Computer Side Group Policy
Here we will our separate our computers into two OU's Standard and Privileged. Then create a new GPO to apply to only the Standard computers.
Ex : NY computers will have two sub-folders Standard and Privileged computers.
Policies which we are going to set down on Standard computers:
* Turn off the windows siderbar
*Turn off that welcome screen
*User account control.
*Turn on Loopback Processing to ensure that whoever logs on to the machine always gets this policy applied to them.
*Ensure that any local group policies do not run (Because they may interfere with our Domain/OU policies )
Loopback processing settings override or add to user settings, even though the user account isn't even linked too..!
*Prompt for elavation prompt for standard users.
Lets go ahead and create a new GPO just for the Mapped drives and link it to the NYUsers OU and let inheritance push it down to the other child ou's inside of it.
*Create a Mapped drive GPO for Nyuers and go to user configuration > Preferences> Windows Settings > Drive Maps > Right click at right side > New drive > In general select > Create > In location give the path of the shared folder > choose drive letter > Show this drive > Ok.
You can add software updates by going toPreferences> Windows Settings > Files > and browsing the select patch. Then user need to go install updates option to allow this patch.
SOFTWARE DEPLOYEMENT - SOFTWARE INSTALLATION THROUGH GPO.
*First you need .msi file of the software for installation.
*You can convert .exe files through third party applications.
* A shared folder for the software to live in that all your users and computers have at least read acess to..
* A new GPO linked to the appropriate OU.
You can set up a software installation GPo for users or computers.
For computres, you need to go COmputer configuration > Policies > Software settings > Software installation.
For users, You need to User configuration > Policies > Software settings > Software installation
There are three methods to deploy a software;
*Published : If you set it up for specific users or user groups, you can publish the software so they can instal it on demand.
*Assign : Used this option so it installs on the next client restart.
*Advanced : You can configure Assign settings.
*If you set up the GPo on the Computers side, you can't publish- only assign.
*Use your best judgement based on who needs the software and when picking which side of a GPO to use for software installs.
1. Now create a shared folder on the member server named software.
2. Create a folder inside softwere name anything related to software ex : PDF and put the pdf.msi package thre.
(Note : Always create new folders for each software package to make the process nice and easy.)
3. Create a new GPO and link it to the NYcomputers OU. Name it pdfinstall.
4. In the computers section of the GPO, we'll go the software setings unders policies to get to the software installation settings.
5. Create a new package by right clicking and selecting new > package.
6. Select the MSI file and select any options.
7. Run Gpupdate /force from the server.
8. Have your users reboot their client machines.
*GPSI - GROUP POLICY SOFTWARE INSTALLATION , a policy that allows installation of software to computers with accounts within the scope of the group policy object.
*MSI - MICROSOFT INSTALLER
*PUBLISH - Option to make software available to install on demand.
*ASSIGN - Option to install software automatically on computer restart.
Here we will our separate our computers into two OU's Standard and Privileged. Then create a new GPO to apply to only the Standard computers.
Ex : NY computers will have two sub-folders Standard and Privileged computers.
Policies which we are going to set down on Standard computers:
* Turn off the windows siderbar
*Turn off that welcome screen
*User account control.
*Turn on Loopback Processing to ensure that whoever logs on to the machine always gets this policy applied to them.
*Ensure that any local group policies do not run (Because they may interfere with our Domain/OU policies )
Loopback processing settings override or add to user settings, even though the user account isn't even linked too..!
*Prompt for elavation prompt for standard users.
Lets go ahead and create a new GPO just for the Mapped drives and link it to the NYUsers OU and let inheritance push it down to the other child ou's inside of it.
*Create a Mapped drive GPO for Nyuers and go to user configuration > Preferences> Windows Settings > Drive Maps > Right click at right side > New drive > In general select > Create > In location give the path of the shared folder > choose drive letter > Show this drive > Ok.
You can add software updates by going toPreferences> Windows Settings > Files > and browsing the select patch. Then user need to go install updates option to allow this patch.
SOFTWARE DEPLOYEMENT - SOFTWARE INSTALLATION THROUGH GPO.
*First you need .msi file of the software for installation.
*You can convert .exe files through third party applications.
* A shared folder for the software to live in that all your users and computers have at least read acess to..
* A new GPO linked to the appropriate OU.
You can set up a software installation GPo for users or computers.
For computres, you need to go COmputer configuration > Policies > Software settings > Software installation.
For users, You need to User configuration > Policies > Software settings > Software installation
There are three methods to deploy a software;
*Published : If you set it up for specific users or user groups, you can publish the software so they can instal it on demand.
*Assign : Used this option so it installs on the next client restart.
*Advanced : You can configure Assign settings.
*If you set up the GPo on the Computers side, you can't publish- only assign.
*Use your best judgement based on who needs the software and when picking which side of a GPO to use for software installs.
1. Now create a shared folder on the member server named software.
2. Create a folder inside softwere name anything related to software ex : PDF and put the pdf.msi package thre.
(Note : Always create new folders for each software package to make the process nice and easy.)
3. Create a new GPO and link it to the NYcomputers OU. Name it pdfinstall.
4. In the computers section of the GPO, we'll go the software setings unders policies to get to the software installation settings.
5. Create a new package by right clicking and selecting new > package.
6. Select the MSI file and select any options.
7. Run Gpupdate /force from the server.
8. Have your users reboot their client machines.
*GPSI - GROUP POLICY SOFTWARE INSTALLATION , a policy that allows installation of software to computers with accounts within the scope of the group policy object.
*MSI - MICROSOFT INSTALLER
*PUBLISH - Option to make software available to install on demand.
*ASSIGN - Option to install software automatically on computer restart.
No comments:
Post a Comment