• White Paper Abstract
  • Introduction 1 Introduction 1
  • Delegating Group Policy 13 Delegating Group Policy 13
  • Group Policy Processing 35 Group Policy Processing 35
  • Specifying a Domain Controller for Setting Group Policy 44 Specifying a Domain Controller for Setting Group Policy 44
  • Group Policy Loopback Support 51 Group Policy Loopback Support 51 Policy Settings for Group Policy 52 Policy Settings for Group Policy 52
  • Design Considerations for Organizational Unit Structure and Use of Group Policy Objects 61
  • IntelliMirror Features without Active Directory 73 IntelliMirror Features without Active Directory 73
  • Migrating Policy-Enabled Clients from Windows NT 4.0 to Windows 2000 78 Migrating Policy-Enabled Clients from Windows NT 4.0 to Windows 2000 78
  • Appendix A: Security Settings and User Rights 88 Appendix A: Security Settings and User Rights 88
  • Appendix B: Group Policy Settings for Internet Explorer 96 Appendix B: Group Policy Settings for Internet Explorer 96
  • Appendix D: Windows NT 4.0, Zero Administration Kit, and Windows 2000 Namespace Comparison 111
  • Glossary 123 Glossary 123 For More Information 130 For More Information 130
  • White Paper Abstract




    Download 4,15 Mb.
    bet1/16
    Sana26.12.2019
    Hajmi4,15 Mb.
    #5115
      1   2   3   4   5   6   7   8   9   ...   16





    Operating System

    Windows 2000 Group Policy



    White Paper

    Abstract

    This paper describes Group Policy, one of the key IntelliMirror® management technologies provided for change and configuration management in Microsoft® Windows® 2000 operating system. Administrators use Group Policy to specify options for managed configurations for groups of computers and users. Group Policy includes options for registry-based policy settings, security settings, software installation, scripts, folder redirection, Remote Installation Services, and Internet Explorer maintenance.

    This paper is intended for information technology managers and system administrators who are interested in using Group Policy to manage users’ desktop environments.

    © 2000 Microsoft Corporation. All rights reserved.

    The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

    This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

    Microsoft, Windows, IntelliMirror, Jscript. Active Directory, Visual C++, MS-DOS, Visual Basic, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

    Other product and company names mentioned herein may be the trademarks of their respective owners.

    Microsoft Corporation • One Microsoft Way • Redmond, WA 98052-6399 • USA

    0700


    Introduction 1

    Introduction 1

    Administrative Requirements for Using Group Policy 1

    What this Paper Contains 1

    Overview of Group Policy Infrastructure and Mechanics 2

    Overview of Group Policy Infrastructure and Mechanics 2

    Linking Group Policy Objects to Active Directory Containers 3

    Group Policy Hierarchy 4

    Using Security Groups to Filter the Scope of the Group Policy Object 6

    MMC Snap-in Extension Model 8

    Group Policy Snap-in Namespace 8



    Delegating Group Policy 13

    Delegating Group Policy 13

    Using Security Groups to Delegate Group Policy 14

    Specifying Group Policy to Control the Behavior of MMC extensions 17

    Group Policy Extension Snap-ins 20

    Group Policy Extension Snap-ins 20

    Administrative Templates 20

    Security Settings 23

    Software Installation 27

    Scripts 27

    Folder Redirection 31

    Internet Explorer Maintenance 31

    Remote Installation Services 33

    Extending the Group Policy Functionality 35

    Group Policy Processing 35

    Group Policy Processing 35

    Initial Processing of Group Policy 35

    Background refresh of Group Policy 36

    Slow Links and Remote Access Issues 38

    Client-side Processing of Group Policy 40

    Server Processing 43



    Specifying a Domain Controller for Setting Group Policy 44

    Specifying a Domain Controller for Setting Group Policy 44

    Specifying a Domain Controller for Group Policy Editing by Using Preferences 44

    Specifying a Domain Controller by Using Policy 45

    Local Group Policy 48

    Local Group Policy 48

    Local Group Policy Object 48

    Starting the Group Policy Snap-in on Windows 2000 Professional 49

    Using the Group Policy Snap-in Focused on a Remote Computer 49

    Local Group Policy Object Processing 50

    Group Policy Loopback Support 51

    Group Policy Loopback Support 51

    Policy Settings for Group Policy 52

    Policy Settings for Group Policy 52

    Specifying Policy Settings for Group Policy 52



    Group Policy and Active Directory Sites 57

    Group Policy and Active Directory Sites 57

    Setting up Group Policy on a Site 57



    Design Considerations for Organizational Unit Structure and Use of Group Policy Objects 61

    Design Considerations for Organizational Unit Structure and Use of Group Policy Objects 61

    OU Structure 62

    Design Principles 63

    Design Examples 66



    IntelliMirror Features without Active Directory 73

    IntelliMirror Features without Active Directory 73

    Roaming User Profiles and Logon Scripts 74

    Folder Redirection 74

    Internet Explorer Maintenance 74

    Applying Administrative Templates (Registry-Based Policy) 74

    Migrating Policy-Enabled Clients from Windows NT 4.0 to Windows 2000 78

    Migrating Policy-Enabled Clients from Windows NT 4.0 to Windows 2000 78

    Windows NT 4.0 and Windows 2000 Policy Comparison 78

    Migrating to Windows 2000 80

    Windows NT 4.0 Clients 83

    Zero Administration Kit (ZAK) for Windows to Windows 2000 Upgrades 84

    Appendix A: Security Settings and User Rights 88

    Appendix A: Security Settings and User Rights 88

    Security Settings in the Default Domain Controllers Policy 90

    Help for Windows NT 4.0 Administrators 93

    Frequently Asked Questions about Security Settings 94



    Appendix B: Group Policy Settings for Internet Explorer 96

    Appendix B: Group Policy Settings for Internet Explorer 96

    Specifying Policy Settings for Internet Explorer Maintenance 96



    Appendix C: Group Policy Storage 104

    Appendix C: Group Policy Storage 104

    Group Policy Container 104

    Group Policy Template 104

    Registry.pol Files 108



    Appendix D: Windows NT 4.0, Zero Administration Kit, and Windows 2000 Namespace Comparison 111

    Appendix D: Windows NT 4.0, Zero Administration Kit, and Windows 2000 Namespace Comparison 111

    Appendix E: Frequently Asked questions 117

    Appendix E: Frequently Asked questions 117

    Infrastructure - Server side 117

    Infrastructure - Client side 119

    Group Policy Snap-in 121

    General Issues 121

    Glossary 123

    Glossary 123

    For More Information 130

    For More Information 130

    Management and Overview Papers 130

    Technical Papers 132




    Download 4,15 Mb.
      1   2   3   4   5   6   7   8   9   ...   16




    Download 4,15 Mb.