST File
    OCXActiveX Control
    PCDPhotoCD Image
    PIFShortcut to MS-DOS Program
    REGRegistration Entries
    SCRScreen Saver
    SHSScrap object
    URLInternet Shortcut
    VBVB File
    WSCWindows Script Component

    Trusted Publishers
    Allow the following users to select trusted publishersEnd users
    Before trusting a publisher, check the following to determine if the
    certificate is revokedNone

  3. #18

    Join Date
    Oct 2005
    Location
    Bangkok
    Posts
    235
    Thank Post
    15
    Thanked 32 Times in 23 Posts
    Rep Power
    24
    continued from above

    Software Restriction Policies/Security Levels
    PolicySetting
    Default Security LevelUnrestricted

    Software Restriction Policies/Additional Rules
    Hash Rules
    Entertainment Pack FreeCell Game; Microsoft® Windows® Operating System;
    Microsoft Corporation; freecell (5.1.2600.0)
    File hash4D9B5E540158BF8E9B1BCAC1AEDD8C60:55296:32771
    Security levelDisallowed
    Description
    Date last modified3/14/2008 10:02:02 AM

    Entertainment Pack FreeCell Game; Microsoft® Windows® Operating System;
    Microsoft Corporation; freecell (5.1.2600.0)
    File hash4D9B5E540158BF8E9B1BCAC1AEDD8C60:55296:32771
    Security levelDisallowed
    DescriptionFREECELLCARD GAME
    Date last modified3/14/2008 9:30:47 AM

    Entertainment Pack Minesweeper Game; Microsoft® Windows® Operating System;
    Microsoft Corporation; WINMINE.EXE (5.1.2600.0)
    File hash9C45D38B74634C9DED60BEC640C5C3CA:119808:32771
    Security levelDisallowed
    Description
    Date last modified3/14/2008 10:02:47 AM

    Entertainment Pack Minesweeper Game; Microsoft® Windows® Operating System;
    Microsoft Corporation; WINMINE.EXE (5.1.2600.0)
    File hash9C45D38B74634C9DED60BEC640C5C3CA:119808:32771
    Security levelDisallowed
    DescriptionMINE SWEEPER
    Date last modified3/14/2008 9:35:41 AM

    Solitaire Game Applet; Microsoft® Windows® Operating System; Microsoft
    Corporation; sol.exe (5.1.2600.0)
    File hash373E7A863A1A345C60EDB9E20EC32311:56832:32771
    Security levelDisallowed
    Description
    Date last modified3/14/2008 10:02:32 AM

    Solitaire Game Applet; Microsoft® Windows® Operating System; Microsoft
    Corporation; sol.exe (5.1.2600.0)
    File hash373E7A863A1A345C60EDB9E20EC32311:56832:32771
    Security levelDisallowed
    DescriptionSOLITAIRE
    Date last modified3/14/2008 9:36:19 AM

    Spider; Microsoft® Windows® Operating System; Microsoft Corporation;
    Spider (5.1.2600.2180)
    File hash4749198C70F4162D622F24601B527645:538624:32771
    Security levelDisallowed
    Description
    Date last modified3/14/2008 10:02:39 AM

    Spider; Microsoft® Windows® Operating System; Microsoft Corporation;
    Spider (5.1.2600.3264)
    File hashAE506917A742177864DC3F9231CF765C:538624:32771
    Security levelDisallowed
    DescriptionSPIDER
    Date last modified3/14/2008 9:53:54 AM

    The Microsoft Hearts Network; Microsoft® Windows® Operating System;
    Microsoft Corporation; MSHEARTS.EXE (5.1.2600.0)
    File hashBE1B85306352E0AC901EC08506792B6B:126976:32771
    Security levelDisallowed
    Description
    Date last modified3/14/2008 10:02:24 AM

