O'Reilly logo

Learning Windows Server 2003 by Jonathan Hassell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Domain Group Policy

Domain-based GPs offer a much more flexible and configurable set of standards and settings for your organization than local GPs. In this section, I’ll discuss the four most common methods of managing your IT assets centrally using domain GP: configuring a security standard, installing software using the IntelliMirror technology found in Windows Server 2003, redirecting folders present in the user interface to network locations, and writing and launching scripts triggered by events, such as logons and logoffs.

Security Settings

As discussed earlier, one of the most useful aspects of GP is its ability to control security settings and configuration from a central location across the organization. Security policy comprises three key components: restricted groups, registry settings, and filesystem settings. In this section, I’ll take a look at each of them.

Restricted groups

The restricted groups option allows you to modify the current group configuration and membership on your client computers. When this policy is applied to workstations and servers, their individual group configurations are modified to match that configured inside the policy. The policy contains members and members of lists that overwrite any configuration on the target computers. For example, if you were to add the Administrator group to the policy but not add any users to the members of this group list, and then you applied the policy, Windows would remove any users currently in those groups ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required