Embed Size (px)
Citation preview
Mark and Aaron’s $.02
Group Policy for Laptops and Printers
Policy Processing• Order of Operations•Computer Policies• Things that apply to the hardware or all
users• Firewall Settings• Disable CTRL-ALT-Del at login
•User Policies• Things that follow the user• Profile Settings• Drive Mappings
So here is the issue, you want to redirect the user Desktop and My Docs (Libraries) to the server so it will travel
with the user and also be backed up.
• Solutions•Folder Synchronization•Redirected Folders
Folder Synchronization• The users folders are cached in a hidden spot so
they are available when they leave the network. Any changes are synched back up upon their return to the Domain
Problem, each user that logs in on a shared device leaves a cache of their entire home drive behind – Quickly filling the hard drive.
Redirected Folders• Folders such as home drives etc. are relocated to
a server location thus safe and available on any domain connected computer! Yahoo!
• Problem – Laptops!!! Once they leave the network documents and desktop files cease to exist.
Solution – Loopback Policy
• Loopbacks are the exception to the rule processing order• Computer Policy• User Policy• Loopback policy against
subgroup.• In this case we will undo
something we did!
So in our case….
• Define the subgroup•We placed all laptops in a separate OU
• Target the Loopback policy at the subgroup•Default Computer Policy runs – Fixes Stuff•Default user policy sets to Profile locations•Loopback policy unsets the Profiles, but only if it is a laptop.
Process
• Create a Policy Called Laptop Loopback•Define the following:•Computer Config/Policies/Admin Templates/System/Group Policy: User Group Policy Loopback Mode: Enabled•Next undo the folder redirections you set in the User Policy•Associate the policy with the laptop group!
Pushing Printers
Pushing Printers
• We define printers by computer location and also who you are.
• Simplifies driver updates• Controls access to copiers and color
printers etc.• Simplifies the imaging process
Steps
• You can do this in 4 easy steps•Create the printers and drivers•Define printer install groups that match computer locations•Define printer user access security.•Create the Push Printer policy
Create the printers on the server and load the appropriate drivers
• 32 bit drivers are not on Server 2008R2, you will need to push them up if you need them.
• If you log into the workstation machine with an account that has admin privileges for both workstation and print server, you can get into the 'view remote printers' section (used to be called 'printers and faxes'). From here you can pull up properties and install the 'additional drivers’.
• If the workstation doesn't currently have drivers for this printer, or you can't get to the additional drivers section, first install the printer by IP (temporarily) so you have all the proper driver files.
Where to install printers
• Divide your work areas up by printer locations.•Main Building Copiers (Available on all Machines)• Departmental Printers (Create a Math Wing Printer Group)• Don’t worry, a computer can belong to multiple groups (Main Office Copiers plus departmental)• Include all printers a staff member may need even in Labs, we will sort the kids off the color printers later!
Who gets what!
• Set the security for the printers to users or groups of users that should have access to them.•These can be existing groups
• If a user does not have access to the printer it will not install. AWESOME!
Create the Push Policy
• This is where it gets strange•Even though it is hardware and set by computer you push to printer to a user.•Makes sense if you consider that printers are user profile specific
New Policy – Push Printers• User Config/Prefs/Control Panel/Printers
Here are the details
• Action – Create• Set Printer Path• Decide if it should be
a default
Step 2
• Must Click “Run in Logged-on users security context
• Also must select Item-Level Targeting
Final Step• Remember that set of computer groups we
created, here is where you use them.
Simple!
• Any Questions - Aaron will be available for a small fee after todays session!!!