    The Microsoft Hearts Network; Microsoft® Windows® Operating System;
    Microsoft Corporation; MSHEARTS.EXE (5.1.2600.0)
    File hashBE1B85306352E0AC901EC08506792B6B:126976:32771
    Security levelDisallowed
    DescriptionHEARTS CARDS
    Date last modified3/14/2008 9:32:11 AM


    Path Rules
    %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\SystemRoot%
    Security LevelUnrestricted
    Description
    Date last modified3/14/2008 9:04:16 AM

    %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\SystemRoot%*.exe
    Security LevelUnrestricted
    Description
    Date last modified3/14/2008 9:04:16 AM

    %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\SystemRoot%System32\*.exe
    Security LevelUnrestricted
    Description
    Date last modified3/14/2008 9:04:16 AM

    %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\ProgramFilesDir%
    Security LevelUnrestricted
    Description
    Date last modified3/14/2008 9:04:16 AM

    C:\Program Files\MSN Gaming Zone\Windows
    Security LevelDisallowed
    Description
    Date last modified3/14/2008 9:06:34 AM


    Administrative Templates
    Control Panel
    PolicySetting
    Prohibit access to the Control PanelEnabled

    Control Panel/Add or Remove Programs
    PolicySetting
    Hide Add New Programs pageEnabled
    Hide Add/Remove Windows Components pageEnabled
    Hide Change or Remove Programs pageEnabled
    Hide the Set Program Access and Defaults pageEnabled
    Remove Add or Remove ProgramsEnabled

    Control Panel/Display
    PolicySetting
    Hide Desktop tabEnabled
    Hide Settings tabEnabled
    Prevent changing wallpaperEnabled
    Remove Display in Control PanelEnabled

    Control Panel/Printers
    PolicySetting
    Browse the network to find printersDisabled
    Prevent deletion of printersEnabled

    Desktop
    PolicySetting
    Do not add shares of recently opened documents to My Network PlacesEnabled
    Don't save settings at exitEnabled
    Hide My Network Places icon on desktopEnabled
    Prevent adding, dragging, dropping and closing the Taskbar's
    toolbarsEnabled
    Prohibit adjusting desktop toolbarsEnabled
    Prohibit user from changing My Documents pathEnabled
    Remove My Computer icon on the desktopEnabled
    Remove Properties from the My Computer context menuEnabled
    Remove Properties from the My Documents context menuEnabled
    Remove the Desktop Cleanup WizardEnabled

    Desktop/Active Directory
    PolicySetting
    Hide Active Directory folderEnabled

    Network/Offline Files
    PolicySetting
    Prevent use of Offline Files folderEnabled
    Prohibit user configuration of Offline FilesEnabled
    Prevents users from changing any cache configuration settings.


    Start Menu and Taskbar
    PolicySetting
    Clear history of recently opened documents on exitEnabled
    Do not keep history of recently opened documentsEnabled
    Force classic Start MenuEnabled
    Lock the TaskbarEnabled
    Prevent changes to Taskbar and Start Menu SettingsEnabled
    Remove access to the context menus for the taskbarEnabled
    Remove Balloon Tips on Start Menu itemsEnabled
    Remove Drag-and-drop context menus on the Start MenuEnabled
    Remove Help menu from Start MenuEnabled
    Remove links and access to Windows UpdateEnabled
    Remove Logoff on the Start MenuEnabled
    Remove My Network Places icon from Start MenuEnabled
    Remove Network Connections from Start MenuEnabled
    Remove programs on Settings menuEnabled
    Remove Run menu from Start MenuEnabled
    Remove Search menu from Start MenuEnabled
    Remove Set Program Access and Defaults from Start menuEnabled
    Turn off personalized menusEnabled
    Turn off user trackingEnabled

    System/Ctrl+Alt+Del Options
    PolicySetting
    Remove Lock ComputerEnabled
    Remove LogoffEnabled
    Remove Task ManagerEnabled

    Windows Components/Internet Explorer
    PolicySetting
    Disable changing Advanced page settingsEnabled
    Disable changing connection settingsEnabled
    Disable changing home page settingsEnabled
    Disable Internet Connection wizardEnabled
    Do not allow AutoComplete to save passwordsEnabled

