This weeks (and first for the year) Group Policy Setting of the Week is a Group Policy setting that configures Group Policy. The â€œGroup Policy refresh interval for computersâ€ can be found under Computer Configuration > Policies > Administrative Templates > System > Group Policy and is used to control how often the background computer refresh interval of a performed.
By default the refresh will happen every 90 minutes however it has a 30 minute random offset so it could potentially take between 1 to 2 hours for a policy refresh to occur. Keep in mind however that if configured the policy refresh to a shorter interval it will potentially not take affect to all your computers until the longest refresh interval of the last refresh interval setting. Normally this setting it set to a short interval before a major change to group policy setting is made to an SOE so that any rollback of the change can be implemented faster (example see How to use Group Policy Preferences to set change Passwords).
Today on Group Policy Setting of the Week we are going to be taking a look at â€œExclude directories in roaming profileâ€ which can be found in the deepest darkest regions of User Configuration > Policies > Administrative Templates > System > User Profiles. This setting is useful in organisations that have Roaming Profiles configured but want to make sure that the roaming profile size does not blow out thus slow doing the users logon and log off or the computer. This option can be used to exclude specific folders of poorly written application from the roaming profile if they write large amounts of data (e.g. caches) to incorrect locations.
A classic example of this was when Google Earth was first released it saved cache files to the users roaming profile folder which meant their profile size quickly swelled to over 1gb. User then quickly started to complain that it took a a long time to logon and logoff their computer (go figure). Enabling this option allowed the specific cached folders to be excluded from their roaming profile and therefore a much smaller roaming profile was copied to and from the server making their loginâ€™s and logoffs much quicker. The side affect of this is that the setting saved to the folders you exclude will no longer roam with the user when they logon a new computer.
Very handy if you want to keep roaming profiles to a small size which in turn will speed up the users logon and logoff processes.
This setting will work with Windows 2000 or greater and multiple paths can be appended with a ; as a delimiter between the entries.
This weeks simple Group Policy Setting of the Week (GPSW) is called â€œAdd Logoff to the Start Menuâ€ which can be found under User Configuration > Policies > Administrative Templates > Start Menu and Taskbar. This option adds the â€œLog Off
Now hopefully your normal users donâ€™t have admin access to your Terminal Servers however if you are a Server Administrator then you could have admin access and as such having the shutdown button on a desktop that looks a LOT like you local computer could be very dangerous. So this is one of the few group policy settings that should be configured to loopback that should be applied to the server administrator via a Loopback merge setting (we will talk about Loopback setting another day).
But how do I shutdown the server then I hear you ask? No prob you can either run the â€œshutdown.exeâ€ command line (tshutdn.exe on Windows 2003) or by CTRL-ALT-END and then shutdown from the secure desktop.
This week I have selected the â€œShared Printerâ€ Group Policy Preference as my Group Policy Setting of the Week (GPSW). This is arguably one of the most wanted group policy settings by Group Policy adminâ€™s that was missing before group policy preferences. It was possible previous to preferences to map printers natively in group policy using the pushprinterconnections.exe option but like the Star Trek Deep Space Nine episode â€œTrials and Tribble-ationsâ€ we defiantly â€œdo not discuss it with outsidersâ€ as this is just a setting we would rather forget.
The â€œShared Printerâ€ options can be found under by right clicking on â€œUser Configuration > Preferences > Control Panel Settings > Printersâ€. As with most group policy preference settings you also have the option to CRUD (see Group Policy Preferences Colorful and Mysteriously Powerful Just Like Windows 7) which means you can also use this option to remove any printer mapping that people have to printer queues that no longer exist.
Now it has always been fairly straight forward to map printers via logon script either via batch, vbscript or even kix scrtip however the real power of this setting is that it can now take advantage of the really powerful targeting options. More commonly you can map a printer via a single security group or IP range but you can really start to do some really advance targeting when you start to combine multiple targeting setting using Boolean logic. If you want to see some more advanced targeting options for printer mappings then check out my â€œHow to use Group Policy Preference to dynamically map printers when using Roaming Profilesâ€ article.
