Exploring Group Policy in Windows Vista
|
849
users no longer have to explicitly disable or remove settings that interfere with their
ability to manage a computer before performing administrator tasks. Instead, an
administrator user can implement one LGPO for administrators and another LGPO
for nonadministrators.
Administrator and nonadministrator LGPOs are the two standard
types of LGPOs available. See “Working with Multiple Local Group
Policy Objects,” later in this chapter, for more information.
Enhancing Group Policy Application
Thanks to the Network Location Awareness feature in Windows Vista, Group Pol-
icy can respond better to changing network conditions and no longer relies on ICMP
(ping) for policy application. Network Location Awareness ensures that a computer
is aware of the type of network to which it is currently connected—in other words,
whether the computer is on a private, public, or work network—and is responsive to
changes in the system status or network configuration. This gives Group Policy
access to the resource detection and event notification capabilities in the operating
system, allowing Group Policy to determine when a computer is in standby mode or
resuming from hibernation, as well as when a network connection has been disabled
or disconnected. In cases where the network isn’t available, Group Policy won’t wait
for the network, allowing for faster startup.
Because ICMP (ping) is no longer used for slow link detection, business networks
can filter this protocol on their firewalls. Group Policy in Windows Vista uses Net-
work Location Awareness to determine the network bandwidth. When mobile users
connect to a business network, Group Policy can detect the availability of a domain
controller and initiate a background refresh of policy over the VPN connection.
Improving Group Policy Management
Windows Vista includes the Group Policy Management Console (GPMC) and Group
Policy Object Editor (GPOE) for managing Group Policy. While GPMC was previ-
ously provided as a separate download from Microsoft, it is now integrated directly
into the operating system.
Using the GPMC, shown in Figure 26-1, you can manage Active Directory Group
Policy in an enterprise environment. To open the GPMC, follow these steps:
1. Log on to a computer running Windows Vista with an administrative user
account.
2. Click Start, type
mmc into the Search box, and then press Enter.
3. In the Microsoft Management Console, click File
➝ Add/Remove Snap-in.
4. In the Add or Remove Snap-ins dialog box, click Group Policy Management
Console, click Add, and then click OK.