In the past it might have been possible to leave workstations at the mercy of their users without much risk. In those days, many people didn't know much about computers, and security threats came from few vectors. Unfortunately, the average user today is much more tech savvy and has enough computer knowledge to be dangerous. Keep in mind that these are the same users who will install peer-to-peer file sharing software (for example, Kazaa) in a business network and have their workstations full of spyware and malware. Because of that, sometimes you have to protect your network from its own users. The damage can be accidental or not, but the important thing is that you analyze what you need to do to prevent it. Group policy can help you accomplish a portion of this task by greatly reducing what the user is allowed to do (or even see). From a social standpoint, group policy is probably not going to make you the most popular person around the office. Let's face it: People don't like to feel restricted at all. You might want to work closely with the HR department to create policies that are backed by the company's employee policies. Although thousands of settings are available in group policy, it is important to keep everything in perspective. Albert Einstein once said "Make everything as simple as possible, but not simpler," and this applies perfectly to group policy. My advice is to cover all your bases, but do not try to control everything. Controlling too much can become an administrative nightmare. The next couple of sections show the most common uses for group policy and how to implement them.
|