Information Technology Reference
In-Depth Information
For many years, making changes to computer or user environ-
ments was a time-consuming process. If you wanted to install
a service pack or a piece of software, unless you had a third-
party utility, you had to use the
sneakernet
(that is, you had to walk from one computer to
another with a disk containing the software).
Installing any type of software or companywide security change was one of the biggest
challenges faced by system administrators. It was difficult enough just to deploy and
manage workstations throughout the environment. Combine this with the fact that users
were generally able to make system configuration changes to their own machines, it quickly
became a management nightmare!
For example, imagine that a user noticed that they did not have enough disk space
to copy a large file. Instead of seeking assistance from the IT help desk, they may have
decided to do a little cleanup on their own. Unfortunately, this cleanup operation may have
resulted in deleting critical system files! Or, consider the case of users who changed system
settings “just to see what they did.” Relatively minor changes, such as modifying TCP/IP
bindings or Desktop settings, could cause hours of support headaches. Now multiply these
(or other common) problems by hundreds (or even thousands) of end users. Clearly, system
administrators needed to have a secure way to limit the options available to users of client
operating systems.
How do you prevent problems such as these from occurring in a Windows Server
2012 R2 environment? Fortunately, there's a readily available solution delivered with
the base operating system that's easy to implement. Two of the most important system
administration features in Windows Server 2012 R2 and Active Directory are
Group
Policy
and
Security Policy
. By using
Group Policy objects (GPOs)
, administrators can
quickly and easily define restrictions on common actions and then apply them at the site,
domain, or organizational unit (OU) level. In this chapter, you will see how group and
security policies work, and then you will look at how to implement them within an Active
Directory environment.
Introducing Group Policy
One of the strengths of Windows-based operating systems is their flexibility. End users and
system administrators can configure many different options to suit the network environ-
ment and their personal tastes. However, this flexibility comes at a price—generally, end
users on a network should not change many of these options. For example, TCP/IP configu-
ration and security policies should remain consistent for all client computers. In fact, end
Search WWH ::
Custom Search