RE: figuring out group policies

From: Matt Trudewind[MSFT] (a-mattt_at_online.microsoft.com)
Date: 02/26/04

• Next message: Frank Brown [MSFT]: "RE: External emails going out"
• Previous message: John: "Re: Cross Forest trusts"
• In reply to: Mike Downey: "figuring out group policies"
• Next in thread: John: "Re: figuring out group policies"
• Messages sorted by: [ date ] [ thread ]

Date: Thu, 26 Feb 2004 15:56:29 GMT

--------------------
>From: "Mike Downey" <mike@ProphetTechnologies.nospamxxx.com>
>Subject: figuring out group policies
>Date: Thu, 26 Feb 2004 08:25:21 -0600
>Does anyone know of a document that will get me started on figuring out how
>Group Policies work? I'm kind of lost with all the GPs that SBS 2003
>creates by default. For example, both the Default Domain Controllers Policy
>and the Small Business Server Domain Password Policy define the Enforce
>password history, Minimum passowrd length and other criteria. I'd like to
>know how they're applied to the various OUs, users, machines, etc.
>
>My first inclination is to create a GP that applies to the SBS Users OU so
>that it doesn't affect administrators on any computers.
>
>Also, it seems like most of the policies allow or prevent users from
>changing things, but it seems to me that it would be more useful to set
>properties for them automatically. For example, I can prevent users from
>changing their wallpaper, but I'd prefer if there was a setting where I
>could set it to (None) and prevent them from changing it. Also, I can
>prevent them from using the Add/Remove programs applet, but how do I just
>prevent them from installing or removing any programs instead?
>
>And finally, I'm not sure about the three values of Enabled, Disabled and
><undefined> and how they apply. Let's assume that I'm created a Policy that
>applies to all users. My understanding is that if a value is not set, it
>doesn't affect any of the users. That part is easy. Now, if I set it to
>Enabled, the next time the user logs on, I believe that value affects a
>change in their profile on the computer they just logged onto. If I change
>it to Disabled, the next time they log onto any computer, that setting is
>removed from their profile on that computer. If I then change it to
><undefined>, does GP just stop controlling that setting? That is, if I'm
>experimenting as described above and the user logged onto two separate
>computers, one while setting was Enabled and one while setting was Disabled,
>are their profiles different on those two computers now?
>
>Any guidance to help me get started on this would be appreciated.
>
>Thanks,
>Mike
>
>
>

Here is a KB article to check out 818735.

Also the builtin help for SBS is great. Do a help and support search for Group Policy.

Matt Trudewind
Microsoft Product Support Specialist
This posting is provided "AS IS" with no warranties, and confers no rights.

• Next message: Frank Brown [MSFT]: "RE: External emails going out"
• Previous message: John: "Re: Cross Forest trusts"
• In reply to: Mike Downey: "figuring out group policies"
• Next in thread: John: "Re: figuring out group policies"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint