Chapter 5. Group Policy and Security Templates
Group Policy is one of the best features of Microsoft Active Directory. Introduced in Windows 2000, Group Policy provides a way for administrators to apply consistent configurations to groups of users and computers. Group policies can help you enforce your organization’s written policies. For example, your company’s security manual might require that all computers in the research department display a message when users log on, informing them of increased security monitoring in that department. Group Policy allows you to centrally configure, implement, and manage such a warning message, and apply it to the necessary computers.
One of the greatest security-related features of Group Policy is the
ability to deploy security templates
across an
enterprise. Security templates, which I’ll discuss
throughout this chapter, make it possible to bundle an entire
security configuration into a single file (the template). For
example, you might create a security template for client computers in
your organization and then use Group Policy to deploy the security
template to the client computers. In this manner, you can centrally
configure computers to have a consistent security configuration.
You’re assured that the configuration will be
enforced, thus protecting your computers. Because templates can be
centrally managed, you can update, revise, and improve your security
configuration over time as required by your organization.
Group Policy has many ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.