Information Technology Reference
In-Depth Information
Additional Security Settings Subnodes
Beyond Account Policies and Local Policies,
there are 13 more subnodes under Security Settings:
•
Event Log
—Control parameters of the main logs in Event Viewer on target computers.
•
Restricted Groups
—Control group membership for both domain groups and local SAM
groups. After the policy is applied, existing members of the target group are deleted and
replaced with the membership specified in the policy.
•
System Services
—Manage the startup mode and security settings of services on the target
computers.
•
Registry
—Set NTFS permissions on Registry keys on the target computer.
•
File System
—Set NTFS permissions and control auditing and inheritance on files and fold-
ers on the target computers.
•
Wired Network (IEEE 802.3) Policies
—For Vista computers, controls a variety of authen-
tication parameters on computers with wired connections to the network.
•
Windows Firewall with Advanced Security
—Controls firewall settings on Windows Vista
and Server 2008 computers.
•
Network List Manager Policies
—Controls aspects of the networks (public, private, domain,
and so on) identified by Windows Vista and Windows Server 2008.
•
Wireless Network (IEEE 802.11) Policies
—Controls how wireless clients can connect to wire-
less networks, including network type (ad hoc or infrastructure), service set identifier (SSID),
authentication, and encryption protocols. Policies can be created for Vista and XP computers.
•
Public Key Policies
—Controls parameters associated with Public Key Infrastructure,
including EFS and certificate handling.
•
Software Restriction Policies
—Controls which software can run on a computer.
•
Network Access Protection
—Controls the NAP environment for target computers, includ-
ing enforcement services, user interface, and servers used for health registration certificates.
•
IP Security Policies on Active Directory
—Control IPSec policies on target computers. IPSec
is a network protocol that provides secure, encrypted communication between computers.
7
The settings in Administrative Templates affect the HKEY_LOCAL_MACHINE section of the
computer's Registry. Hundreds of settings are defined in this node, and many more can be added
through customization. The Administrative Templates folder uses policy definition files, called
administrative template files
, in the XML format, which makes creating your own policies fairly
easy if you need to control a setting not provided by default. These text files, referred to as
ADMX files because of their .admx extension, specify Registry entries that should be controlled
and the type of data the entries take. Many software vendors provide administrative template
files for controlling their applications' settings through group policies. For example, Microsoft
offers administrative template files for the Microsoft Office suite.
Windows versions before Vista and Server 2008 used .adm files. This format can still be used
on the same system as ADMX files, but you can create and edit ADMX files only on Vista or
Server 2008 computers. ADMX files also have an .adml extension, which provides a language-
specific user interface in Group Policy Management Editor. On a Server 2008 or Vista computer,
you can find all ADMX and ADML files under %systemroot%\PolicyDefinitions and open them
in Notepad or another text editor.
The Administrative Templates folder, where many aspects of the computer working environment
are controlled, contains the following folders and nodes, most of which have additional subnodes:
•
Control Panel
—This folder has only a few policies in Computer Configuration. Settings in
Regional and Language Options allow administrators to set and restrict the language in
the Control Panel user interface. The User Accounts policy configures a default user logon
picture for all users on the target computers.
Search WWH ::
Custom Search