Oh agreed.
We are using Group Policy for enforcing the US Government Baseline security settings... but that's been implemented by my network team here, and focused specifically on the policy settings we have to implement to comply with the mandates. But by and large it looks like the desktop group here has had almost zero configuration definitions or best practices for all the other Win configuration options... I'm trying to collect whatever collateral to put in front of them that I can on short notice to get them thinking on what they can do from a centralized configuration perspective... do they can take a stab at building a config document to generate an image to validate against. -sc From: William Robbins [mailto:dangerw...@gmail.com] Sent: Monday, March 21, 2011 2:19 PM To: NT System Admin Issues Subject: Re: Win 7 configuration options? Well, in my past positions, we started off with business needs, and looked to see what we could accomplish with GPO's. Typically it was things to meet/exceed existing security polcies, but were sometimes as trite as setting a facility specific wallpaper. I suppose, not knowing what you are needing to accomplish, I can't offer much advice save the term "baby steps." GPO's are awesome magical beings that when used inappropriately, or in error can wreak havoc faster than you can say Rumplstilkskin! - WJR On Mon, Mar 21, 2011 at 13:01, Steven M. Caesare <scaes...@caesare.com> wrote: Awesome, thanks WJR. Next question... how do folks define what they want in their organizations? Do you go through this ginormous document? Do you just decide on SOME things you want to do initially (redirect default save locations, etc...), and then refine over time? How do you go about deciding settings things that _AREN'T_ managed via GPO? My gut and initial reading seems to reinforce the idea that I want' very little customization in the image itself... just the OS and necessary drivers.. with just the things I cannot manage via GPO. After that we'll layer apps on as individual packages. Is that how you folks are addressing client lifecycle configuration and management? Thanks. -sc From: William Robbins [mailto:dangerw...@gmail.com] Sent: Monday, March 21, 2011 1:52 PM To: NT System Admin Issues Subject: Re: Win 7 configuration options? Lest I be thought completely useless: Group Policy Settings Reference for Windows and Windows Server http://www.microsoft.com/downloads/en/details.aspx?FamilyID=18c90c80-8b0 a-4906-a4f5-ff24cc2030fb&displaylang=en - WJR On Mon, Mar 21, 2011 at 12:32, Steven M. Caesare <scaes...@caesare.com> wrote: So... I'm being pulled in to a Windows 7 rollout project that previously has had very little adult supervision... and as such needs to have several parts of it rebooted. We need to quickly do some work to define what configuration options we want in the base image we are going to deploy. The obvious goal is to manage as much via GPO as possible... but not everything is GPO-manageable (power setting, etc...?). Regardless as to if the setting is set via GPO, it still needs to be decided upon. So my question is: Other than paging through the GPO MMC snapin and looking at each setting, is there good comprehensive doc that lists everything out that we can use as the basis for discussion? If this does exist, does it cover all the things not managed via GPO as well? Thanks. -sc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin