Group Policy Tool

Group Policy Tool is an administrative tool in Microsoft Windows that is used for configuring user and computer settings for groups of users and computers.

What is Group Policy Tool?

An administrative tool in Microsoft Windows 2000 that is used for configuring group policies; that is, user and computer settings for groups of users and computers. Group Policy is the successor to the Windows NT administrative tool called System Policy Editor.

How it works

System Policy Editor for Windows NT stores system policy information in an ntconfig.pol file that modifies a portion of the Windows NT registry. Group Policy stores its settings in an Active Directory object called a Group Policy object (GPO) that contains the collection of settings for a group of users or computers created using Group Policy. A GPO is normally associated with a selected site, domain, or organizational unit (OU) object in Active Directory. Group policy information is also stored in a folder structure called the Group Policy Template on the SYSVOL volume on domain controllers. Group policies can also be configured for computers that are not domain members. Group Policy can be used to specify the following:

  • Scripts that should be run at startup, shutdown, logon, or logoff
  • Files to be placed on users’ computers
  • Software registry settings to customize users’ desktops, configure applications, and control services (similar to System Policy Editor)
  • Audit policies for auditing account logons, account management, directory service access, object access, and other functions

In addition, by using the Security Settings extension, you can configure users’ security settings, and by using the Software Installation extension, you can publish, update, or repair applications on user’s computers.

To configure a group policy for a specific site in Active Directory, open the administrative tool called Active Directory Sites and Services, select the specific site you want to configure, click the Action button on the toolbar, choose Properties from the drop-down menu, and select the Group Policy tab. Alternatively, you can install the Group Policy snap-in in a new Microsoft Management Console (MMC) (see screen capture).

NOTE

To configure a group policy for a directory object in Active Directory, you need access to a domain controller, read and write permissions on SYSVOL, and modify permissions on the selected directory object.

Group Policy for Windows 2000 cannot be used to configure group policies for downlevel Windows NT, Windows 95, or Windows 98 clients. Use System Policy Editor instead.


Graphic G-8. Group Policy.