Group Policy Central

This weeks setting is a native policy for Windows Vista (or greater) called “Assign a default domain for logon”. As the name suggest it configured the default domain name when a user logs on to the computer. This is very handy in a multi domain environment or if you want to make sure that your newly built computer default to the correct domain when the users logon for the first time. This setting can be found under Computer Configuration > Administrative Templates > System > Logon and it requires requires at least Windows Vista.

How to set Default Logon Domain Name for Windows XP via Group Policy

Its nice that this is now a native policy as you use to have to set the registry manually for you to set this option in Windows XP but I often find that this method is very often hit an miss. If you do want to try configuring this for Windows XP you could set it via Group Policy Preferences then here are the key you would set

Key: HKLM\software\microsoft\windows nt\currentversion\winlogon\
Value: altdefaultdomainname (REG_SZ)
Data: DOMAINNAME

and

Key: HKLM\software\microsoft\windows nt\currentversion\winlogon\
Value: defaultdomainname (REG_SZ)
Data: DOMAINNAME

This weeks Group Policy setting should be used in environments where you still use a logon script. While I implore you stop using logon scripts (see http://www.ihatelogonscripts.com ) they are still out there for a majority of customers and as such still need to be properly managed. This setting is called “Maximum wait time for Group Policy scripts” but it can also be referred to as a “dead man’s switch” which will kill any logons script from running if it ever locks up <sarcasm> which of course NEVER happens </sarcasm> . This setting can be  found under Computer Configuration > Policies > Administrative Templates > System >Scripts.

The default value for this option is 600 seconds (10 minutes) but I recommend that you do configured this to something more reasonable between 60 seconds (1 minute) to 180 seconds (3 minutes) depending on your environment.

For more information on this option check out http://technet.microsoft.com/en-us/library/cc780635(WS.10).aspx

In this weeks setting I look at a new Windows 7 setting that reverts the sort order of folders back to the old way it would sort files and folder the same as Windows 2000 (and earlier). This policy setting is called “Turn off numerical sorting in Windows Explorer and can be found under User Configuration > Policies > Administrative Templates > Windows Components > Windows Explorer.

As you can see from the “Numerical Sorting” example below the folder list will sort based on the numerical value of the folder name. This means that a single digit number will be ordered higher than a two or more digit number when sorting alphabetically.

Numerical Sorting (Setting Disabled or Not Configured)

If you take a look at the Literal Sorting example you can see that the number “10” is in position 2 because the sorting is treating the number as a literal text. You can get around this sorting problem by padding with zero’s however you need to add enough zero’s to match the same number of digits as the largest number.

Literal Sorting (Setting Enabled)	Literal Sorting with padded Zero’s (Setting Enable)

While it is unlikely that you will need to turn this on for all users in your organisation it is possible that you have some folder on your file server that have been created in such a ways that the new view method would cause a problem. Obviously in this case you would need to consider carefully if you just need to turn this on for selected users.

(Wow… I have been doing this for 6 months now… how time flies… )

This weeks setting of the week is another old one however it is very important for any environment that is still running Windows XP SOE. The “Do not allow Windows Messenger to be run” will prevent any user from running Windows Messenger that comes out of the box with Windows XP. Now Windows Messenger 4.6 that comes with Windows XP is no longer supported but disabling the program should help avoid any confusion for user that also have Windows Live Messenger installed.

This is a user setting that can be found under User Configuration > Policies > Administrative Templates > Windows Components > Windows Messenger and while it does say it applied to Windows XP this in reality is only a Windows XP setting as there is no Windows Messenger in Windows Vista or above.

While most organisation already have this program removed from the SOE (see image below) this is a good safety net setting for anyone who has joined their non-SOE version of messenger to the domain.

Now to be clear this will only prevent the user running Windows Messenger and not the live of Windows Live Messenger or other third-party messenger programs.

This setting will not remove messenger from the computer but when the users clicks on the Windows Messenger link.

,

This weeks setting is called “Do not automatically make redirected folders available offline and can be found under User Configuration > Policies > Administrative Templates > System > Folder Redirections and will work with Windows XP or later. As the name suggest this prevents any users redirected folder from being made available for offline use which is enabled by default.

This setting is particularly useful to configure on computers that are as used by multiple users as it eliminates the build up of multiple offline file caches on the hard drive. This is particularly important on Windows XP as all offline files try to synchronise even if the user does not have access to the files which causes file sync errors. The option also improves logon performance as it does not attempt a full offline sync of the cache when the user log’s on for the first time.