Leveraging Group Policies

Previous page
Table of content
Next page

Leveraging Group Policies

Group Policy only applies to Windows 2000 Professional, Windows XP, Windows 2000 Server, and Windows Server 2003 server machines. Any machines running earlier versions of Windows, UNIX, or other operating systems will not receive Group Policy from Windows Server 2003. Machines receiving Group Policy settings also must be members of the domain.

There are two areas to which group policies can be applied. One is applied to computers and the other is applied to users.

Using Computer Policies

Computer policies are applied upon boot of the machine, are in place before logon, and are independent of the user login credentials. They apply to the computer only, regardless of who will be logging in. Types of Group Policies that are best applied in the computer policies are the following (not a complete list):

  • Startup scripts.

  • Security settings.

  • Permission configuration on local files, Registry hives, or services on a workstation.

  • Software installation can be pushed if they are in an MSI format using either the User or Computer policies. However, it is suggested that it be pushed via Computer Policies.

Using User Policies

User policies are applied when the user logs in and occur after boot and during logon. They apply to the user regardless of what computer or server the user is logging into. They follow the user wherever the user goes in the domain.

Types of Group Policies that are best applied in the computer policies are as follows (also not a complete list):

  • Login scripts

  • Restrictions on user rights

  • Folder redirection

Understanding Group Policy Refresh Intervals

Group Policy is refreshed at regularly scheduled intervals after a computer has been booted and a user has logged in. By default, Group Policy is refreshed every 90 minutes on non-domain controllers (with a stagger interval of 30 minutes) and every five minutes on domain controllers.

Refresh intervals are configurable via Group Policy by going to the following areas in Group Policy and changing the refresh interval times:

  • To change the interval for computer policies and DCs choose Computer Configuration, Administrative Templates, System, Group Policy.

  • To change the interval for user policies, choose User Configuration, Administrative Templates, System, Group Policy.

Most changes made to existing Group Policy Objects (or GPOs) or new GPOs will be enforced when the refresh cycle runs. However, the following settings will be enforced only at login or upon boot, depending on the GPO configuration settings:

  • Software installation configured in the Computer Policies

  • Software installation configured in the User Policies

  • Folder Redirection setting configured in the User Policies.

Computer Configuration Security Settings

Computer Configuration security settings are refreshed every 16 hours whether or not the settings have been changed.



Previous page
Table of content
Next page
Microsoft Windows Server 2003 Insider Solutions
Microsoft Windows Server 2003 Insider Solutions
ISBN: 0672326094
EAN: 2147483647
Year: 2003
Pages: 325
Authors: Rand Morimoto, Andrew Abbate, Eric Kovach, Ed Roberts
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Java I/O
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
C & Data Structures (Charles River Media Computer Engineering)
Junos Cookbook (Cookbooks (OReilly))
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy