Wednesday, 21 November 2012

Group Policy

Group Policy
The Microsoft Management Console (MMC) snap-in that is used to edit Group Policy objects. To start group policy type “gpedit.msc” without quotes in the run dialog box.
Group Policy object
A collection of Group Policy settings. Group Policy objects are essentially the documents created by the Group Policy snap-in, a Windows utility. Group Policy objects are stored at the domain level, and they affect users and computers contained in sites, domains, and organizational units. In addition, each Windows computer has exactly one group of settings stored locally, called the local Group Policy object.

These GP Policies applies to all Windows Operating Systems Only.

Microsoft Management Console (MMC)
A framework for hosting administrative tools, called consoles. A console may contain tools, folders or other containers, World Wide Web pages, and other administrative items. These items are displayed in the left pane of the console, called a console tree. A console has one or more windows that can provide views of the console tree.
The main MMC window provides commands and tools for authoring consoles. The authoring features of MMC and the console tree itself may be hidden when a console is in User Mode. To start Microsoft Management Console (MMC) just type “mmc” without quotes in the run dialog box.
In this document am majoring on Group policy. For any serious System Admin, ICT personnel and Expert end-user it is crucial to know the use of group policy features.
Starting and using Group policy
  1. Click start
  2. Point “run” and click
  3. Type gpedit.msc and press enter
  1. Press Windows Logo Key + R. Run dialog box will open
  2. Type gpedit.msc and press enter.

  1. When in the Group policy window, point at the icon with a “+” sign and click.
  2. In the expanded list, choose the setting that you would like to start.
  3. In any configuration, you will notice that “state” is labeled as “Not configured”.
  4. Double click on one of the settings, in the dialog box that opens, click the tab “Explain” and read the meaning of that setting.
  5. You can now click the setting and choose “Not configured”, “enabled”, or “Disabled” in order to effect the setting.
  6. After you effect the setting(s), close the Group policy window. Press F5 key in the function keys to refresh your system.
  7. With that, the setting(s) will take effect.

It is in the Group policy where you can do the following:-
  1. Add scripts to run during start-up or shut down e.g. A script telling company workers about the company’s MOTTO.
  2. Edit security settings e.g. Account policies (Whether all accounts MUST have passwords, accounts passwords to expire after 20 days prompting for a new password etc), Account lock-out in case someone attempts to break into your account/computer through password guessing.
  3. Edit Local policies namely, Audit policy (e.g. Log in and log out events, process tracking, System events etc), User rights assignment (e.g. LAN Access, shutdown rights, etc), Security options (e.g. Enabling and disabling accounts, Device management, Domain Membership, Interactive logon, Network access and security etc)
  4. Administrative templates settings configuration.
    1. Windows components
    2. System configurations e.g. User profiles, Scripts, windows file protection etc
    3. Network configurations
    4. Printers’ configurations e.g. LAN and WAN printing.
    5. Users Configurations
      1. Software settings
      2. Windows settings
      3. Administrative templates e.g. Start menus and task bar, Desk top, control panel, Network etc
Group policy is such a wide topic in System Administration it is not possible to cover everything here. There are more than a hundred settings in the group policy settings. Some of the settings available are:-
  1. Configuring a custom name for Internet explorer
  2. Denying users access to control panel
  3. Disabling changing of desktop display and screen saver
  4. Disabling altering of date and time settings on the computer
  5. Disabling recent documents display
  6. Removing recycle bin from desktop
  7. Preventing user from adding or removing desktop icons
  8. Prevent users from installing software from removable devices e.g. flash drives
  9. Preventing programs un-installation.
  10. Preventing running unauthorized programs
  11. Prevent access to command prompt
  12. Disable task manager
  13. Set maximum disk space for user profiles
  14. Prohibit internet access from a computer
  15. Prevent CD burning in a computer etc
Before you engage group policy settings, make sure you have the approval of your System Administrators or it adheres to your company policies to avoid any inconvenience. Also ensure you are sure of what you are doing to avoid messing with your system.  DO NOT USE THE KNOWLEDGE AGAINST OTHERS. It is good to set a system restore point first before trying out things since you can always restore your computer to a previous working state in case you mess. Otherwise, group policy “gpedit.msc” is a very powerful tool for computers systems administration.

Welcome and Keep Visiting for more ICT Tips and Tricks.

No comments:

Post a comment

Do you love this article? Leave a comment for Feed Back.