SlideShare a Scribd company logo

Using GPOs to Configure and Tune Desktops

Download as PPTX, PDF
Unidesk Corporation
Unidesk Corporation

Using GPOs to Configure and Tune Desktops discusses how Group Policy Objects (GPOs) can be used as an alternative to directly editing the registry (registry "hacks") to configure and tune desktop environments. The document outlines why GPOs are preferable to registry hacks, provides examples of common GPO configurations like Windows settings, services, and user profiles. It also covers policy basics, templates, and tools to help implement GPO-based configurations and tuning.

Technology
1 of 36
Downloaded 54 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Using GPOs to Configure and Tune DesktopsLiving without Registry ‘Hacks’Ron Oglesby @RonOglesbyNOT A UNIDESK COMMERCIAL
Gabe asked about golf cartsCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
AgendaWhy use GPOs?Policy BasicsPolicies Vs PreferencesDesktop Configurations ADMs and ADMX/ADMLsTools you can use as venture into GPOs
Why do we hack the registryTune the OSSet defaultsHide things from usersOthers…But is a hack a policy?Policies can be used for more than just registry changes
Why use GPOs and Not Reg hacks???Documentation….How do to remove this spoiler?Without opening the trunk?
What do GPOs TYPICALLY get used for?Windows Settings like folder redirectionHiding icons and Windows optionsConfiguring browser settingsSetting permissions? SometimesConfiguring Office or other app settings…Adding Users.. Occasionally.
Login Times and the default profile????Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
Common tasks in tuning the VDI image?Add and modify local security accounts (at times)Disable / reconfigure ServicesTune the local OS parameters File System, desktop display, TCP parameters, etc, etcTune the user profile (like Menu show delay)Configure applications (like IE)Sometimes even create folders and move items like tools into the imageCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
Policy BasicsGPO Processing and Trigger eventsGPUPDATE /FORCE
Policy BasicsComputer Configvs User ConfigCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
Policy BasicsPolicy Vs Preferences…..Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
Policy BasicsPreferences added in Win 2008Allow for SIMPLE config of numerous settingsNo Templates needed!Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
Policy TemplatesTraditionally known as Policy ADMs (ADMX now)Set the options you see in the GPOsOften created by the App vendors or industrious System Engineers
ADM files are TXT filesCLASS xxx - User or MachineCATEGORY xxx - Major heading. “Windows Update”KEYNAME xxx “Software\Microsoft\Office\12.0\Oulook” Policy xxx - name of Policy shown in GPO editorVALUENAME xxx - Registry entry we are changingEND POLICYEND CATEGORY
Using GPOs to Configure and Tune Desktops
ADM file ExampleCLASS MACHINECATEGORY !!ReaderPOLICY !!Checkforupdatesatstart KEYNAME "Software\Adobe\Acrobat Reader\9.0\AVGeneral" EXPLAIN !!Checkforupdatesatstart_Help VALUENAME "bCheckForUpdatesAtStartup"VALUEON NUMERIC 1VALUEOFF NUMERIC 0 END POLICYEND CATEGORY
ADM vs ADMXADMX are the ‘new’ ADMXML basedPolicies/operative section of the policy are contained in ADMXADML are language specific filesNot stored in individual policies, can be stored in 1 central location in enterprise environmentsWill (by default) supersede existing ADM files (Inetres.adm, system.adm, etc) or can be created to supersede and existing ADMCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
ADMX file sample comparison<categories> <category name="Reader" displayName="$(string.Reader)" /></categories> <policies> <policy name="Checkforupdatesatstart" class="Machine" displayName="$(string.Checkforupdatesatstart)" explainText="$(string.Checkforupdatesatstart_Help)" presentation="$(presentation.Checkforupdatesatstart)" key="Software\Adobe\Acrobat Reader\9.0\AVGeneral" valueName="bCheckForUpdatesAtStartup"> <parentCategory ref="Reader" /> <supportedOn ref="SUPPORTED_NotSpecified" /><enabledValue> <decimal value="1" /> </enabledValue> <disabledValue> <decimal value="0" /> </disabledValue> </policy>Group Policy Samples from Microsoft:http://www.microsoft.com/downloads/en/details.aspx?FamilyId=3D7975FF-1242-4C94-93D3-B3091067071A&displaylang=enCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
ADM file ExampleCLASS MACHINECATEGORY !!ReaderPOLICY !!CheckforupdatesatstartKEYNAME "Software\Adobe\Acrobat Reader\9.0\AVGeneral" EXPLAIN !!Checkforupdatesatstart_Help VALUENAME "bCheckForUpdatesAtStartup"VALUEON NUMERIC 1VALUEOFF NUMERIC 0 END POLICYEND CATEGORYCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
