Introduction to Desktop Management |
By using the Security Settings extensions to the Group Policy snap-in, you can ensure that users have access to the applications and data that they require. You can also restrict access to only the applications, services, and data that the users require.
You can block policy inheritance at the site, domain, or organizational unit level, or you can enforce policy from above to verify that particular policy settings are applied. For example, you can enforce policies that are applied at the domain level so that they are not overwritten by policies that are applied last in a lower-level organizational unit. Optionally, you can enforce Group Policy on child organizational unit containers by setting No Override on the Group Policy object. You can also prevent inheritance of Group Policy from parent directory containers.
For more information about using the Security Settings extension to Group Policy, see "Group Policy" in this book. For information about setting security options, see Windows 2000 Server Help. For more information about Security Management, see the chapters under "Distributed Security" in this book.