Information Technology Reference
In-Depth Information
8. Open Internet Explorer. You should see “Windows Internet Explorer provided by
CoolGadgets.com” in the title bar, and the home page should be a page maintained by the
author.
9. Close any open windows, and log off Vista.
The settings in Administrative Templates under User Configuration affect the HKEY_
CURRENT_USER section of the computer's Registry. Most of the information discussed
previously about Administrative Templates in the Computer Configuration node applies to
the User Configuration node. Administrative Templates in User Configuration also contain
the Control Panel, Network, System, and Windows Components subnodes as well as the fol-
lowing subnodes:
•
Desktop
—Controls the look of users' desktops, determines which icons are available, and
can limit actions users can take on the desktop.
•
Shared Folders
—Controls whether a user can publish shared folders and DFS root folders.
•
Start Menu and Taskbar
—Controls the look and operation of the Start menu and taskbar.
Hundreds of settings are available in Administrative Templates—far too many to explain
in detail in this topic. The best way to become acquainted with the myriad settings that can be
controlled through Group Policy is to click the Explain tab of policies you want to investigate
further.
Security templates
are text files with an .inf extension that contain information to define policy
settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a
local or domain GPO. You can use them to easily create and deploy security settings to a local
or domain GPO. Simply right-click the Security Settings node and click Import policy, and then
select a security template file to apply. Security templates can also be used to verify the current
security settings on a computer against the settings in a template. There are three tools for work-
ing with security templates, discussed in the following sections: Security Templates snap-in,
Security Configuration and Analysis snap-in, and Secedit.exe.
You use the Security Templates snap-in to create and edit security templates. You can create tem-
plates for computers with differing security requirements, such as servers with different roles
installed or different physical locations. Servers in branch offices that don't have tight physical
security, for example, might require stronger security settings than servers in a secure location.
Computers used by employees who have access to sensitive information often require tighter
security than computers used by employees with limited access on the network.
Before Windows Server 2008, preconfigured security templates were
designed for servers, domain controllers, and workstations with varying
needs for security. They are no longer available. However, when Windows
Server 2008 is configured as a domain controller, the initial security set-
tings are in %systemroot%\Security\Templates\DC Security.inf.
Figure 7-21 shows the Security Templates snap-in with a new security template named
LowSecurityWS. Notice that only a subset of the policies in a GPO are available in the template.
When a user creates a new template, it's stored in the user's Documents folder in
Security\Templates. After the template is created, it can be imported into a local or domain GPO
or be used by the Security Configuration and Analysis snap-in. If you configure account policies
in your template to import into a GPO, remember that settings in the Account Policy node are
used only when linked to a domain or applied to a local GPO.
Search WWH ::
Custom Search