FACTOID # 12: It's not the government they hate: Washington DC has the highest number of hate crimes per capita in the US.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
   
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Group Policy
Local Group Policy Editor in Windows XP Media Center Edition

Group policy is a feature of Microsoft Windows NT family of operating systems that provides centralized management and configuration of computers and remote users in an Active Directory environment. It is part of Microsoft's IntelliMirror technologies which aim to reduce the overall cost of supporting users of Windows. These technologies relate to management of disconnected machines or roaming users and include Roaming user profiles, Folder redirection and Offline Files. Image File history File links Download high-resolution version (801x572, 90 KB) A screenshot of the Local Group Policy Editor in Windows XP Media Center Edition File history Legend: (cur) = this is the current file, (del) = delete this old version, (rev) = revert to this old version. ... Image File history File links Download high-resolution version (801x572, 90 KB) A screenshot of the Local Group Policy Editor in Windows XP Media Center Edition File history Legend: (cur) = this is the current file, (del) = delete this old version, (rev) = revert to this old version. ... A typical Windows XP MCE 2005 Menu Windows XP Media Center Edition (MCE) was a version of Windows XP designed to serve as a home-entertainment hub. ... To meet Wikipedias quality standards, the lead section of this article may need to be expanded. ... Typically Active Directory is managed using the graphical Microsoft Management Console. ... A roaming user profile is a concept in the Microsoft Windows NT-based family of operating systems that allows a user with a network account to log in to numerous computers on the same network and access their local files and settings regardless of which workstation they selected. ... In computing, and specifically in the context of Microsoft Windows operating systems, Microsoft refers to folder redirection when automatically re-routing I/O to/from standard folders (directories) to use storage elsewhere on a network. ...


Although Group policy is usually used in enterprise environments, its usage is also common in schools, businesses, and other small organizations to restrict certain actions that may pose potential security risks, for instance, blocking the Task Manager, restricting access to certain folders, disabling downloaded executable files and so on.


Group policy can control a target object's registry, NTFS security, audit and security policy, software installation, logon/logoff scripts, folder redirection, and Internet Explorer settings. The policy settings are stored in Group Policy Objects (GPOs). A GPO is internally referenced by a Globally Unique Identifier (GUID). Each one may be linked to multiple websites, domains or organizational units. In this way, potentially thousands of machines or users can be updated via a simple change to a single GPO. This reduces the administrative burden and costs associated with managing these resources. The Windows registry is a database which stores settings and options for the operating system for Microsoft Windows 32-bit versions, 64-bit versions and Windows Mobile. ... NTFS (New Technology File System) is the standard file system of Windows NT, including its later versions Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. ... A computer security audit is a manual or systematic measurable technical assessment of a system or application. ... // Installation (or setup) of a program (including drivers) is the act and the effect of putting the program in a computer system so that it can be executed. ... In computer security, logging (or signing) in and out is the process by which individual access to a computer system is controlled by identification of the user in order to obtain credentials to permit access. ... To logout (also: log out, log-out, logoff, sign-off, sign off) refers to the process of ceasing use of a computer system by removing the user credentials. ... In computing, and specifically in the context of Microsoft Windows operating systems, Microsoft refers to folder redirection when automatically re-routing I/O to/from standard folders (directories) to use storage elsewhere on a network. ... Windows Internet Explorer (formerly Microsoft Internet Explorer, abbreviated MSIE), commonly abbreviated to IE, is a series of popular graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems starting in 1995. ... A Globally Unique Identifier or GUID (IPA pronunciation: or ) is a pseudo-random number used in software applications. ...


User and computer objects may only exist once in the Active Directory but often fall into the scope of several GPOs. The user or computer object applies each applicable GPO. Conflicts between GPOs are resolved at a per attribute level. Typically Active Directory is managed using the graphical Microsoft Management Console. ...


Group Policies are analyzed and applied at startup for computers and during logon for users. The client machine refreshes most of the Group Policy settings periodically, the period ranging from 60-120 minutes and controlled by a configurable parameter of the Group Policy settings.


