A really important concept that comes along with Windows computers and a lot of IT people do understand, but maybe don’t understand quite how they should implement is group policy. And that goes along with and it’s synonymous with active directory, because that’s where you typically can manage that from and where it makes it easy to do that.
Group policies in Windows are designed around providing you the ability to secure and restrict and change and do almost anything on a Windows computer, within reason, to remove people’s ability to do something, to add someone’s ability, to put them on rails and make them only do something a particular way. There are hundreds if not thousands of group policies in place. And Microsoft is put there for us to utilize, for us as consumers and as IT administrators and as network administrators to utilize.
And there are so many other policies that fall outside of that, such as Windows security policies that are also considered part of the group policies, and those can employ password policies and how users can log in to a system, and whether or not you allow administrators to shut down PCs.
There’s so much that’s available in there. It’s kind of daunting sometimes when you look at it. And the one thing that really is important, a lot of people mistake the fact that group policy is not specifically something that you have to have a domain to utilize. You can actually utilize group policy on a local computer as well. So, if you’re not part of a domain, which is the case with a lot of endpoint computers. People send an endpoint device, say for a kiosk that you may not be able to domain join because of its geography, where it is in the nation, or in countries that you don’t have good internet connection so you don’t want to do that. Or for security purposes, you don’t want it in the domain.
There’s a number of reasons that may not be viable. And, because of that, a lot of administrators tend to throw out the idea of group policy immediately. And this is something we’ve come to see as it’s another tool in your bag, so don’t throw it away right away, actually see whether or not you can employ that for part of your actual setup and get yourself away from trying to set everything through the registry or trying to restrict file policies directly. Use the tools Microsoft gave you to the best of your ability. I won’t say do that in every circumstance, and that’s where, South Seas, we have a lot of experience in doing that, or we can help you figure out is it best to utilize those, is it not best to utilize those.
But, specifically, use those tools. Try to build on those tools, try to use that stuff to your advantage rather than tossing it out because your PC is not on a domain network.
I’m Anthony with South Seas Data, and we will help you set up your group policies and your network or non-network devices properly.