    Windows Components/Internet Explorer/Browser menus
    PolicySetting
    Help menu: Remove 'Send Feedback' menu optionEnabled
    Tools menu: Disable Internet Options... menu optionEnabled

    Windows Components/Internet Explorer/Internet Control Panel
    PolicySetting
    Disable the Advanced pageEnabled
    Disable the Connections pageEnabled
    Disable the Content pageEnabled
    Disable the General pageEnabled
    Disable the Privacy pageEnabled
    Disable the Programs pageEnabled
    Disable the Security pageEnabled

    Windows Components/Microsoft Management Console
    PolicySetting
    Restrict the user from entering author modeEnabled
    Restrict users to the explicitly permitted list of snap-insEnabled

    Windows Components/Task Scheduler
    PolicySetting
    Prohibit New Task CreationEnabled

    Windows Components/Windows Explorer
    PolicySetting
    Hide these specified drives in My ComputerEnabled
    Pick one of the following combinationsRestrict C, M, P and S only

    PolicySetting
    Hides the Manage item on the Windows Explorer context menuEnabled
    No "Computers Near Me" in My Network PlacesEnabled
    No "Entire Network" in My Network PlacesEnabled
    Remove "Map Network Drive" and "Disconnect Network Drive"Enabled
    Remove DFS tabEnabled
    Remove Hardware tabEnabled
    Remove Search button from Windows ExplorerEnabled
    Remove Security tabEnabled

    Windows Components/Windows Installer
    PolicySetting
    Prevent removable media source for any installEnabled

    Windows Components/Windows Media Player
    PolicySetting
    Prevent Radio Station Preset RetrievalEnabled

    Windows Components/Windows Media Player/Networking
    PolicySetting
    Hide Network TabEnabled

    Windows Components/Windows Messenger
    PolicySetting
    Do not allow Windows Messenger to be runEnabled

    Windows Components/Windows Update
    PolicySetting
    Do not display 'Install Updates and Shut Down' option in Shut Down Windows
    dialog boxEnabled
    Remove access to use all Windows Update featuresEnabled

  4. #19

    Join Date
    Oct 2005
    Location
    Bangkok
    Posts
    235
    Thank Post
    15
    Thanked 32 Times in 23 Posts
    Rep Power
    24
    this is a gpo we apply to all vanilla machines, this forces the machine to only allow local profiles, plus other settings
    User settings Loopback processing
    General
    Details
    Domainwallington.internal
    OwnerWALLINGTON\Domain Admins

    User Revisions16 (AD), 16 (sysvol)
    Computer Revisions6 (AD), 6 (sysvol)
    Unique ID{371B6EFC-3B55-452E-B223-3AB4DDE52948}
    GPO StatusEnabled

    Links
    LocationEnforcedLink StatusPath
    WHSGYesEnabledwallington.internal/WHSG

    This list only includes links in the domain of the GPO.
    Security Filtering
    The settings in this GPO can only apply to the following groups, users, and
    computers:Name
    NT AUTHORITY\Authenticated Users
    WALLINGTON\Domain Computers

    WMI Filtering
    WMI Filter NameNone
    DescriptionNot applicable

    Delegation
    These groups and users have the specified permission for this
    GPONameAllowed PermissionsInherited
    NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
    NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
    NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
    WALLINGTON\Domain AdminsEdit settings, delete, modify securityNo
    WALLINGTON\Domain ComputersEdit settings, delete, modify securityNo
    WALLINGTON\Enterprise AdminsEdit settings, delete, modify securityNo

    Computer Configuration (Enabled)
    Administrative Templates
    System/Group Policy
    PolicySetting
    User Group Policy loopback processing modeEnabled
    Mode:Replace


    System/User Profiles
    PolicySetting
    Log users off when roaming profile failsDisabled
    Only allow local user profilesEnabled

