Group Policy Scritps
This is a discussion about Group Policy Scritps in the Windows Software category; I need help with this situation: We are loading well over 200 Dell Machines with WindowsXP Pro and have to make changes to group policies. The issue we are having is we want to streamline it so everyone gets the same settings and we don't lockout Joe User from anything.
                                        
          I need help with this situation:
 
We are loading well over 200 Dell Machines with WindowsXP Pro and have to make changes to group policies.
 
The issue we are having is we want to streamline it so everyone gets the same settings and we don't lockout Joe User from anything. Does Anyone know how to script changes to GP?
 
I'd really appreciate the help.
 
THanks
                                    
                                We are loading well over 200 Dell Machines with WindowsXP Pro and have to make changes to group policies.
The issue we are having is we want to streamline it so everyone gets the same settings and we don't lockout Joe User from anything. Does Anyone know how to script changes to GP?
I'd really appreciate the help.
THanks
Participate in our website and join the conversation
                         This subject has been archived. New comments and votes cannot be submitted.
                    
                    
                    Apr 2
Apr 2
0
4 minutes
Responses to this topic
                                                    If all machines are identical and all people need the same setup then here is what I would do:
 
1. Setup one machine with all updates, programs, and one admin user
2. use sysprep program to setup the machine for ghosting. Here is a URL on how to do this http://www.microsoft.com/windowsxp/pro/using/itpro/deploying/duplication.asp
3. ghost the machine with multicast to a server
4. setup a multicast session to ghost all 200 machines at once
                                                
                                            1. Setup one machine with all updates, programs, and one admin user
2. use sysprep program to setup the machine for ghosting. Here is a URL on how to do this http://www.microsoft.com/windowsxp/pro/using/itpro/deploying/duplication.asp
3. ghost the machine with multicast to a server
4. setup a multicast session to ghost all 200 machines at once
                                                    Silver Dagger has the correct concept, though ease of administration dictates a centralized repository of manageable rules.
 
Therefore, are you using a windows 2000 or 2003 domain to establish a single security context? If you are, you can establish GPOs at the domain, site, and/or OU level which will affect all 200 machines. And through that, a single change on a GPO will be propagated to all those machines without having to visit each one to make that change.
 
For deployment, if you dont have Ghost or any other duplication software, you can always use RIS.
 
Anymore specific questions?
                                                
                                            Therefore, are you using a windows 2000 or 2003 domain to establish a single security context? If you are, you can establish GPOs at the domain, site, and/or OU level which will affect all 200 machines. And through that, a single change on a GPO will be propagated to all those machines without having to visit each one to make that change.
For deployment, if you dont have Ghost or any other duplication software, you can always use RIS.
Anymore specific questions?

OP
                                                    These machines are already loaded with Winodws XP.
 
We have to make the changes to the local machines, so using AD doesn't apply ( i already asked them to do this)
                                                
                                            We have to make the changes to the local machines, so using AD doesn't apply ( i already asked them to do this)
                                                    What are you looking to control? As DS3 mentions, policy management is something that AD was bred for and it works wonderfully (especially with XP Pro as it has many more options for management than Win2K does out of the box). When you mean that you are looking to not lockout someone, what are you afraid of locking/unlocking? I think we are just missing what you need out of this.
                                                
                                            
OP
                                                    We have 250 Dell boxes preloaded with Winodws XP.
 
We have to make sure that each machine has certain local Policies set such as:
Screen Saver Timeout
Interactive login don't show last username
ETC.
 
All we have control over is the clients themselves. THe servers are in San Fransico, so we cannot change anything on that end.
 
I need to be able to set policies on each machine exactly the same as all the others.
 
As of right now we are manually editing the GP, and considering there are about 7 or 8 different policies we set, there is room for error (what i meant by locking someone out) and it is time consuming.
 
I just need to be able to:
Import those GP settings to each machine to make sure we get them right and also to save time
 
I hope I explained better this time
 
Thanks
                                                
                                            We have to make sure that each machine has certain local Policies set such as:
Screen Saver Timeout
Interactive login don't show last username
ETC.
All we have control over is the clients themselves. THe servers are in San Fransico, so we cannot change anything on that end.
I need to be able to set policies on each machine exactly the same as all the others.
As of right now we are manually editing the GP, and considering there are about 7 or 8 different policies we set, there is room for error (what i meant by locking someone out) and it is time consuming.
I just need to be able to:
Import those GP settings to each machine to make sure we get them right and also to save time
I hope I explained better this time
Thanks
                                                    And they will not let you TS in to the server, or let you export the template so they can import it? Basically, the system isn't friendly to your scenario at all. I did something like that once, where I setup one policy that set a path to pick up future policies (back with NT4) and it was spotty at best.
                                                
                                            
                                                    Quote:and it was spotty at best
Agreed.
Are these machines going to be placed in a domain? Or are they all just standalone / kiosk PCs? This sounds more "politcal" than truly anything else. If these machines are being placed in a domain, then any settings you apply, by default, will be overwritten by global group policies.
                                            Agreed.
Are these machines going to be placed in a domain? Or are they all just standalone / kiosk PCs? This sounds more "politcal" than truly anything else. If these machines are being placed in a domain, then any settings you apply, by default, will be overwritten by global group policies.

OP
                                                    These are all on the domain, but we are just contracted to setup the workstations.
 
AFAIK they are not implementing these policies on the domain. but per workstation
                                                
                                            AFAIK they are not implementing these policies on the domain. but per workstation
 
                                
                                
 
                                 
                                 
                                