Windows Server 2008 incorporates a feature called Group Policy Preferences, which is essentially the old products PolicyMaker Standard Edition and Policy Share Manager in new form, directly into the Group Policy Management Console (GPMC). In a nutshell, preferences allow you to "suggest" an initial configuration to your users while still giving them the ability to change them. Let's delve a little deeper into this.
Group Policy itself was designed so that an administrator determines and sets up his mandatory environment, configures it appropriately for the organization's needs, and then leaves it up to Windows to strictly enforce those settings. GP generally overrides any user-provided settings in the event of a conflict, and it typically disables any user interface functions that could be used to change those settings. And while one can limit or otherwise affect the scope of a GPO, it essentially can touch every machine that is a member of any given Windows domain. Machines and settings controlled by Group Policy are termed "managed" machines and settings.
Group Policy preferences take a lighter approach. While GP preferences still are set up by an administrator and filter down to managed clients, GP writes preferences to the same places in the Registry where applications store their data about that specific setting. This lets GP address settings and switches in applications that don't by default know about Group Policy. In addition, there isn't a restriction on the user interface of the software, so if the administrator-defined preferences don't meet a user's working style or in some other way aren't what a user wishes, she is free to change them. You can also define the schedule at which Group Policy refreshes preference information—it can either be done at the same interval that GP refreshes policy (the mandatory settings), or you can set it once and then prohibit Windows from refreshing that preference again.
Supporting Group Policy preferences is also lightweight. You can create GPOs that contain preference information right out of the box. On the client, you'll need to install—via a separate download—a client-side extension; this will need to be deployed to any computer that is a target of your preference settings. The client-side extension will support Windows XP Service Pack 2 and later, Windows Vista, and Windows Server 2003 with Service Pack 1 and later. (If you install Windows Server 2008, you already get the CSE.)
You can create preference entries by right-clicking on the appropriate preference item in the left pane of the Group Policy Management Editor and selecting New from the context menu. The same breakdown for regular GPOs applies for GP preferences: Computer Configuration is used to customize machine-specific settings, which become effective when a computer first boots, and User Configuration is used to configure settings that apply only to that user regardless of where she is on the network.
No comments:
Post a Comment