O'Reilly logo

Windows Vista Security: Praxisorientierte Sicherheit für Profis by Marcus Nasarek

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

859
Chapter 27
CHAPTER 27
Navigating Windows Vista Policy Changes27
Each policy setting has a specific requirement for the operating system or systems it
will work with. Some policies require at least Windows XP Professional or a later ver-
sion of Windows. Others require at least Windows Vista or later. The exact require-
ments are listed in the explanatory text when you select a policy in the GPOE.
Since Group Policy was introduced with Windows 2000, every version of Windows
and just about every service pack includes policy settings that extend the set of avail-
able policies. In its original implementation, Windows Vista has more than 2,400
policies—about 700 of which are new.
Navigating Windows Vista Policy Changes
The 700 new policies in Windows Vista can be grouped into a few dozen broad cate-
gories, summarized in Table 27-1. Use the details provided to help you understand
what additional features and components can be managed using Group Policy for
Windows Vista. The “Scope” column tells you which portion or portions of a policy
are used for configuration—either User Configuration, Computer Configuration, or
both. The “Group Policy location” column tells you where the related policies are
located within User Configuration, Computer Configuration, or both.
Table 27-1. New areas of management in Group Policy for Windows Vista
Group Policy category Scope Group Policy location Description
Antivirus User Configuration Administrative Templates\
Windows Components\
Attachment Manager
Sets the behavior for evalu-
ating high-risk attachments.
Background Intelligent
Transfer Service (BITS)
Computer Configuration Administrative Templates\
Network\Background Intelli-
gent Transfer Service
Manages the new BITS
Neighbor Casting feature
which facilitates peer-to-
peer file transfer within a
domain.
860
|
Chapter 27: Navigating Windows Vista Policy Changes
Deployed Printer
Connections
Computer Configuration,
User Configuration
Windows Settings\Deployed
Printers
Connects printers automati-
cally by deploying a printer
connection to a computer.
This is useful when the com-
puter is shared in a locked-
down environment, such as
a school, or when a user
roams to different locations.
Device Installation Computer Configuration Administrative Templates\
System\Device Installation
Permits or denies a device
installation based on the
device class or device ID.
Disk Troubleshooting and
Diagnostics
Computer Configuration Administrative Templates\
System\Troubleshooting and
Diagnostics\Disk Diagnostic
Manages automated disk
diagnostics and controlsthe
level of information dis-
played by the disk failure
diagnostics.
DVD Video Burning Computer Configuration,
User Configuration
Administrative Templates\
Windows Components\
Import Video
Manages the way videos
can be importedandburned
to disk.
Enterprise Quality of Service
(QoS)
Computer Configuration Windows Settings\Policy-
based QoS
Allows prioritization of net-
work traffic to alleviate net-
work congestion.
Hybrid Hard Disk Computer Configuration Administrative Templates\
System\Disk NV Cache
Configures the hybrid hard
disk with nonvolatile cache
properties. This allows you
to manage nonvolatile
cache, startup and resume
optimizations, solid state
mode, and power savings
mode.
Internet Explorer 7 Computer Configuration,
User Configuration
Administrative Templates\
Windows Components\Inter-
net Explorer
Allows configuration of
Internet Explorer registry-
based values through Group
Policy.
Network Quarantine Computer Configuration Windows Settings\Security
Settings\Network Access
Protection
Manages Health Registra-
tion Authority (HRA), Inter-
net Authentication Service
(IAS), and Network Access
Protection (NAP).
Online Assistance Computer Configuration, Administrative Templates\
Windows Components\
Online Assistance
Controls where your users
access Help content.
Power Management Computer Configuration Administrative Templates\
System\Power Management
Makes it possible to config-
ure all system-configurable
power management
options.
Table 27-1. New areas of management in Group Policy for Windows Vista (continued)
Group Policy category Scope Group Policy location Description
Navigating Windows Vista Policy Changes
|
861
Removable Storage Computer Configuration,
User Configuration
Administrative Templates\
System\Removable Storage
Access
Protects data bylimitingthe
data that can be read from
and written to removable
storage devices. Administra-
tors can enforce restrictions
on specific computers or
users through policy settings.
Shell Application
Management
User Configuration Administrative Templates\
Start Menu and Taskbar
Manages access to the tool-
bar, taskbar, Start menu,
and icon displays.
User Profiles Computer Configuration,
User Configuration
Administrative Templates\
Windows Components\User
Profiles
Configures the logon experi-
ence to include expanded
Group Policy settings in
roaming user profiles, redi-
rected folders, and logon
dialog screens.
Auto Run, Auto Play Computer Configuration,
User Configuration
Administrative Templates\
Windows Components\
AutoPlay Policies
Customizes Autorun for dif-
ferent devices and media,
creation and removal of
partnerships, synchroniza-
tion schedule and behavior,
and creation and access to
workspaces.
Shell Visuals Computer Configuration,
User Configuration
Administrative Templates\
Windows Components\Desk-
top Windows Manager
Configures the desktop dis-
playto include new graphics
features, including flip
views and live thumbnails.
Tablet PC Computer Configuration,
User Configuration
Administrative Templates\
Windows Components\Input
Personalization, Pen Train-
ing,TabletPC\TabletPCInput
Panel, TabletPC\Touch Input
Configures Tablet PC features.
Terminal Services Computer Configuration,
User Configuration
Administrative Templates\
Windows Components\Ter-
minal Services
Provides security and ease-
of-use enhancements for
Terminal Services. You can
allow or prevent redirection
of additional supported
devices to the remote com-
puter in a Terminal Services
session. You can require the
use of Transport Layer Secu-
rity (TLS) 1.0 or native
Remote Desktop Protocol
(RDP) encryption, or negoti-
ate a security method. You
can also require the use of a
specific encryption level
(FIPS Compliant, High, Cli-
ent Compatible, or Low).
Table 27-1. New areas of management in Group Policy for Windows Vista (continued)
Group Policy category Scope Group Policy location Description

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required