Group Policy Scritps
I need help with this situation: We are loading well over 200 Dell Machines with WindowsXP Pro and have to make changes to group policies. The issue we are having is we want to streamline it so everyone gets the same settings and we don't lockout Joe User from anything.
I need help with this situation:
We are loading well over 200 Dell Machines with WindowsXP Pro and have to make changes to group policies.
The issue we are having is we want to streamline it so everyone gets the same settings and we don't lockout Joe User from anything. Does Anyone know how to script changes to GP?
I'd really appreciate the help.
THanks
We are loading well over 200 Dell Machines with WindowsXP Pro and have to make changes to group policies.
The issue we are having is we want to streamline it so everyone gets the same settings and we don't lockout Joe User from anything. Does Anyone know how to script changes to GP?
I'd really appreciate the help.
THanks
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
If all machines are identical and all people need the same setup then here is what I would do:
1. Setup one machine with all updates, programs, and one admin user
2. use sysprep program to setup the machine for ghosting. Here is a URL on how to do this http://www.microsoft.com/windowsxp/pro/using/itpro/deploying/duplication.asp
3. ghost the machine with multicast to a server
4. setup a multicast session to ghost all 200 machines at once
1. Setup one machine with all updates, programs, and one admin user
2. use sysprep program to setup the machine for ghosting. Here is a URL on how to do this http://www.microsoft.com/windowsxp/pro/using/itpro/deploying/duplication.asp
3. ghost the machine with multicast to a server
4. setup a multicast session to ghost all 200 machines at once
Silver Dagger has the correct concept, though ease of administration dictates a centralized repository of manageable rules.
Therefore, are you using a windows 2000 or 2003 domain to establish a single security context? If you are, you can establish GPOs at the domain, site, and/or OU level which will affect all 200 machines. And through that, a single change on a GPO will be propagated to all those machines without having to visit each one to make that change.
For deployment, if you dont have Ghost or any other duplication software, you can always use RIS.
Anymore specific questions?
Therefore, are you using a windows 2000 or 2003 domain to establish a single security context? If you are, you can establish GPOs at the domain, site, and/or OU level which will affect all 200 machines. And through that, a single change on a GPO will be propagated to all those machines without having to visit each one to make that change.
For deployment, if you dont have Ghost or any other duplication software, you can always use RIS.
Anymore specific questions?
What are you looking to control? As DS3 mentions, policy management is something that AD was bred for and it works wonderfully (especially with XP Pro as it has many more options for management than Win2K does out of the box). When you mean that you are looking to not lockout someone, what are you afraid of locking/unlocking? I think we are just missing what you need out of this.
We have 250 Dell boxes preloaded with Winodws XP.
We have to make sure that each machine has certain local Policies set such as:
Screen Saver Timeout
Interactive login don't show last username
ETC.
All we have control over is the clients themselves. THe servers are in San Fransico, so we cannot change anything on that end.
I need to be able to set policies on each machine exactly the same as all the others.
As of right now we are manually editing the GP, and considering there are about 7 or 8 different policies we set, there is room for error (what i meant by locking someone out) and it is time consuming.
I just need to be able to:
Import those GP settings to each machine to make sure we get them right and also to save time
I hope I explained better this time
Thanks
We have to make sure that each machine has certain local Policies set such as:
Screen Saver Timeout
Interactive login don't show last username
ETC.
All we have control over is the clients themselves. THe servers are in San Fransico, so we cannot change anything on that end.
I need to be able to set policies on each machine exactly the same as all the others.
As of right now we are manually editing the GP, and considering there are about 7 or 8 different policies we set, there is room for error (what i meant by locking someone out) and it is time consuming.
I just need to be able to:
Import those GP settings to each machine to make sure we get them right and also to save time
I hope I explained better this time
Thanks
And they will not let you TS in to the server, or let you export the template so they can import it? Basically, the system isn't friendly to your scenario at all. I did something like that once, where I setup one policy that set a path to pick up future policies (back with NT4) and it was spotty at best.
Quote:and it was spotty at best
Agreed.
Are these machines going to be placed in a domain? Or are they all just standalone / kiosk PCs? This sounds more "politcal" than truly anything else. If these machines are being placed in a domain, then any settings you apply, by default, will be overwritten by global group policies.
Agreed.
Are these machines going to be placed in a domain? Or are they all just standalone / kiosk PCs? This sounds more "politcal" than truly anything else. If these machines are being placed in a domain, then any settings you apply, by default, will be overwritten by global group policies.
