Configuring Group Policy - MCTS Guide to Microsoft Windows Server 2008 Active Directory Configuration

Information Technology Reference

In-Depth Information

To access these GPOs, first add the Group Policy Object Editor snap-in to an MMC. Instead

of accepting the default Local Computer Policy when asked to select a GPO, click Browse to

open the dialog box shown in Figure 7-2, and select one. Local GPOs are intended to be con-

figured on non-domain computers because domain GPOs take precedence over local GPOs, and

administration is centralized by using domain GPOs. In fact, configuring the domain-based

group policy “Turn off Local Group Policy objects processing” is a good idea to ensure that all

policies are controlled from the domain.

Figure 7-2

Accessing additional local GPOs in Vista

Three of the four local GPOs can contain settings that affect a single user logging on to a

Windows Server 2008 or Vista computer. The Local Computer Policy object is processed first for

all users and is the only local GPO that affects the computer configuration. The Local

Administrators or Local Non-Administrators GPO is processed next, if configured, and the user-

specific GPO is processed last, if configured. Any conflicting settings are resolved in that same

order. In other words, the last configured policy setting that's applied takes precedence.

Activity 7-1: Working with Vista Local GPOs

Time Required: 15 minutes

Objective: Configure Vista local GPOs.

Description: You want to become familiar with some of the new local GPOs in Windows, so you

log on to your Vista computer with the local Administrator account, configure some local GPOs,

and create a new local user account. Then you see how local GPOs in Vista can affect different

users.

1. Log on to your Vista computer with the local Administrator account.

2. Click Start . Control Panel is an option on the Start menu, but you're going to remove it.

Type gpedit.msc in the Start Search text box and press Enter to open the Group Policy

Object Editor for the Local Computer Policy.

3. Click to expand the User Configuration node, if necessary, and then the Administrative

Templates folder. Click the Control Panel node.

4. In the right pane, double-click Prohibit access to the Control Panel . In the Properties dialog

box, click Enabled , and then click OK . Close the Group Policy Object Editor.

5. Click Start . Notice that Control Panel is no longer on the Start menu. Type mmc in the Start

Search text box and press Enter .

Search WWH ::

Custom Search

Home