This section provides you with a simple list of "how to" items to get you started using Group Policy. If you are already comfortable working with Windows 2000 Group Policy Objects, this section will be review. There are a variety of ways to open the Group Policy snap-in, from which you can edit, create, and delete Group Policy Objects. Opening the Group Policy Snap-inYou can open the Group Policy Object Editor in several ways, depending on the action that you want to perform and the object to which you want to apply Group Policy. The preferred method is to use the Group Policy snap-in as an extension to an Active Directory snap-in. This way, you can browse the Active Directory for the correct Active Directory container and then define Group Policy Objects based on the selected scope. To open the Group Policy Object Editor from Active Directory Users and Computers, perform the following steps:
To open the Group Policy Object Editor as a Microsoft Management Console (MMC) snap-in, follow these steps:
Note If you want to save a Group Policy Object Editor console and choose which Group Policy Object opens in it from the command line, select the Allow Focus of the Group Policy Snap-In To Be Changed When Launching from the Command Line check box in the Select Group Policy Object properties page. Editing a Group Policy ObjectAfter you open the Group Policy Object Editor, as shown in Figure 21.16, you can edit existing Group Policy Objects. It is important to note that you must have read and write permissions on a GPO to be able to edit it. Figure 21.16. The Group Policy Object Editor.To edit a Group Policy Object, follow these steps:
Note If you want to edit the Local Group Policy Object, you can open it quickly by choosing Start, clicking Run, typing gpedit.msc, and then clicking OK. Creating a Group Policy ObjectIf you want to create a new Group Policy Object, follow these steps:
Note Use common sense naming conventions for GPOs. It is not advisable, for example, to use the same name for two different GPOs. Using the same name for different GPOs does not cause Group Policy to function incorrectly, but it might be confusing. Deleting a Group Policy ObjectThe newly created Group Policy Object is linked by default to the site, domain, or organizational unit that you select when you create the Group Policy Object, and its settings apply to that site, domain, or organizational unit. If you want to delete the Group Policy Object from that site, domain, or organizational unit, do the following:
Unlinking a Group Policy ObjectYou might want to preserve a Group Policy Object that you have created but that you no longer want to affect the domain, OU, or site on which you created it. In this case, unlinking or disabling the GPO is your best practice. To unlink a Group Policy Object from a domain, OU, or site, follow these steps:
Note If you click the Remove The Link And Delete The Group Policy Object Permanently box in the Delete dialog box, all sites, domains, and organizational units to which the Group Policy Object is linked will no longer have those Group Policy settings applied to them, and the Group Policy Object itself will be deleted. Disabling a Group Policy ObjectWhen you disable a Group Policy Object link, the settings in the Group Policy Object no longer apply to users or computers in the site, domain, or organizational unit to which the Group Policy Object was linked; and they no longer apply to users and computers in child containers that inherit those Group Policy settings. However, you can easily reenable the policy at a later time. To disable a Group Policy Object, perform the following steps:
Note When you are working with Group Policy Objects, it is recommended that you disable unused parts of the object. Under User Configuration or Computer Configuration in the console tree, if a GPO contains only settings that are not configured, you can avoid processing these settings by disabling User Configuration or Computer Configuration. This expedites the startup and logon process for those users and computers that are subject to the policy. |