As you can see above you can also use this option to set the default printer for your users which can be very handy if people have a habit of always printing to the really expensive A3 colour printer on your floor when you are trying to reduce cost. Just use the default printer option wisely however as you could end up annoying your manager who likes to printer to their locally attached printer.
I have selected for this weeks Group Policy Setting of the Week (GPSW) the group policy preferences that is used to configure Power Plans. While configuring power plans for your environment may be nothing new if you have deployed third party tools, you can now avoid the added expense and complexity of doing this as this functionality is now provided out of the box.
This option can be found under User Configuration > Preferences > Control Panel Settings > Power Options and is used to control the individual power plan for your computers. Strangely I have found that this option only works under the User Configuration setting which I presume is the case because it is normally a user configured setting even though the option is under the computer configuration section as well. This power plan option also work with Windows XP however you do need to explicitly select the correct OS power plan as the XP plan will not work on Vista+ and vice versa.
Windows Vista and later Power Plan
Windows XP Power Plan
As you can see this can be used to configured almost all the power plan setting that your version of windows has to offer. One notable omission is the CPU System Cooling Policy setting that was introduced with Windows 7 which is not available to be configured in the Vista (or later) power plan.
Left (Windows 7 System cooling policy) Right (Windows Vista and Later plan without the System cool policy option)
If you are interested in more advanced targeting option with Group Policy Preferences and want to learn how to apply different power plans to computers based on the time of the day check out my previous blog article at http://abskb.spaces.live.com/blog/cns!8834054641A09100!1133.entry
If you have not already got Group Policy Preferences deployed in your organisation then this is definitely the excuse you need to get it deployed. Go to any manager today and say you can start reducing the power consumption of you computer fleet using software they are already licensed and almost always the reaction will be to have it done yesterday.
This setting will work on Windows XP or greater if you have the Group Policy Client side extensions installed.
You need to be running the Group Policy Management consol on Windows Vista (Windows 7 recommended) to manage these settings
This weeks Group Policy Setting of the Week (GPSW) can be found under Computer > Policies > Administrative Templates > System and is called â€œVerbose vs normal status messageâ€. It is a really simple setting that doesn’t actually do much but I dub this setting the â€œMake my computer start fasterâ€ setting which give users the illusion that their computer are working faster.
So what does it do and how does it make my Computer start faster? This setting displays a number of extra status messages during the start up and shutdown of the computer and when the user is logging on and off.
Some of the verbose status messages you will see are (but not limited to):
Playing Logon Sound
Applying Power Settings
You will still see your Applying Computer settings and Preparing Desktop messages however these will be shown for a lot shorter time.
Unfortunately it will not actually make your computer start any quicker but I have generally found that by enabling this option users seem to perceive that their computers are starting up quicker. Why? Well I think its because the extra status messages are holding their attention for a few seconds each time a new one is displayed something like the opposite of watching grass grow or a watched pot that never boilsâ€¦ In any case this is still a handy setting to enable as at the very least will help your IT support troubleshoot logon performance issues.
This setting will work on Windows 2000 and above and it will also show the processing of newer Group Policy Preferences.
(This will hopefully be the first of many Group Policy Setting of the Week (or GPSW) articles where I will showcase one policy setting and what it does.)
I just read about this cool new policy setting on the â€œAsk the Performance Teamâ€ blog that will help address the issues of computers hard drives filling up over time with multiple user profiles. Previously you either had the option to purge the local users profile on log off or keep a cached copy of the profile forever. Either users would have to download their profile every time they logon to the computer which could greatly slow down the logon process or their cached profiles was never deleted which resulted in the system drive running out of space. This new setting â€œDelete user profiles older than a specified number of days on system restartâ€ allows you to set a timer on the local cached profiles so that they will be purged X number of days after being used. This means users who commonly logon to a particular computer will still have their profile cached but users that logon seldomly will have their files cleaned up thus saving precious disk space.
This might sound like a great setting to implement on a Terminal Server however note the clean up wont happen until the server is rebooted. This restriction should not be so bad as Terminal Servers are probably rebooted at least once a month any way for patching (you do patch your terminal servers donâ€™t you?).
This setting can be found under Computer Configuration \ Policies \ Administrative Templates \ System \ User Profiles