Stevehewitt
IS-IT--Management
Hi guys,
This is actually a Vista related issue on non-domain machines, however the Vista forum didn't come up with much and as it's GPO deployment issues I'm hoping you lovely people may have some suggestions!
Using Vista SP1 Business on a number of laptops, however we are locking them down using local GPO's. These machines aren't on the domain as the users are always on the road (sales people).
Part of this is locking down the Vista laptop client so that they can only run particular .exe (whitelisted), and also we are using the new hardware restricition GPO to prevent installs of USB sticks and other hardware other than what we already installed and/or have included in the GPO. (hardware whitelisting
However, entering in 62 application names correctly across 30 laptops, and then even more complicated 34 device id's and class id's is not only very time consuming - but introduces a large margin for error.
As such, is there any way I can script the entries of just these two GPO's? (We have some other GPO's set too but theres only a few and they are just on or off etc.)
From what I can tell the registry entries use GUID's that are unique to each machine, therefore can't think of a way around it....?
Cheers in advance,
Steve.
"They have the internet on computers now!" - Homer Simpson
This is actually a Vista related issue on non-domain machines, however the Vista forum didn't come up with much and as it's GPO deployment issues I'm hoping you lovely people may have some suggestions!
Using Vista SP1 Business on a number of laptops, however we are locking them down using local GPO's. These machines aren't on the domain as the users are always on the road (sales people).
Part of this is locking down the Vista laptop client so that they can only run particular .exe (whitelisted), and also we are using the new hardware restricition GPO to prevent installs of USB sticks and other hardware other than what we already installed and/or have included in the GPO. (hardware whitelisting
However, entering in 62 application names correctly across 30 laptops, and then even more complicated 34 device id's and class id's is not only very time consuming - but introduces a large margin for error.
As such, is there any way I can script the entries of just these two GPO's? (We have some other GPO's set too but theres only a few and they are just on or off etc.)
From what I can tell the registry entries use GUID's that are unique to each machine, therefore can't think of a way around it....?
Cheers in advance,
Steve.
"They have the internet on computers now!" - Homer Simpson