Rule Group Policy 1 of Windwos

Group PolicyWith powerful magic, let's take a look at what the magic of group strategy legends are embodied in.

The legendary magic ring has powerful magic and can make people conquer the world. In Windows, there is also a "magic ring"-group strategy that allows you to easily control a single machine, you can also easily control the entire network. This article will teach you how to control the power of the magic ring, so that you can freely in the Windows world.

Knowledge

Group Policy: the Group Policy is a management technology used in Windows 2000. administrators can use the Group Policy to set various options for one or more computers. The group policy is flexible, including policy settings, security settings, software installation, script running, computer startup and shutdown, user logon and logout. Systems with group policy functions include Windows 2000, Windows XP Professional, and Windows Server 2003.

Demon show-group policy setting in standalone Environment

Log on to the system as an administrator or as an administrator. Enter gpedit. msc in the running state and press enter to Open Group Policy Editor 1 ).

The Group Policy Editor window consists of two parts: left and right. The left side shows all available policy categories in the form of a tree chart, and the right pane shows the policies that can be configured in each category in detail, you can configure these policies by double-clicking them. There are two parts: Computer Policy and user policy. Generally, computer policies can be applied to the entire computer, or these policies are mainly for the existence of some settings on the entire computer "system. The user policy mainly targets user-related settings, such as the software interface. In addition, the policies in user settings generally only apply to the currently logged-on users.

To help you better understand the use of group policies, we will give a few examples.

In the Policy Editor window of the observation group, you can find that the left-side tree chart consists of two parts: Computer Configuration and user configuration, while most of the policies under it are similar. Therefore, before configuration, you should consider that if you want your configuration to only take effect for the current user, you can perform operations under the user configuration; if you want the settings to take effect for all users on the local machine, you can perform operations under the computer configuration. In addition, some global settings are included in the computer configuration.

Tip: the following content mainly uses Windows XP as an example. However, most of the content also applies to Windows 2000 and Windows Server 2003, but the details may be slightly different.

Tips: Disable the "user configuration" or "Computer Configuration" policy.

Right-click the "local computer policy" at the top of the hierarchy list on the left side of the Group Policy Editor window, select properties, and a dialog box is displayed. The "CREATE" column shows the generation time of the policy, which generally refers to the installation time of the operating system; the last group policy setting time is displayed in "modify". The "modify" column shows how many policies are configured in the two categories. If you want to hide a type of policy, you can check the check box below this dialog box.

Hide recycle bin icon

For the sake of appearance, the newly installed Windows XP desktop has only one recycle bin icon. You may not want your beautiful wallpaper to be blocked by icons. How can you delete the only recycle bin icon? After selection, pressing the Delete key will naturally not work, but it is much easier to have a group policy. Open the Group Policy Editor, locate "user configuration-manage template-desktop" in the tree chart on the left, and then find and double-click "delete recycle bin from desktop" in the right pane, you will see the 2) dialog box, select "enabled", and click "OK" to close the dialog box. Log out and log on again to see if only one icon disappears.

 

Protect the secret in the paging file

For important files, we all know that encryption and permission setting are used to prohibit access by other irrelevant personnel. However, you know that if necessary, others can obtain your confidential information through other means, that is the paging file. We all know that paging files are used as a supplement to the physical memory to exchange data between the hard disk and the memory, while paging files are a file on the hard disk, it is located in the root directory of the hard disk partition where the system is located. The file name is pagefile. sys. Generally, when we run a program, some of the content of these programs may be temporarily saved to the paging file. If we close the system immediately after editing the file, some content of the file may still be stored in the paging file. In this case, if someone gets the hard disk of this computer, you only need to remove the hard disk and use special software to read the confidential information in the paging file. By configuring group policies, we can avoid this potential risk. Open the Group Policy Editor and enable the "Shut down: Clear Virtual Memory Page Files" policy under "Computer Configuration/Windows Settings/Local Policies/security options. After this policy is enabled, the system will fill all the content in the paging file with "0" or "1" at the time of shutdown, so that all the information will naturally disappear. However, you must note that this will slow down the system. Therefore, if it is not necessary, we do not recommend that you enable this policy.

