Planning Distributed Security |
Uniform security policies allow consistent security settings to be applied and enforced on classes of computers in the enterprise, such as the domain controller class. This is a simple matter of creating an organizational unit, a folder in Active Directory, collecting appropriate computer account objects into the organizational unit, and then applying a Group Policy object to the organizational unit. The security policies specified in the Group Policy are then enforced automatically and consistently on all the computers represented by the computer accounts in the OU.
Windows 2000 comes with a selection of default Group Policy objects that are automatically applied to new domains and to domain controllers. There is also a selection of security templates representing different levels of security for various types of enterprise computers. A template can be used to create a Group Policy for a group of computers or to critique the security settings on a specific computer.
Note that the present discussion is confined to the security settings of Group Policy. When you apply a Group Policy to an organizational unit, many policies unrelated to security are also included. For a broader discussion of this mechanism, see Windows 2000 Help and "Defining Client Administration and Configuration Standards" in this book.