Force Computers To Get User-Side GP Settings Using PolicyPak

Microsoft MVP Jeremy Moskowitz and Shane from Admin Arsenal explain how to use PolicyPak Admin Template Manager to easily eat user side functions

Force Computers To Get User-Side GP Settings Using PolicyPak

  • Hey everybody. I’m Shane from Admin Arsenal. We’ve got Jeremy Moskowitz, Microsoft MVP for group policy, also the owner of Policy Pak, extension add-on to active directory. So, let’s talk about some more group policy deliciousness.
  • Yes, exactly. So, the scenario here is; do you ever have customers that have a bunch of computers? Maybe they’re a lot of regular computers or maybe some kind of specialty computers like shop floor, kiosk, lab machine or maybe you’re got a conference room computer and you want those special computers to just eat some user side things.
  • Yeah because different users log on at different times.
  • Right. So, what are you gunnagoing to do? Well, if you would normally have to use very complicated group policy loop back mode to force your computers to eat user side things and the downside is you get way more settings than you would expect. And it’s kinda impossible to craft the experience. So, what I’m gunnagoing to show you is with Policy Pak admin template manager you can gently force your computers to nicely eat user side functions.
  • Fantastic.
  • So, you can see here I’ve got standard computers. I’ve got computer 1 and computer 2 in there. You could pretend I’ve got 10,000 computers in there. It doesn’t really matter and if I were to go to the standard computers here and create a new GPO I’m going to make computers eat user side policies nicely. Okay?
  • Nice.
  • Okay, so loop back without loop back and this means I’m gunnagoing to go on the computer side, go to the Policy Pak node and if you were to go to the regular policies node on this side, what would you see? You’d see only the computer side things.
  • Absolutely.
  • So, instead we’re gunnagoing to click on Admin Template manager and this is the magic that gets you access when you click on new policy. Of course, you would see all of the existing computer side things. This is all the computer side stuff you have access to. We’ve got this magic button here called user policy. Now, the magic isn’t really here. The magic is in our moving part on the endpoint, the client side extension, but you can do things like start menu and task bar and I’m just gunnagoing to pick something that we can see very quickly like remove help menu from start menu.
  • Sure.
  • But it can be any user side thing you want and you can see what we’re doing here by clicking enabled. We’re taking a user side function and delivering it to computers. You cannot do this with the stuff in the box except if you use loop back and that is not what you’re after. So, it doesn’t matter now who logs on to these machines. Everyone is going to get the exact same experience. So, if we log on as user 1 and log on, what’s our expectation?
  • We’re not gunnagoing to have help.
  • Yep. Help will be removed. So, let’s just go ahead and take a look at the start menu now and look at that. It worked exactly as expected.
  • No help.
  • The gift of no help has been delivered. And if we log on as any user in any OU it doesn’t matter across space or time, it doesn’t matter who they are. I’ll log on as some other guy just to prove a point. The computer is eating that user side setting so now all users on those computers are guaranteed to pick up those settings. Loop back without loop back.
  • That’s fantastic.
  • So, let’s go ahead and just double check. No help. Doesn’t matter who the guy is, whoever is on those shop floor kiosks, lab computers, if they’re a conference room computer or even a standard computer, they’re always going to get the user side functions for the computers. Very difficult. Impossible without Policy Pak admin template manager.
  • Fantastic. Well done.
  • Thanks my man.
  • Hey I’m Shane and that’s Jeremy.

Back