Windows Group Policy and Local Security Settings

Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are Inherent in Group Policy objects (GPOs), which are connected to the following Active Directory service, domains, or organizational units (OUs). The settings within GPOs are then assessment by the affected targets, using the hierarchical nature of Active Directory.

Group Policy can control object’s registry, NTFS security, and security policy, software installation, logon/logoff scripts as well. In a single workstation, administrative templates are stored in the WinDir/Inf folder, while on a domain controller; they are stored for each domain GPO in a single folder called the Group Policy Template (GPT) in the Sysvol folder.

Group Policy application

The Group Policy client will then apply those GPOs which will thereafter affect the behavior of policy-enabled operating system components and applications.

Group Policy is one of a group of management technologies, collectively known as IntelliMirror management technologies, which provide users with consistent access to their applications, application settings, roaming user profiles, and user data, from any managed computer

 Local group policy

Local group policy is a basic policy for the local computer. The specific-user limitation can be overcome by using the Registry Editor to make changes under the HKCU or HKU keys. LGP simply makes registry changes under the HKLM key, thus affecting all users; the same changes can be made under HKCU or HKU to only affect certain users

 Security

A problem with the per-user policies is that they're only enforced voluntarily by the targeted applications. One should rather see it that the Group Policy helps the user provide some safe defaults to help him enforce security for himself.

Windows Vista includes around 2400 Group Policy settings, which allow administrators to specify configuration for connected groups of computers, especially in a domain. Windows Vista supports Multiple Local Group Policy Objects which allows setting different levels of Local Group Policy for individual users.

Desktop Optimization Pack

For the enterprise customers of Windows Vista, who have also subscribed to its Software Assurance program, Microsoft has made available the Desktop Optimization Pack, which provides a set of add-on applications to Windows Vista which aim for easier manageability of multiple Windows Vista clients across a corporate network.