Every desktop administrator worries about the potential disruption from a new user interface. Such a distraction has come to be known as "interface shock." Fortunately, it is possible to minimize interface shock for users by leveraging Group Policy to make Windows 7 look more like Windows XP. This white paper will help get you started, with a list of Group Policy settings that can make the Windows 7 landscape more familiar for XP users.
Every desktop administrator worries about the potential disruption from a new user interface. Such a distraction has come to be known as "interface shock." For those companies migrating from Windows XP to Windows 7, this is especially true. (Moving from Vista to Windows 7 can also involve some disorientation, but is markedly less dramatic.)
Microsoft believes that changes to the user experience are usually a good thing, making things easier, better, and faster. But as IT professionals, you and I know that sometimes that's true, and sometimes it isn't. For example, the breadcrumbs trail is intuitive and convenient, whereas the search feature is just the opposite.
Many organizations want to take advantage of the speed, security, reliability, and flexibility of Windows 7, while minimizing the disruption to users and support staff due to features and changes you don't need or won't use. For example, they might want to make Windows 7 look more like XP in order to ease the transition, and then turn on aspects of the Windows 7 GUI later, after the initial migration is complete.
Fortunately, it is possible to minimize interface shock for users by leveraging Group Policy to make Windows 7 look more like Windows XP. This white paper will help get you started, with a list of Group Policy settings that can make the Windows 7 landscape more familiar for XP users. The settings are grouped as follows:
Disabling new programs
Disabling new features
Bringing back familiar elements
This paper focuses on making changes with Group Policy, for example via the Group Policy Management Console (see Figure 1). The great thing about Group Policy is that you can enforce settings on a per-organizational-unit basis, so that if the settings we discuss here are appropriate for some subsets of your user population but not others, you can design your Group Policy Object links accordingly. (You can also link GPOs to domains and sites.) And if the intended scope of your Group Policy settings doesn't line up nicely with the way your Organizational Units or domains or sites are designed, you can always fall back on using filtering by security groups. (That can be a moderately complex topic that won't be covered here, but do an Internet search on "security group filtering" to learn more.) For more details on Longhorn Group Policy capabilities, check out the Windows Group Policy Resource Kit, by Derek Melber. It's written for Server 2008 and Vista, but most of the policy settings are the same for Windows 7.
When you use the Group Policy Management Console as a jumping-off point for editing a GPO, you will be working within the multi-level hierarchy of the GPO architecture (see Figure 2). The hierarchy exposed by this tool is both daunting and inconsistent, so when I mention a setting in this white paper, I also provide its location in the hierarchy. Some settings appear in the "User Configuration" half, some in the "Computer Configuration" half, and some both places, indicating whether the setting will apply based on the location of the computer object in Active Directory (in which case it will affect all users who log on to that machine), or the user object.
Windows 7 brings some welcome enhancements to applets such as WordPad, Paint, and Calculator. However, it also introduces a number of new tools that you may or may not want. Some of the new programs in Windows 7 can be disabled so that users won't accidentally try to use them, get confused or frustrated, and call the Help Desk. Here are a few candidates to consider.
Windows Backup. Many organizations have their own preferred backup software for servers and clients. Also, many organizations don't bother backing up clients at all, particularly if they use folder redirection for the Documents folder, or mandate storing all data files on network shares.
"Prevent the user from running the Backup Status and Configuration Program" (Location: User Configuration\Policies\Administrative Templates\Windows Components\Backup\Client)
BitLocker and BitLocker-To-Go. BitLocker is a secure full-volume encryption technology that weds your hard drive to a Trusted Platform Module (TPM) chip on your motherboard, and BitLocker-To-Go extends encryption to removable devices such as flash drives. These encryption features are available in the Enterprise and Ultimate versions of Windows 7. However, they can create problems if your organization is not prepared to support them: for example, a user who "BitLockers" his hard drive may find that his PC is completely inaccessible after a motherboard repair. Also, you may be using an alternative encryption technology for portable devices such as flash drives. Happily, you can disable BitLocker-To-Go via Group Policy.
No comments:
Post a Comment