Group Policy Central

Today on Group Policy Setting of the Week we are going to be taking a look at “Exclude directories in roaming profile” which can be found in the deepest darkest regions of User Configuration > Policies > Administrative Templates > System > User Profiles. This setting is useful in organisations that have Roaming Profiles configured but want to make sure that the roaming profile size does not blow out thus slow doing the users logon and log off or the computer. This option can be used to exclude specific folders of poorly written application from the roaming profile if they write large amounts of data (e.g. caches) to incorrect locations.

A classic example of this was when Google Earth was first released it saved cache files to the users roaming profile folder which meant their profile size quickly swelled to over 1gb. User then quickly started to complain that it took a a long time to logon and logoff their computer (go figure). Enabling this option allowed the specific cached folders to be excluded from their roaming profile and therefore a much smaller roaming profile was copied to and from the server making their login’s and logoffs much quicker. The side affect of this is that the setting saved to the folders you exclude will no longer roam with the user when they logon a new computer.

Very handy if you want to keep roaming profiles to a small size which in turn will speed up the users logon and logoff processes.

This setting will work with Windows 2000 or greater and multiple paths can be appended with a ; as a delimiter between the entries.

This weeks simple Group Policy Setting of the Week (GPSW) is called “Add Logoff to the Start Menu” which can be found under User Configuration > Policies > Administrative Templates > Start Menu and Taskbar. This option adds the “Log Off <username>” to the users start menu and is normally configured to be enabled on Terminal Servers where you don’t want them accidently shutdown the server.

Now hopefully your normal users don’t have admin access to your Terminal Servers however if you are a Server Administrator then you could have admin access and as such having the shutdown button on a desktop that looks a LOT like you local computer could be very dangerous. So this is one of the few group policy settings that should be configured to loopback that should be applied to the server administrator via a Loopback merge setting (we will talk about Loopback setting another day).

But how do I shutdown the server then I hear you ask? No prob you can either run the “shutdown.exe” command line (tshutdn.exe on Windows 2003) or by CTRL-ALT-END and then shutdown from the secure desktop.

This week I have selected the “Shared Printer” Group Policy Preference as my Group Policy Setting of the Week (GPSW). This is arguably one of the most wanted group policy settings by Group Policy admin’s that was missing before group policy preferences. It was possible previous to preferences to map printers natively in group policy using the pushprinterconnections.exe option but like the Star Trek Deep Space Nine episode “Trials and Tribble-ations” we defiantly “do not discuss it with outsiders” as this is just a setting we would rather forget.

The “Shared Printer” options can be found under by right clicking on “User Configuration > Preferences > Control Panel Settings > Printers”. As with most group policy preference settings you also have the option to CRUD (see Group Policy Preferences Colorful and Mysteriously Powerful Just Like Windows 7) which means you can also use this option to remove any printer mapping that people have to printer queues that no longer exist.

Now it has always been fairly straight forward to map printers via logon script either via batch, vbscript or even kix scrtip however the real power of this setting is that it can now take advantage of the really powerful targeting options. More commonly you can map a printer via a single security group or IP range but you can really start to do some really advance targeting when you start to combine multiple targeting setting using Boolean logic. If you want to see some more advanced targeting options for printer mappings then check out my “How to use Group Policy Preference to dynamically map printers when using Roaming Profiles” article.

As you can see above you can also use this option to set the default printer for your users which can be very handy if people have a habit of always printing to the really expensive A3 colour printer on your floor when you are trying to reduce cost. Just use the default printer option wisely however as you could end up annoying your manager who likes to printer to their locally attached printer.

Enjoy!