Author: admin
Configure Group Policy slow link detection
This policy setting defines a slow connection for purposes of applying and updating Group Policy. If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting the system considers the connection to be slow. The system’s response to a slow policy connection varies among policies. The program implementing the policy can specify the response to a slow link. Also the policy processing settings in this folder lets you override the programs’ specified responses to slow links. If you enable this setting you can in the “Connection speed” box type a decimal number between 0 and 4294967200 indicating a transfer rate in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0 all connections are considered to be fast. If you disable this setting or do not configure it the system uses the default value of 500 kilobits per second. This setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder. Also see the “Do not detect slow network connections” and related policies in Computer Configuration -> Administrative Templates -> System -> User Profile. Note: If the profile server has IP connectivity the connection speed setting is used. If the profile server does not have IP connectivity the SMB timing is used.
Configure Group Policy domain controller selection
This policy setting determines which domain controller the Group Policy Object Editor snap-in uses. If you enable this setting you can which domain controller is used according to these options:”Use the Primary Domain Controller” indicates that the Group Policy Object Editor snap-in reads and writes changes to the domain controller designated as the PDC Operations Master for the domain. “Inherit from Active Directory Snap-ins” indicates that the Group Policy Object Editor snap-in reads and writes changes to the domain controller that Active Directory Users and Computers or Active Directory Sites and Services snap-ins use. “Use any available domain controller” indicates that the Group Policy Object Editor snap-in can read and write changes to any available domain controller. If you disable this setting or do not configure it the Group Policy Object Editor snap-in uses the domain controller designated as the PDC Operations Master for the domain. Note: To change the PDC Operations Master for a domain in Active Directory Users and Computers right-click a domain and then click “Operations Masters. “
Enforce Show Policies Only
This policy setting prevents administrators from viewing or using Group Policy preferences. A Group Policy administration (. adm) file can contain both true settings and preferences. True settings which are fully supported by Group Policy must use registry entries in the Software -> Policies or Software -> Microsoft -> Windows -> CurrentVersion -> Policies registry subkeys. Preferences which are not fully supported use registry entries in other subkeys. If you enable this policy setting the “Show Policies Only” command is turned on and administrators cannot turn it off. As a result Group Policy Object Editor displays only true settings; preferences do not appear. If you disable or do not configure this policy setting the “Show Policies Only” command is turned on by default but administrators can view preferences by turning off the “Show Policies Only” command. Note: To find the “Show Policies Only” command in Group Policy Object Editor click the Administrative Templates folder (either one) right-click the same folder and then point to “View. “In Group Policy Object Editor preferences have a red icon to distinguish them from true settings which have a blue icon.
Remove users’ ability to invoke machine policy refresh
This policy setting allows you to control a user’s ability to invoke a computer policy refresh. If you enable this policy setting users are not able to invoke a refresh of computer policy. Computer policy will still be applied at startup or when an official policy refresh occurs. If you disable or do not configure this policy setting the default behavior applies. By default computer policy is applied when the computer starts up. It also applies at a specified refresh interval or when manually invoked by the user. Note: This policy setting applies only to non-administrators. Administrators can still invoke a refresh of computer policy at any time no matter how this policy setting is configured. Also see the “Set Group Policy refresh interval for computers” policy setting to change the policy refresh interval. Note: If you make changes to this policy setting you must restart your computer for it to take effect.
Turn off background refresh of Group Policy
This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers users and domain controllers. If you enable this policy setting the system waits until the current user logs off the system before updating the computer and user settings. If you disable or do not configure this policy setting updates can be applied while users are working. The frequency of updates is determined by the “Set Group Policy refresh interval for computers” and “Set Group Policy refresh interval for users” policy settings. Note: If you make changes to this policy setting you must restart your computer for it to take effect.
Turn off automatic update of ADM files
Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy Object Editor. Administrators might want to use this if they are concerned about the amount of space used on the system volume of a DC. By default when you start the Group Policy Object Editor a timestamp comparison is performed on the source files in the local %SYSTEMROOT% -> inf directory and the source files stored in the GPO. If the local files are newer they are copied into the GPO. Changing the status of this setting to Enabled will keep any source files from copying to the GPO. Changing the status of this setting to Disabled will enforce the default behavior. Files will always be copied to the GPO if they have a later timestamp. NOTE: If the Computer Configuration policy setting “Always use local ADM files for the Group Policy Object Editor” is enabled the state of this setting is ignored and always treated as Enabled.
Determine if interactive users can generate Resultant Set of Policy data
This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data. By default interactively logged on users can view their own Resultant Set of Policy (RSoP) data. If you enable this policy setting interactive users cannot generate RSoP data. If you disable or do not configure this policy setting interactive users can generate RSoP. Note: This policy setting does not affect administrators. If you enable or disable this policy setting by default administrators can view RSoP data. Note: To view RSoP data on a client computer use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP. mscNote: This policy setting exists as both a User Configuration and Computer Configuration setting. Also see the “Turn off Resultant set of Policy logging” policy setting in Computer Configuration -> Administrative Templates -> System -> GroupPolicy.
Determine if interactive users can generate Resultant Set of Policy data
This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data. By default interactively logged on users can view their own Resultant Set of Policy (RSoP) data. If you enable this policy setting interactive users cannot generate RSoP data. If you disable or do not configure this policy setting interactive users can generate RSoP. Note: This policy setting does not affect administrators. If you enable or disable this policy setting by default administrators can view RSoP data. Note: To view RSoP data on a client computer use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP. mscNote: This policy setting exists as both a User Configuration and Computer Configuration setting. Also see the “Turn off Resultant set of Policy logging” policy setting in Computer Configuration -> Administrative Templates -> System -> GroupPolicy.
Configure wired policy processing
This policy setting determines when policies that assign wired network settings are updated. This policy setting affects all policies that use the wired network component of Group Policy such as those in Windows Settings -> Wired Network Policies. It overrides customized settings that the program implementing the wired network set when it was installed. If you enable this policy you can use the check boxes provided to change the options. If you disable this setting or do not configure it it has no effect on the system. The “Allow processing across a slow network connection” option updates the policies even when the update is being transmitted across a slow network connection such as a telephone line. Updates across slow connections can cause significant delays. The “Do not apply during periodic background processing” option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled policy changes will not take effect until the next user logon or system restart. The “Process even if the Group Policy objects have not changed” option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However you might want to update unchanged policies such as reapplying a desired setting in case a user has changed it.
Configure wireless policy processing
This policy setting determines when policies that assign wireless network settings are updated. This policy setting affects all policies that use the wireless network component of Group Policy such as those in WindowsSettings -> Wireless Network Policies. It overrides customized settings that the program implementing the wireless network set when it was installed. If you enable this policy you can use the check boxes provided to change the options. If you disable this setting or do not configure it it has no effect on the system. The “Allow processing across a slow network connection” option updates the policies even when the update is being transmitted across a slow network connection such as a telephone line. Updates across slow connections can cause significant delays. The “Do not apply during periodic background processing” option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled policy changes will not take effect until the next user logon or system restart. The “Process even if the Group Policy objects have not changed” option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However you might want to update unchanged policies such as reapplying a desired setting in case a user has changed it.