Advanced tips for Windows System Group Policy

System Group Policy is almost a network management personnel to manage the network, one of the necessary tools, the conventional application of the tool skills, I believe many people have been familiar with.

But the author has always believed that as long as we are careful and attentive, we will continue to explore new application techniques from the System group strategy. If you don't believe it, take a look at the following, and believe that they will help you enter a new realm of application.

Different users, different permissions

Maybe your server contains a lot of users, but in order to protect the security of the server, you want these users to the server's access control permissions are different, so that in the future when the server encountered an accident, you can, depending on the level of authority, you can quickly find "from the chaos" users. To assign different access control rights to different users, you only need to set up the server Group Policy, the following is the specific setup steps:

Click the start/Run command, and in the system Run box that pops up, enter the string command "Gpedit.msc" and open the System Group Policy Editing window when you click OK.

In the window, expand the Computer Configuration/Windows Settings/Security Settings/Local Policies/user rights Assignment items in the box;

In the right window area corresponding to the User Rights Assignment project, you will see multiple rights to assign, as shown in Figure 3. For example, if you only want AAA users to remotely access content on the server via a network connection, rather than allowing them to write content or execute applications in the local login server, you can double-click the "Deny local logon" right first;

In the Settings window that opens, click Add, and then select the account name for the AAA user, then click Add, so that AAA users will be able to access the contents of the server from the remote network later.

Similarly, you can assign local login control rights to BBB users, assign ownership of files or other objects to CCC users, etc. once you have assigned different control rights to different users, you will be able to manage and control users in the future according to the different levels of authority. For example, if you find that the server is not connected to the network time, someone at random to upload illegal information to the server and need to be investigated, you can easily exclude AAA users, after all, AAA users do not have such "criminal ability"!

Protection settings, avoiding conflicts

In the local area network, the workstation IP address is often changed randomly, resulting in the occurrence of IP conflict, which affects the operation efficiency of LAN. Although there are many ways to avoid IP address conflicts, but carefully, you can not find some of these methods for some novice users, the operation of a bit difficult; in fact, with the help of Group Policy, it is easy to limit the network configuration parameters of LAN workstations to be arbitrarily modified, To effectively avoid conflicts with IP addresses in your network:

Click the start/Run command, and in the system Run box that pops up, enter the string command "Gpedit.msc" and open the System Group Policy Editing window when you click OK.

Expand the User Configuration/Administrative Templates/Network/network and dial-up connections policy items in the window, and in the right window area for the network and dial-up connections policy, double-click the Allow TCP/IP advanced Settings project;

In the Settings window that pops up as shown in Figure 4, select the Disable option and click the OK button so that any workstation user who opens the TCP/IP Properties Settings window will find it impossible to go to the Advanced Settings window to modify the workstation's IP address or other network parameters. So the IP address in the LAN is not easy to conflict.