The GPTalk Mailing List

The GPTALK mailing list is where you can send and receive email related to Windows Group Policy. You must subscribe to the list to send and receive mail from the list. The purpose of the list is to provide a forum for asking and answering technical questions related to Group Policy. Any question is fair game as long as it is related to Windows Group Policy. The Archives for this list can be found on this page.

List Posts

Unanswered Active Topics

Forums Search

Forums >GPTalk >GPTalk Mailing List

Subject: [gptalk] Group Policy AD setup basic infrastructure

Prev Next

You are not authorized to post a reply.

Author

Messages

arlesterc

Posts:0

12/16/2009 2:54 PM
Folks, I have viewed several GPOGuyWebcasts and was very impressed with the quality and common sense of the presentations so I am writing here in order to get some more of the same for my specific situation. When I started out with Terminal Services on Windows 2000 I used as a guide a book from Todd Mathers called Windows NT/2000 Thin Client Solutions and have been using his recommendations ever since. We are not planning to go to Windows 2008 and I thought it might be a good time to review our methodology and have a second pair of eyes/experience look over. I'm not sure if anybody responding will be familiar with the book but here are the steps recommended in the book that we have implemented: 1) Create a separate Terminal Services OU in the domain 2) Under the TS OU create two OU's - Terminal Servers and Terminal Server User Groups 3) Create 3 GPO's and apply to the Terminal Servers OU a) TSServers Enable Block Policy inheritance Disable User Configuration Settings Permission: Authenticated Users System TS-Admins Full Control Read Allow Allow Allow Write Allow Allow Create Child Objects Allow Allow Delete Child Objects Allow Allow Apply Group Policy Allow Loopback Policy - replace mode Delete Cached Copies of Roaming Profiles b) AllTSUsers Policy (Includes Admin) Disable Computer Configuration Settings Permission: Authenticated Users System TS-Admins Full Control Allow Read Allow Allow Allow Write Allow Allow Create Child Objects Allow Allow Delete Child Objects Allow Allow Apply Group Policy Allow Allow Enable: Do Not Track Shell Shortcuts During Roaming Enable: Disable UI to Change Menu Animation Settings Enable: Add Logoff to the Start Menu Enable: Disable and REmove the Shut Down Command Enable: Do Not Use the Search-based Method When Resolving Shell Shortcuts Enable: No Screen Saver Enable: Group Policy Refresh Interval - 1440 (24 hours) c) RegularTSUSERS (not including Admins) Disable Computer Configuration Settings Permission: Authenticated Users System TS-Admins Full Control Read Allow Allow Allow Write Allow Allow Create Child Objects Allow Allow Delete Child Objects Allow Allow Apply Group Policy Allow Deny Wndows Settings\Folder Redirection - I redirect My Documents and Application Data to a network share Administrative Templates\Windows Components\Windows Explorer Enable: Removes the Folder Options Menu From the Tools Menu Enable: Hide Hardware Tab Administrative Templates\Start Menu & Taskbar Enable: Disable and Remove Links to Windows Update Enable: Remove Network & Dial-up Enable: Disable Changes to Taskbar and Start Menu Settings Administrative Templates\Desktop Enable: Prohibit User From Changing My Documents Path Administrative Templates\Control Panel Enable: Disable Control Panel Administrative Templates\Systems Enable: Disable Registry Editing Options I would appreciate if somebody could critique the above for our present 2000 environment - how we might do things different and better - we are still going to be running 2000 for another year - and also offer some guidance as to how we should modify the above for 2008 R2. Any input is appreciated in advance, Arlester Christian

You are not authorized to post a reply.

Forums >GPTalk >GPTalk Mailing List > [gptalk] Group Policy AD setup basic infrastructure

ActiveForums 3.7

Ads

The GPTalk Mailing List

List Posts

Members

Ads