Previous posts
Force Windows to display a secure logon screenHow Interactive Logons Work
Controlling the Logon and Authentication Process
Windows Built-In Security Groups
Security Groups
Windows Built-In User Accounts
Windows What Are User Accounts?
Windows Local vs. Domain Accounts
Workgroups vs. Domains
Managing Sessions and Open Files
Friends
mercredi 30 janvier 2008
Using Group Policy to Restrict Access
One of the most powerful features of Windows XP Professional and Windows 2000 is support for Group Policy settings. After logging on as an administrator, you can use a fairly straightforward tool called the Group Policy snap-in to define security settings for a local computer, to control more than 450 aspects of the operating system's behavior, and to automate what happens at startup and shutdown and when users log on or off. (A part of the Group Policy snap-in, called Local Security Policy, handles a subset of these settings and can be a useful tool also.) On a Windows domain, Group Policy is especially powerful, giving administrators complete control over user settings for everyone who logs on to the domain.
NOTE
--------------------------------------------------------------------------------
The features described in this section do not work in Windows XP Home Edition. If you attempt to run the Local Security Policy snap-in, Windows displays an error message.
To open the Group Policy console, enter gpedit.msc at a command prompt. Figure 2-5 shows the resulting window, with the User Rights Assignment category expanded.
Figure 2-5. Use the Group Policy console to adjust what users and groups can do on the local computer.
Because Group Policy settings can be applied to users and groups, you can use this feature to customize security settings quite effectively. Items in the Computer Configuration category include access control settings for users and groups. Using settings in the Password Policy group, for instance, you can force all limited user accounts (members of the Users group) to create complex logon passwords, require that they change the password at regular intervals, and prevent them from reusing old passwords. (Unfortunately, there's no policy that will keep users from writing passwords on sticky notes and slapping them on the side of their monitor!) Similarly, the User Rights Assignment section allows you to prevent certain users or groups from shutting down the computer or resetting the system clock.
Settings listed under User Configuration apply to all users of the local computer and can be overridden only by an administrator. When you make changes in Group Policy in Windows XP Professional and Windows 2000, your new settings are stored in the registry. Most of the settings in this section are self-explanatory, with detailed descriptions available via online help. If you're using Group Policy under Windows 2000, you can see a detailed explanation when you double-click any item on the list. If you use Windows XP Professional, the same help text is visible on the Extended tab so that you can scroll through the list of settings and learn how each one works, as shown here, without having to open each item individually.
One of the most powerful features of Windows XP Professional and Windows 2000 is support for Group Policy settings. After logging on as an administrator, you can use a fairly straightforward tool called the Group Policy snap-in to define security settings for a local computer, to control more than 450 aspects of the operating system's behavior, and to automate what happens at startup and shutdown and when users log on or off. (A part of the Group Policy snap-in, called Local Security Policy, handles a subset of these settings and can be a useful tool also.) On a Windows domain, Group Policy is especially powerful, giving administrators complete control over user settings for everyone who logs on to the domain.
NOTE
--------------------------------------------------------------------------------
The features described in this section do not work in Windows XP Home Edition. If you attempt to run the Local Security Policy snap-in, Windows displays an error message.
To open the Group Policy console, enter gpedit.msc at a command prompt. Figure 2-5 shows the resulting window, with the User Rights Assignment category expanded.
Figure 2-5. Use the Group Policy console to adjust what users and groups can do on the local computer.
Because Group Policy settings can be applied to users and groups, you can use this feature to customize security settings quite effectively. Items in the Computer Configuration category include access control settings for users and groups. Using settings in the Password Policy group, for instance, you can force all limited user accounts (members of the Users group) to create complex logon passwords, require that they change the password at regular intervals, and prevent them from reusing old passwords. (Unfortunately, there's no policy that will keep users from writing passwords on sticky notes and slapping them on the side of their monitor!) Similarly, the User Rights Assignment section allows you to prevent certain users or groups from shutting down the computer or resetting the system clock.
Settings listed under User Configuration apply to all users of the local computer and can be overridden only by an administrator. When you make changes in Group Policy in Windows XP Professional and Windows 2000, your new settings are stored in the registry. Most of the settings in this section are self-explanatory, with detailed descriptions available via online help. If you're using Group Policy under Windows 2000, you can see a detailed explanation when you double-click any item on the list. If you use Windows XP Professional, the same help text is visible on the Extended tab so that you can scroll through the list of settings and learn how each one works, as shown here, without having to open each item individually.
0 Comments:
Funny Blogs
Blogger Roll
Free Software
