Windows Server 2008 offers a marvelous command and control system for your organization’s computers called Group Policy (GP). With GP, you can manage user- and computer-based configurations, which you can apply en masse to computers in a particular Active Directory site, OU, or domain.
In this chapter, I’ll introduce you to GP and its features and functions. I’ll take you through creating and editing GPs and expanding or refining their scope. I’ll show you how inheritance and overriding work, and I’ll look at using the Windows Management Instrumentation (WMI) interface and the new Resultant Set of Policy (RSoP) tools in Windows Server 2008 to filter and further granulate policy application. Then, you’ll see the similarities and differences between local and domain GP. Finally, I’ll review troubleshooting strategies and considerations for wide-scale GP deployment.
Group policies consist of five distinct components:
Configure Registry-based policies. You’ll see what this really entails in a bit.
Alters the target location of various elements in the UI, such as My Documents, to other places on the network.
Execute when computers are first booted and shut down. They also can run during user logon and logoff.
Configure permissions, rights, and restrictions for computers, domains, and users.
Assign application packages to users and computers. ...