Group Policy: Information from Answers.com

This article needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (September 2008)

Local Group Policy Editor in Windows XP Media Center Edition

Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules which control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications and users' settings in an Active Directory environment. In other words, Group Policy in part controls what users can and can't do on a computer system. Although Group Policy is more often seen in use in enterprise environments, it is also common in schools, smaller businesses and other kinds of smaller organizations. Group Policy is often used to restrict certain actions that may pose potential security risks, for example: to block access to the Task Manager, restrict access to certain folders, disable the downloading of executable files and so on.

As part of Microsoft's IntelliMirror technologies, Group Policy aims to reduce the cost of supporting users. IntelliMirror technologies relate to the management of disconnected machines or roaming users and include roaming user profiles, folder redirection and offline files.

1 Overview
- 1.1 GPO application
2 Local Group Policy
3 Security
4 See also
5 References
6 External links

Overview

Group Policy can control a target object's registry, NTFS security, audit and security policy, software installation, logon- and logoff-scripts, Security filtering is the process of customizing the scope of the GPO by choosing which users and groups the GPO applies to.

Windows Management Instrumentation (WMI) filtering is the process of customizing the scope of the GPO by choosing a WMI filter to apply.

Delegation is the process of customizing the security descriptors of the GPO by assigning specific users and groups and the individual permissions that will be applied for each. This has more control than security filtering as it allows modification of both Apply and Deny permissions.

GPO application

The Group Policy client operates on a "pull" model - every so often (a randomized delay of between 90 and 120 minutes, although this offset is configurable via Group Policy) it will collect the list of GPOs appropriate to the machine and logged on user (if any). The Group Policy client will then apply those GPOs which will thereafter affect the behavior of policy-enabled operating system components and applications.

Local Group Policy

Local Group Policy (LGP) is a more basic version of the Group Policy used by Active Directory. In versions of Windows before Windows Vista, LGP can configure the Group Policy for a single local computer, but unlike Active Directory Group Policy, can not make policies for individual users or groups. It also has many fewer options overall than Active Directory Group Policy. The specific-user limitation can be overcome by using the Registry Editor to make changes under the HKCU or HKU keys. LGP simply makes registry changes under the HKLM key, thus affecting all users. The same changes can be made under HKCU or HKU to only affect certain users. Microsoft has more information on using the Registry Editor to configure Group Policy available on TechNet.^[1] LGP can be used on a computer on a domain, and it can be used on Windows XP Home Edition.

Windows Vista supports Multiple Local Group Policy objects (MLGPO), which allows setting local Group Policy for individual users.^[2]

Security

One potential problem with per-user policies is that they're only enforced voluntarily by the targeted applications. A malevolent user can interfere with the application so that it cannot successfully read its Group Policy settings thus enforcing potentially lower security defaults or even return arbitrary values.^{[citation needed]} The user can also create a copy of the application at a writable location, then modify it such that it ignores the Group Policy settings.^{[citation needed]}

References

^[3]

External links

v • d • e Windows components

Core	Aero · AutoRun · ClearType · Desktop Window Manager · DirectX · Explorer · Taskbar · Start menu · Shell (Shell extensions · namespace · Special Folders · File associations) · Search (Saved search · IFilter) · Graphics Device Interface · Imaging Format · .NET Framework · Server Message Block · XML Paper Specification · Active Scripting (WSH · VBScript · JScript) · COM (OLE · OLE Automation · DCOM · ActiveX · ActiveX Document · Structured storage · Transaction Server) · Previous Versions · Win32 console

Management tools	Backup and Restore Center · command.com · cmd.exe · Control Panel (Applets) · Device Manager · Disk Cleanup · Disk Defragmenter · Driver Verifier · Event Viewer · Management Console · Netsh · Problem Reports and Solutions · Sysprep · System Policy Editor · System Configuration · Task Manager · System File Checker · System Restore · WMI · Windows Installer · PowerShell · Windows Update · WAIK · WinSAT · Windows Easy Transfer

Applications	Calculator · Calendar · Character Map · Contacts · DVD Maker · Fax and Scan · Internet Explorer · Journal · Mail · Magnifier · Media Center · Media Player · Meeting Space · Mobile Device Center · Mobility Center · Movie Maker · Narrator · Notepad · Paint · Photo Gallery · Private Character Editor · Remote Assistance · Windows Desktop Gadgets · Snipping Tool · Sound Recorder · Speech Recognition · WordPad

Games	Chess Titans · FreeCell · Hearts · Hold 'Em · InkBall · Mahjong Titans · Minesweeper · Purble Place · Solitaire · Spider Solitaire · Tinker

Kernel	Ntoskrnl.exe · hal.dll · System Idle Process · Svchost.exe · Registry · Windows service · Service Control Manager · DLL · EXE · NTLDR / Boot Manager · Winlogon · Recovery Console · I/O · WinRE · WinPE · Kernel Patch Protection

Services	BITS · Task Scheduler · Wireless Zero Configuration · Shadow Copy · Error Reporting · Multimedia Class Scheduler · CLFS

File systems	NTFS (Hard link · Junction point · Mount Point · Reparse point · Symbolic link · TxF · EFS) · FAT32·FAT16·FAT12 · exFAT · CDFS · UDF · DFS · IFS

Server	Domains · Active Directory · DNS · Group Policy · Roaming user profiles · Folder redirection · Distributed Transaction Coordinator · MSMQ · Windows Media Services · Rights Management Services · IIS · Terminal Services · WSUS · Windows SharePoint Services · Network Access Protection · PWS · DFS Replication · Remote Differential Compression · Print Services for UNIX · Remote Installation Services · Windows Deployment Services · System Resource Manager · Hyper-V

Architecture	NT series architecture · Object Manager · Startup process (Vista) · I/O request packet · Kernel Transaction Manager · Logical Disk Manager · Security Accounts Manager · Windows Resource Protection · LSASS · CSRSS · SMSS · MinWin

Security	User Account Control · BitLocker · Defender · Data Execution Prevention · Security Essentials · Protected Media Path · Mandatory Integrity Control · User Interface Privilege Isolation · Windows Firewall · Security Center

Compatibility	Unix subsystem (Microsoft POSIX · Interix) · Virtual DOS machine · Windows on Windows · WoW64 · Windows XP Mode

This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)

Donate to Wikimedia

	If you are the primary policy holder in a group policy and one of group policy members gets into an accident with his own car whats the impact to Primary Policy Holder? Read answer...
	When useing a group policy in a word group which configureation do you use? Read answer...
	What are the benefits and disadvantages of a master group or blanket policy instead of individual policies for commercial habitational? Read answer...

	How do you access Local Security Policy section of Group Policy from within Group Policy?
	How do you enter the group policy console?
	The group factor in making policy?

Group Policy

Contents