O'Reilly logo

Windows Vista Security: Praxisorientierte Sicherheit für Profis by Marcus Nasarek

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Working with Multiple Local Group Policy Objects
|
853
Policy changes are applied when Group Policy is refreshed. Windows automatically
refreshes policy periodically. However, with some types of policies you may need to
log off and then log back on, or restart the computer.
Working with Multiple Local Group Policy Objects
As discussed previously, computers running Windows Vista can have multiple
LGPOs. The way you use and work with multiple LGPOs is explored in this section.
Understanding Multiple Local Group Policy Object Usage
Multiple LGPOs increase flexibility when applying policy settings and allow home
and workgroup users to gain some of the benefits and controls previously available
only in Windows domains. They do this by allowing a policy to be uniquely tailored
to users based on the logon account and their membership in specific groups.
Windows Vista has three layers of LGPOs:
1. Local Group Policy
2. Administrators and Non-Administrators Local Group Policy
3. User-specific Local Group Policy
These layers of LGPOs are processed in order. Local Group Policy is applied first.
Administrators and Non-Administrators Local Group Policy is applied second. User-
specific Local Group Policy is applied third.
Local Group Policy is the only LGPO that allows both computer configuration and
user configuration settings to be applied. User configuration settings applied through
the LGPO apply to all users of the computer, even the built-in Administrator
account. Local Group Policy works the same as it did in Windows XP.
Administrators and Non-Administrators Local Group Policy contains only user con-
figuration settings and is applied based on whether the user account being used is a
member of the local Administrators group. A user is either an administrator or a
nonadministrator. If the user is a member of the Administrators group, Administra-
tors Local Group Policy is applied to the user at logon. If the user is not a member of
the Administrators group, Non-Administrators Local Group Policy is applied to the
user at logon.
User-specific Local Group Policy contains only user configuration settings and is
applied based on whether an additional policy object has been created and applied to
a user’s account. In this way, you use User-specific Local Group Policy to apply pol-
icy settings to one specific user.
The available user settings are the same among all LGPOs. Because of this, it is possi-
ble that a setting in one GPO may conflict with a setting in another GPO. Windows

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required