1/1/2024 0 Comments Windows desktop groups![]() You can enable a policy, disable a policy, or select the Not Configured option. You might notice that three different options are available. To set such a policy, simply select the Enabled radio button and click OK, (see Figure B). The Policy tab allows you to set the policy, while the Explain tab explains the implications of setting a policy.įor example, if you wanted to prevent the user from being able to save desktop settings on exit, you could right click on the Don’t Save On Exit policy setting and select the Properties command from the context menu. Although there are variations, most properties sheets have a Policy tab and an Explain tab. You’ll then see a properties sheet for the policy setting ( Figure B). If you want to configure a policy setting, right-click on the policy and select the Properties command from the shortcut menu. If Windows sees that a particular policy setting isn’t configured, it can skip that setting, thus saving time. During the login process, Windows must process the group policy. You’ll notice in Figure A that each of the various settings say Not Configured. Once you’ve selected the Desktop container, you’ll see several settings appear in the column on the right. The Desktop configuration portion of the local security policy can be found by navigating through the console to User Configuration | Administrative Templates | Desktop. Notice that the local security policy is divided into Computer Configuration and User Configuration. Regardless of the method you use to open the Group Policy Editor, you will be presented with a window that resembles the one in Figure A. This will load the Local Computer Policy snap-in into the console. Select the Local Computer object and click the Finish button followed by the Close and OK buttons. When you do, Windows will ask you which group policy object you want to work with. Select the Group Policy snap-in from the list and click the Add button. Next, click the Add button on the properties sheet’s Standalone tab to display a list of the available snap-ins. When the console opens, click Console | Add/Remove Snap In to display the Add/Remove Snap In properties sheet. Second, you can open an empty Microsoft Management Console session by clicking Start | Run, entering MMC at the command line, and clicking OK. First, you can click Start | Run, enter gpedit.msc at the command line, and click OK. There are two ways to access the Group Policy Editor. The Group Policy Editor is a Microsoft Management Console snap-in. But if you look for the Group Policy Editor you won’t find any icons or menu options for it. To open the Group Policy Editor, log on to a workstation as a user with local administrative privileges. For that, you need to use the full-blown Group Policy Editor. However, this tool only loads a subset of the total local security policy it won’t allow you to lock down the desktop. If you click the Administrative Tools icon found in Control Panel, you’ll notice that the Administrative Tools menu contains an option for the Local Security Policy. For the examples in this article, I will use the Group Policy Editor in Windows 2000. Let’s look at how the Group Policy Editor works and an example of how it can be used to lock down a desktop. The effective policy is derived by starting at the domain level and then applying policies on a more individualized basis, working toward the individual workstation’s group policy, known as the local security policy. All of the various policy elements are then combined into what’s known as the effective policy. Group policies are hierarchical they can be applied to domains, workstations, user groups, and/or individual users. For example, you could create a policy that disables the Run prompt or Control Panel. Group policies are designed to apply policy settings to a wide variety of tasks. The Group Policy Editor is a tool used to assign policies to a system. A great tool for preventing potentially harmful tinkering is the Windows Group Policy Editor. One way for your help desk staff to save on help desk calls is to limit the damage curious users can cause by meddling with their desktops’ OS settings. Prevent harmful user desktop tinkering with Windows Group Policy Editor. Lock IT Down: Secure your desktops with Windows’ Group Policy Editor
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |