Appendix B. Computer Configuration Group Policy Objects
Chapter 7, detailed the process of creating, managing, and distributing group policy settings. However, it’s not enough to know how to do these things; you also have to know which policy settings exist and what they do--hence this appendix. The GPO settings listed in this appendix appear in the Computer Configuration node beneath each domain and local policy object.
Windows Settings
Computer Configuration\Windows Settings
Security Settings
Computer Configuration\Windows Settings\Security Settings
There are seven areas of security settings: Account Policies, Local Policies, Event Log Settings, Restricted Groups, System Services, Registry, and File System. You can add security to any of these areas by defining security settings in a Group Policy object (GPO) that is associated with a domain or an organizational unit (OU).
Restricted Groups
Computer Configuration\Windows Settings\Security Settings\Restricted Groups
This is where administrators can define properties for restricted groups (security-sensitive groups). Administrators can define two properties:
- Members
Defines who belongs to the restricted group.
- Member Of
Defines which other groups the restricted group belongs to.
When a restricted Group Policy is applied, members of a restricted group that are not on the Members list are deleted. Users on the Members list who aren’t currently members of the restricted group are added.
System Services
Computer Configuration\Windows Settings\Security ...
Get Managing The Windows 2000 Registry now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
