User Configuration Group Policy

User Configuration applies to all users in the site, domain or Organizational Unit that the GPO applies to. User Configuration is applied at logon, whereas Computer Configuration is applied when the computer is started.

Use the buttons below to navigate through the lesson

Many of the policies in User Configuration are similar to those applied in the Computer Configuration. Where settings conflict, the Computer Configuration will be the effective policy. The group policy configuration utility is accessed via the Active Directory Users and Computers plug-in:

Commonly applied Group Policies will remove access to the Run box, Control Panel and
My Network Places.  My Documents folder for all users will be redirected to a server for ease of backup.

My Network Places. Control Panel. Click Start. Click Administrative Tools. Click Active Directory Users and Computers.

Right-click on the domain. Select Properties. Click Group Policy. Select the policy to be configured……and click Edit.

The Group Policy Configuration Utility appears. Double-click Windows Settings. Expand Folder Redirection. Folder Redirection, as the title suggests, redirects certain folders to a specified location (usually a network share). This proves to be useful when a large number of users save their work to the “My Documents” folder, since these files will still be stored centrally and can be backed up with minimal administrative effort.

To modify the destination, right click on the My Documents folder……and click Properties. Click on the drop down box to specify the type of redirection to be used.  Basic allows you to specify one location for all users. Select Basic. Enter the path for the new location of the folder. Click Settings. A user called Clair would have a Clair\My Documents directory at  \\\home\Clair\My Documents.  Home being a shared folder on the server. Grant the user exclusive rights to Application Data will set the permissions on the folder to only allow the user/group the policy is applied to. Even the administrator will not be able to access the folder! Move the contents of My Documents to the new location will move all the users files currently held in their My Documents folder to the new location when they next log on. This setting specifies the behaviour when the group policy no longer applies to the user (EG, if the policy is deleted). Either the files can remain in their new location, or they can be redirected back to the local profile location. Click OK to save your changes and dismiss the dialogue box.

Expand Administrative Templates. Next, click Start Menu and Taskbar. The Start Menu & Taskbar policies control almost every aspect of the start menu – everything from whether or not a user will see a “Shutdown” or “Logoff” link on the taskbar, to the availability of a “Run in separate memory space” checkbox in the run dialogue! Double-click Remove Run menu from Start Menu. Select Enabled. Click Explain. Click OK to enable. An explanation of the GPO is provided, this explain tab is common to most GPO settings. The policy is now enabled.

Click Desktop. The Desktop policies define things such as which icons, if any, appear on the desktop and whether or not settings should be saved when a user logs off. Double-click Hide My Network Places icon on desktop. Select Enabled. Click OK to enable the policy.  The policy is now enabled.

Expand Control Panel. The Control Panel policies control the availability of the Control Panel, and specify which applets the user can access. Double-click Prohibit access to the Control Panel. Select Enabled. Click OK to enable the policy. The policy is now enabled.

Close all open dialogue boxes to finish.