Security assurance in the console

After a system failure, we may need to go to the fault recovery console for repair. However, if you want to copy important files on the hard disk to a floppy disk in the console and reinstall the system, You may be disappointed. To ensure file security, by default, in the system fault recovery console, we can only have limited access to several System directories and cannot access all hard disk partitions. In addition, we can only copy files from the CD or floppy disk to the hard disk, but not from the hard disk. If you do not need this security measure, you can disable it by configuring the Group Policy. You can also enable the "fault recovery console" under "Computer Configuration/Windows Settings/Local Policies/Security Options: this policy allows disk replication and access to all drives and folders. Once you enter the console again, you will find that the limits are gone.

Disable balloon notification

In Windows XP, if the system has any message, such as network connection or disconnection information, it will be displayed in the system prompt area at the time point in the lower right corner of the screen) it is displayed as a balloon icon. Although you may feel new when using it for the first time, you will be bored after a long time. You can use the Group Policy to hide the prompts of these balloons forever. In the Group Policy Editor, locate "User preparation/management template/taskbar and Start Menu" in the tree chart on the left ", find and double-click on the right side to open the "balloon prompt for deleting the Start menu item", click "enabled", and click "OK" to exit.

Custom IE browser

Internet Explorer is used to access the Internet every day. If you are always facing the same IE window, you will be bored. If you want to beautify the IE window, you can use the Group Policy. In the tree chart on the left side of the Group Policy Editor, expand "user configuration/Windows Settings/Internet Explorer Maintenance/browser user interface ". Here, we can customize the title bar of the browser window, the dynamic logo in the upper right corner, and the toolbar icon. You only need to double-click each policy and then follow the instructions in the pop-up window to apply the policy.

If you want IE to use Google as the default search engine after clicking "Search", you can also set the implementation here. Click "URL" under "Internet Explorer Maintenance", double-click "Important URL", and select the check box before "custom search bar URL, then enter the http://www.google.com below, OK, and exit. In this way, start IE again and click "Search" to use Google as the default search engine.

Log on to the application with the logout script

Using the Group Policy, we can set to allow the system to automatically execute script files during user logon and logout. In the script file, we can do a lot of things. For example, sort disk fragments and clear temporary folders. Here, we will take the automatic creation of a System Restore point when the computer is started as an example to describe how to use this policy.

To do this, you must first compile a script to create a system restore point, and then set a group policy to enable the computer to automatically execute this script file when it starts.

Open notepad and enter the following content:

 
 

  
  
Set sr = getobject("winmgmts:\\.\root\default:Systemrestore")   
  
  
 
  
  
　 msg = "New Restore Point successfully created." & vbCR   
  
  
 
  
  
msgmsg = msg & "It is listed as: " & vbCR   
  
  
 
  
  
msgmsg = msg & "Automatic Restore Point " & Date & " " & Time   
  
  
 
  
  
　 If (sr.createrestorepoint("Automatic Restore Point", 0, 100)) = 0 Then   
  
  
 
  
  
MsgBox msg   
  
  
 
  
  
Else   
  
  
 
  
  
MsgBox "Restore Point creation Failed!"   
  
  
 
  
  
End If   
  
  
 
  
  
Set sr = Nothing   
  
  
 
 
 

Save the file as systemrestore. vbs, NOTE: When saving, select "all files" from the "file type" drop-down menu, and enter the complete file name including the extension name in "file name. Open the Group Policy Editor, go to "Computer Configuration/Windows Settings/script start/stop)", and double-click the "Start" policy to open the "launch properties" dialog box. Click "add", click the Browse button to find the systemrestore. vbs file, and click "OK" to exit the tab. After setting, the Restore point is automatically created every time the system is started.

There are many other policies that can be set here, because after each policy is selected, the editor will display relevant explanations and instructions. I believe that these can help you understand the purpose and usage of each policy, so I will not talk about it here.

Tip: remotely Edit Group policies for other computers.

If you only need to modify the Group Policy settings of another computer on the LAN for some temporary reasons, what should you do? Run "MMC" on your computer to open the console, click "Add/delete Management Unit" under the "file" menu, and then click "add, select the "Group Policy" Console component in the list of available independent management units, and click "add ". A dialog box will pop up, asking you to select the Group Policy object. If you want to edit the Group Policy of the local machine, you can directly use the default setting; otherwise, you can click "Browse, select "another computer", click "Browse" again, and select a computer on the local LAN in the "select computer" dialog box that appears, you must have administrator permissions on the other computer ). After selection, a group policy editor window is opened. Previously, the "local computer policy" is displayed as "2k3 policy", where 2k3 is the machine name of the remote computer ).

For more information about group policies, click Group Policy 2 in Windwos.