Group policies only apply to Windows 2000 Professional, Windows XP, Windows 2000 Server, and Windows Server 2003 server machines. Any machines running earlier versions of Windows, Unix, or other operating systems will not receive a group policy from Windows Server 2003. Machines receiving group policy settings also must be members of the domain. There are two areas to which group policies can be applied. One is applied to computers and the other is applied to users. Using Computer PoliciesComputer policies are applied upon boot of the machine, are in place before logon, and are independent of the user login credentials. They apply to the computer only, regardless of who will be logging in. Types of group policies that are best applied in the computer policies include things like:
Software installation can be pushed if they are in an MSI format using either the user or computer policies. However, it is suggested that it be pushed via computer policies. Using User PoliciesUser policies are applied when the user logs in and occur after boot and during login. They apply to the user regardless of what computer or server the user is logging into. They follow the user wherever the user goes in the domain. Types of group policies that are best applied in the computer policies are as follows (also not a complete list):
Understanding Group Policy Refresh IntervalsGroup policies are refreshed at regularly scheduled intervals after a computer has been booted and a user has logged in. By default, group policies are refreshed every 90 minutes on non-domain controllers (with a stagger interval of 30 minutes) and every five minutes on domain controllers. Refresh intervals are configurable via Group Policy by going to the following areas in Group Policy and changing the refresh interval times:
Most changes made to existing Group Policy Objects (or GPOs) or new GPOs will be enforced when the refresh cycle runs. However, the following settings will be enforced only at login or upon boot, depending on the GPO configuration settings:
Note Computer Configuration security settings are refreshed every 16 hours whether or not the settings have been changed. |