Types of Group Policies.

jskfan
jskfan used Ask the Experts™
on
Types of Group Policies.

If I understand Group policies can apply at logon/logoff for users and startup/shutdown for computers, and there are other policies that  can be applied  outside the scope of logon/logoff for users and startup/shutdown  for computers , I want to know those types of  polices.

for instance:
I believe Scripts can only be applied in these situations : logon/logoff for users and startup/shutdown  for computers.
I wonder if Scripts can be run on a scheduled time, I mean without waiting for logon/logoff for users and startup/shutdown  for computers.


Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
IT Engineer
Distinguished Expert 2017
Commented:
From GPO I think not, but you can put script to Task Scheduler

Managing Scheduled Tasks from Group Policy
http://www.mdmarra.com/2014/04/managing-scheduled-tasks-from-group.html
Distinguished Expert 2017

Commented:
I think type in your case are based on whether they apply to computers or users. Another type of a policy is a computer based policy with loopback processing that applies the user specific settings when a user logs into the specific systems to which this GPO applies.
There are also group policy preferences.

Tom pointed out on using schtasks to check if present, and then set if missing.

You can do software deployment on the system level, while limiting/restricting which applications are available to certain users.

Author

Commented:
Thank you ,

can you explain Group policies that  can apply at logon/logoff for users and startup/shutdown for computers, and  other policies that  can be applied  outside the scope of logon/logoff for users and startup/shutdown  for computers ?
Thank you.
Distinguished Expert 2017

Commented:
There are books written on group policy management

You have to define what it is you want to achiev and then work through the gpo/gpp options to achieve it.

Using scripts on logon/logoff for a user or startup/shutdown for a computer, or logon/logoff by user when logged into a specific computer. Are usually tasks that can not be accomplished by other options.

generally speaking, for ease of management, gpos shoukd be named based on what they do. The idea is that a GPO has a specific purpose. A goo with login/logoff or startup/shutdown is not limited to running one script. You can add as many individual scripts as you want versus having one complex script.

The issue deals how long ihe application of computer GPO delay the availability of a system.
The user based on deals with how long it will take the user to login.

Other contributors to this delay related on how users are setup in the AD. Does their profile need to be copied in or out in a roaming user profile..... Folder redirection work folders are a way to keep the profike size manageable for quick logins.
kevinhsiehNetwork Engineer

Commented:
Most group policy items are settings, which can be applied at any time. They get applied at startup, login, and group policy refresh. The only time something would happen during a refresh is if a group policy was modified, added, and a user or computer was moved in AD.

Scripts are specific actions, which can only happen at startup/shutdown or logon/logoff.

For redirection can only happen at login.

Some setting changes require reboot to take effect, such as changing security protocols (disable SSL 3, TLS 1.0 and 1.1 for example).

If you describe what you are trying to achieve that would be helpful.

Author

Commented:
Users save their files on their mapped Home Drive..so there is no folder redirection.

for now users use the same computers every day, if they have to go to different locations they use their laptops. So roaming profile is not needed for now..
Distinguished Expert 2017

Commented:
GPos only apply when the computer is on the LAN where the DC is. If they are offsite, the GPOs commonly do not apply.
Tom CieslikIT Engineer
Distinguished Expert 2017

Commented:
Arnold,, You have forgotten about VPN.
I have users who is connecting to my network (login) through VPN and GPO is still applied
Distinguished Expert 2017

Commented:
The GPO only applies if and when the VPN is established before the login.
If you login into the laptop, the computer gpos majority of them while locally cached are not enforced.
The user GPO will not kick in if you login before the VPN is present.

Commonly, it is rare to have a setup that requires the presence of a VPN before a user is permitted to login.
Tom CieslikIT Engineer
Distinguished Expert 2017

Commented:
Why ?
I have that setup and because I have folder redirection policy is very convenient.
Distinguished Expert 2017

Commented:
Folder redirection is handled along with offline files. With that said, I am uncertain what you mean by your comment.
If the shares allow offlibe file access based on user choice, you would gave access to copies of your files based on that configuration without the need to establish a VPN.

Folder redirection is applied once. It is not continuously reapplied on each logon.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial