Windows Server 2008 offers a marvelous command and control system for your organization's computers called Group Policy (GP). With GP, you can manage user- and computer-based configurations, which you can apply en masse to computers in a particular Active Directory site, OU, or domain.
An Introduction to Group Policy
Group policies consist of five distinct components:
Administrative templates
Configure Registry-based policies.
Folder redirection
Alters the target location of various elements in the UI, such as My Documents, to other places on the network.
Scripts
Execute when computers are first booted and shut down. They also can run during user logon and logoff.
Security settings
Configure permissions, rights, and restrictions for computers, domains, and users.
Software policies
Assign application packages to users and computers.
The data for each component is stored in a Group Policy Object (GPO). In domain-based GPs, GPOs are stored at various levels in Active Directory, but they're always associated with a domain. GPOs are affiliated with a variety of objects within Active Directory, including sites, domains, domain controllers, and OUs, and they can be linked to multiple sites, to the domains themselves, and to OUs. For non-domain-based (i.e., local) GPs, you simply configure those settings on individual servers.
Local computer policies are stored in the %SystemRoot%\System32\GroupPolicy directory because they apply only to the computer on which they're stored and they need not be replicated. Local policies are also more limited in scope and ability, as you'll see later in this chapter.
When you first set up an Active Directory domain, two default GPOs are created: one that is linked to the domain itself, and therefore affects all users and computers within the domain; and one that is linked to the Domain Controllers OU, which affects all domain controllers within a domain.
*.* Source of Information : O'Reilly Windows Server 2008: The Definitive Guide
No comments:
Post a Comment