UEU-co logo


Previous Page Next Page

Editing Group Policies

Creating a new GPO (and linking it) is actually only half of the work that you have to do to create a functional GPO. You have to edit the new GPO and configure its settings before it provides you with any functionality.

To edit a GPO, right-click on the GPO in the Group Policy Management node tree. Select Edit from the shortcut menu. The Group Policy Object Editor opens with the GPO to be edited loaded in the snap-in (see Figure 11.6).

Figure 11.6. GPOs are edited in the Group Policy Object Editor.

[View full size image]

GPOs contain two main sections (or settings, as mentioned earlier): Computer Configuration and User Configuration. Settings that you place in the Computer Configuration section affect all users logging on to computers to which the GPO has been linked.

The User Configuration section affects all users, no matter the computer to which they log on (all users in the container to which the GPO has been applied). User configuration policies go into effect when users log on.

Each section of the GPO (Computer Configuration and User Configuration) contains three different setting types: Software, Windows, and Administrative Templates. These setting types are used as follows:

To make a long story short, editing a GPO is really a matter of locating individual policies and administrative templates that you want to use, and then enabling and configuring them. For example, let’s say that you want some help in adding new workstations to the domain (this typically requires membership in a group that has administrative privileges). You can actually specify certain users who could help you add the new workstations by enabling and configuring the Add Workstations to Domain policy, which is found in the Local Policies node under the User Rights Assignment node (as shown in Figure 11.10).

Figure 11.10. You can configure policies related to user rights, such as adding computers.

[View full size image]

Policies that have not been enabled or configured are labeled Not Defined in the Details pane. To enable and configure a particular policy, follow these steps:

1. In the Details pane, double-click the policy that you want to enable and configure (in this case, the Add Workstation to Domain policy). The Properties dialog box for the policy opens.

2. In the case of the Add Workstations to Domain policy, click the Define These Policy Settings check box and use the Add User or Group button to add users or groups to the policy. These users and groups now have the capability to add workstations to the domain (see Figure 11.11).

Figure 11.11. Individual policies must be configured for them to take effect.

3. After you configure the policy (in some cases, you must actually click an Enable check box, but this varies from policy to policy), click the OK button.

The policy is now enabled and so affects the computers (or users) in the container (such as the domain) to which the GPO containing the enabled policy is linked. Obviously, to fully configure a GPO, you need to enable and configure a number of the policies that reside in the GPO.

By the Way

Obviously, a lot of the individual policies and administrative templates found in a GPO can relate to servers on the network and also to computers and users running client operating systems such as Windows XP and Windows 2000 Professional. Typically, you are trying to control client environments on the network (more so than you are your servers, which are already controlled by password protection and access restraints), so as you peruse the basics of a GPO, you should be thinking in terms of how you can fashion the overall environment that users will experience as they work in the domain.

Previous Page Next Page

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.


apply_now Pepperstone Group Limited