Group Policy |
In this section you learn about Group Policy objects, links to make them exert their effects, the
You can think of Group Policy objects as the documents associated with the Group Policy
Changes to a Group Policy object are not deferred until an explicit Save is executed, but take place during the actual edit.
Note
You cannot open Group Policy objects in read-only mode.
You can link Group Policy objects to specific sites, domains, or organizational units, thus maximizing and extending the power of Active Directory. Data within Group Policy objects is evaluated by the affected clients, which exploit the hierarchical nature of Active Directory to determine precedence of Group Policy settings in cases of conflict.
You create a non-local Group Policy object by using the Group Policy
The most common route to the Group Policy
You can filter the effects of Group Policy on computers and users by using membership in security groups and setting discretionary access control list (DACL) permissions. This implementation ensures faster processing of Group Policy objects than would otherwise be possible. Furthermore, by using security groups, you can limit who in your organization can create Active Directory links to Group Policy objects, as well as who has access to create and modify Group Policy objects.
For details, see "Using Security Groups to Filter and Delegate Group Policy" later in this chapter.