In this edition of Group Policy Quick Tips, I’ll be covering a policy that has been around a while, but was renamed and might be hard to find if you haven’t configured it before. In Windows 7/Server 2008 R2, this setting was called “Exclude files from being cached.” With Windows 8.x/Server 2012, the name changed to “Enable file screens.” Same thing; different name.
One of the features include in Internet Explorer 9+ is performance notifications for plug-ins. With this feature, the user is notified when plugins are slowing down browser performance. As the screenshot below shows, the user is presented with a dialog at the bottom of the browser window that says, “Speed up startup and browsing by disabling add-ons.” The user has the option of disabling add-ons, being prompted later, or closing the dialog out by clicking the ‘x.’
The downside is that users can accidentally turn off browser plugins with this feature or, in a fully managed environment, generate calls to the help desk when browser plugins are pushed to computers. The good news is that the notifications can be disabled in Group Policy.
Today’s Group Policy Quick Tip is about the Verbose vs. Normal Status Messages setting. If I had to name a Top Ten list of my favorite Group Policy settings, this one would definitely be on the list. This setting takes the normal messages like, “Please wait…” and, “Preparing your desktop…” and replaces them with much more useful messages. For the most part, these messages will whiz past so quickly that you probably won’t be able to read them. However, should one stay on the screen too long, it gives you a good starting point for troubleshooting performance issues.
If you’re using the default settings, Group Policy refreshes on computers and servers (but not Domain Controllers) every 90 minutes with a random offset of 0 to 30 minutes. But, what if that schedule doesn’t work in your environment? Then you change it Group Policy!
If you support computer labs or any other environment where lots of different people log into your computers daily, you’ve probably had to deal with user profiles that need to be deleted. The good news is that there is a setting in Group Policy that take care of that for you.
If you’re using BitLocker, you need to be backing up the TPM ownwer password. By default, Windows does not back up this information when you encrypt a computer with BitLocker. Should you need to make changes to the TPM device, you’ll need this password. Continue reading
Following our last tip, today’s Group Policy Quick Tip is about adding additional security to Remote Desktop sessions on your computers. Normally, an RDP session is established before authentication takes place. Enabling Network Level Authentication (NLA) allows authentication to take place before the RDP session is established.