Appendix B. Computer Configuration Group Policy Objects

Chapter 7, detailed the process of creating, managing, and distributing group policy settings. However, it’s not enough to know how to do these things; you also have to know which policy settings exist and what they do--hence this appendix. The GPO settings listed in this appendix appear in the Computer Configuration node beneath each domain and local policy object.

Windows Settings

Computer Configuration\Windows Settings

Security Settings

Computer Configuration\Windows Settings\Security Settings

There are seven areas of security settings: Account Policies, Local Policies, Event Log Settings, Restricted Groups, System Services, Registry, and File System. You can add security to any of these areas by defining security settings in a Group Policy object (GPO) that is associated with a domain or an organizational unit (OU).

Restricted Groups

Computer Configuration\Windows Settings\Security Settings\Restricted Groups

This is where administrators can define properties for restricted groups (security-sensitive groups). Administrators can define two properties:

Members

Defines who belongs to the restricted group.

Member Of

Defines which other groups the restricted group belongs to.

When a restricted Group Policy is applied, members of a restricted group that are not on the Members list are deleted. Users on the Members list who aren’t currently members of the restricted group are added.

System Services

Computer Configuration\Windows Settings\Security ...

Get Managing The Windows 2000 Registry now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.