Group Policies: Difference between revisions
(GP - added header) |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
The Group Policies determine global settings and set behaviour either for single servers or for Server groups. | The Group Policies determine global settings and set behaviour either for single servers or for Server groups. | ||
The below list contains their names and description: | The management console is accessible from [[Mercury]]. The below list contains their names and description, listed as they appear in the console: | ||
<strong>EasyPrint order - Terminal Servers</strong> | |||
Sets EasyPrint precedence over the Native printer driver (one which has to mirror the connected user's machine printer driver) | |||
<strong>Freelancer lockdown - Terminal servers</strong> | |||
Creates a 'bare' Desktop and no access to shared drives - used for people who only need to login to TS and use a single application with access to internet. | |||
<strong>Idle session logoff</strong> | |||
Makes sure all disconnected sessions (the user only clicks the cross at the top of the screen) are gracefully logged of after 6 hours. | |||
<strong>Local Admin password expiry</strong> | |||
There are cases where we need to use the server's local admin login for maintenance (even if the server is a member of domain). This group policy makes sure the server's local Administrator account's password never expires. | |||
<strong>No pinned Server Manager and PowerShell</strong> | |||
This is to fix a known Microsoft issue where any newly added Remote Desktop user has Server Manager and PowerShell shortcuts pinned to his quick launch. Not, if using this GP. | |||
<strong>Prohibited TS users</strong> | |||
Restricts network and resource access to Kiosk RDP users and 3rd party contractors. | |||
<strong>VNC Ctrl-Alt-Del</strong> | |||
Disables UAC (user account control) above the VNC service. This allows a user to send the Ctrl-Alt-Del from his remote session without getting blocked by UAC. | |||
<strong>WSUS</strong> | |||
Sets the apply time, frequency and address of the central Windows Update server (currently hosted on Abydos). All servers report and pull data from this machine. | |||
Latest revision as of 11:11, 6 February 2017
The Group Policies determine global settings and set behaviour either for single servers or for Server groups.
The management console is accessible from Mercury. The below list contains their names and description, listed as they appear in the console:
EasyPrint order - Terminal Servers
Sets EasyPrint precedence over the Native printer driver (one which has to mirror the connected user's machine printer driver)
Freelancer lockdown - Terminal servers
Creates a 'bare' Desktop and no access to shared drives - used for people who only need to login to TS and use a single application with access to internet.
Idle session logoff
Makes sure all disconnected sessions (the user only clicks the cross at the top of the screen) are gracefully logged of after 6 hours.
Local Admin password expiry
There are cases where we need to use the server's local admin login for maintenance (even if the server is a member of domain). This group policy makes sure the server's local Administrator account's password never expires.
No pinned Server Manager and PowerShell
This is to fix a known Microsoft issue where any newly added Remote Desktop user has Server Manager and PowerShell shortcuts pinned to his quick launch. Not, if using this GP.
Prohibited TS users
Restricts network and resource access to Kiosk RDP users and 3rd party contractors.
VNC Ctrl-Alt-Del
Disables UAC (user account control) above the VNC service. This allows a user to send the Ctrl-Alt-Del from his remote session without getting blocked by UAC.
WSUS
Sets the apply time, frequency and address of the central Windows Update server (currently hosted on Abydos). All servers report and pull data from this machine.