====== Windows Group Policy ======

**Loopback**: http://deployhappiness.com/loopback-policy-how-a-computer-gets-a-transgender-operation

**Policy or Preference**: http://deployhappiness.com/policy-or-preference

===== Applying Group Policies =====

:!: You must create Active Directory Organizational Units (OUs) to apply group policies against.  You can't apply policies to the built-in AD containers.

:!: Policies apply to either users or computers.  Loopback processing can make user policies apply to certain computers.

:!: Group policies often seem not to 'take effect' when you think they should.

:!: Time plays an underestimated role in the activation or roll-out of group policies.  Test it again in the morning!

  - Make the policy change on the domain controller
  - Run ''gpupdate /force'' on domain controller
  - Run ''gpupdate /force'' on workstation computer
  - Reboot workstation computer
  - Test the policy

===== Tools =====

Use **Group Policy Management** to manage group policies.

  * **Start -> Run -> gpmc.msc**

Use Group Policy Editor to edit a specific Group Policy Object (GPO).

  * **Start -> Run -> gpedit.msc**

View resultant policies:

  * **Start -> Run -> rsop.msc**

Use the CLI:

https://mashtips.com/how-to-use-the-group-policy-results-gpresult-exe-command-line-tool/

<file>
gpupdate /force

gpresult /R

gpresult -H GPResult.html
</file>

Check computer group membership:

<file>
Get-ADComputer "tucson-svr" -Properties MemberOf

gpresult /scope computer /v

net localgroup
</file>

===== Multiple AD Sites =====

Group Policies 'flow down', so you may need to Block Inheritance to a container using Group Policy Management.

  * **Right-click container -> Block Inheritance**

===== Without Windows Servers =====

http://www.nitrobit.com/grouppolicy.html

http://www.nitrobit.com/products.html

http://www.nitrobit.com/order_ngp.html

===== Logon as Batch Job =====

http://technet.microsoft.com/en-us/library/gg563788.aspx

Edit an existing group policy, or add a new one, and add 'Administrators':

**Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Log on as Batch Job**

===== RDS Desktop Backgrounds =====

:!: By default, background images are not displayed nor can users change the background unless the RDP client is set to 'Lan' or the best connection speed in the client settings.

:!: If you set a solid color background at a fast speed, the setting will 'stick' even when going back to slower connection speeds

:!: You have to have Desktop backgrounds enabled in the client before any of the following server-side stuff will work.

==== Using Registry ====

http://virot.eu/push-a-solid-colored-background-to-a-windows-server-2012-or-later/

==== Using Group Policy ====

http://social.technet.microsoft.com/Forums/windowsserver/en-US/9c72a524-507f-4861-a9de-0b42c711897a/how-to-change-desktop-background-color-of-windows-2008-r2-remote-desktop-server-users?forum=winserverTS

==== Using ADM Templates ====

http://www.techieshelp.com/set-desktop-background-colour-with-a-gpo/