Chapter 14. Using Group Policy

Group Policy... The mere mention of it stirs up strong feelings in seasoned Windows administrators. Typically the reaction is some mixture of awe, revulsion, and resignation. Group Policy is a mixture between dark arts, defense against the dark arts, and your ordinary, run-of-the-mill mystery.

It is no small wonder really. Microsoft's Group Policy Reference for Windows Vista, lists 2,494 (!) settings across 131 administrative templates. To that we need to add at least 163 security settings, plus an arbitrary number of configured restricted groups, services, and registry and file system ACLs. It would be quite easy for even a moderate size enterprise to have thousands of Group Policy settings across tens of templates.

Group Policy can certainly be daunting. In this chapter, we discuss the changes to Group Policy in Windows Vista. The reader who is not familiar with Group Policy is warmly recommended to consult Jeremy Moskowitz's excellent book on the topic, Group Policy: Management, Troubleshooting and Security, which is fully updated for Windows Vista. There is so much to discuss that, for efficiency, we will assume an operating understanding of Group Policy. If you feel rusty you may want to brush up on Group Policy either with Moskowitz (at, or by perusing some of the documents on Microsoft's Group Policy tech center.

Windows Vista is seeing the most significant upgrade to Group Policy since its introduction with Windows 2000. In ...

Get WINDOWS VISTA™ SECURITY: Securing Vista Against Malicious Attacks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.