    User Configuration (Enabled)
    Windows Settings
    Folder Redirection
    My Documents
    Setting: Basic (Redirect everyone's folder to the same location)
    Path: \\%HOMESHARE%%HOMEPATH%
    Options
    Grant user exclusive rights to My DocumentsEnabled
    Move the contents of My Documents to the new locationDisabled
    Policy Removal BehaviorLeave contents

    Internet Explorer Maintenance
    Browser User Interface/Customized Title Bar
    Title Bar Text
    WALLINGTON HIGH SCHOOL FOR GIRLS

    URLs/Important URLs
    NameURL
    Home page URLhttp://www.wallingtongirls.sutton.sch.uk/
    Search bar URLNot configured
    Online support page URLNot configured


    URLs/Favorites and Links
    PolicySetting
    Place favorites and links at the top of the list in the order specified
    belowNot configured
    Delete existing Favorites and Links, if presentNot configured
    Delete existing channels, if presentNot configured
    Favorites
    NameURL
    School Emailhttp://www.webmail.suttonlea.org
    SNAB ONLINEhttp://www.snabonline.com
    Sutton LEA Intranethttp://www.intra.suttonlea.org
    GOOGLE UKhttp://www.google.co.uk
    Security/Security Zones and Content Ratings
    Security Zones and Privacy
    These settings will not apply to users that log on to computers that have the
    Internet Explorer Enhanced Security Configuration (ESC) enabled. To create
    settings for users on computers that have ESC enabled, create a new GPO and edit
    that GPO on a computer where ESC is enabled.Internet (Security Level: Custom)
    .NET Framework-reliant componentsRun components not signed with
    AuthenticodeEnable
    Run components signed with AuthenticodeEnable
    ActiveX controls and plug-insDownload signed ActiveX controlsPrompt
    Download unsigned ActiveX controlsDisable
    Initialize and script ActiveX controls not marked as safeDisable
    Run ActiveX controls and plug-insEnable
    Script ActiveX controls marked safe for scriptingEnable
    DownloadsFile downloadEnable
    Font downloadEnable
    Microsoft VMJava permissionsHigh safety
    MiscellaneousAccess data sources across domainsDisable
    Allow META REFRESHEnable
    Display mixed contentPrompt
    Don't prompt for client certificate selection when no certificates or only
    one certificate existsDisable
    Drag and drop or copy and paste filesEnable
    Installation of desktop itemsPrompt
    Launching applications and unsafe filesPrompt
    Launching programs and files in an IFRAMEPrompt
    Navigate sub-frames across different domainsEnable
    Software channel permissionsMedium safety
    Submit nonencrypted form dataPrompt
    Userdata persistenceEnable
    ScriptingActive scriptingEnable
    Allow paste operations via scriptEnable
    Scripting of Java appletsEnable
    User AuthenticationLogonAutomatic logon only in Intranet zone

    Local intranet (Security Level: Custom)
    .NET Framework-reliant componentsRun components not signed with
    AuthenticodeEnable
    Run components signed with AuthenticodeEnable
    ActiveX controls and plug-insDownload signed ActiveX controlsEnable
    Download unsigned ActiveX controlsPrompt
    Initialize and script ActiveX controls not marked as safePrompt
    Run ActiveX controls and plug-insEnable
    Script ActiveX controls marked safe for scriptingEnable
    DownloadsFile downloadEnable
    Font downloadEnable
    Microsoft VMJava permissionsLow safety
    MiscellaneousAccess data sources across domainsEnable
    Allow META REFRESHEnable
    Display mixed contentPrompt
    Don't prompt for client certificate selection when no certificates or only
    one certificate existsEnable
    Drag and drop or copy and paste filesEnable
    Installation of desktop itemsEnable
    Launching applications and unsafe filesEnable
    Launching programs and files in an IFRAMEEnable
    Navigate sub-frames across different domainsEnable
    Software channel permissionsLow safety
    Submit nonencrypted form dataEnable
    Userdata persistenceEnable
    ScriptingActive scriptingEnable
    Allow paste operations via scriptEnable
    Scripting of Java appletsEnable
    User AuthenticationLogonAutomatic logon with current username and password
    SitesRequire server verification (https for all sites in this
    zoneDisabled
    Include all local (intranet) sites not listed in other zonesEnabled
    Include all sites that bypass the proxy serverEnabled
    Include all network paths (UNCs)Enabled
    Sites in this zone
    None

