Microsoft TechNet
United States (English) Sign in
Home Library Wiki Learn Gallery Downloads Support Forums Blogs
This topic has not yet been rated - Rate this topic

Windows 2000 Professional on Microsoft Networks

In Windows NT 4.0, Microsoft introduced System Policy Editor, which is used to specify user and computer configurations that are stored in the Windows NT registry. With the System Policy Editor, administrators can create a system policy to control the user work environment and to enforce system configuration settings for all computers running either Windows NT 4.0 Workstation or Windows NT 4.0 Server.

There are 72 policy settings in Windows NT 4.0. These settings:

  • Are limited to assigning the values of registry entries based on .adm files.

  • Can only be applied to users on Windows NT–based computers, or Windows 95–based and Windows 98–based computers within a domain.

  • Are controlled by user name and membership in security groups.

  • Are not secure.

  • Remain in users profiles until the specified policy is reversed or until the user edits the registry.

  • Are primarily used to customize desktop environments.

In Windows 2000, Group Policy settings are the administrators primary method for enabling centralized change and configuration management. A domain administrator can use Group Policy at a Windows 2000 domain controller to create a specific desktop configuration for a particular group of users and computers. You can also create local Group Policy settings for individual workstations to customize environments that differ from the domains. The Microsoft Management Console (MMC) Group Policy snap-in replaces the Windows NT 4.0 System Policy Editor and gives the administrator greater control over configuration settings for groups of computers and users.

With more than 100 security-related settings and more than 450 registry-based settings, Windows 2000 Group Policy provides a broad range of options for managing the users environment. Windows 2000 Group Policy has the following attributes:

  • Defined in a Windows 2000 domain or defined locally.

  • Extended using Microsoft Management Console (MMC) or .adm files.

  • Is secure.

  • Does not leave settings in the users profiles when the effective policy is changed or removed.

  • Applied to users or computers in a specified Active Directory container (sites, domains, and organizational units).

  • Further controlled by user or computer membership in security groups.

  • Used to configure many types of security settings.

  • Used to apply logon, logoff, startup, and shutdown scripts.

  • Used to install and maintain software (Windows 2000 domain-based policies only).

  • Used to redirect folders (such as My Documents and Application Data).

  • Used to perform maintenance on Microsoft Internet Explorer (Windows 2000 domain-based policies only).

You can use the Group Policy MMC snap-in to edit local Group Policy objects to make the following changes at the local computer:

  • Define security settings for a local computer only, not for a domain or network.

  • Use administrative templates to set more than 450 operating system behaviors.

  • Use scripts to automate computer startup and shutdown as well as automate how a user logs on and off.

On a stand-alone computer running Windows 2000 Professional, local Group Policy objects are located at \%systemroot%\System32\GroupPolicy.

For more information about implementing Group Policy within a Windows 2000 domain, see Group Policy in the Microsoft Windows 2000 Server Resource Kit Distributed Systems Guide .

Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.