Appendix B. Computer Configuration Group Policy Objects
Chapter 7, detailed the process of creating, managing, and distributing group policy settings. However, it’s not enough to know how to do these things; you also have to know which policy settings exist and what they do--hence this appendix. The GPO settings listed in this appendix appear in the Computer Configuration node beneath each domain and local policy object.
Windows Settings
Computer Configuration\Windows Settings
Security Settings
Computer Configuration\Windows Settings\Security Settings
There are seven areas of security settings: Account Policies, Local Policies, Event Log Settings, Restricted Groups, System Services, Registry, and File System. You can add security to any of these areas by defining security settings in a Group Policy object (GPO) that is associated with a domain or an organizational unit (OU).
Restricted Groups
Computer Configuration\Windows Settings\Security Settings\Restricted Groups
This is where administrators can define properties for restricted groups (security-sensitive groups). Administrators can define two properties:
- Members
Defines who belongs to the restricted group.
- Member Of
Defines which other groups the restricted group belongs to.
When a restricted Group Policy is applied, members of a restricted group that are not on the Members list are deleted. Users on the Members list who aren’t currently members of the restricted group are added.
System Services
Computer Configuration\Windows Settings\Security ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access