Group Policy
In Windows 2000, Group Policy is the foundation of IntelliMirror. Group Policy requires Active Directory and Windows 2000–based clients. In this environment, you use Group Policy to define and control the state of users and computers in your organization. Group Policy is the MMC snap-in that you use to specify the behavior of users' desktops. You use the Group Policy snap-in to define settings that are contained in a Group Policy object, which in turn is associated with selected Active Directory container sites, domains, or organizational units. Additionally, the effect of Group Policy can be filtered by using memberships in security groups. The system maintains the state of computers without further intervention after you set Group Policy. Table 21.2 lists the components of Group Policy.
Table 21.2 Group Policy Components and Their Descriptions
Component |
Description |
|---|---|
Administrative Templates |
Registry-based policy, (equivalent to System Policy in Windows NT Server 4.0) |
Security Settings |
Security settings for domains, computers, and users |
Software Installation |
Assign or Publish applications |
Internet Explorer Maintenance |
Administer Internet Explorer after deployment |
Scripts |
Logging on or logging off users and starting up or shutting down computers |
Folder Redirection |
Redirecting folders and files to the network |
Group Policy and its extensions provide a unified replacement for many of the functions of the system policy editor in Windows NT 4.0.
Table 21.3 lists some of the ways in which you can control a user's work environment by enforcing system configuration settings for all computers that are using Group Policy. Table 21.3 also lists the equivalent tools used in Windows NT Server 4.0.
Table 21.3 Group Policy Administrative Tools and Tools Used in Windows NT Server 4.0 for Managing Policies
Task |
Windows NT 4.0 Tool |
Windows 2000 Tool |
|---|---|---|
Set policies for users and computers in a site |
Not applicable |
Group Policy accessed through Active Directory Sites and Services |
Set policies for users and computers in a domain |
System policy editor (Poledit.exe) |
Group Policy accessed through Active Directory Users and Computers |
Set policies for users and computers in an organizational unit |
Not applicable |
Group Policy accessed through Active Directory Users and Computers |
Use Security Groups to filter the scope of policy |
System Policy Editor (Poledit.exe) |
Edit the security descriptor for Apply Group Policy on the security tab of the Group Policy object's properties page. |
Manage software |
Systems Management Server |
Software Installation snap-in accessed through the Group Policy snap-in |
For more information about the hundreds of Group Policy settings, the order in which Group Policy settings can be processed, and how to filter and block Group Policy inheritance, see "Group Policy" in this book.