Friday, July 31, 2009

Implementing, Configuring, Managing, and Troubleshooting Local Group Policy

Group Policy exists at local computers, servers, and at the network level. “Local Computer Policy” is the set of Group Policy settings for a local computer. A “Group Policy Object” is any single set of settings. A Group Policy Object exists as a document.

Group Policy is one of the essences of the Windows 2003 and XP lifestyle. A group policy controls who can do what. Traditionally, group policy allows directory objects to perform certain actions. At domain-level security, group policy can act on objects such as servers, organizational sites, and so forth. However, at the desktop level, group policy acts pretty much exclusively on users and groups. Some modifications to group policy, such as modifications to account and audit polices, affect all users; other modifications to group policy affect only certain users depending on whether the user is a member of the proper group. (We call the latter sort of group policy “group-oriented group policy.”)

One way to understand group-oriented group policy is to note that, when you create a new group, there is no Properties button on the group. You can’t just right-click on the group and start assigning powers and restrictions. Instead, you must modify group-oriented group policy objects, choosing for each policy whether or not to enable that policy for a given group.

Combined with Active Directory in Windows 2000 Server, group policy is a powerful tool toward creating an integrated, hierarchical policy-based security infrastructure for an enterprise. For our limited Windows 2000 Professional-based discussion, Active Directory will not come into play. However, a limited version of Group Policy implemented at a local level in Windows 2000 Professional allows for a fair amount of control over security issues.

There’s a lot of meat to Group Policy. We won’t be able to cover every single policy, or even policy type, available to you in Group Policy Editor. However, we will take an in-depth look at those parts of Group Policy that concern security. Microsoft is emphasizing the security-related portions of Group Policy in the test.