| ||
Copyright 2005 by Wiley Publishing, Inc., Hoboken, New Jersey
Published by Wiley Publishing, Inc., Hoboken, New Jersey
Published simultaneously in Canada
ISBN-13: 978-0-7821-4447-0
ISBN-10:
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise , except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (800) 7622974, outside the U.S. at (317) 5723993 or fax (317) 5724002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.
Library of Congress Card Number on file
Trademarks: Sybex, Wiley and related trade dress are registered trademarks of Wiley Publishing, Inc., in the United States and other countries , and may not be used without written permission. All other trademarks are the property of their respective owners . Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
Credits
Acquisitions and Developmental Editor
Tom Cirtin
Technical Editor
David Shackelford
Production Editor
Elizabeth Campbell
Copy Editor
Nancy Sixsmith
Production Manager
Tim Tate
Vice President & Executive Group Publisher
Richard Swadley
Vice President and Publisher
Joseph B. Wikert
Vice President and Publisher
Neil Edde
Book Designer
Judy Fung
Compositor
Craig Woods, Happenstance Type-O-Rama
llustrator
Jeffrey Wilson, Happenstance Type-O-Rama
Proofreader
Nancy Riddiough
Indexer
Nancy Guenther
Cover Design and Illustration
Ingalls + Associates
To my parents and grandparents
Acknowledgments
This is the third edition of this book, and with every edition, I have more people to thank. For this third edition, I first want to thank all the readers of the previous two editions who believed in Group Policy and are using it daily to make their administration experiences even better. And a heartier thanks to those folks on GPanswers.com who ask questions, help others, and help me make this book the best it can be.
Over the three editions, working to bring this book to you was one of the most rewarding experiences in my life. I would be lying if I took credit for all the juicy bits inside. I have a small army of individual people to thank.
Once again, at the top of the list of thanks is the chief lieutenant of this army, Mark Williams within the Group Policy team at Microsoft. His raw dedication to make this book the best it can be is simply astounding. Mark took on the hard job of filtering my huge number of questions and finding answers to them throughout the various product teams within Microsoft. He located reviewers for each and every chaptersometimes as many as four reviewers for a single chapter! I even have it on hard fact that he took a Microsoft Program Manager (who wasn't even a member of his group) by the ear and ensured that he read one of my chapters. In a nutshell : this book would not have been the same without him, and I'm incredibly grateful.
Additionally, I want to thank Michael Dennis, Lead Program Manager for Group Policy at Microsoft, for so thoroughly endorsing my efforts and granting Mark the required time to assist me. To the other members of the Group Policy team (past and present), Adam Edwards, Jason Leznek, Mike Stephens, David Power, Craig Marl, John Kaiser, Dilip Radhakrishnan, Shaji Ullattil and Rhynier Myburgh , Steve Whitford and BJ Whalen, I thank you for your support in all you do and always helping me out whenever you can.
Additional thanks to the battalion of technical reviewers at Microsoft: Mike Treit, Nick Finco, Anitha Bagyam, Judith Herman, Mike Danseglio, Chris Corio, Wei Wang, Craig dos Santos, John Lambert, Scott Cousen, Anshul Rawat, David Steere, Dan Boldo, Brian Aust, Navjot Virk, Vishal Ghote, Rajeev Nagar, Keith Hageman, Wes Miller, and many more people. These amazing people didn't review these chapters because they had to; they did it because they wanted to. Each one has a clear dedication to their craft, and I'm thrilled that they took the time out of their work lives to help this book be its best.
Special thanks goes to Todd Myrick and Jerry Cruz as my two "beta readers" for the heavy- hitting Group Policy material. Their help was invaluable, and I'm very thankful to have had their expertise and input on the material they reviewed! Additional thanks to Ron Hrehirchuk for helping me out on GPanswers.com and adding your input to the book.
Special thanks go to the dedicated folks behind the book. Thanks to Kevin Sullivan, technical editor for this third edition. I'm really happy to have chosen a fellow Group Policy MVP to "watch my back" during this edition. To the Sybex and Wiley magicians, especially Tom Cirtin and Elizabeth Campbell, who went above and beyond the call of duty, as always. I'm very grateful for your dedication to this book's success.
Thanks to Jill Knapp and Jeff Knapp for loaning me your modems. You're way more than just modems to me.
Thank you, Mark Minasi, for allowing me to write about the subject that I love most. Thanks to Bill Boswell for writing Chapter 7 (it's awesome ). Moreover, thanks for simply always being there for me to bounce an idea off (and thanks for your phone line simulator I borrowed for eight months). Mark and Bill: without your guidanceboth technical and otherwiseI simply wouldn't be the guy I am today.
I want to give special thanks to current and previous contributors to this book. Derek Melber (MCSE) was a contributing author and technical editor of the first edition. Catherine Moya (MCT, MCSE) was a technical editor of the first edition. David Shackelford did the heavy lifting as technical editor on the second edition. Conan Kezema's (MCSE, MCT, CCA) updated material appears in "New Policy Settings for Windows 2003 and Windows XP" on the book's website.
Using the Downloadable Web References
Because I simply don't have room here in this printed book to discuss every policy setting or even every policy category, I've placed some additional information on both www.sybex.com and www.GPanswers.com . You can download all these resources, which include the following:
ADM Template Syntax After you use the material in Chapter 5 regarding ADM templates, you might be jazzed to create your own. This reference shows you the ropes with step-by-step examples.
New Policy Settings for Windows 2003 (including SP1) and Windows XP (including SP2) This reference has an at-a-glance list of some of what's completely new and configurable in Windows 2003 and Windows XP via Group Policy and that doesn't have anything to do with Intelli-Mirror. This reference describes more than 200 policy settings that deal with Windows XP and Windows 2003 specific features: System Restore, DNS, Terminal Services, Remote Access, VPNs, and other stuff that I won't generally discuss in other areas of the book. Again, if you're already somewhat familiar with Group Policy, you may find a ripe peach in this reference you'll want to pluck and start using right away. Additionally, we cover all the hundreds of additional settings found in Windows XP/Service Pack 2 and Windows 2003/SP1.
Security Options Comparison In Windows 2003, all the security policy settings have been renamed for clarity. However, you might have a mixed environment in which you're manipulating Group Policy on both Windows 2003 and Windows 2000 systems. This reference contains two tables that deal with the Group Policy security policy settings: Windows 2000 to Windows 2003 and Windows 2003 to Windows 2000. That way, you can see which security settings have the same functionjust different names .
| ||