Setting Policies for All Users

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

In the chapter example, all users have redirected folders and offline files, and they all need access to Microsoft Office applications. Windows Update on the client computers must be configured for SUS. As an administrator, you also want to limit the amount of shared disk space that any one user can absorb. Use the following sets of procedures while logged on to DC01 to set up this part of your managed environment.

To create a GPO for all users

  1. If GPMC is not already running on DC01, click Start, point to Programs, point to Administrative Tools, and click Group Policy Management.

  2. In GPMC, expand adatum.com.

  3. Expand Group Policy Objects. Right-click Group Policy Objects, and click New. When prompted for the New GPO name, type All Users, and click OK.

To set up folder redirection

  1. Right-click the All Users GPO, and click Edit.

  2. Expand User Configuration, expand Windows Settings, click and expand Folder Redirection. Icons for the personal folders that can be redirected are displayed.

  3. Right-click My Documents for redirection. (Note that when you redirect My Documents, all of its subfolders [My Music, My Pictures, and so forth] are automatically redirected as well; this is preferred.)

  4. Click Properties, and in Settings, select Basic - Redirect everyone’s folders to the same location.

  5. Accept the default Target folder location of Create a folder for each user under the root path. Under the Root Path text box, type \\dc01\redir$. Click OK.

    This creates a unique folder for each user under D:\Redir on DC01.

To configure offline files

  1. Under User Configuration in the left pane, expand Administrative Templates, expand Network, and click Offline Files.

  2. In the right pane, double-click Do not automatically make redirected folders available offline. Click Disabled and click OK. This setting ensures that redirected folders are always available when the user is offline.

  3. In the right pane, double-click Prohibit user configuration of Offline Files. Click Enabled, and click OK.

    This setting prevents users from disabling the offline file cache for My Documents, as well as preventing them from creating additional file caches. The use of this setting is discretionary.

  4. In the right pane, double-click Non-default server disconnect actions. Click Enabled, and click Show.

  5. In the Show Contents window, click Add, and type DC01 as the name of the item to be added. Type 0 (zero) for the value, and click OK three times.

To configure Automatic Updates (Windows Update) for SUS

  1. Expand Computer Configuration, expand Administrative Templates, expand Windows Components, and click Windows Update.

  2. In the right pane, double-click Configure Automatic Updates, and click Enabled.

  3. Select the following options, and click OK:

    • On the Configure automatic updating dropdown menu, select 4 - Automatically download and schedule the installation. This choice is appropriate because no users are logging onto their computers as local administrators.

    • On the Scheduled install day dropdown menu, select every Monday.

    • On the Scheduled install time dropdown menu, select 21:00. Click OK.

    When this time and date arrive, updates will be downloaded and installed to the target computers.

  4. In the right pane, double-click Specify intranet Microsoft update service location. Click Enabled, and in the Set the intranet update service text box, type https://dc01/sus. Type the same value in the intranet statistics server text box, and click OK.

To assign Microsoft Office to all authenticated users

  1. Under User Configuration in the left pane, expand Software Settings.

  2. Right-click Software Installation, point to New, and click Package.

  3. In the File Open dialog box, type \\adatum.com\public\userapps\msoffice\, click the appropriate.msi file,and click Open. (The name of the .msi file is dependent on the version of Office that you are installing.)

    Note

    • It is important to use the UNC name of the share as described in step 3. If you navigate to the local location in lieu of entering the DFS Root share name and path, users will not be able to access the application.

  4. Select Assigned, and click OK.

  5. In the left pane, click Software Installation.

    In the right pane, Microsoft Office is displayed as an assigned deployment.

    Note

    • Make sure that you have the proper number of software licenses for the number of users who will use the application software.

To set disk quotas

You can use disk quotas to manage disk space usage on the servers containing users’ data. You can specify a disk quota limit and a disk quota warning level. For example, you can set a user’s disk quota limit to 200 megabytes (MB), and the disk quota warning level to 150 MB. In this case, the user can store no more than 200 MB of files on the volume. If the user stores more than 150 MB of files on the volume, a system event is logged.

For more information about disk quotas, see "Implementing User State Management" in this book.

  1. Expand Computer Configuration, expand Administrative Templates, and expand System. Click Disk Quotas.

  2. In the right pane, double-click Enable disk quotas. Click Enabled, and click OK.

  3. In the right pane, double-click Enforce disk quota limit. Click Enabled and click OK.

  4. In the right pane, double-click Default quota limit and warning level. Click Enabled. Set the default quota limit to 200 MB. Scroll down and set the Default warning level to 150 MB, and click OK.

  5. In the right pane, double-click Log event when quota limit exceeded. Click Enabled, and click OK.

  6. In the right pane, double-click Log event when quota warning level exceeded. Click Enabled, and click OK.

  7. In the right pane, double-click Apply policy to removable media. Click Disabled, and click OK.

  8. Close the GPO editor.

  9. If you want to view the settings that you just applied to this GPO, in GPMC, click the All Users GPO, click Settings, then click show all.

Warning

  • Be careful when setting disk quotas for users who have roaming profiles. If you set those users’ disk quotas too low, they can run out of profile space and be unable to log off. The 200 MB storage limit is an estimate of the amount of storage that the typical user needs. You should analyze your own user data patterns before setting this limit in your production environment.