If you’re already familiar with using Group Policy Objects in Active Directory environments, then you no doubt already know that GPOs can only be applied to 3 types of objects – sites, domains, and organizational units. You cannot apply a GPO to a user account object, nor to a security group.
While the rules are the […]

While there’s no denying that USB storage devices like “pen” or “keychain” drives can come in very handy in a pinch, you need to think seriously about the security repercussions of allowing end users to attach these devices to their PCs. With storage capabilities of 1 to 10 GB (don’t forget those funky MP3 players) […]

Anyone who has ever used Group Policy knows that it’s a powerful ally in the battle to standardize configuration settings and lock down user desktops. However, with literally hundreds of different configurable options, finding the settings you’re looking for can often be a frustrating experience.
Thankfully, help is out there, even if it is a little […]

The purpose of this article is not to provide you with an overview of all the new features of Windows Server 2003. Instead, in this article I have decided to concentrate on one important new tool that specifically deals with ‘results’, in this case with respect to group policy settings. In a followup article I […]

In a Windows NT 4.0 domain environment, assigning scripts to users was more of less restricted to simple logon scripts. Not particularly flexible, but generally enough to get the basic jobs done - mapping directories, printers, environment variables, and so forth. For all intents and purposes, however, you were still in a simple batch file […]

Since the basics of this topic were looked at in previous articles, my intention is to look at some of the more advanced options here. For the purpose of review, the basics of group policy are outlined below.
In an Active Directory environment, group policy allows us to distribute software to users and computers using a […]

As mentioned many times in previous articles, group policy settings are applied in the order Local, Site, Domain, OU. This order controls which settings end up actually applying to a user or computer. Remember that all settings merge together by default, and that in the event of conflicting settings, the one applied latest will apply.
You […]

As described in previous articles, group policy in Active Directory allows us a great deal of flexibility in terms of how users and their Windows 2000 computing environment is controlled and managed. Things that can be done with group policy include software distribution, updating settings such as Internet Explorer’s proxy server settings, locking people out […]

A Window 2000 environment running Active Directory provides the ability to use group policy to distribute software to users and computers. This allows for the distribution of software at the site, domain, and organizational unit levels (the 3 levels within Active Directory to which group policy can be applied). Note that software can only be […]

As noted earlier, the basic difference between a built-in container and an OU is that OUs can have group policy settings applied to them. Another benefit is the fact that OUs can be nested, which provides benefits in terms of the inheritance of group policy. Note that an OU can be moved within a domain, […]