You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »


Recommended Group Policies

We recommend these as best practice to improve user experience and provide the best possible performance.


In This Article

Prevent Bing Extension for Chrome

Prevent Bing Extension for Chrome

  1. Download and install the Microsoft Office Group Policy Templates (ADMX and ADML files)
    1. https://www.microsoft.com/en-us/download/details.aspx?id=49030
  2. Create new GPO Under the OU with the desktops in it with the name:  Evolve IP - DaaS 3 - Disable Bing
  3. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Navigate to Computer Configuration -> Policies -> Administrative Templates -> Microsoft Office 2016 (Machine) -> Updates
    2. Look through the list of policies and double-click on the Don't install extension for Microsoft Search in Bing that makes Bing the default the search engine option.
    3. Select Enabled and then press Apply followed by OK to configure the policy.

Windows 10 Device Registration

Windows 10 Device Registration

  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Windows 10 Device Registration
  2. Evolve IP can provide the needed admx/adml files if these options are missing.
    1. The ADMX files would get copied into your “Policy Definitions” folder
    2. The ADML files would get copied into your “Policy Definitions\en-US” folder
  3. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Device Registration
      1. Register domain-joined computers as devices
        1. Enabled
    2. Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Update
      1. Do not connect to any Windows Update Internet Locations
        1. Disabled

Turn Off Display

Turn Off Display

  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Turn Off Display
  2. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration -> Administrative Templates -> System -> Power Management -> Video and Display Settings
      1. Turn Off the Display (Plugged In): Enabled
      2. Turn Off the Display (seconds): 0

PCoIP - Clipboard Redirection & vSphere Console Access

PCoIP - Clipboard Redirection & vSphere Console Access

  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 – PcoIP
  2. Evolve IP can provide the needed admx/adml files
    1. Copy PCOIP.ADMX into your “Policy Definitions” folder
    2. Copy PCOIP.ADML into your “Policy Definitions\en-US” folder
  3. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration -> Policies -> Administrative -> Classic -> PCoIP Session Variables -> Overridable Administrator Defaults
      1. Enable access to a PCoIP session from a vSphere console
        1. Enabled
      2. Configure Clipboard Redirection
        1. Enabled
        2. Enabled in both directions

Blast - Screen Blanking & Clipboard Redirection

Blast - Screen Blanking & Clipboard Redirection

  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 – Blast
  2. Evolve IP can provide the needed admx/adml files
    1. Copy VDM_BLAST.ADMX into your “Policy Definitions” folder
    2. Copy VDM_BLAST.ADML into your “Policy Definitions\en-US” folder
  3. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration -> Policies -> Administrative -> Classic -> VMware Blast
      1. Screen Blanking
        1. Disabled
      2. Configure Clipboard Redirection
        1. Enabled
        2. Enabled in both directions

Internet Explorer / Edge Graphics Optimization

IE Graphics Optimization

  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - IE Graphics Optimization
  2. Right-click the GPO that you created for the group policy settings and select Edit.
    1. User Configuration -> Preferences -> Windows Settings -> Registry
      1. Action: Create
      2. Hive: HKEY_CURRENT_USER
      3. Key Path: Software\Microsoft\Internet Explorer\Main
      4. Value Name: UseSWRender
      5. Value Type: REG_DWORD
      6. Value Data: 00000001
      7. Base: Hexadecimal

Disable Peer to Peer Windows Updates

Disable Peer to Peer Windows Updates

  1.  Create new GPO under the OU with the desktops in it with the name:  Evolve IP- DaaS 3 - Windows Update Delivery Optimization
  2. Right-click the GPO that you created for the group policy settins and select Edit.
    1. Computer Configuration -> Policies → Administrative Templates → Windows Components → Delivery Optimization
      1. Edit Download Mode
        1. Enabled
        2. HTTP only (0)

Google Chrome Graphics Optimization

Chrome Graphics Optimization

  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Chrome Graphics Optimization
  2. Evolve IP can provide the needed admx/adml files
    1. Copy CHROME.ADMX into your “Policy Definitions” folder
    2. Copy CHROME.ADML into your “Policy Definitions\en-US” folder
  3. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration -> Polices -> Administrative Templates -> Google Chrome
      1. Use hardware acceleration when available: Disabled

Office 2016/2019/365 Graphics Optimization

Office 2016/2019/365 Graphics Optimization

  1. NOTE: This GPO is version specific. If using an older version of office, the appropriate ADMX/ADML files would be required.
  2. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Office 2016/2019/365 Graphics Optimization
  3. Evolve IP can provide the needed admx/adml files
    1. Copy all office ADMX files into your “Policy Definitions” folder
    2. Copy all office ADML files into your “Policy Definitions\en-US” folder
  4. Right-click the GPO that you created for the group policy settings and select Edit.
    1. User Configuration -> Policies -> Administrative Templates -> Microsoft Office 2016 -> Miscellaneous
      1. Do not use hardware graphics acceleration: Enabled

