Group Policy commands

Group PolicyIt is vital for the system administrator, but everyone knowsGroup Policy command? The Group Policy commands are described in detail below.

What are group policy commands?

Click Start> run, and enter gpedit in the open column of the run dialog box. msc, and then click OK to start the windowsxp Group Policy Editor. Note: The Group Policy Program is located in "c: winntsystem32" and the file name is "gpedit. msc ".)

When multiple users share a single computer, set user permissions in Windows XP by performing the following steps:

1. Run the Group Policy Editor Program gpedit. msc ).

2. Expand "Computer Configuration" → "windows Settings" → "Security Settings" → "Local Policy" → "user permission assignment" branch step by step in the left pane of the editor window.

3. Double-click the user permission that needs to be changed. Click Add, and double-click the account you want to grant permissions. 8. Click "OK" twice in a row.

In Windows XP, a command line tool "shutdown" is added to disable or restart a local or remote computer ". With this function, we can not only log off the user, shut down or restart the computer, but also implement Timed Shutdown and remote shutdown.

The syntax format of this group of policy commands is as follows:

Shutdown [-I |-l |-s |-r |-a] [-f] [-m [computername] [-txx] [-c 'message'] [-d [u]

: Xx: yy]

The meanings of parameters are as follows:

-I: displays the graphic interface dialog box.

-L log out of the current user. This is the default setting.

-Mcomputername is preferred.

-S: Disable the computer.

-R is disabled and then restarted.

-A abort and close. Except-l and computername, other parameters are ignored. During the timeout period, you can only use-.

-F forces the application to be closed.

-M [computername] specifies the computer to close.

-Txx: set the timer used for system shutdown to xx seconds. The default value is 20 seconds.

-C 'message' specifies the message that will be displayed in the "message" area in the "system close" window. It can contain up to 127 characters. The quotation marks must contain messages.

-D [u]

: Xx: yy: Used to list the cause code for system shutdown.

First, let's take a look at some basic usage of this group of policy commands:

1. log out of the current user

Shutdown-l

This command can only log off a local user, not applicable to remote computers.

2. Disable the Local Computer

Shutdown-s

3. Restart the Local Computer

Shutdown-r

4. Timed Shutdown

Shutdown-s-t30

Specify to automatically shut down the computer after 30 seconds.

Group Policy command: Add computers and users to the Group Policy Security Group

After the wireless network policy is configured and can work properly, it is very easy to add other computers to the security group that controls the policy application.

? Add a computer to a wireless network Group Policy Security Group

1. In "activedirectory users and computers", find the wirelessnetworkpolicy-computer Security Group that corresponds to the wireless network policy to be applied. You must log on to this group as a user with the "Modify member identity" permission.

2. Add computers to the selected security group.

? Add a user to a remote access policy Security Group

1. log on to the management computer. You must log on as a member of the domainadministrators group, or use another account with the security permissions required to modify the identity of the remoteaccesspolicy-wirelessusers Security Group.

2. In "activedirectory users and computers", find the remoteaccesspolicy-wirelessusers security group that corresponds to the remote access policy that controls Wireless LAN access.

3. Add the user to the selected security group.

? Add a computer to a remote access policy Security Group

1. log on to the management computer. You must log on as a member of the domainadministrators group, or use another account with the security permissions required to modify the identity of the remoteaccesspolicy-wirelesscomputers Security Group.

2. In "activedirectory users and computers", find the remoteaccesspolicy-wirelessusers security group that corresponds to the remote access policy that controls Wireless LAN access.

3. Add computers to the selected security group.

Apply the Group Policy to the organization unit or domain for 2003

1. Click Start, administrative tools, and activedirectory users and computers to open activedirectory users and computers ".

2. highlight the relevant domain or organization unit, click the "operations" menu, and select "properties ".

3. Select the "Group Policy" tab.

Note: Each container can apply multiple policies. The processing order of these policies is from the bottom up of the list. If a conflict occurs, the policy applied at last takes precedence.

4. Click "new" to create a policy and specify a meaningful name for it, such as "Domain Policy ".

Note: click the "options" button to configure the "prohibit substitution" setting. "Prohibit substitution" is configured for each individual policy, rather than for the entire container; "block policy inheritance" is configured for the entire container. If the "prohibit substitution" and "block policy inheritance" Settings conflict, the "prohibit substitution" setting takes priority. To configure block policy inheritance, select the check box in the ou attribute.

The group policy can be automatically updated, but in order to immediately start the update process, you can use the following gpupdate command at a command prompt:

Gpupdate/force

? Add a security group to "user permission assignment"

1. Click Start, administrative tools, and activedirectory users and computers to open activedirectory users and computers ".

2. Highlight relevant ou such as "Member Server"), click the "operations" menu, and select "properties ".

3. Click the "Group Policy" tab and select a policy such as "Member Server benchmark policy"), and then click "edit ".

4. in the "Group Policy object Editor", expand "Computer Configuration", "windows Settings", "Security Settings", and "Local Policies", and then highlight "user permission allocation ".

5. Right-click related user permissions in the right pane.

6. Select the "define policy settings" check box and click "add user and group" to modify the list.

7. Click OK ".

Group Policy command: import a security template to a group policy

? Import Security templates

1. Click Start, administrative tools, and activedirectory users and computers to open activedirectory users and computers ".

2. highlight the relevant domain or ou, click the "operations" menu, and select "properties ".

3. Select the "Group Policy" tab.

4. Highlight related policies and click Edit ".

5. Expand "Computer Configuration" and "windows Settings" in sequence, and then highlight "Security Settings ".

6. Click the "operations" menu and select "Import Policy ".

7. Navigate to securityguidejobaids, select a template, and click open ".

8. In the Group Policy object Editor, click the File menu and select exit ".

9. In container properties, click OK ".

Group Policy command: Use "Security Configuration and analysis"

? Import Security templates

1. Click Start and run ". In the open text box, type mmc and click OK ".

2. on the microsoft console, click File and select Add/delete snap-in ".

3. Click Add to highlight "Security Configuration and analysis" in the list ".

4. Click "add", "close", and "OK ".

5. Highlight "Security Configuration and analysis", click the "operations" menu, and select "Open Database ".

6. Type A new database name, such as bastionhost, and click open ".

7. On the "Import template" Page, navigate to securityguidejobaids and select a template. Click Open ".

? Analyze the imported template and compare it with the current setting

1. Highlight "Security Configuration and analysis" in the microsoft snap-in, click the "operations" menu, and select "analyze computer now ".

2. Click "OK" to accept the default "Error Log File Path ".

3. After the analysis, expand the node title to study the results.

? Application Security Template

1. Highlight "Security Configuration and analysis" in the microsoft snap-in, click the "operations" menu, and select "Configure computer now ".

2. Click "OK" to accept the default "Error Log File Path ".

3. On the microsoft console, click "file" and then select "exit" to disable "Security Configuration and analysis ".

It is hoped that the concept of group policy commands described in this article and how to use group policy commands can be helpful to readers. more knowledge about group policies remains to be actively explored and learned by readers.