Chapter 1: Group Policy

Chapter 1

Group Policy

About This Chapter

Group Policy is the primary configuration management tool for Microsoft Windows networks. Configuration management establishes how users work with client computers and servers in a network; it determines which software is available to users, how desktops look, and what operating system features are enabled. Without a centralized configuration management tool like Group Policy, configuring clients and client-side security settings on each computer in a large network would take a very longtime.

Because Group Policy controls how desktop computers work and determines which software is available to users, you can use it as a security mechanism. Group Policy can restrict dangerous operating system features to prevent well-meaning users from accidentally damaging their computers configurations. It can also limit access to configuration tools and software that malicious users can use to hack into other computers and carry out a wide variety of attacks. However, because Group Policy is primarily a central configuration management tool rather than a security feature, administrators need to be aware of its security limitations. These limitations are covered in Lesson 5 of this chapter.

This chapter explains in detail what Group Policy is and how it works. When you understand the capabilities and limitations of Group Policy, you can effectively use Group Policy as both a natural administrative point of control and as a security configuration tool.

You need to understand how Group Policy is applied in domains and organizational units and how policy is inherited by subordinate organizational units. Be sure you study Group Policy and its application, and practice applying Group Policy to different organizational unit structures to examine its effects.

Before You Begin

To complete this chapter, you must have

  • One year of direct work experience with Windows 2000

  • Familiarity with Windows 2000 as both a server platform and an end-user operating system

  • A test computer configured with Microsoft Windows 2000 Server and Active Directory

The companion CD-ROM contains a 120-day evaluation version of Windows 2000 Server that you can use to complete the exercises in this book.

  • Access to a client in the same domain as the Windows 2000 server

  • A basic understanding of the Active Directory directory service

The term "Windows" in this book refers only to Windows 2000 and subsequent Microsoft operating systems. Windows NT is similar in many respects but is not specifically covered. Microsoft Windows 3.1, Windows 95, Windows 98, or Windows Me are not covered.



MCSA(s)MCSE Self-Paced Training Kit Exam 70-214(c) Implementing and Administering in a Microsoft Windows 2[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-214): Implementing and Administering Security in a Microsoft Windows 2000 Network (Pro-Certification)
ISBN: 073561878X
EAN: 2147483647
Year: 2003
Pages: 82

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net