Outlook - Cached Mode Enabled

Outlook - Cached Mode Enabled

  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Outlook Cached Mode.
  2. Right-click the GPO that you created for the group policy settings and select Edit.
    1. User Configuration -> Policies -> Administrative Templates → Microsoft Outlook 2016 → Account Settings → Exchange → Cached Exchange Mode
    2. Set Cached Exchange Mode Sync Settings to enabled and 3 months unless customer requests longer duration
    3. Set Use Cached Exchange Mode for new and existing Outlook profiles to enabled.
    4. User Configuration -> Policies -> Administrative Templates → Microsoft Outlook 2016 → Outlook Options → Delegates
    5. Set Disable shared mail folder caching to enabled

 

Allow Windows Store Apps to Auto Update

Allow Windows Store Apps to Auto Update

  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Windows Store Apps
  2. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration -> Preferences -> Windows Settings -> Registry
      1. Action: Delete
      2. Hive: HKEY_LOCAL_MACHINE
      3. Key Path: Software\Policies\Microsoft\WindowsStore
      4. Value Name: AutoDownload

Windows Updates

DaaS Windows Updates

  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Windows Updates
  2. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration → Policies →  Administrative Templates →  Windows Components →  Windows Updates → Windows Updates for Business
      1. Select when Preview Builds and Feature Updates are received: Enabled
        1. Select the Windows readiness level for the updates you receive: Semi-annual Channel
        2. After a Preview Build or Feature Update is released, defer receiving it for this many days: 365


  1. Disable Peer-to-Peer Delivery: Disable Windows Update Delivery Optimization through Group Policy or - Microsoft Community

RMM Windows Firewall Exceptions

RMM Windows Firewall Exceptions

  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Windows Firewall
  2. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration →  Polices →  Administrative Templates →  Network → Network Connections → Windows Defender Firewall → Domain Profile
      1. Windows Defender Firewall: Allow inbound file and printer sharing exception : Enabled
        1. Allow unsolicited incoming messages from these IP addresses: 10.200.1.0/24
      2. Windows Defender Firewall: Allow ICMP exceptions: Enabled
        1. Options: Allow inbound echo request
      3. Windows Defender Firewall: Allow inbound remote administration exception: Enabled
        1. Allow unsolicited incoming messages from these IP addresses: 10.200.1.0/24

RMM Checks

RMM Checks

RMM allows you to set up periodic checks to ensure optimal performance.  We recommend setting these checks for after hours in order to reduce load on the platform.


User Group Policy Loopback

User Group Policy Loopback

  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - User Group Policy Loopback
  2. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy
      1. User Group Policy Loopback processing mode: Enabled
        1. Mode: Merge
  3. Ensure this GPO is processed last.

Folder Redirection

Folder Redirection

  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Folder Redirection
  2. Right-click the GPO that you created for the group policy settings and select Edit.
    1. User Configuration -> Policies -> Windows Settings -> Folder Redirection
      1. Favorites (right click the folder)
        1. Setting: Basic (Redirect everyone’s folder to the same location)
        2. Target Folder Location: Create a folder for each user under the root path
        3. Root Path: \\server\share
        4. Options:
          1. Grant user exclusive rights to Favorites: Disabled
          2. Move the Contents of Favorites to the new location: Enabled
          3. Also apply redirection policy to Windows 2000 server, Windows…: Disabled
          4. Policy Removal Behavior: Leave Contents
      2. Desktop
        1. Setting: Basic (Redirect everyone’s folder to the same location)
        2. Target Folder Location: Create a folder for each user under the root path
        3. Root Path: \\server\share
        4. Options:
          1. Grant user exclusive rights to Desktop: Disabled
          2. Move the Contents of Desktop to the new location: Enabled
          3. Also apply redirection policy to Windows 2000 server, Windows…: Disabled
          4. Policy Removal Behavior: Leave Contents
      3. Documents
        1. Setting: Basic (Redirect everyone’s folder to the same location
        2. Target Folder Location: Create a folder for each user under the root path
        3. Root Path: \\server\share
        4. Options:
          1. Grant user exclusive rights to Documents: Disabled
          2. Move the Contents of Documents to the new location: Enabled
          3. Also apply redirection policy to Windows 2000 server, Windows…: Disabled
          4. Policy Removal Behavior: Leave Contents
      4. Downloads
        1. Setting: Basic (Redirect everyone’s folder to the same location)
        2. Target Folder Location: Create a folder for each user under the root path
        3. Root Path: \\server\share
        4. Options:
          1. Grant user exclusive rights to Downloads: Disabled
          2. Move the Contents of Downloads to the new location: Enabled
          3. Also apply redirection policy to Windows 2000 server, Windows…: Disabled
          4. Policy Removal Behavior: Leave Contents
      5. Music
        1. Setting: Follow the Documents Folder
      6. Videos
        1. Setting: Follow the Documents Folder
      7. Pictures
        1. Setting: Follow the Documents Folder


  • No labels