Windows 2003 Active Diretory (eight)--Group Policy (1)

Group Policy has nothing to do with groups in the OU, don't confuse it. System administrators can use Group Policy to manage computers and users in the AD database. For example: User desktop environment, computer startup/Shutdown script files, script files executed by user login/logoff, file redirection, software installation, etc.

First, the basic concept of Group Policy

1. Group Policy settings data is saved in the AD database, so Group Policy must be set on the domain controller.

2, Group Policy can only manage computers and users. This means that Group Policy cannot manage other objects such as printers, shared folders, and so on.

3. Group Policy cannot be applied to groups and can only be applied to sites, domains, or organizational units (Sdou)

4. Group Policy does not apply to windows9x/nt computers, so it is not available on these computers.

5. Group Policy does not affect computers and users that are not joined to the domain and should be managed using local security policies for these computers and users. Note that the local security policy is similar to Group Policy but has fewer features to manage only computer settings and user settings on this machine.

Features of GPOs:

The settings data for Group Policy are stored in the Group Policy object (GPO), and the GPO has the following characteristics:

1. GPOs use ACL record permission settings to modify the ACLs of individual GPOs, specifying who has permissions on the GPO.

2, users can add or remove GPOs as long as they have sufficient permissions, but they cannot replicate GPOs. When the ad domain is newly built, only one gpo--defaolt domain POLICY is default. This GPO can be used to manage all computers and users in the domain. To set up Group Policy that is applied to organizational units, a GPO is usually set up for easy administration.

Contents of GPO:

GPOs have two broad categories of policies: 1, computer settings: Contains all computer-related policy settings that apply only to computer accounts.

2. User settings: Contains all user-related policy settings that apply only to user accounts.

Let's look at the