Building your own? Start with ADM files if you haven’t already.Then convert them w/ the ADM to ADMX converterThe hardest part is not building the text file….Its finding the registry keys
Ron’s rules for Policies Vs Preferences…When to use a policySomething that the usermay have access to but I don’t want them to change IE security, connectivity, or application settingsWhen to use a preferenceWhen I set a default setting that they may changeIE default start page or default short cuts on the desktopWhen I want to change a registry setting that they do not have a GUI to changeDefault user screen saver, machine settings like NTFS last access time stamp, etc.
Policy Preference Options CreateCreate the object (reg entry, drive mapping, etc, etc)Will do nothing if the entry/object already existsReplaceDelete existing setting (if exist) and create a new objectUpdate Modification of an existing objectWill create if it does not existDelete
Preference Common SettingsCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
Preference WARNINGSThese are like defaults NOT Policies….These can tattoo the machineNewer policies do not tattoo. That was a benefit of getting away from some of the old school NT type policiesRegistry changes made via Preferences can leave a tattoo after removal of policy UNLESS you counter/remove the VM from having the policy apply.Other changes (Directories, User/group modifications or additions) also stickPreferences are basically like your image “HACK” but with management….
So let’s look at how you can do this in a PolicyCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
Windows 7 Services ExamplesDesktop Window Manager Session managerDisk DefragmenterDiagnostic Policy ServicesIP helper (if no IPv6)Security CenterSuperfetchThemes Service (classic interface)Windows DefenderWindows SearchWindows Updatehttp://www.vmware.com/files/pdf/VMware-View-OptimizationGuideWindows7-EN.pdf
DemoCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
Windows Settings ExamplesRecycle Bin – Do not move files to recycle bin Screen saver (XP disable .default screen saver, Win7 Blank)Disable System RestoreUAC settingsWindows Update disabledTune the file system (last access time stamp, 8.3 file names, etc)Remove Tablet PC components (or disable services)Project VRC Phase III – www.projectvrc.nlCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
DemoCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
User Tuning?Focus on HKCUIE and other application settingsGraphics/video settingsCustomer templates are out there and checkout PolicyPak.com Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
DemoCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
Finding the Registry EntryGOOGLE http://lmgtfy.com/RegSnap/Registry Monitoring ToolsGood old fashion digging and guessing!My Favorite:SysTracerhttp://www.blueproject.ro/systracer
You didn’t convince me Ron!Windows Enablerhttp://www.bluemoonpcrepair.com/wp/?p=39http://www.wincert.net/tips/microsoft-windows/windows-7/2109-how-to-copy-a-user-profile-on-windows-7.htmlPierre’s VUEM - VirtuAllUser Environment Managerhttp://www.virtualdesktops.info/Products.aspxLogin scripts, User configs, Printer configs, registry values, Port mapping, and File and folder operations.Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
Where to start?GPAnswers.com http://www.gpanswers.com/resources/gp-tips-and-tricks.htmlPolicyPak.com http://policypak.com/Off 2007 Policy Templateshttp://www.microsoft.com/downloads/en/details.aspx?FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7&displaylang=enOff 2010 Policy Templateshttp://www.microsoft.com/downloads/en/details.aspx?FamilyID=64B837B6-0AA0-4C07-BC34-BEC3990A7956&displaylang=enUsing GPOs to Customize XenApphttp://support.citrix.com/proddocs/index.jsp?topic=/online-plugin-110-windows/ica-import-icaclient-template-v2.htmlIE 9 Preferences not working?http://blogs.technet.com/b/asiasupp/archive/2011/03/30/internet-explorer-9-ie9-group-policy-preferences-gpp.aspxXenApp Blog’s XenApp and XenDesktop Policieshttp://www.xenappblog.com/downloads/
ADM/Xs and Policy references? Microsoft ADM to AMDX migrator?http://www.microsoft.com/downloads/en/details.aspx?FamilyID=0F1EEC3D-10C4-4B5F-9625-97C2F731090CGroup Policy Settings References from MS?http://www.microsoft.com/downloads/en/details.aspx?FamilyID=18c90c80-8b0a-4906-a4f5-ff24cc2030fbGroup Policy ADMX Syntax Guide:http://technet.microsoft.com/en-us/library/cc753471(WS.10).aspxGroup Policy Survival Guidehttp://technet.microsoft.com/en-us/library/cc754151(WS.10).aspxManaging with ADMX fileshttp://technet.microsoft.com/en-us/library/cc709647(WS.10).aspx
Q&AOpen DiscussionRon Oglesbyron.unidesk.comTwitter: @ronoglesby

More Related Content

Similar to Using GPOs to Configure and Tune Desktops (20)

PPTX
Group policy preferences
Rob Dunn
 
PPTX
Useful Group Policy Concepts
Rob Dunn
 
PPT
Ad group policy1
denogx
 
PDF
10 things group policy preferences does better
Gol D Roger
 
PPTX
Win Connections Group Policy Changes (Harold W)
Harold Wong
 
PPTX
Win Connections Group Policy Changes ( Harold W)
Harold Wong
 
PPT
Configuring Windows Using Group Policy.ppt
sudsdeep
 
PPTX
GeekOn with Ron #4: Tuning and Optimizing Your Gold Image
Unidesk Corporation
 
PDF
Environment Manager Policy
Ivanti
 
PPT
STSADM Automating SharePoint Administration - Tech Ed South East Asia 2008 wi...
Joel Oleson
 
PPTX
10 implementing GPOs
Hameda Hurmat
 
DOC
Deploying office 2010 via group policy
Naresh Gotad
 
PPT
Front-end performances
Smile I.T is open
 
PPTX
Windows Accelerate IT Pro Bootcamp: Platform Delivery (Module 2 of 8)
Intergen
 
PDF
Odoo V8 Installation
Emipro Technologies Pvt. Ltd.
 
PPT
Introduction to Mangento
Ravi Mehrotra
 
PPT
Mangento
Ravi Mehrotra
 
PPTX
Dba tips and_tricks
InSync Conference
 
PDF
Does DITA need XML? Lightweight DITA and HTML5
Michael Priestley
 
ODP
dJango
Bob Chao
 
Group policy preferences
Rob Dunn
 
Useful Group Policy Concepts
Rob Dunn
 
Ad group policy1
denogx
 
10 things group policy preferences does better
Gol D Roger
 
Win Connections Group Policy Changes (Harold W)
Harold Wong
 
Win Connections Group Policy Changes ( Harold W)
Harold Wong
 
Configuring Windows Using Group Policy.ppt
sudsdeep
 
GeekOn with Ron #4: Tuning and Optimizing Your Gold Image
Unidesk Corporation
 
Environment Manager Policy
Ivanti
 
STSADM Automating SharePoint Administration - Tech Ed South East Asia 2008 wi...
Joel Oleson
 
10 implementing GPOs
Hameda Hurmat
 
Deploying office 2010 via group policy
Naresh Gotad
 
Front-end performances
Smile I.T is open
 
Windows Accelerate IT Pro Bootcamp: Platform Delivery (Module 2 of 8)
Intergen
 
Odoo V8 Installation
Emipro Technologies Pvt. Ltd.
 
