• Computer and User Configuration
  • Administering Group Policy
    		•

    Published: April 2003




    Download 0.64 Mb.
    bet4/5
    Sana26.12.2019
    Hajmi0.64 Mb.
    #5283
    1   2   3   4   5

    Using Group Policy


    Administrators use Group Policy and Active Directory together to define policy across sites, domains, and OUs according to the following rules:

    • GPOs are stored on a per-domain basis.

    • Multiple GPOs can be associated with a single site, domain, or OU.

    • Multiple sites, domains, or OUs can use a single GPO.

    • Any site, domain, or OU can be associated with any GPO, even across domains (although doing so slows performance).

    • The effect of a GPO can be filtered to target particular groups of users or computers based on membership in a security group or through WMI filters.

    To set Group Policy for a selected Active Directory object, an administrator must have read and write permission to access the system volume of domain controllers (Sysvol folder) and to modify rights to the currently selected directory object. The system volume folder is created automatically when you install a domain controller (or promote a server to domain controller).

    Computer and User Configuration


    Administrators can configure specific desktop environments and enforce policy settings on groups of computers and users on the network as follows:

    • Computer Configuration. Computer-related policies specify operating system behavior, desktop behavior, application settings, security settings, assigned applications options, and computer startup and shutdown scripts. Computer-related policy settings are applied when the machine is rebooted and during a periodic refresh of Group Policy.

    • User Configuration. User-related policies specify operating system behavior, desktop settings, application settings, security settings, assigned and published applications options, user logon and logoff scripts, and folder redirection options. User-related policy settings are applied when users log on to the computer and during the periodic refresh of Group Policy.

    Administering Group Policy


    To deploy and manage Group Policy, administrators use GPMC and the Group Policy Object Editor.

    GPMC


    The GPMC integrates the Group Policy functionality provided by the following tools into a single console:

    • Active Directory Users and Computers

    • Active Directory Sites and Services

    • Resultant Set of Policy MMC snap-in

    • ACL Editor

    • Delegation Wizard

    Administrators can perform core Group Policy tasks using GPMC without the use of these other tools. Figure 2 shows the GPMC interface for an OU called Engineering – Offsite.




    Download 0.64 Mb.
    1   2   3   4   5




    Download 0.64 Mb.