New things explored in windows vista Group Policy

After exploring new things in Windows Vista Group Policy in the previous article, we will continue to explore windows vistaGroup PolicyThe specific content is as follows.

Sleep Settings

The "Sleep Settings" folder contains 12 policy items. Each operation includes two types of policies: one is to control when your computer is powered on, and the other is to control when your computer uses a battery, they are:

Enable applications to prevent sleep conversion: If you enable this policy, applications or services can prevent the system from entering mixed sleep, standby, or sleep mode.

Specify System sleep Timeout: If this policy is enabled, you can set the duration of inactivity required for Windows to bring the system to sleep. The range of values that can be entered here is from 1 to 999999, in seconds.

Password required to wake up the computer: If you enable this policy or do not configure it, the user will be prompted to enter the password when the system is awakened; because, by default, the system requires a password. If you do not want to be prompted to enter the password, you can disable this policy.

Specify System sleep Timeout: As in the sleep Timeout Policy, the value is also in seconds.

Disable hybrid sleep: If this policy is enabled, the system will not bring it to sleep.

Allow STANDBY state S1-S3 during sleep): If you enable this policy, Windows will be able to use STANDBY state during computer sleep. If this policy is disabled, the computer enters sleep state, that is, hybrid sleep mode.

In earlier versions of Windows, the standby mode can save the work to the memory and put the computer in a power-saving state, while the sleep mode is to save the work to the hard disk. Vista combines standby and sleep into a State: Mixed sleep. In this state, the work will be stored in the hard disk, and when the computer is awakened, the previous stages of work can also be restored.

However, you can also enable the traditional standby status through the Group Policy. The standard ACPI standby status is:

S0: The system is enabled and ready to work at any time.

S1: CPU power is disabled; RAM is idle but will be updated. The system can wake up with a mouse or keyboard.

S2 is not implemented frequently): All devices are powered off, just like S3, But RAM updates are faster.

S3: All devices are powered off and their work is saved to RAM. Whether the keyboard and mouse can wake up your system depends on your control.

S4: Close all hardware and save the work to the hard disk. This is equivalent to the sleep state.

Video and displayDisplay Settings:

There are four policies included in the "video and Display Settings" folder. They are actually set when the computer is powered on and battery:

Disable adaptive display Timeout: This setting controls the duration of the computer's inactive state before the display is disabled. Windows automatically adjusts this setting based on the user's settings for the input device.

Turn off the monitor: If you enable this policy, you need to set a period of time in seconds before the display is disabled.

User Account Control settings:

One of the most prominent security improvements in Vista is User Account Control UAC ). In the security options folder, there are nine policies that can be used to change the specific working method of this function. To change these settings, expand "Windows Settings" in "Computer Configuration" in the left-side pane of "Group Policy object Editor", find "Security Settings", and then select "local policy ". Click "Security Options", as shown in figure 6.

Figure 6 you can control the UAC's specific working methods through the Group Policy

The following are UAC-related policy configurations you can perform in Vista:

Administrator Approval Mode for built-in Administrator Accounts: If you enable this policy, the Built-in Administrator account will log on in management approval mode, this means that you will be prompted to accept the permission escalation. By default, this policy is disabled. Therefore, the Built-in Administrator account is different from the management account in other Vista) and will log on in XP compatibility mode; all applications can run with full administrator permissions by default. Enabling this group policy increases security.

In administrator Approval Mode, the Administrator prompts for elevation: by default, all accounts except the Built-in Administrator account are prompted to agree to the operation before permission escalation is required. If you enable this policy, you can choose to ask the Administrator to provide creden。 for permission escalation or to reduce security by not prompting creden。 or agreeing to the operation. This option 7 is shown in.

Figure 7 you can enhance or reduce security by performing operations prompted by the Administrator

Standard user escalation prompt: by default, logon with a standard user account will be prompted to enter administrator creden。 to escalate permissions. If you enable this policy, you can provide a denial of access message when a standard user attempts to perform an operation that requires elevation of permissions to enhance security.

Check application installation and prompt upgrade: If you enable this policy, the application installation package for the permission upgrade will be detected through heuristic algorithms, you will be prompted to raise the permission when you open it.

Only executable files that are signed and verified are upgraded: this policy allows you to implement PKI signatures to detect interactive applications that require higher permissions to enhance security. By default, PKI certificate chain verification is not implemented.

Only upgrade the UIAccess application installed in a secure location: If this policy is enabled, the UIAccess application cannot be opened unless they are stored in a secure location. This includes the Program Files directory and Windows \ System32 \ r-_ \ Program Files x86 directory. This policy is enabled by default, but you can disable it if you want UIAccess applications stored elsewhere to run.

Standard Users run all users, including administrators: this policy is enabled by default and is the heart of Vista's UAC protection. If you disable this policy, all UAC policies will be disabled and the security will be greatly reduced. You need to restart to make these policy settings take effect.

Switch to a secure desktop when prompted: this policy is enabled by default. When a permission is required, the desktop is locked and no application can unlock the lock. You can only use this policy to remove the requirement for improvement and display it on a normal desktop, but this will reduce security.

There are other options ......

We are only looking at a small part of the hundreds of new group policy settings in Vista. There are also some new settings used to control the advanced security firewall of Vista, configure the printer according to the location, customize the author of the DVD disc, and manage network access protection, configure New Terminal Services/Remote Desktop security functions. In addition, the new group policy can also serve Internet Explorer 7.

The new things in windows vista group policies are far more than that. More functions related to group policies need to be explored by administrators.