Introduction to Mangento
Ravi Mehrotra
 
Mangento
Ravi Mehrotra
 
Dba tips and_tricks
InSync Conference
 
Does DITA need XML? Lightweight DITA and HTML5
Michael Priestley
 
dJango
Bob Chao
 

More from Unidesk Corporation (14)

PPTX
VDI Mission Accomplished: U.S. Federal Agency Improves Client Computing Secur...
Unidesk Corporation
 
PPTX
GeekOn with Ron #5: Storage Deep Dive with Special Guest
Unidesk Corporation
 
PPTX
GeekOn with Ron - Session #3: VDI Challenges in your Remote Office/Branch Office
Unidesk Corporation
 
PPTX
Get Your GeekOn With Ron - Session Two: Local Storage vs Centralized Storage ...
Unidesk Corporation
 
PPTX
Get Your GeekOn with Ron - Session One: Designing your VDI Servers
Unidesk Corporation
 
PPT
Future-Proof Your Desktops - How City of Kent is Implementing VDI for 800 Wor...
Unidesk Corporation
 
PPTX
Server Virtualization: Success - VDI: not so much... Why?
Unidesk Corporation
 
PPTX
Server Virtualization - Smashing Success! Desktop Virtualization - Not So Mu...
Unidesk Corporation
 
PPTX
VMware & Unidesk Customer Webinar: Menlo College
Unidesk Corporation
 
PPT
VMware & Unidesk Customer Webinar: Wisconsin Department of Children and Families
Unidesk Corporation
 
PPTX
Make VDI Personal, Make VDI for Everyone
Unidesk Corporation
 
PPTX
Unidesk and VMware Customer Webinar: Ohio Department of Developmental Disabil...
Unidesk Corporation
 
PPTX
A Fresh Look at the Virtual Desktop Landscape with The 451 Group
Unidesk Corporation
 
PPTX
Desktop Virtualization Easy with Zero Clients and Desktop Layering
Unidesk Corporation
 
VDI Mission Accomplished: U.S. Federal Agency Improves Client Computing Secur...
Unidesk Corporation
 
GeekOn with Ron #5: Storage Deep Dive with Special Guest
Unidesk Corporation
 
GeekOn with Ron - Session #3: VDI Challenges in your Remote Office/Branch Office
Unidesk Corporation
 
Get Your GeekOn With Ron - Session Two: Local Storage vs Centralized Storage ...
Unidesk Corporation
 
Get Your GeekOn with Ron - Session One: Designing your VDI Servers
Unidesk Corporation
 
Future-Proof Your Desktops - How City of Kent is Implementing VDI for 800 Wor...
Unidesk Corporation
 
Server Virtualization: Success - VDI: not so much... Why?
Unidesk Corporation
 
Server Virtualization - Smashing Success! Desktop Virtualization - Not So Mu...
Unidesk Corporation
 
VMware & Unidesk Customer Webinar: Menlo College
Unidesk Corporation
 
VMware & Unidesk Customer Webinar: Wisconsin Department of Children and Families
Unidesk Corporation
 
Make VDI Personal, Make VDI for Everyone
Unidesk Corporation
 
Unidesk and VMware Customer Webinar: Ohio Department of Developmental Disabil...
Unidesk Corporation
 
A Fresh Look at the Virtual Desktop Landscape with The 451 Group
Unidesk Corporation
 
Desktop Virtualization Easy with Zero Clients and Desktop Layering
Unidesk Corporation
 
Ad

Recently uploaded (20)

PDF
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PDF
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
DOCX
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
PDF
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PDF
July Patch Tuesday
Ivanti
 
PDF
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
PDF
Staying Human in a Machine- Accelerated World
Catalin Jora
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
July Patch Tuesday
Ivanti
 
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
Staying Human in a Machine- Accelerated World
Catalin Jora
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
Ad

