Академический Документы
Профессиональный Документы
Культура Документы
Scripts. The Scripts node can affect computer startup and shutdown and user
logon and logoff. You can place any Windows Script Host (WSH)supported
language into a script object.
Remote Installation Services (RIS). The settings in this node control how the
Remote Operating System Installation feature is presented to client
computers.
Folder Redirection. This node's settings redirect Windows special folders (i.e.,
My Documents, Application Data, Desktop, and Start Menu) to an alternate
location on the network.
Always wait for the network at computer startup and logon setting.
The Setting:
Computer Configuration\ Administrative Templates\ System\ Logon\ Always
wait for the network at computer startup and logon
The Setting:
User Configuration\ Windows Settings\ Remote Installation Services\ Choice
Options
The Settings:
Computer Configuration \ Windows Settings \ Scripts (Startup/Shutdown)
The Settings:
User Configuration\ Administrative Templates\ Start Menu & Taskbar
\Remove Favorites menu from Start Menu
\Turn off personalized menus \[in Windows 2003 and XP SP2\]; \Disable
Personalized menus \[in XP and Win2K Server\]
\Prevent changes to Taskbar and Start Menu Settings \[in Windows 2003 and
XP 2P2\]; \Disable changes to Taskbar and Start Menu Settings \[in XP and
Win2K Server\]
The Settings:
Computer Configuration\ Administrative Templates\ Network/Network
Connections\ Windows Firewall\ Domain Profile
The Setting:
Computer Configuration\ Windows Settings\ Security Settings
The Setting:
Computer Configuration\ Windows Settings\ Security Settings\ IP Security
Policies on Active Directory
The Settings:
Computer Configuration\ Windows Settings\ Security Settings\ Software
Restriction Policies
Wireless network policies let you configure settings that control the behavior
of the Wireless Configuration Service in XP through the Wireless Network
Policies Extension in a Windows 2003 environment.
The Setting:
Computer Configuration\ Windows Settings\ Security Settings\ Wireless
Network (IEEE 802.11) Policies
The Settings:
User Configuration\ Administrative Templates\ System\ Windows Automatic
Updates
User Configuration\ Administrative Templates\ System\ Windows Update
Computer Configuration\ Administrative Templates\ Windows Components\
Windows Update
8. Folder Redirection
Folder Redirection lets you redirect the path of special folders such as My
Documents, Desktop, and Application Data to a network location. Storing
these folders and their contents on a file server affords them the superior
protection that server class hardware inherently provides and also makes the
data available to users from multiple workstations. A separate but
complementary technology is XP's Offline Files, which automatically makes
files available offline when you redirect them from a special folder. For more
information about implementing Folder Redirection, see "Using IntelliMirror to
Manage User Data and Settings" (July 2003, InstantDoc ID 39193).
The Settings:
User Configuration\ Windows Settings\ Folder Redirection
User Configuration\ Network\ Offline Files
You can also restrict user access to certain IE settings, menu items, and
configuration pages to enforce consistency and bolster security. Take a
minute to read the Explain tab for the settings you configure to avoid
confusion about what will happen when you enable or disable a setting. XP
SP2 dramatically expands the IE security options that Group Policy can
control. The new features include MIME sniffing safety, zone elevation
protection, ActiveX installation restrictions, file download restrictions, and
Add-on management.
The Settings:
Computer Configuration\ Administrative Templates\ Windows Components\
Internet Explorer
User Configuration\ Administrative Templates\ Windows Components\ Internet
Explorer
The Settings:
User Configuration\ Software Installation
Computer Configuration\ Software Installation
Good Policy
Now you know that some policies are simple and others, such as Folder
Redirection, require preparation and testing to implement. The best way to
approach policy creation is from the perspective of solving a particular
problem or providing a particular service. Determine the appropriate settings
to accomplish the task at hand. Read the description under the Explain tab
when viewing the properties for a setting within GPE to make sure you fully
understand a setting's impact and behavior before you turn it on. And finally,
make sure you fully test both the result of the settings in your GPO as well as
your scope targeting method before putting a policy into production.
Print
reprints
Favorite
inShare
printers. The solutions possible with these extensions and the numerous
policy types they include are innumerable. *Environment Variables *Local
Users and Groups *Application Security *Device Restrictions *Wireless
*Network Options *Drive Maps *Folder Redirection *Administrative Templates
*Microsoft Disk Quota *QoS Packet Scheduler *Scripts *Security *Internet
Explorer Branding *EFS recovery *Software Installation *Software Update *IP
Security *Folders *Files *Data Sources *Ini Files *Windows Services *Folder
Options *Scheduled Tasks *Registry *Applications *Printers *Shortcuts *Mail
Profiles *Internet Settings *Start Menu Settings *Regional Options *Power
Options One of the strengths of Group Policy is its ability to target groups of
settings in a GPO to users and/or computers by site, domain, and
organizational unit. Additionally, GPOs can be filtered by security group and
WMI filters. PolicyMaker extensions add to this flexibility by implement persetting targeting using a graphical drag and drop filter interface common to
all extensions and settings. This allows administrators to create a much
smaller number of GPOs and target contained settings more granularly. Filter
classes include: