Security Policy Concepts

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Group Policy is the infrastructure in Active Directory that enables centralized management of user and computer settings. Use Group Policy to define security configurations for groups of users and computers, including the following security settings:

  • Account policies (password policy, account lockout policy, and Kerberos policy)

  • Local policies (user rights assignment, audit policy, and security options)

  • IPSec policies

  • Software restriction policies

  • Wireless network configurations

  • File and registry ACLs

  • Service startup modes

  • Public key policies

For more information about individual security policies, see "Security Settings" in Help and Support Center for Windows Server 2003.

The Group Policy settings that you create are contained in a GPO. By associating a GPO with selected Active Directory system containers — sites, domains, and OUs — you can apply the GPO’s policy settings to the users and computers in the Active Directory containers. Although some security settings affect user accounts, most settings are controlled by computer settings that must be applied to computers accounts; only software restriction policies and public key policies can be applied to user accounts.

For more information about Group Policy design, see "Designing a Group Policy Infrastructure" in this book. For information about the mechanics of Group Policy, see the Windows Security Collection of the Windows Server 2003 Technical Reference (or see the Windows Security Collection on the Web at https://www.microsoft.com/reskit).