Using GPOs to Configure and Tune Desktops

  • 1. Using GPOs to Configure and Tune DesktopsLiving without Registry ‘Hacks’Ron Oglesby @RonOglesbyNOT A UNIDESK COMMERCIAL
  • 2. Gabe asked about golf cartsCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 3. AgendaWhy use GPOs?Policy BasicsPolicies Vs PreferencesDesktop Configurations ADMs and ADMX/ADMLsTools you can use as venture into GPOs
  • 4. Why do we hack the registryTune the OSSet defaultsHide things from usersOthers…But is a hack a policy?Policies can be used for more than just registry changes
  • 5. Why use GPOs and Not Reg hacks???Documentation….How do to remove this spoiler?Without opening the trunk?
  • 6. What do GPOs TYPICALLY get used for?Windows Settings like folder redirectionHiding icons and Windows optionsConfiguring browser settingsSetting permissions? SometimesConfiguring Office or other app settings…Adding Users.. Occasionally.
  • 7. Login Times and the default profile????Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 8. Common tasks in tuning the VDI image?Add and modify local security accounts (at times)Disable / reconfigure ServicesTune the local OS parameters File System, desktop display, TCP parameters, etc, etcTune the user profile (like Menu show delay)Configure applications (like IE)Sometimes even create folders and move items like tools into the imageCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 9. Policy BasicsGPO Processing and Trigger eventsGPUPDATE /FORCE
  • 10. Policy BasicsComputer Configvs User ConfigCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 11. Policy BasicsPolicy Vs Preferences…..Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 12. Policy BasicsPreferences added in Win 2008Allow for SIMPLE config of numerous settingsNo Templates needed!Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 13. Policy TemplatesTraditionally known as Policy ADMs (ADMX now)Set the options you see in the GPOsOften created by the App vendors or industrious System Engineers
  • 14. ADM files are TXT filesCLASS xxx - User or MachineCATEGORY xxx - Major heading. “Windows Update”KEYNAME xxx “Software\Microsoft\Office\12.0\Oulook” Policy xxx - name of Policy shown in GPO editorVALUENAME xxx - Registry entry we are changingEND POLICYEND CATEGORY
  • 16. ADM file ExampleCLASS MACHINECATEGORY !!ReaderPOLICY !!Checkforupdatesatstart KEYNAME "Software\Adobe\Acrobat Reader\9.0\AVGeneral" EXPLAIN !!Checkforupdatesatstart_Help VALUENAME "bCheckForUpdatesAtStartup"VALUEON NUMERIC 1VALUEOFF NUMERIC 0 END POLICYEND CATEGORY
  • 17. ADM vs ADMXADMX are the ‘new’ ADMXML basedPolicies/operative section of the policy are contained in ADMXADML are language specific filesNot stored in individual policies, can be stored in 1 central location in enterprise environmentsWill (by default) supersede existing ADM files (Inetres.adm, system.adm, etc) or can be created to supersede and existing ADMCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 18. ADMX file sample comparison<categories> <category name="Reader" displayName="$(string.Reader)" /></categories> <policies> <policy name="Checkforupdatesatstart" class="Machine" displayName="$(string.Checkforupdatesatstart)" explainText="$(string.Checkforupdatesatstart_Help)" presentation="$(presentation.Checkforupdatesatstart)" key="Software\Adobe\Acrobat Reader\9.0\AVGeneral" valueName="bCheckForUpdatesAtStartup"> <parentCategory ref="Reader" /> <supportedOn ref="SUPPORTED_NotSpecified" /><enabledValue> <decimal value="1" /> </enabledValue> <disabledValue> <decimal value="0" /> </disabledValue> </policy>Group Policy Samples from Microsoft:http://www.microsoft.com/downloads/en/details.aspx?FamilyId=3D7975FF-1242-4C94-93D3-B3091067071A&displaylang=enCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 19. ADM file ExampleCLASS MACHINECATEGORY !!ReaderPOLICY !!CheckforupdatesatstartKEYNAME "Software\Adobe\Acrobat Reader\9.0\AVGeneral" EXPLAIN !!Checkforupdatesatstart_Help VALUENAME "bCheckForUpdatesAtStartup"VALUEON NUMERIC 1VALUEOFF NUMERIC 0 END POLICYEND CATEGORYCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 20. Building your own? Start with ADM files if you haven’t already.Then convert them w/ the ADM to ADMX converterThe hardest part is not building the text file….Its finding the registry keys
