Windows 2000
Win 2000 Server stuff 1WINDOWS 2000 SERVER
Table of Contents
1) DISABLE EFS TO MAKE YOUR DOCUMENTS MORE SECURE
2) START TERMINAL SERVICES WITH ONE APPLICATION
3) OPTIMIZE GPO PERFORMANCE, PART 2
1) DISABLE EFS TO MAKE YOUR DOCUMENTS MORE SECURE
The Encrypting File System (EFS) provides another layer of security for your documents.
Even though it's very useful, you have to be aware of two important issues.
First, EFS-encrypted files are transferred between computers in
unencrypted form. To secure files during network transfer, you must use
some other technology like IPSec. Second, other potential problems are
private keys and recovery agents. To efficiently use EFS, you need a good recovery policy.
Most of the time, you'll let users decide if they want to use EFS.
However, you have the ability to disable EFS if you want. The funny
thing about disabling EFS is that there isn't a "Disable EFS" setting.
Basically, you disable EFS by removing the recovery agent. If no recovery agents
are defined, Windows 2000 computers prevent users from using EFS.
1. If you have a Windows 2000 domain, open Active Directory Users And Computers.
2. Right-click the domain and select Properties.
3. On the Group Policy tab, select Default Domain Policy and click Edit.
4. Go to Computer Configuration
| Windows Settings | Security Settings |Public Key Policies | Encrypted Data Recovery Agents.
5. If there are any certificates, delete them.
6. Right-click Encrypted Data Recovery Agents, click Delete Policy, and then click Yes.
7. Right-click Encrypted Data Recovery Agents and click on Initialize Empty Policy.
---------------------------------------- WINDOWS 2000 SERVER
2) START TERMINAL SERVICES WITH ONE APPLICATION
Terminal Services (TS) are a good way to control the user's environment.
By default, in a normal Windows environment, users get the desktop, the
Start menu, and all applications. In most cases, users don't need all
of the applications installed; they usually just need a few applications,
which can be easily done with profiles and Group Policy.
Sometimes, you only need one application running. To do this, simply
run Active Directory Users And Computers if you have a Windows 2000 domain,
or Local Users And Groups if you use a local account. Then open the
Properties dialog box for the user and go to the Environment tab.
Check the - Start The Following Program At Logon and the path to the program in the box provided.
Now, whenever the user logs on, he or she will only get the
application you specified on the tab. If the user closes that
application, he or she will be logged out.
Of course, this doesn't mean the user cannot run any other application.
To prevent the user from running any other applications, you still have
to use profiles and Group Policy.
---------------------------------------
WINDOWS 2000 SERVER
3) OPTIMIZE GPO PERFORMANCE, PART 2
As mentioned in part one, you can have a great impact on the logon
times on your machines. Here are detailed instructions on how to perform the optimization.
To disable portions of Group Policy settings, follow these steps:
1. Open the Active Directory Users And Computers console.
2. Expand the domain and organizational units (OUs) for which you want to change the Group Policy Object (GPO) settings.
3. Right-click the domain and the OU and then select Properties.
4. On the Group Policy tab, select the Group Policy Object and click Properties.
5. Disable the computer configuration settings or user configuration settings by selecting the appropriate check box.
6. Click OK and close all dialog boxes.
To configure asynchronous GPO processing, follow these steps:
1. Open the Active Directory Users And Computers console.
2. Expand the domain and OUs for which you want to change the GPO processing.
3. Right-click the domain and the OU, and then select Properties.
4. On the Group Policy tab, select the Group Policy Object and click Edit.
5. Expand Computer Configuration | Administrative Templates | System | Group Policy.
6. Enable Apply Group Policy For Computers Asynchronously During Startup by selecting the check box.
7. Enable Apply Group Policy For Users Asynchronously During Logon.
8. Close all dialog boxes.