Chapter 7. Using Group Policies

One of the most powerful capabilities included with Windows 2000 is the Group Policy mechanism. Active Directory provides a comprehensive way for administrators to manage network resources. When you use Active Directory, Group Policy allows you to apply policies to users and computers over the entire hierarchy of your network, from entire domains right down to individual computers.

As you learned in the preceding chapter, the Windows NT 4.0 System Policy Editor is used to configure membership-based permissions for users, groups, and computers in a domain. System policies, such as desktop appearance and program control, can be distributed and applied to whole domains. For Windows 2000 network clients, policies are no longer Registry-based; they’re replaced by Group Policy. By associating policies with actual objects in Active Directory, each site, domain, and organizational unit can distribute its own set of policy demands. You manage this capability with the Group Policy snap-in for the Microsoft Management Console (MMC). Group Policy, sometimes referred to as the Group Policy Editor, uses policy files to interface to a system’s Registry.

What Are Group Policies?

In a general sense, policies define what a user can and can’t do. Under Windows 2000, system administrators use Group Policy to manage the policies that apply to computers and users within a site or domain. These policies define certain aspects of the user’s desktop environment. They specify ...

Get Managing The Windows 2000 Registry now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.