  • 21. Ron’s rules for Policies Vs Preferences…When to use a policySomething that the usermay have access to but I don’t want them to change IE security, connectivity, or application settingsWhen to use a preferenceWhen I set a default setting that they may changeIE default start page or default short cuts on the desktopWhen I want to change a registry setting that they do not have a GUI to changeDefault user screen saver, machine settings like NTFS last access time stamp, etc.
  • 22. Policy Preference Options CreateCreate the object (reg entry, drive mapping, etc, etc)Will do nothing if the entry/object already existsReplaceDelete existing setting (if exist) and create a new objectUpdate Modification of an existing objectWill create if it does not existDelete
  • 23. Preference Common SettingsCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 24. Preference WARNINGSThese are like defaults NOT Policies….These can tattoo the machineNewer policies do not tattoo. That was a benefit of getting away from some of the old school NT type policiesRegistry changes made via Preferences can leave a tattoo after removal of policy UNLESS you counter/remove the VM from having the policy apply.Other changes (Directories, User/group modifications or additions) also stickPreferences are basically like your image “HACK” but with management….
  • 25. So let’s look at how you can do this in a PolicyCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 26. Windows 7 Services ExamplesDesktop Window Manager Session managerDisk DefragmenterDiagnostic Policy ServicesIP helper (if no IPv6)Security CenterSuperfetchThemes Service (classic interface)Windows DefenderWindows SearchWindows Updatehttp://www.vmware.com/files/pdf/VMware-View-OptimizationGuideWindows7-EN.pdf
  • 27. DemoCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 28. Windows Settings ExamplesRecycle Bin – Do not move files to recycle bin Screen saver (XP disable .default screen saver, Win7 Blank)Disable System RestoreUAC settingsWindows Update disabledTune the file system (last access time stamp, 8.3 file names, etc)Remove Tablet PC components (or disable services)Project VRC Phase III – www.projectvrc.nlCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 29. DemoCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 30. User Tuning?Focus on HKCUIE and other application settingsGraphics/video settingsCustomer templates are out there and checkout PolicyPak.com Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 31. DemoCopyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 32. Finding the Registry EntryGOOGLE http://lmgtfy.com/RegSnap/Registry Monitoring ToolsGood old fashion digging and guessing!My Favorite:SysTracerhttp://www.blueproject.ro/systracer
  • 33. You didn’t convince me Ron!Windows Enablerhttp://www.bluemoonpcrepair.com/wp/?p=39http://www.wincert.net/tips/microsoft-windows/windows-7/2109-how-to-copy-a-user-profile-on-windows-7.htmlPierre’s VUEM - VirtuAllUser Environment Managerhttp://www.virtualdesktops.info/Products.aspxLogin scripts, User configs, Printer configs, registry values, Port mapping, and File and folder operations.Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
  • 34. Where to start?GPAnswers.com http://www.gpanswers.com/resources/gp-tips-and-tricks.htmlPolicyPak.com http://policypak.com/Off 2007 Policy Templateshttp://www.microsoft.com/downloads/en/details.aspx?FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7&displaylang=enOff 2010 Policy Templateshttp://www.microsoft.com/downloads/en/details.aspx?FamilyID=64B837B6-0AA0-4C07-BC34-BEC3990A7956&displaylang=enUsing GPOs to Customize XenApphttp://support.citrix.com/proddocs/index.jsp?topic=/online-plugin-110-windows/ica-import-icaclient-template-v2.htmlIE 9 Preferences not working?http://blogs.technet.com/b/asiasupp/archive/2011/03/30/internet-explorer-9-ie9-group-policy-preferences-gpp.aspxXenApp Blog’s XenApp and XenDesktop Policieshttp://www.xenappblog.com/downloads/
  • 35. ADM/Xs and Policy references? Microsoft ADM to AMDX migrator?http://www.microsoft.com/downloads/en/details.aspx?FamilyID=0F1EEC3D-10C4-4B5F-9625-97C2F731090CGroup Policy Settings References from MS?http://www.microsoft.com/downloads/en/details.aspx?FamilyID=18c90c80-8b0a-4906-a4f5-ff24cc2030fbGroup Policy ADMX Syntax Guide:http://technet.microsoft.com/en-us/library/cc753471(WS.10).aspxGroup Policy Survival Guidehttp://technet.microsoft.com/en-us/library/cc754151(WS.10).aspxManaging with ADMX fileshttp://technet.microsoft.com/en-us/library/cc709647(WS.10).aspx