Windows Server 2003 offers a marvelous command and control system for your organization’s computers called Group Policy (GP). With GP, you can manage user- and computer-based configurations, which you can apply en masse to computers in a particular Active Directory site, OU, or domain.
In this chapter, I’ll introduce you to GP and its features and functions. I’ll show you the differences between NT 4.0-style system policies and 2000-and-later-based GPs. I’ll take you through creating and editing GPs and expanding or refining their scope. I’ll show you how inheritance and overriding work, and I’ll look at using the Windows Management Instrumentation (WMI) interface and the new Resultant Set of Policy (RSoP) tools in Windows Server 2003 to filter and further granulate policy application. Then, you’ll see the similarities and differences between local and domain GP. Finally, I’ll review troubleshooting strategies and considerations for wide-scale GP deployment.
GPs consist of five distinct components.
Configure registry-based policies.
Alters the target location of various elements in the UI, such as My Documents, to other places on the network.
Execute when computers are first booted and shut down. They also can run during user logon and logoff.
Configure permissions, rights, and restrictions for computers, domains, and users.