Expand the Test Support GPO branch, and you should see two items under it: Computer Configuration and User Configuration, each of which has several branches of its own. Knowing where all the policy settings are is a pretty tall order at first. Actually defining the policies is pretty easy.
Just expand the branch where the policy is located, double-click the policy, and select Define This Policy Setting. The GP console enables the associated policy setting, which varies from one to another. In some cases, you simply select either Enabled or Disabled. Other policy settings require other data that varies according to the policy's function.
For example, you can configure policies that define how services start, setting a particular service to Manual, Automatic, or Disabled. Or, you can define policies that determine the startup, shutdown, logon, and logoff scripts that apply within the selected GPO.
Explaining every branch in the GP editor, much less each policy setting, is well outside the scope of this Daily Drill Down and would take a book in itself to present adequately.
For now, just understand that the GP editor lets you define group policies and that you can access the GP console through the properties for the container where a given GPO is linked or through a custom MMC to which you've added the group policy snap-in focused on a specific site, domain, or OU or the local GPO. Assume that you've just spent several days creating a GPO to link to a particular OU and have tested and verified that the policies it contains are correct. Also assume that you have two other OUs that need to use the same policies.
You don't really want to re-create those policies twice more, do you? Fortunately, you don't have to. Click the Group Policy tab, then click Add. There will no doubt come a time when you need to either delete a link to a GPO or delete the GPO itself, and it's important to understand that the two actions are quite different. I'll use a desktop shortcut as an analogy. Say that you create a shortcut on your desktop to an application.
When you delete the shortcut, the application is unaffected. Go to the application's folder and delete its executable, and the program is gone. Its remnants, however, are still floating around the registry because you didn't remove it properly. The same is true for GPOs and links. When you delete a link, the associated GPO is unaffected. Delete the GPO itself, however, and it's gone. Windows displays a dialog box that gives you two options:. Exercise some care when you delete GPOs.
A default group policy already exists. You only need to modify the values of different policy settings according to your specific requirements. You can create new group policies to meet your specific business requirements. Group policies allow you to implement:.
Registry based settings: Allows you to create a policy to administer operating system components and applications. Security settings: Allows you to set security options for users and computers to restrict them to run files based on path, hash, publisher criteria or URL zone. Software restrictions: Allows you to create a policy that would restrict users running unwanted applications and protect computers against virus and hacking attacks.
Software distribution and installation: Allows you to either assign or publish software application to domain users centrally with the help of a group policy. Roaming user profiles: Allows mobile users to see a familiar and consistent desktop environment on all the computers of the domain by storing their profile centrally on a server.
Internet Explorer maintenance: Allows administrators to manage the IE settings of the users' computers in a domain by setting the security zones, privacy settings and other parameters centrally with the help of group policy. Local Group Policies affect only the users who log in to the local machine but domain-based policies affect all the users of the domain.
If you are creating domain-based policies then you can create policy at three levels: sites , domains and OUs. Besides, you have to make sure that each computer must belong to only one domain and only one site.
When a GPO is defined it is inherited by all the objects under it and is applied in a cumulative fashion successively starting from local computer to site, domain and each nested OU. For example if a GPO is created at domain level then it will affect all the domain members and all the OUs beneath it.
After applying all the policies in hierarchy, the end result of the policy that takes effect on a user or a computer is called the Resultant Set of Policy RSoP. It provides a unified view of local computer, sites, domains and OUs organizational units. You can have the following tools in a single console:. A group policy can be configured for computers or users or both, as shown here:. The Group Policy editor can be run using the gpedit. Both the policies are applied at the periodic refresh of Group Policies and can be used to specify the desktop settings, operating system behavior, user logon and logoff scripts, application settings, security settings, assigned and published applications options and folder redirection options.
Computer-related policies are applied when the computer is rebooted and User-related policies are applied when users log on to the computer. To configure a local group policy, you need to access the group policy editor. Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services.
Privacy policy. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Type a name for the organizational unit in the Name box, and then click OK. The new organizational unit is listed in the console tree. Right-click the new organizational unit that you created, and then click Properties. In the right pane, double-click the service to which you want to apply permissions.
The security policy setting for that specific service is displayed.
0コメント