    Trusted sites (Security Level: Custom)
    .NET Framework-reliant componentsRun components not signed with
    AuthenticodeEnable
    Run components signed with AuthenticodeEnable
    ActiveX controls and plug-insDownload signed ActiveX controlsEnable
    Download unsigned ActiveX controlsPrompt
    Initialize and script ActiveX controls not marked as safePrompt
    Run ActiveX controls and plug-insEnable
    Script ActiveX controls marked safe for scriptingEnable
    DownloadsFile downloadEnable
    Font downloadEnable
    Microsoft VMJava permissionsLow safety
    MiscellaneousAccess data sources across domainsEnable
    Allow META REFRESHEnable
    Display mixed contentPrompt
    Don't prompt for client certificate selection when no certificates or only
    one certificate existsEnable
    Drag and drop or copy and paste filesEnable
    Installation of desktop itemsEnable
    Launching applications and unsafe filesEnable
    Launching programs and files in an IFRAMEEnable
    Navigate sub-frames across different domainsEnable
    Software channel permissionsLow safety
    Submit nonencrypted form dataEnable
    Userdata persistenceEnable
    ScriptingActive scriptingEnable
    Allow paste operations via scriptEnable
    Scripting of Java appletsEnable
    User AuthenticationLogonAutomatic logon with current username and password
    SitesRequire server verification (https for all sites in this
    zoneEnabled
    Sites in this zone
    None

    Restricted sites (Security Level: Custom)
    .NET Framework-reliant componentsRun components not signed with
    AuthenticodeDisable
    Run components signed with AuthenticodeDisable
    ActiveX controls and plug-insDownload signed ActiveX controlsDisable
    Download unsigned ActiveX controlsDisable
    Initialize and script ActiveX controls not marked as safeDisable
    Run ActiveX controls and plug-insDisable
    Script ActiveX controls marked safe for scriptingDisable
    DownloadsFile downloadDisable
    Font downloadPrompt
    Microsoft VMJava permissionsDisable Java
    MiscellaneousAccess data sources across domainsDisable
    Allow META REFRESHDisable
    Display mixed contentPrompt
    Don't prompt for client certificate selection when no certificates or only
    one certificate existsDisable
    Drag and drop or copy and paste filesPrompt
    Installation of desktop itemsDisable
    Launching applications and unsafe filesDisable
    Launching programs and files in an IFRAMEDisable
    Navigate sub-frames across different domainsDisable
    Software channel permissionsHigh safety
    Submit nonencrypted form dataPrompt
    Userdata persistenceDisable
    ScriptingActive scriptingDisable
    Allow paste operations via scriptDisable
    Scripting of Java appletsDisable
    User AuthenticationLogonPrompt for user name and password
    SitesSites in this zone
    None

    Privacy
    Privacy LevelMedium
    Web Sites
    Always allowNone
    Always blockNone
    Administrative Templates
    Control Panel/Display/Desktop Themes
    PolicySetting
    Load a specific visual style file or force Windows ClassicEnabled
    Path to Visual Style:
    To select Luna type:
    %windir%\resources\Themes\Luna\Luna.msstyles

    To select a different visual style, type:
    ie: \\<server>\share\Corp.msstyles

    To select Windows Classic, leave the box
    above blank and enable this setting

  5. #20
    Netman's Avatar
    Join Date
    Jul 2005
    Location
    56.343515, -2.804118
    Posts
    911
    Thank Post
    367
    Thanked 190 Times in 143 Posts
    Rep Power
    54
    Quote Originally Posted by nicholab View Post
    To help people who what to set up a new vanilla network can we creat a list of Group Policey Objects that you need to make an eductioan network?

