What ARE Group Policy commands? You can start the Windows XP Group Policy Editor by simply clicking the "start" → "run" command, typing "gpedit.msc" in the open field in the Run dialog box, and then clicking OK. (Note: This "Group Policy" program is located in "C:winntsystem32" and the file name is "Gpedit.msc".) )
When multiple people share a single computer, set user rights in Windows XP, follow these steps:
1, run the Group Policy Editor Program (Gpedit.msc).
2, in the left pane of the Editor window, expand Computer configuration → Windows settings → security settings → local policy → user Rights Assignment branch.
3, double-click the user rights need to change. Click Add, and then double-click the user account that you want to assign permissions to. As shown in Figure 8. Click OK twice in succession to press the button.
In Windows XP, a new command-line tool, "shutdown", is added to "Shut down or restart a local or remote computer." Using it, we can not only log off the user, shut down or restart the computer, but also to achieve a timed shutdown, remote shutdown.
The syntax format for this command is as follows:
shutdown [-I |-l|-s |-r |-a] [f] [-M [ComputerName]] [-t XX] [-C ' message '] [-d[u]: Xx:yy]
Among them, the meaning of each parameter is:
-I dialog box showing the graphical interface.
-L Unregister the current user, which is the default setting.
-M ComputerName preferred.
-S shuts down the computer.
-R restarts after shutdown.
-A abort shutdown. In addition to-L and ComputerName, the system ignores other parameters. During the timeout period, you can only use-a. -F forces the application to be closed to run.
-M [ComputerName] Specifies the computer to shut down.
-T XX sets the timer used for system shutdown to xx seconds. The default value is 20 seconds.
-C ' message ' specifies the messages that will be displayed in the messages area in the System Shutdown window. You can use up to 127 characters. The quotation marks must contain a message.
-D [u]: xx:yy lists reason codes for system shutdown.
First, let's take a look at some basic uses of this command:
1. Log off the current user shutdown-l This command can only unregister native users and not for remote computers.
2, shut down the local computer shutdown-s
3, restart the local computer shutdown-r
4. Timed shutdown Shutdown-s-T 30 specifies that the computer automatically shuts down after 30 seconds.
Adding a computer and user wireless network policy to a Group Policy security group after it is configured and functioning correctly, it is easy to add additional computers to the security group that controls the policy application.
• Add computers to the wireless Network Group Policy Security Group
1. In Active Directory Users and Computers, locate the wireless network Policy-computer security group that corresponds to the wireless network policy that you want to apply. You must be logged on as a user with the Modify Membership permission for this group.
2. Add a computer to the selected security group.
• Add users to the remote Access Policy security group
1. Log on to the management computer, request to be logged on as a member of the Domain Administrators group, or log on with another account that has the security permissions required to modify the remote access Policy-wireless users security group membership.
2. In Active Directory Users and Computers, locate the remote access Policy-wireless users security group that corresponds to the remoting access policy that controls wireless LAN access.
3. Add the user to the selected security group.
• Add computers to the remote Access Policy security group
1. Log on to the management computer, request to be logged on as a member of the Domain Administrators group, or log on with another account that has the security permissions required to modify remote access policy-wireless Computers security group membership.
2. In Active Directory Users and Computers, locate the remote access Policy-wireless users security group that corresponds to the remoting access policy that controls wireless LAN access.
3. Add a computer to the selected security group.
The following is an application of Group Policy to organizational units or domains for 2003
1. Open Active Directory Users and Computers by clicking Start, click Administrative Tools, and then select Active Directory Users and Computers.
2. Highlight the related field or organizational unit, click the Action menu, and choose Properties.
3. Select the Group Policy tab. Note: Multiple policies can be applied to each container. The processing order of these policies is from the bottom of the list up. If there is a conflict, the last applied policy takes precedence.
4. Click New to create a policy and assign it a meaningful name, such as Domain policy. Note: Click the "Options" button to configure the "No Override" setting. "No Override" is configured for each individual policy, not for the entire container, and "Block Policy inheritance" is configured for the entire container. If the "No Override" and "Block Policy inheritance" settings conflict, the "No Override" setting takes precedence. To configure block Policy inheritance, select the check box in the OU property. Group Policy can be updated automatically, but to start the update process immediately, use the following gpupdate command at the command prompt: Gpupdate/force
• Add security groups to user rights assignment
1. Open Active Directory Users and Computers by clicking Start, click Administrative Tools, and then select Active Directory Users and Computers.
2. Highlight related OUs (such as member server), click the Action menu, and choose Properties.
3. Click the Group Policy tab, select the relevant policy (such as the Member Server Baseline Policy), and then click Edit.
4. In Group Policy Object Editor, expand Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then highlight user rights assignments.
5. In the right pane, right-click the related user right.
6. Select the Define these policy settings check box and click Add Users and groups to modify the list.
7. Click OK. Import a security template to Group Policy
• Import Security Templates
1. Open Active Directory Users and Computers by clicking Start, click Administrative Tools, and then select Active Directory Users and Computers.
2. Highlight the related field or OU, click the Action menu, and choose Properties.
3. Select the Group Policy tab.
4. Highlight the relevant policies and click Edit.
5. Expand Computer Configuration, click Windows Settings, and then highlight security settings.
6. Click the Action menu and select Import Policy.
7. Navigate to Security Guidejob aids, select the related template, click Open.
8. In Group Policy Object Editor, click the File menu and choose Exit.
9. In the container properties, click OK. Using Security Configuration and analysis
• Import Security Templates
1. Click "Start" and "Run" in turn. Type mmc in the Open text box, and then click OK.
2. In the Microsoft Management Console, click Files and select Add/Remove Snap-in.
3. Click Add to highlight Security configuration and analysis in the list.
4. Click "Add", "Close" and "OK" in turn.
5. Highlight security Configuration and analysis, click the Action menu, and choose Open Database.
6. Type a new database name (such as bastion Host) and click Open.
7. In the "Import Template" interface, navigate to Security Guidejob aids, select the relevant template. Click Open.
• Analyze imported templates and compare them with current settings
1. Highlight security Configuration and analysis in the Microsoft Snap-in, click the Action menu, and select Analyze Computer now.
2. Click OK to accept the default error log file path.
3. After completing the analysis, expand the node title to study the results.
• Apply Security Templates
1. Highlight security Configuration and analysis in the Microsoft Snap-in, click the Action menu, and select Configure Computer now.
2. Click OK to accept the default error log file path.
3. At the Microsoft Management Console, click File, and then select Exit to turn off security configuration and analysis.