What are the application of group policies in Vista?

Group PolicySystem Administrators are critical to maintaining system security. The following describes the application of Group Policy in vista.

Some people refer to the Group Policy as a "big master" in Windows ". Compared with XP, the Group Policy Function in Vista is more powerful and more closely integrated with the system, which is more like the "big internal manager" in Vista ". You can use group policies to complete seemingly difficult tasks in Vista. Next we will explore deeply to uncover the inside story of the Vista group policy and implement the extraordinary task.

1. Hide and restrict disk partitions to protect data

Some data is stored on PCs and public computers, which sometimes do not have to be known to others. In particular, computers in office scenarios are usually shared by multiple people because of their open locations, and personal computers are sometimes used temporarily by others. All these challenges the confidentiality and security of user data stored in them, what should I do?

In fact, we do not need third-party software in Vista to easily implement data protection by hiding or limiting disk partitions. The following describes how to restrict partition C. The procedure is as follows:

Step 1: In the "run" dialog box of the Start Menu, enter "Gpedit. msc, open the "Group Policy" setting window, in the "Group Policy" setting window, choose "Local Computer Policy> User Configuration> management template> Windows Components> Windows Resource Manager.

Step 2: In the settings window on the right, select "prevent access to the drive from my computer", right-click the option, and select "properties ", the "prevent access to drive properties from my computer" window appears. Three options are available: "Not Configured", "enabled", and "disabled ".

Step 3: After "enabled" is selected, the sink list of the selected drive will appear below. If you want to restrict the use of a drive, just select the drive. For example, to restrict the use of drive C, select "restrict drive C only. If you want to disable all drives, including optical drives, you can select "restrict all drives ". (Figure 1)

Figure 1 prevent my computer from accessing the drive

Tip: In "Windows Resource Manager", there is also the policy "hide these specified drives in" My Computer ". You can use this policy to specify the drive, however, this policy can be broken through the IE browser. Enter C: \ in the address bar and press enter to hide the C disk partition. In contrast, the above restrictions are more thorough. (Figure 2)

Figure 2 set the effect

Extended: You can choose to hide the C partition or all partitions through the above method. How can you hide a specific partition, such as the E disk partition? You can modify the configuration file of the Vista Group Policy. The file is stored in the path "% windir % \ PolicyDefinitions \". We need to modify the file "WindowsExplorer. adml "and WindowsExplorer. admx configuration files.

Step 1: Open the WindowsExplorer. adml file in notepad and find the part that contains the following code:

Only partitions A, B, C, and D are restricted.

Only partitions A, B, and C are restricted.

Only limit partitions A and B

Restrict all partitions

For example, to hide the E partition, add the following code. Save and exit after modification:

Only limit partition E (figure 3)

Figure 3 partition Restriction

Step 2: use NotePad to open the WindowsExplorer. admx file and find

"

The former is used to restrict access to partitions, and the latter is used to hide partitions. For example, if we use partition E as an example, add the following code at the two locations, "16" indicates the decimal code of the E partition: (Figure 4)

Figure 4 options for adding an edisk

Step 3: replace two important files. Due to access control permissions, we first need to modify the access permissions of the two files, open the Properties dialog box, and switch to the "Security" tab, click the "advanced" button to change the owner and set the owner. After obtaining the permission, you can complete the file replacement operation.

Now, you can select "enabled" in the "prevent access to the drive from my computer" dialog box of the Group Policy.

2. Pass the USB flash drive

USB flash drives are very popular, and many mobile phone functions also include USB flash drives. It is very easy to copy some files from others' computers, this poses a great threat to information in the computer. How can we make the system only use the specified USB flash drive or mobile hard drive?

In fact, we don't have to worry about this issue in the Vista system. We can use group policies to complete this task. You can disable all USB storage devices and allow the system to only use the specified USB flash disk.

Step 1: insert your USB flash drive into the Vista system so that the system can use the USB flash drive normally. Then, go to the control panel and double-click the Device Manager ", expand "portable devices" in it to see your USB flash drive.

Step 2: Right-click on the top and select "properties". In the displayed "properties" window, click the "details" tab, then select "hardware ID" in the "property" drop-down box of the device. The following "value" will show a string. This is the hardware ID of your USB flash drive. copy it and save it.

Step 3: copy the hardware ID of "USB large capacity storage device" in "general serial bus controller" and expand the "general serial bus controller" list in "Device Manager, find the "USB high-capacity storage device" and click the "details" tab in its "properties" window. Copy the hardware ID and save it.

Step 4: Find the hardware ID of the USB flash drive and implement it through the Group Policy. "Start> Run" and enter "Gpedit. msc opens the Group Policy window, and expands "Computer Configuration> management template> system> device installation restrictions ", double-click "Prohibit installation of devices not described by other policies" on the right, select "enabled" in the pop-up window, and then click "OK, set it to disable the USB device described in policy settings. (Figure 5)

Figure 5 Disable other mobile storage devices

For more information about the application of group policies in the Vista system, click the three applications of group policies in the vista system.