Home / server / Questions / 195158
Accepted
mattdwen
Asked: 2010-10-27 18:24:04 +0800 CST

What group policy settings do you apply for laptop users?

  • 772

I've a number of users with laptops who take them off-site.

Currently I've got policies mapping drives and the like, which won't work unless they're connected to the domain. It also takes a while for these to time out when logging in off-site.

What settings do administrators commonly apply for laptop users, for these issues and others?

(This should be a community wiki, but I don't have the rep.)

group-policy active-directory laptop

3 Answers

  1. We don't have defined anything special for laptop users.

    We have two network mappings defined for all users which is done with logon script. These mappings are defined to be persistent, so even if user is off-site they still show up. First mapping is user's home directory and other is common DFS-share, which includes all other network resources what user would need.

    Earlier we defined user's home directory in user account but that caused lot of problems when network wasn't available. That's why we now define that network drive with logon script and use GPO to redirect My Documents folder to that specific network drive. We have also defined this network drive (My documents) to be available offline for users.

    I don't know if this helps you, but I thought that I would tell you how we have managed to get along.

    • 2
  2. Best Answer

    We apply a mix of policies and preferences, both Computer and User settings including loopback processing, where required, for our mobile users/devices. The following are only the GPOs which differ from those applied to desktop devices.

    • Enable Client Side Caching (offline files).
    • Power management options.
    • Printer list and default (for mobile labs)
    • Screen saver timeout, password requirement for resume.
    • Wireless network settings.
    • WSUS update schedule.

    Group Policy is a great tool for configuring Windows. I prefer to allow our users [everyone is a limited user] as much freedom to configure their device, without breaking something, as they choose. In the past Group Policy was used in my district to "lock-down" myriad settings. Many of these options not only didn't make sense to enforce but they made computer usage more difficult for end users. This created a significant amount of friction between the IT department and the end-users. I would recommend only configuring the options you require for your users and devices.

    • 2

  3. We turn the windows firewalls on, change the windows update policy so it updates over the internet (we have had laptops that only get brought back in and connected to the corporate network when they are broken), and not nesseseraly group policy but set a public location for the anti-virus software to update from

    • 1