May 2011 IT Business Consulting Newsletter

Use Group Policy to Centrally Tune YOUR Business Computing Environment…

- It’s Free!

By Tom K

If your Business runs on a Windows network, as do most, you have access to an awesome tool that allows you to centrally manage settings and properties for all of your Users, PCs, and Servers… and it’s free!

In this month’s newsletter I discuss Microsoft’s Group Policy and the Group Policy Manager – what it is, how it works, and how it can help you manage your very important business computing environment.

What Is Group Policy Manager?

Group Policy Manager is an included component in all Windows networks using Active Directory. It is a management tool that allows you to control literally thousands of properties of your PCs, Servers, and Users. These properties include such simple things as whether to display certain types of alerts on a PC, to some very important properties, like how the PC firewalls are configured and defining User password complexity requirements.

How Does Group Policy Manager Work?

Many policies are included with Windows by default, and these default policies can be edited to suit the needs of your Business. Most often, we create a new policy when the need arises to control a given aspect (set of properties) of all your Users, all your PCs, all your servers, or a subset of these. A wonderful feature of Group Policy is its ability to apply different policies to different sets of users and devices. For instance, we can apply one very restrictive policy to all the reservations staff PCs, and a similar but less restrictive policy to all management PCs, and a much less restrictive policy to the Owner’s PC.

Central management is very simple with Group Policy. Once we create a policy using the Group Policy Console, we create a “container” to which the policy applies. We then add PCs (&/or servers or users) to the container, via drag and drop. The next time a PC reboots or a user logs in, the policy is applied. We can apply several policies to any container, and can include a single device/user in multiple containers, so the system is extremely flexible.

The Group Policy Console includes a modeling tool so you can test the effects of a new policy & determine which devices/users will be affected before it is actually deployed. The Console also includes a very nice report generator that lists the settings of a selected policy and the devices/users that the policy controls.

What can YOU do with Group Policy?

Here’s a short list of some of the things I’ve used Group Policy to do across the Client environments I manage:

  • Save a walk to every PC
  • Control PC Firewall settings
  • Prevent non-notified program execution
  • Control MS Update settings
  • Set network password rules
  • Control Web surfing
  • Remove PC features/settings from user access
  • Edit the registry on all PCs
  • Set the IE home Page
  • Clean up effects of a virus attack
  • Control settings in MS Office and set defaults
  • Install Software on all or selected PCs

I use Group Policies in every environment I manage. It allows me to very granularly tweak users and devices across the whole enterprise (often multiple locations) without leaving my chair. While not at all flashy, it is a tool that I’d never be without.

As always, if you have any questions or comments concerning this article, I’d be happy to discuss them with you at your convenience. Feel free to contact me at, or via my cell 443.310.5110.

Next month I’ll discuss VPNs (Virtual Private Networks). These gems allow you to connect remote offices securely and inexpensively, and enable your staff to work remotely from anywhere. See "Virtual Private Networks (VPNs) – a key Business Enabler".