Term of

OPERATING SYSTEM
(GROUP POLICY)

D.O.S :- 4 /May /2009 Submitted To:

Mr. Sandeep Sharma Kaur E3804A12 :-10810025 Singh

Submitted By:Prabhdeep Roll No.:Regn. No. Utpal Pratap

Roll No.:E3804B29 :-10806602 Sem. Regn.No. MCA 2nd

CONTENT
1:-Group policy 2:-Advantage of GROUP POLICY

GROUP POLICY
Group Policy gives you administrative control over users and computers in your network. By using Group Policy, you can define the state of a user's work environment once, and then rely on Windows Server 2003 to continually force the Group Policy settings that you apply across an entire organization or to specific groups of users and computers.

Group Policy is a feature of Microsoft Windows NT family of operating systems. It is what provides the centralized management and configuration of computers and remote users in an Active Directory environment. In other words, it controls what users can and can't do on a computer network. Although Group Policy is usually used in enterprise environments, its usage is also common in schools, businesses, and other small organizations to restrict certain actions that may

pose potential security risks: for instance, blocking the Windows Task Manager, restricting access to certain folders, disabling downloaded executable files and so on. As part of Microsoft's IntelliMirror technologies, it aims to reduce the overall cost of supporting users of Windows. These technologies relate to the management of disconnected machines or roaming users and include Roaming user profiles, Folder redirection and Offline Files.

OVERVIEW
Group Policy can control a target object's registry, NTFS security, audit and security policy, software installation, logon/logoff scripts, folder redirection, and Internet Explorer settings. The policy settings are stored in Group Policy Objects (GPOs). A GPO is internally referenced by a Globally Unique Identifier (GUID). Each one may be linked to multiple sites, domains or organizational units. This allows for multiple machines or users to be updated via a change to a single GPO in turn reducing the administrative burden and costs associated with managing these resources. Group Policies use Administrative Templates (ADM/ADMX) files to describe where registry-based

policy settings are stored in the registry. Administrative Templates essentially describe the user interface that administrators see in the Group Policy Object Editor snap-in. On a single workstation, administrative templates are stored in the %WinDir%\Inf folder, while on a domain controller, they are stored for each domain GPO in a single folder called the Group Policy Template (GPT) in the Sysvol folder. ADMX is the new XML-based file format introduced in Windows Vista which contain configuration settings for individual GPOs. User and computer objects may only exist once in the Active Directory but often fall into the scope of several GPOs. The user or computer object applies each applicable GPO. Conflicts between GPOs are resolved at a per attribute level. Group Policies are analyzed and applied at startup for computers and during logon for users. The client machine refreshes most of the Group Policy settings periodically, the period ranging from 60-120 minutes and controlled by a configurable parameter of the Group Policy settings. Group Policy is supported on Windows 2000, Windows XP Professional, Windows Vista, Windows Server 2003 and Windows Server 2008. Windows XP Media Center Edition and Windows XP Professional computers not joined to a domain can also use the Group Policy Object Editor to change the group policy

for the individual computer. This local group policy however is much more limited than GPOs for Active Directory. Group Policies can be enforced on Unix-like operating systems (e.g. Mac OS X, UNIX, Linux) through thirdparty software solutions (e.g. Centrify DirectControl) that run on the client machine to apply settings.

GROUP POLICY ADVANTAGES

1:-You can assign group policy in domains, sites and organizational units. 2:-All users and computers get reflected by group policy settings in domain, site and organizational unit. 3:-No one in network has rights to change the settings of Group policy; by default only administrator has full privilege to change, so it is very secure. 4:-Policy settings can be removed and can further rewrite the changes.