Chapter 6. Group Policy and IntelliMirror

Windows Server 2003 offers a marvelous command and control system for your organization’s computers called Group Policy (GP). With GP, you can manage user- and computer-based configurations, which you can apply en masse to computers in a particular Active Directory site, OU, or domain.

In this chapter, I’ll introduce you to GP and its features and functions. I’ll show you the differences between NT 4.0-style system policies and 2000-and-later-based GPs. I’ll take you through creating and editing GPs and expanding or refining their scope. I’ll show you how inheritance and overriding work, and I’ll look at using the Windows Management Instrumentation (WMI) interface and the new Resultant Set of Policy (RSoP) tools in Windows Server 2003 to filter and further granulate policy application. Then, you’ll see the similarities and differences between local and domain GP. Finally, I’ll review troubleshooting strategies and considerations for wide-scale GP deployment.

An Introduction to Group Policy

GPs consist of five distinct components.

Administrative templates

Configure registry-based policies.

Folder redirection

Alters the target location of various elements in the UI, such as My Documents, to other places on the network.


Execute when computers are first booted and shut down. They also can run during user logon and logoff.

Security settings

Configure permissions, rights, and restrictions for computers, domains, and users.

Software policies ...

Get Learning Windows Server 2003 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.