Common Windows Server Group Policies and Scripts

By Ian Matthews   December 11, 2008    Last Updated April 22, 2009

NOTE: The author will not accept responsibility for damages as a result of following the suggestions below.  They are provided “as is” and intended only as a rough guide.  You should always back up your servers System State prior to changing Group Policies.  USE AT “YOUR OWN RISK”.

There are many Active Directory Group Polices which you may want to use.  Below are some of the more common ones I use.

  • Master Policies
    • Default Domain Policies (security and password settings)
    • Allow Printer Driver Install on Windows Vista
      • Yes, Vista restricts users from installing Print Drivers even when you are on a domain
    • Allow Remote Desktop Connections (RDP)
    • Allow Remote Assistance (pay VERY close attention to the syntax)
    • Firewall Changes to Allow File & Print Sharing, RDP, and Remote Administration
    • Hide Security and Sharing Tabs
    • Hide RESTORE button
    • Enable Verbose Mode
  • WSUS Update
    • Only necessary if you have installed Windows Server Update Services
  • Terminal Server Lockdown
    • Only necessary if you have a Terminal Server to lock down

These policies need to be applied to the OU which contains the computer and/or users you want to effect.

Most of these policies work on Windows 2000 Server and newer but all of them function on Windows 2003 SP2 and Windows 2008 Server.

Other Handy Scripts that I commonly use are:

Questions or Comments?