Group Policy Objects

A Group Policy object contains a detailed profile of security permissions that apply primarily to the security settings of a domain or a computer (rather than to users). A single Group Policy object can be applied to all of the computers in an organizational unit. Group Policy gets applied when the individual computer starts up, and periodically is refreshed if changes are made without restarting.

How Group Policy Works

Group Policy objects are associated with domains and organizational units (containers) in the Active Directory Users and Computers snap-in to MMC. The permissions granted by the Group Policy are applied to the computers stored in that container. Group Policy can also be applied to sites using the Active Directory Sites and Services snap-in.

Group Policy settings are inherited from parent folders to child folders, which might in turn have their own Group Policy objects. A single container could have more than one Group Policy object assigned to it.

For more information on Group Policy precedence and how conflicts are resolved among multiple Policy objects, see Windows 2000 Help.

Prerequisites for Implementing Group Policy

Group Policy is a feature of the Windows 2000 Active Directory. Active Directory must be installed on a server before you can edit and apply Group Policy objects.

Case Study: What To Do?

Okay, enough of the SuperConsultant already. If you wanted to be a consultant, you wouldn't have a real job.

So, in your real job you are tasked with making sure that users will be able to securely access resources all over the network. Sounds like a piece of cake, but when you start looking at the network, you see that you have all sorts of different operating systems and you begin to wonder if perhaps the company is paying you enough. Then you seem to remember something called Herby, Kirby, Furby, or something like that. After doing some research, you find that there is a protocol that comes with Windows 2000 called Kerberos v5, and you find that this is a standard. After a little exploring and poking around, you find that you can institute Kerberos as part of the Windows 2000 rollout and use it to authenticate users across platforms, across domains, across sites, and even across trees. Life is beginning to look a whole lot better, though they still should be paying you more!

Was this article helpful?

0 0

Post a comment