Re: figuring out group policies
From: John (John_at_4sol.com)
Date: 02/26/04
- Next message: Matt Trudewind[MSFT]: "RE: Cross Forest trusts"
- Previous message: Microsoft server: "Webaccess on a separate server"
- In reply to: Mike Downey: "figuring out group policies"
- Next in thread: Chris Ard [MSFT]: "RE: figuring out group policies"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 26 Feb 2004 15:58:43 -0000
Hi Mike,
This is a quite a large topic, a good place to start are the free ebooks
available at:
http://www.fullarmor.com/netiqform/
Cheers
John
"Mike Downey" <mike@ProphetTechnologies.nospamxxx.com> wrote in message
news:efLUfRH$DHA.2860@tk2msftngp13.phx.gbl...
> Does anyone know of a document that will get me started on figuring out
how
> Group Policies work? I'm kind of lost with all the GPs that SBS 2003
> creates by default. For example, both the Default Domain Controllers
Policy
> and the Small Business Server Domain Password Policy define the Enforce
> password history, Minimum passowrd length and other criteria. I'd like to
> know how they're applied to the various OUs, users, machines, etc.
>
> My first inclination is to create a GP that applies to the SBS Users OU so
> that it doesn't affect administrators on any computers.
>
> Also, it seems like most of the policies allow or prevent users from
> changing things, but it seems to me that it would be more useful to set
> properties for them automatically. For example, I can prevent users from
> changing their wallpaper, but I'd prefer if there was a setting where I
> could set it to (None) and prevent them from changing it. Also, I can
> prevent them from using the Add/Remove programs applet, but how do I just
> prevent them from installing or removing any programs instead?
>
> And finally, I'm not sure about the three values of Enabled, Disabled and
> <undefined> and how they apply. Let's assume that I'm created a Policy
that
> applies to all users. My understanding is that if a value is not set, it
> doesn't affect any of the users. That part is easy. Now, if I set it to
> Enabled, the next time the user logs on, I believe that value affects a
> change in their profile on the computer they just logged onto. If I
change
> it to Disabled, the next time they log onto any computer, that setting is
> removed from their profile on that computer. If I then change it to
> <undefined>, does GP just stop controlling that setting? That is, if I'm
> experimenting as described above and the user logged onto two separate
> computers, one while setting was Enabled and one while setting was
Disabled,
> are their profiles different on those two computers now?
>
> Any guidance to help me get started on this would be appreciated.
>
> Thanks,
> Mike
>
>
- Next message: Matt Trudewind[MSFT]: "RE: Cross Forest trusts"
- Previous message: Microsoft server: "Webaccess on a separate server"
- In reply to: Mike Downey: "figuring out group policies"
- Next in thread: Chris Ard [MSFT]: "RE: figuring out group policies"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
