Information Technology Reference
In-Depth Information
■
Restricted Groups
■
System Services
■
Registry
■
File System
■
Wired Network
■
Windows Firewall with Advanced Security
■
Network List Manager Policies
■
Wireless Networks
■
Network Access Protection
■
Application Control Policies
■
IP Security Policies
■
Advanced Audit Policy Configuration
Computer and User Sections of the GPO
■
Public Key Policies
■
Software Restriction Policy
Restricted Groups
The
Restricted Groups
settings allow you to control group membership by using a GPO.
The group membership I am referring to is the normal Active Directory groups (domain
local, global, and universal). The settings offer two configurable properties: Members and
Members Of.
The users on the Members list do not belong to the restricted group. The users on the
Members Of list do belong to the restricted group. When you configure a Restricted Group
policy, members of the restricted group that are not on the Members list are removed. Users
who are on the Members list who are not currently a member of the restricted group are added.
Software Restriction Policy
Software restriction policies
allow administrators to identify software and to control its
ability to run on the user's local computer, organizational unit, domain, or site. This pre-
vents users from installing unauthorized software. Software Restriction Policy is discussed
in greater detail in this chapter in the “Implementing Software Deployment” section.
Group Policy Objects
So far, I have discussed what group policies are designed to do. Now it's time to drill down
to determine exactly how you can set up and configure them.
To make them easier to manage, group policies may be placed in items called
Group
Policy objects (GPOs)
. GPOs act as containers for the settings made within Group Policy
files, which simplifies the management of settings. For example, as a system administrator,
you might have different policies for users and computers in different departments. Based
Search WWH ::
Custom Search