Leveraging Group Policies

Previous page
Table of content
Next page

Group policies only apply to Windows 2000 Professional, Windows XP, Windows 2000 Server, and Windows Server 2003 server machines. Any machines running earlier versions of Windows, Unix, or other operating systems will not receive a group policy from Windows Server 2003. Machines receiving group policy settings also must be members of the domain. There are two areas to which group policies can be applied. One is applied to computers and the other is applied to users.

Using Computer Policies

Computer policies are applied upon boot of the machine, are in place before logon, and are independent of the user login credentials. They apply to the computer only, regardless of who will be logging in. Types of group policies that are best applied in the computer policies include things like:

  • Startup scripts

  • Security settings

  • Permission configuration on local files, Registry hives, or services on a workstation

Software installation can be pushed if they are in an MSI format using either the user or computer policies. However, it is suggested that it be pushed via computer policies.

Using User Policies

User policies are applied when the user logs in and occur after boot and during login. They apply to the user regardless of what computer or server the user is logging into. They follow the user wherever the user goes in the domain.

Types of group policies that are best applied in the computer policies are as follows (also not a complete list):

  • Login scripts

  • Restrictions on user rights

  • Folder redirection

Understanding Group Policy Refresh Intervals

Group policies are refreshed at regularly scheduled intervals after a computer has been booted and a user has logged in. By default, group policies are refreshed every 90 minutes on non-domain controllers (with a stagger interval of 30 minutes) and every five minutes on domain controllers.

Refresh intervals are configurable via Group Policy by going to the following areas in Group Policy and changing the refresh interval times:

  • To change the interval for computer policies and DCs, choose Computer Configuration, Administrative Templates, System, Group Policy.

  • To change the interval for user policies, choose User Configuration, Administrative Templates, System, Group Policy.

Most changes made to existing Group Policy Objects (or GPOs) or new GPOs will be enforced when the refresh cycle runs. However, the following settings will be enforced only at login or upon boot, depending on the GPO configuration settings:

  • Software installation configured in the computer policies

  • Software installation configured in the user policies

  • Folder Redirection setting configured in the user policies.

Note

Computer Configuration security settings are refreshed every 16 hours whether or not the settings have been changed.




Previous page
Table of content
Next page
Microsoft Windows Server 2003 Unleashed(c) R2 Edition
Microsoft Windows Server 2003 Unleashed (R2 Edition)
ISBN: 0672328984
EAN: 2147483647
Year: 2006
Pages: 499
Authors: Rand Morimoto, Michael Noel, Alex Lewis
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Programming Microsoft ASP.NET 3.5
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Junos Cookbook (Cookbooks (OReilly))
.NET-A Complete Development Cycle
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy