- slide 1 of 2
What is Group Policy?
Group policy is an extremely important feature in all of the Windows NT based server operating systems, including 2000, 2003, and 2008. Group Policy provides centralized management along with configuration for remote users and computers inside an Active Directory server environment. Group Policy is the set of rules and standards that dictates what users can and cannot do on an Active Directory computer network, as well as what computers they can do it from. The primary reason for implementing group policy is security related, restricting access to individual files, computer systems, server drives, and so forth. It is often even used in smaller network environments, such as schools, to ensure network functionality by blocking potentially harmful functions. Examples of what things Group Policy can limit are as broad as entire virtual drivers, or something as simple as blocking the Windows Task Manager from running, prohibiting the use of Regedit, restricting access to folders, disallowing the use of executables, and much, much more.
- slide 2 of 2
Group Policy Functions
As mentioned above, Group Policy requires the installation of Active Directory and therefore a Domain Controller. Group Policy settings, contained in Group Policy Objects (GPOs), are linked to various areas of a network, including individual machines, sites, Organizational Units (OUs), and domains.
Group Policy is an extremely powerful tool that should be implemented very carefully. With one wrong move you can lock out every user from being able to access the network, or prevent an entire department from being able to use MS Outlook. Make sure you are very deliberate and careful with your group policy settings. It would be wise of, not just the head Administrator, but an entire IT department to examine all available Group Policy settings and decide which ones to implement.
Group Policies are contained under two very broad headings - User Configuration, and Computer Configuration. Under each of these headings are three additional subheadings, namely, Windows Settings, Software Settings, and Administrative Templates. Logically, policies that are applied under Computer Configuration effect that whole computer and all of its users, while policies applied under User Configuration effect a specific user (or group of users, discussed later).
In the next part of this series on Group Policy we will consider common and useful Group Policy Settings.
Windows Server 2003 Group Policy Overview
We take a look at the huge subject of Group Policy. What it is, how it helps Administrators, and some common Group Policy settings that can increase security.