Information Technology Reference
In-Depth Information
users really don't need to be able to change these types of settings in the first place because
many of them do not understand the purpose of these settings.
Windows Server 2012 R2
group policies
are designed to provide system administrators
with the ability to customize end-user settings and to place restrictions on the types
of actions that users can perform. Group policies can be easily created by system
administrators and then later applied to one or more users or computers within the
environment. Although they ultimately do affect registry settings, it is much easier to
configure and apply settings through the use of Group Policy than it is to make changes to
the registry manually. To make management easy, Microsoft has set up Windows Server
2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2
so that Group Policy settings are all managed from within the Microsoft Management
Console (MMC) in the Group Policy Management Console (GPMC).
Group policies have several potential uses. I'll cover the use of group policies for
software deployment, and I'll also focus on the technical background of group policies and
how they apply to general configuration management.
Let's begin by looking at how group policies function.
Understanding Group Policy Settings
Group Policy settings are based on
Group Policy administrative templates
. These templates
provide a list of user-friendly configuration options and specify the system settings to which
they apply. For example, an option for a user or computer that reads Require A Specific
Desktop Wallpaper Setting would map to a key in the registry that maintains this value.
When the option is set, the appropriate change is made in the registry of the affected users
and computers.
By default, Windows Server 2012 R2 comes with several administrative template files
that you can use to manage common settings. Additionally, system administrators and
application developers can create their own administrative template files to set options for
specific functionality.
Most Group Policy items have three different settings options:
Enabled
Specifies that a setting for this GPO has been configured. Some settings require
values or options to be set.
Disabled
Specifies that this option is disabled for client computers. Note that disabling
an option
is
a setting. That is, it specifies that the system administrator wants to disallow
certain functionality.
Not Configured
Specifies that these settings have been neither enabled nor disabled. Not
Configured is the default option for most settings. It simply states that this group policy
will not specify an option and that other policy settings may take precedence.
The specific options available (and their effects) will depend on the setting. Often, you
will need additional information. For example, when setting the Account Lockout policy,
you must specify how many bad login attempts may be made before the account is locked
out. With this in mind, let's look at the types of user and computer settings that can be
managed.
Search WWH ::
Custom Search