• Let’s use GPP* to assign printers according to the department an individual belongs to. Obviously this requires some sort of departmental grouping of OU’s.
• Let’s use GPP to assign network drives and permissions according to the department an individual belongs to. Get rid of the scripts!
• Let’s use GPP to assign environmental variables (required for accounting software) according to the department an individual belongs to.
• Let’s use GPP to maintain all local computer accounts. Creation, deletion, group account membership and password changes. It is so easy with GPP that we’d be foolish not to.
• When we deploy our new Citrix infrastructure, do we need GPP to deliver shortcut icons to appropriate user desktops, or is this done strictly through Citrix?
• Let’s use GPP to distribute ODBC connections. I.e., for Accounting, distribute a particular ODBC connection. For Education, distribute another.
• Distribute OHA Templates via GP. Right now they have to be pushed out via script.
• Windows Updates. Turn them OFF at the client level! All of this should be distributed via WSUS or SCOM! Why hasn’t this been done before?
• Create a test OU for testing fixes, scripts, etc.
• Let’s start limiting what users can access in IE options. This has been far too lax for far too long.
• Let’s set the power options (particularly for laptops) in GP. Why isn’t this done already?
• Let’s set some sort of auto-logoff period. This should have been done before. One of our users left himself logged in on the demo laptop and forgot to log out. Other people used his account through the day.
• Let’s set Office macro security settings via GP. This should have been done already.
• A generic email signature for our staff, pulling information out of AD. Not directly related, but should be considered.

*GPP: Group Policy Preferences. You can read an overview of it here.