    Admins
    Could this Become a sticky?
    I'd be willing to run this as a project - I agree it would be very worthwhile having some example GPOs that Edugeeks could just download and then customise for themselves.

    I'd need some examples of existing GPOs that are in use (in backup or report form) then I could take the best settings from them all and roll them into maybe three exemplar GPOs, i.e Strict, Medium and Lenient... and stick it all on the Wiki.
    More than happy to do this if you think it's a good idea. If so, post here and if there is enough interest, I'll start a new thread asking for examples of edugeeker's GPOs...

  6. Thanks to Netman from:

    benIT (10th April 2008)

  7. #21
    Freedom's Avatar
    Join Date
    Feb 2007
    Location
    England - Midlands
    Posts
    42
    Thank Post
    6
    Thanked 5 Times in 4 Posts
    Rep Power
    16

    Server 2008 Starter GPO

    I aquired Server 2008 for one fo the schools I work at and something very nice was the ability to Import, Export and Create things called Starter GPO's. If anyone else has any Starter GPOs that they have configured I would very much appreciate them, otherwise I have got to spend the rest of eternity configuring all of the settings

    Don't worry though, if I get no volunteers, I will submit my starter GPO once it is finished for perusal, modification and mayby reimplemntation into my network.

    BTW: Planning to dump Ranger and go Vanilla with proper settings and GPO structure - first time doing that

  8. #22

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,127
    Thank Post
    217
    Thanked 1,322 Times in 812 Posts
    Blog Entries
    4
    Rep Power
    518

  9. Thanks to Domino from:

    leco (11th April 2009)

  10. #23

    Join Date
    Jun 2008
    Location
    Wakefield
    Posts
    45
    Thank Post
    12
    Thanked 0 Times in 0 Posts
    Blog Entries
    1
    Rep Power
    0
    Having some basic GPO's would be great for use to us i.e Strict, Medium and Lenient. Server 2008 r2 / windows 7

  11. #24

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,127
    Thank Post
    217
    Thanked 1,322 Times in 812 Posts
    Blog Entries
    4
    Rep Power
    518
    Quote Originally Posted by shoggie View Post
    Having some basic GPO's would be great for use to us i.e Strict, Medium and Lenient. Server 2008 r2 / windows 7

    *ahem*

    Quote Originally Posted by Domino View Post

  12. #25

    Join Date
    Apr 2010
    Posts
    2,102
    Thank Post
    95
    Thanked 189 Times in 156 Posts
    Rep Power
    84
    Hay rather than typing in all that info (above posts) you can open gpmc click on the group police from the list, in the right box click something like display all (not in front of server at the mo) and click save as html.

    It will then generate a report for that selected group policy for your convenience.

    (2003 works not done this in 2008)

  13. #26

    Join Date
    Apr 2010
    Posts
    2,102
    Thank Post
    95
    Thanked 189 Times in 156 Posts
    Rep Power
    84
    I have removed ranger and winsuite from my schools and you dont really need much to lock down things.

    Hide c drive
    remove control panel
    a few others but I am not in school today.

    I would create a test setup using vmware and, play / destroy / rebuild

    This will also depend on age of students, primary, secondary, uni

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Help - Primary School Solution - Managed Network
    By RobFuller in forum Network and Classroom Management
    Replies: 21
    Last Post: 16th June 2012, 11:24 AM
  2. How long has your school had its network?
    By sidewinder in forum General Chat
    Replies: 39
    Last Post: 11th September 2009, 08:01 PM
  3. New School. New subnets that just dont make sence to me.
    By sreiach in forum Network and Classroom Management
    Replies: 2
    Last Post: 4th September 2007, 06:26 PM
  4. Whole school network freezing
    By standunstan in forum ICT KS3 SATS Tests
    Replies: 15
    Last Post: 28th March 2007, 08:59 AM
  5. Replies: 14
    Last Post: 9th March 2007, 11:53 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •