Do you find that your users spend more time in freecell and minesweeper than actually doing work? Then one would say that it is time to block those applications from being started. To do this you can use the Software Restriction Policy that is Built in to Group Policy and your Domain. What you will need to do is create a new Group Policy, you could call it “No Windows Games” and then Edit it and drill down into Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies from there you will probably be presented with “No Software Restriction Policies Defined” now right click back on Software Restriction Polices in the tree view on the left and select Create New Policies. Now you should have the option for Additional Rules. This is where you need your restrictions. Here is the long article about what the different types of rules are, and what you can do with the from Microsoft, but since we just want to block Windows Games we just need to add a New Path Rules with the Disallowed option.
%SystemRoot%\system32\freecell.exe
%SystemRoot%\system32\mshearts.exe
%SystemRoot%\system32\sol.exe
%SystemRoot%\system32\spider.exe
%SystemRoot%\system32\winmine.exe
C:\Program Files\MSN Gaming Zone
C:\Program Files\Windows NT\Pinball\PINBALL.EXE
Once these restriction are in place you can link them to the OU or workstations to make them take effect. Your end result should look something like this:
The other day I got an instant message from a fellow network administrator asking for a script that would map drives to by simply passing parameters from command line. This caused me to go into Google mode checking how parameters are passed in to Visual Basic Script and then applying the basic network drive mapping script. Now I feel that only the proper thing to do is share it with everyone out there that is looking for the same thing he was. This is a very simple script that does something equally simple. Hopefully this will simply some of the group policies that are out there.
Usage: mapme.vbs Z //server/share
This would result in passing Z as the drive letter and mapping it to the UNC path of //server/share
Set objArgs = WScript.Arguments
Set objNetwork = WScript.CreateObject("WScript.Network")
objNetwork.MapNetworkDrive objArgs(0) & ":" , objArgs(1)
In some domain environments you need to allow some control back to the users where they can manage it best. A perfect example of this is Power Settings, by default a normal domain user does not have the rights to control the power settings on the PC. This can lead to the computer turning off the monitor or going to standby at inopportune times. A way to solve this problem is by modifying the registry so any user authenticated / interactive user can modify these settings. To do this you need to use the regini.exe, it allows you to modify permissions in the registry from command line. Basically anything under registry key: (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\) need to be given permissions to be modify by the user. Below I have included some code that needs to be placed in a text file for parameters to pass to regini.exe during workstation start up.
Once you have this file made save it Machine Startup Scripts directory for Group Policy. Then add the following entry to the Group Policy (shown below) and the users should now be able to modify their computers power settings.
For more detail on parameters or what exactly regini.exe can do for you hop on over to Microsoft KB 237607.