Group Policy is supported on Windows 2000, Windows XP Professional, Windows Vista, Windows Server 2003 and Windows Server 2008. Windows XP Media Center Edition and Windows XP Professional computers not joined to a domain can also use the Group Policy Object Editor to change the group policy for the individual computer. This local group policy however is much more limited than GPOs for Active Directory. Windows 2000 (also referred to as Win2K) is a preemptive, interruptible, graphical and business-oriented operating system that was designed to work with either uniprocessor or symmetric multi-processor 32-bit Intel x86 computers. ... Windows XP is a line of operating systems developed by Microsoft for use on general-purpose computer systems, including home and business desktops, notebook computers, and media centers. ... Windows Vista is a line of graphical operating systems used on personal computers, including home and business desktops, notebook computers, Tablet PCs, and media centers. ... Windows Server 2003 is a server operating system produced by Microsoft. ... Windows Server 2008 is the name of the next server operating system from Microsoft. ... A typical Windows XP MCE 2005 Menu Windows XP Media Center Edition (MCE) was a version of Windows XP designed to serve as a home-entertainment hub. ...


In June 2006 Centrify Corporation announced Group Policy support for Mac OS X using their DirectControl software. Mac OS X (official IPA pronunciation: ) is a line of proprietary, graphical operating systems developed, marketed, and sold by Apple Inc. ...

Contents

The three phases of using Group policy

Group Policy can be considered in three distinct phases - GPO creation, targeting of the GPO and application of the GPO.


Creating and editing GPOs

GPOs are created and edited through two tools - the Group Policy Object Editor (GPEdit.msc) and the freely downloadable Group Policy Management Console (GPMC). GPEdit is used to create and edit single Group Policy Objects one at a time. Prior to GPMC, administrators wanting to document or inventory previously deployed GPOs would have to use Active Directory Users and Computers (ADUC) to interrogate each organizational unit individually, a very time consuming and error-prone task. The GPMC simplified GPO management by providing tools to manage large numbers of group policies collectively. GPMC provides a number of features including GPO settings summarization, a simplified security pane for group filtering, GPO backup/restoration/cloning and more within a GUI that mimics ADUC. Editing a GPO from within GPMC still launches GPEdit. The friendly name of a GPO can also be determined from its GUID by using GPOTool.exe. This tool outputs all GPO GUIDs and their corresponding friendly name.


Targeting GPOs

After a GPO has been created it can be linked to an Active Directory site, domain or OU (Organizational Unit). It is most common for GPOs to be linked to OUs. Typically Active Directory is managed using the graphical Microsoft Management Console. ... In computing, an Organizational Unit (OU) provides a way of classifying objects located in directories, or names in a digital certificate hierarchy, typically used either to differentiate between objects with the same name (John Doe in OU marketing versus John Doe in OU customer service), or to parcel out authority...


GPO application

The Group Policy client operates on a "pull" model - every so often (a randomized delay of between 90 and 120 minutes, although this offset is configurable via Group Policy) it will collect the list of GPOs appropriate to the machine and logged on user (if any). The Group Policy client will then apply those GPOs which will thereafter affect the behavior of policy-enabled operating system components and applications.


Local group policy

Local group policy (LGP) is a more basic version of the group policy used by Active Directory. In versions of Windows before Vista, LGP can configure the group policy for a single local computer, but unlike Active Directory group policy, can not make policies for individual users or groups. It also has many fewer options overall than Active Directory group policy. The specific-user limitation can be overcome by using the Registry Editor to make changes under the HKCU or HKU keys. LGP simply makes registry changes under the HKLM key, thus affecting all users; the same changes can be made under HKCU or HKU to only affect certain users. Microsoft has more information on using the Registry Editor to configure group policy available on TechNet. [1]. LGP cannot be used on a computer on a domain, nor can it be used on Windows XP Home Edition, unless using the registry method. The Windows registry is a database which stores settings and options for the operating system for Microsoft Windows 32-bit versions, 64-bit versions and Windows Mobile. ... Microsoft Technet is a division of Microsoft that have TechNet subscriptions. ...


Windows Vista supports Multiple Local Group Policy Objects which allows setting local group policy for individual users.


External links


  Results from FactBites:
 
Group Policy - Wikipedia, the free encyclopedia (710 words)
Group Policy is part of Microsoft's IntelliMirror technology which aims to reduce the overall cost of supporting users of Windows.
Group Policy is also used as the basis for management of a group of technologies, referred to as IntelliMirror.
Group Policies are analysed and applied at startup for computers and during logon for users.
Group Policies (2344 words)
Group policies are applied down from the higher level objects to the lower level objects.
Group policies can be set from any domain controller, but the one that is the best to use is the PDC Emulator domain controller.
Group Policy inheritance is configured on the Active Directory container the GPO is in and on the object itself.
  More results at FactBites »

 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m