Information Technology Reference
In-Depth Information
installation packages can be configured so that the next time a computer in the GPO's
scope starts, the application is installed automatically. This feature is called “assigning”
the application to the computer.
•
Windows Settings
—This folder contains the Scripts extension, the Security Settings node,
and the Policy-based QoS node. Administrators can use the Scripts extension to create
scripts that run at computer startup or shutdown. The Security Settings node contains the
lion's share of policies that affect computer security, including account policies, user rights,
Registry and file system permissions, and network communication policies. The Policy-
based QoS node, new in Windows Server 2008, can be used to prioritize and control out-
going network traffic from a computer.
•
Administrative Templates
—This folder contains Control Panel, Network, Printers, System,
and Windows Components folders. The settings in these folders affect computer settings
that apply to all logged-on users. For example, the Network folder contains settings for
configuring Windows Firewall, and Windows Components contains settings for configur-
ing Windows Update. You can control hundreds of computer settings with the
Administrative Templates folder.
Remember that policies configured in the Computer Configuration node affect all comput-
ers in the container to which the GPO is linked. So a policy set in the Computer Configuration
node of a GPO linked to the domain object affects all computers in the domain, including all
computers in the Domain Controllers OU and the Computers folder.
In the User Configuration node, the Policies folder contains the same three folders as in the
Computer Configuration node. However, the policies defined here affect domain users within the
GPO's scope, regardless of which computer the user logs on to. The following list describes other
differences from folders under the Computer Configuration node:
•
Software Settings
—This folder also contains the Software Installation extension. However,
application packages configured here can be assigned or published. An assigned application
is made available as an icon on the Start menu the next time a user affected by the policy
logs on to a computer in the domain. The first time the user tries to run the application or
open a document associated with it, the application is installed. A published application is
made available for a user to install by using Programs and Features in Control Panel.
•
Windows Settings
—This folder contains six items: the Remote Installation Services exten-
sion, the Scripts extension, the Security Settings node, the Folder Redirection node, the
Policy-based QoS node, and the Internet Explorer Maintenance node. The Scripts exten-
sion enables administrators to create scripts that run at user logon and logoff. The Security
Settings node contains policies for configuring certificates and controlling what software
users can run. Administrators can use the Folder Redirection node to redirect users' per-
sonal folders to a network share. The Policy-based QoS node provides the same functions
as in the Computer Configuration node, except the policy is applied to a computer when a
user affected by the policy logs on to the computer. With the Internet Explorer Maintenance
node, administrators can control aspects of Internet Explorer, such as security settings, the
home page, and the Favorites folder.
•
Administrative Templates
—This folder contains a host of settings that enable administra-
tors to tightly control users' computer and network environments. For example, Control
Panel can be completely hidden from a user, specific Control Panel items can be made
available, or items on a user's desktop and Start menu can be hidden or disabled.
Group Policy is a powerful tool, but with that power comes complexity. This chapter serves
as an introduction to group policies, and you learn more about working with their complexities
in Chapter 7. For now, take the time to explore the default GPOs in Active Directory in the fol-
lowing activity.
Search WWH ::
Custom Search