O'Reilly logo

Windows Vista Security: Praxisorientierte Sicherheit für Profis by Marcus Nasarek

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Updating Active Directory Group Policy Objects for Windows Vista
|
857
Deleting Local Group Policy Objects
All computers have an LGPO. You cannot delete this top-level policy object. You
can, however, set each policy setting to Not Configured to ensure that no related pol-
icy settings are applied.
While you cannot delete this object, you can delete other LGPOs that you have cre-
ated. When you delete an LGPO, the object and all its related settings are removed
from the computer.
You can delete the Administrators Local Group Object, Non-Administrators Local
Group Object, or User-specific Local Group Object by following these steps:
1. Log on to a computer running Windows Vista with an administrative user
account.
2. Click Start, type
mmc into the Search box, and then press Enter.
3. In the Microsoft Management Console, click File
Add/Remove Snap-in.
4. In the Add or Remove Snap-ins dialog box, click Group Policy Object Editor,
and then click Add.
5. In the Select Group Policy Object dialog box, click Browse.
6. In the Browse for a Group Policy Object dialog box, click the Users tab, as
shown in Figure 26-3.
7. Right-click the name of the policy you want to remove and then select Remove
Group Policy Object.
8. When prompted to confirm, click Yes.
9. Click Cancel three times to exit all open dialog boxes.
10. In the Microsoft Management Console, click File
Exit. If prompted to save the
console, click No.
11. Log off the computer to ensure that the policy object can be removed.
Updating Active Directory Group Policy Objects for
Windows Vista
On a Windows Vista computer, you’ll automatically see the Windows Vista policies
as well as the other policies when you work with LGPOs. The same is not true auto-
matically, however, if you try to use the Windows Vista policies in a domain. This is
because Active Directory Group Policy objects must be updated to include Win-
dows Vista policies. A similar update is required to apply any additional policies
defined in service packs or later Windows releases. Once you’ve performed the
update and made any necessary changes, you can perform basic management, such
as policy linking or blocking, using any computer. However, it is recommended that
the actual policy editing be done on a computer running Windows Vista or later.
858
|
Chapter 26: Using Group Policy with Windows Vista
Each Active Directory Group Policy object that should include Windows Vista poli-
cies must be updated separately. You update an individual GPO by following these
steps:
1. Log on to a computer running Windows Vista with an administrative user
account.
2. Click Start, type
mmc, and then press Enter. This starts the Microsoft Manage-
ment Console.
3. On the File menu, click Add or Remove Snap-in. This opens the Add or Remove
Snap-ins dialog box.
4. In the Add or Remove Snap-ins dialog box, click Group Policy Management
Console. Click Add and then click OK.
5. In the Microsoft Management Console, expand the Group Policy Management
node.
6. Expand the Forest node. This node represents the current forest to which you
are connected.
7. When you expand the Forest node, you’ll see Domains and Sites nodes. Expand
these nodes and their subnodes to work your way to the GPO you want to work
with.
8. When you find the GPO you want to work with, right-click it and then select
Edit to open the GPOE.
9. In the GPOE, select the Computer Configuration node by clicking it and then
select the User Configuration node by clicking it.
When you select the Computer Configuration and User Configuration nodes, the
current administrative templates are read and applied to the GPO you’ve selected.
Once Group Policy is refreshed, you can modify policy settings as necessary, and the
changes will be updated as appropriate in the selected site, domain, or organiza-
tional unit. Repeat this procedure to update the GPO for other sites, domains, or
organizational units.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required