Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2012 Group Policies and Policy Management : Local Group Policies, Domain-Based Group Policies

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
7/5/2013 5:11:03 PM

1. Local Group Policies

You can apply two different types of policies to Windows systems and Windows system user accounts: local group policies and Active Directory domain-based group policies. Local group policies exist on all Windows systems, but domain-based group policies are available only in an Active Directory forest. Until the release of Windows Vista and Windows Server 2008, servers and workstations could contain and apply only a single local computer policy. This policy contained settings for both the local computer and the user who logged on to the computer.

In many environments, usually because of legacy or line-of-business application requirements, end users were often granted local Administrators group membership on workstations and essentially excluded from the application of the many configured security settings applied by the local computer group policy. End users with local Administrators group membership could override settings and make configuration changes that could compromise security or, more often, reduce the reliability of the system.

Starting with Windows Vista and Windows Server 2008, administrators could create multiple local computer policies, now known simply as local group policies. One useful feature of local group policies is that specific user group policies can be created for all users, for users who are not administrators, and for users who are members of the local Administrators group on the local computer. This feature increases the security and reliability of computers, both those configured in a workgroup or those configured as standalone. In domain configurations, computer and user-based policy settings are generally configured within domain-based group policies and applied to the Active Directory computers and users. By configuring local group policies, you can ensure that these computers have a base security configuration and user experience that supports the organization’s needs, even if the computer is not configured as part of an Active Directory domain.

Local Computer Policy

The default local computer policy contains out-of-the-box policy settings, as shown in Figure 2, which are available to configure the computer and user environment. This policy is applied first to both computer and user objects logging on to the workstation in workgroups or domains.

Image

Figure 2. Local computer policy settings.

Local User Policies for Nonadministrators and Administrators

Starting with Windows Vista and Windows Server 2008, and continuing with Windows 8 and Windows Server 2012, administrators now have the option to create multiple local user group policies on a single machine. In earlier versions, the single local computer policy allowed administrators to apply the single policy settings to all users logging on to a workstation that is part of a workgroup. Now, workgroup computers and domain computers can have additional policies applied to specific local users. Also, policies can be applied to local computer administrators or nonadministrators. This allows the workstation administrator to leave the user section of the default local computer policy blank and create a more-restrictive policy for local users and a less-restrictive policy for members of the local workstation Administrators security group. Local user-based group policies can be created for specific users, for all nonadministrator users and administrators to give a lot of different user configurations based on the user who is logging on to the system.

2. Domain-Based Group Policies

Domain-based group polices differ significantly from local group policies because you must have an Active Directory environment to create and apply these policies. The settings within the group policies include both policy and preference nodes, which is another major difference (because the local group policies do not include preference settings). After that, however, most of the settings remain the same. Domain-based group policies allow for more flexibility when it comes to actually configuring what criteria is used to apply the policy. With domain-based policies, they can be filtered to apply to specific members of Active Directory security groups, computers, or objects on a particular subnet or stored within an organizational unit (OU), or they can be applied to computers that are running a specific OS version. Also, with preference settings in a domain-based group policy, item-level targeting can be used to determine whether a setting will be applied based on many different types of criteria, as shown in Figure 2.

Image

Figure 2. Domain-based GPP item-level targeting.

Other -----------------
- Windows Server 2012 Group Policies and Policy Management - Group Policy Processing: How Does It Work?
- BizTalk Server 2010 : Installation of WCF SAP Adapter (part 4) - IDOC Deep Dive, Building a BizTalk application — Sending IDOC
- BizTalk Server 2010 : Installation of WCF SAP Adapter (part 3) - IDOC schema generation
- BizTalk Server 2010 : Installation of WCF SAP Adapter (part 2) - WCF-SAP Adapter vs WCF Customer Adapter with SAP binding
- BizTalk Server 2010 : Installation of WCF SAP Adapter (part 1) - SAP Prerequisite DLLs
- Exchange Server 2007 : Leveraging the Capabilities of the Outlook Web Access Client - Getting to Know the Look and Feel of OWA 2007
- Exchange Server 2007 : Leveraging the Capabilities of the Outlook Web Access Client - Logging On to OWA 2007
- Exchange Server 2007 : Leveraging the Capabilities of the Outlook Web Access Client - What’s New in OWA 2007?
- SQL Server 2012 : Data Architecture (part 2) - Smart Database Design
- SQL Server 2012 : Data Architecture (part 1) - Information Architecture Principle, Database Objectives
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server