Login VSI AD Settings

From Login VSI Documentation
Jump to: navigation, search

Logon Scripts

In order to run Login VSI properly Login VSI uses a logon script. The default location for these scripts is the domain NETLOGON location.

V4-VSI_Launcher.cmd

Contains the command to run the Agent.exe from the VSI Share.

V4-VSI_Logon.cmd

Contains the command to run the Logon.cmd on the VSI Share.

User Account

In order to run Login VSI on the user side the logon script needs to be specified. This is automatically done when the VSIADSetup.ps1 is used.

User profile.png

Group Policies Settings

In the Group Policy objects are the following settings configured.

VSI System-v4

These are all the computer settings.

Computer Configuration
Windows Settings
Security Settings
Local Policies/Security Options
User Account Control
Policy Setting

User Account Control: Admin Approval Mode for the Built-in Administrator account
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
User Account Control: Detect application installations and prompt for elevation
User Account Control: Only elevate executables that are signed and validated
User Account Control: Only elevate UIAccess applications that are installed in secure locations
User Account Control: Run all administrators in Admin Approval Mode
User Account Control: Switch to the secure desktop when prompting for elevation

Disabled
Disabled
Elevate without prompting
Disabled
Disabled
Disabled
Disabled
Disabled

Administrative Templates
System/Group Policy
Policy Setting

Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services
Configure user Group Policy loopback processing mode (Mode: Merge)

Disabled
Enabled

System/Logon
Policy Setting

Always wait for the network at computer startup and logon
Do not display the Getting Started welcome screen at logon

Enabled
Enabled

System/Scripts
Policy Setting

Run logon scripts synchronously

Enabled

Windows Components/Internet Explorer
Policy Setting

Disable showing the splash screen

Enabled

Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections
Policy Setting

Allow users to connect remotely by using Remote Desktop Services
Set rules for remote control of Remote Desktop Services user sessions

Enabled
Enabled

Windows Components/Remote Desktop Services/Remote Desktop Session Host/Temporary folders
Policy Setting

Do not use temporary folders per session

Enabled

VSI User-v4

LoginVSI 4.1.6 and higher, please see the policies here.

http://upload.loginvsi.com/Support/Documentation/LoginVSIUserPolicies.htm

These are all the user settings.

User Configuration
Policies
Windows Settings
Internet Explorer Maintenance
Connection/Proxy Settings
Enable proxy settings
Protocol Server Port

HTTP
Secure
FTP
Gopher
Socks

127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1

80
80
80
80
80

Exceptions:

Do not use proxy server for addresses beginning with
Do not use proxy server for local (intranet) addresses

Enabled

Administrative Templates
Control Panel/Personalization
Policy Setting

Enable screen saver

Disabled

Desktop
Policy Setting

Remove the Desktop Cleanup Wizard

Enabled

Microsoft Office Outlook 2007/Tools | Options.../Other/AutoArchive
Policy Setting

AutoArchive Settings

Turn on AutoArchive
Run AutoArchive every <x> days
Prompt before AutoArchive runs
During AutoArchive:
Delete expired items (e-mail folders only)
Archive or delete old items
Show archive folder in folder list
Clean out items older than
Permanently delete old items

Disable File|Archive

Enabled

Disabled
14
Disabled

Disabled
Disabled
Disabled
6 Months
Disabled

Enabled

Microsoft Outlook 2010/Outlook Options/Other/AutoArchive
Policy Setting

AutoArchive Settings

Turn on AutoArchive
Run AutoArchive every <x> days
Prompt before AutoArchive runs
During AutoArchive:
Delete expired items (e-mail folders only)
Archive or delete old items
Show archive folder in folder list
Clean out items older than
Permanently delete old items

Disable File|Archive

Enabled

Disabled
14
Disabled

Disabled
Disabled
Disabled
6 Months
Disabled

Enabled

System
Policy Setting

Prevent access to registry editing tools
Prevent access to the command prompt
Windows Automatic Updates

Disabled
Disabled
Disabled

System/Scripts
Policy Setting

Display instructions in logon scripts as they run
Run legacy logon scripts hidden
Run logon scripts synchronously

Enabled
Disabled
Enabled

Windows Components/AutoPlay Policies
Policy Setting

Turn off Autoplay

Turn off Autoplay on:

Enabled

All drives
Windows Components/Internet Explorer
Policy Setting

Disable changing home page settings

Home Page

Disable Internet Connection wizard
Prevent running First Run wizard

Select your choice

Enabled


Enabled
Enabled

Go directly to home page
Windows Components/Internet Explorer/Administrator Approved Controls
Policy Setting

Shockwave Flash

Shockwave Flash

Enabled

Enabled
Windows Components/Internet Explorer/Internet Control Panel/Advanced Page
Policy Setting

Allow active content from CDs to run on user machines
Allow Install On Demand (Internet Explorer)
Allow software to run or install even if the signature is invalid
Allow third-party browser extensions
Play animations in web pages
Play sounds in web pages
Play videos in web pages

Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled

Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone
Policy Setting

Turn on Protected Mode

Protected Mode

Enabled

Enabled
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone
Policy Setting

Allow scriptlets

Scriptlets

Display mixed content

Display mixed content

Download signed ActiveX controls

Download signed ActiveX controls

Download unsigned ActiveX controls

Download unsigned ActiveX controls

Initialize and script ActiveX controls not marked as safe

Initialize and script ActiveX controls not marked as safe

Run ActiveX controls and plugins

Run ActiveX controls and plugins

Script ActiveX controls marked safe for scripting

Script ActiveX controls marked safe for scripting

Turn on Protected Mode

Protected Mode

Enabled

Enabled

Enabled

Enabled

Enabled

Enabled

Enabled

Enabled

Enabled

Enabled

Enabled

Enabled

Enabled

Enabled

Enabled

Enabled
Windows Components/Internet Explorer/Internet Settings/Advanced settings/Internet Connection Wizard Settings
Policy Setting

Start the Internet Connection Wizard automatically

Disabled

Windows Components/Internet Explorer/Security Features/Local Machine Zone Lockdown Security
Policy Setting

Internet Explorer Processes

Disabled

Windows Components/Internet Explorer/Security Features/Notification bar
Policy Setting

Internet Explorer Processes

Disabled

Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install
Policy Setting

Internet Explorer Processes

Disabled

Extra Registry Settings
Policy Setting

Software\Policies\Microsoft\Office\15.0\outlook\preferences\archivedelete
Software\Policies\Microsoft\Office\15.0\outlook\preferences\archivegranularity
Software\Policies\Microsoft\Office\15.0\outlook\preferences\archivemount
Software\Policies\Microsoft\Office\15.0\outlook\preferences\archiveold
Software\Policies\Microsoft\Office\15.0\outlook\preferences\archiveperiod
Software\Policies\Microsoft\Office\15.0\outlook\preferences\deleteexpired
Software\Policies\Microsoft\Office\15.0\outlook\preferences\disablemanualarchive
Software\Policies\Microsoft\Office\15.0\outlook\preferences\doaging
Software\Policies\Microsoft\Office\15.0\outlook\preferences\everydays
Software\Policies\Microsoft\Office\15.0\outlook\preferences\promptforaging

0
0
0
0
6
0
1
0
14
0