Chapter 7, detailed the process of creating, managing, and distributing group policy settings. However, it’s not enough to know how to do these things; you also have to know which policy settings exist and what they do--hence this appendix. The GPO settings listed in this appendix appear in the Computer Configuration node beneath each domain and local policy object.
Computer Configuration\Windows Settings
Computer Configuration\Windows Settings\Security Settings
There are seven areas of security settings: Account Policies, Local Policies, Event Log Settings, Restricted Groups, System Services, Registry, and File System. You can add security to any of these areas by defining security settings in a Group Policy object (GPO) that is associated with a domain or an organizational unit (OU).
Computer Configuration\Windows Settings\Security Settings\Restricted Groups
This is where administrators can define properties for restricted groups (security-sensitive groups). Administrators can define two properties:
Defines who belongs to the restricted group.
Defines which other groups the restricted group belongs to.
When a restricted Group Policy is applied, members of a restricted group that are not on the Members list are deleted. Users on the Members list who aren’t currently members of the restricted group are added.
Computer Configuration\Windows Settings\Security ...