Importance Of Windows Server 2003 Group Policies Part IV
- 0
- Add a Comment
Group policies enable you to control a wide range of capabilities and actions. The ones you address depend on your situation and how they impact your users and systems. The following list summarizes the key issues to address:
Hardware changes: You can use change control to prevent users from changing existing hardware settings such as display resolution, drive settings, and so on. You can prevent them from changing drivers or installing additional drivers, which helps protect against systems going down because of faulty drivers.
Application installation and changes: Use change control to prevent users from installing applications or changing existing installations. This helps control problems caused by buggy applications and/or viruses and Trojan horses introduced through shareware or freeware (and not unheard of, but less common with, commercial applications).
Security needs: Use change control to define whether users can use encryption, IPSec, and other security features. This partly helps keep users out of trouble and helps protect against such situations as a user encrypting his or her documents and then leaving the company after deleting his/her certificates. Although you can recover the encrypted data, it can be a protracted process and at best, an annoyance.
Network requirements and settings: Prevent users from making changes to their network settings or installing additional network clients or services.
Access to services: Control users’ ability to access and add, remove, change, or control services.
Local and network resource access: Define the actions that users can take in connecting to and using local and network resources.
Environment settings: You can employ change control over a wide variety of settings that control the user’s working environment including the desktop, mapped drives, printers, and so on. Group policies give you an exceptional level of control over the user’s environment and therefore the types of tasks the user can and can’t perform.
In addition to the types of change control described above, you’ll find that as you become comfortable with group policies they will play an increasingly important role in how you administer your network. You’ll use group policies not only to apply change control at the workstation and server level but also to apply granular security and distributed administration to such services as DNS and DHCP, control application installation and deployment, and much more.