Introduction to Desktop Management

Previous Topic Next Topic

Group Policy

In Windows 2000, Group Policy is the foundation of IntelliMirror. Group Policy requires Active Directory and Windows 2000–based clients. In this environment, you use Group Policy to define and control the state of users and computers in your organization. Group Policy is the MMC snap-in that you use to specify the behavior of users' desktops. You use the Group Policy snap-in to define settings that are contained in a Group Policy object, which in turn is associated with selected Active Directory container sites, domains, or organizational units. Additionally, the effect of Group Policy can be filtered by using memberships in security groups. The system maintains the state of computers without further intervention after you set Group Policy. Table 21.2 lists the components of Group Policy.

Table 21.2 Group Policy Components and Their Descriptions

Component Description
Administrative Templates Registry-based policy, (equivalent to System Policy in Windows NT Server 4.0)
Security Settings Security settings for domains, computers, and users
Software Installation Assign or Publish applications
Internet Explorer Maintenance Administer Internet Explorer after deployment
Scripts Logging on or logging off users and starting up or shutting down computers
Folder Redirection Redirecting folders and files to the network

Group Policy and its extensions provide a unified replacement for many of the functions of the system policy editor in Windows NT 4.0.

Table 21.3 lists some of the ways in which you can control a user's work environment by enforcing system configuration settings for all computers that are using Group Policy. Table 21.3 also lists the equivalent tools used in Windows NT Server 4.0.

Table 21.3 Group Policy Administrative Tools and Tools Used in Windows NT Server 4.0 for Managing Policies

Task Windows NT 4.0 Tool Windows 2000 Tool
Set policies for users and computers in a site Not applicable Group Policy accessed through Active Directory Sites and Services
Set policies for users and computers in a domain System policy editor (Poledit.exe) Group Policy accessed through Active Directory Users and Computers
Set policies for users and computers in an organizational unit Not applicable Group Policy accessed through Active Directory Users and Computers
Use Security Groups to filter the scope of policy System Policy Editor (Poledit.exe) Edit the security descriptor for Apply Group Policy on the security tab of the Group Policy object's properties page.
Manage software Systems Management Server Software Installation snap-in accessed through the Group Policy snap-in

For more information about the hundreds of Group Policy settings, the order in which Group Policy settings can be processed, and how to filter and block Group Policy inheritance, see "Group Policy" in this book.

© 1985-2000 Microsoft Corporation. All rights reserved.