Logo
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
EPL Standings
 
 
Windows Server

Windows Server 2008 R2 : Local Group Policies

3/8/2011 10:08:12 PM
Two different types of policies can be applied to Windows systems and Windows system user accounts: local group policies and Active Directory group policies. Local group policies exist on all Windows systems, but Active Directory group policies are only available in an Active Directory forest. Until the release of Windows Vista and Windows Server 2008, servers and workstations could contain and apply only a single local computer and user policy. This policy contained the settings that could be applied to the local computer and the user objects to control the security and configuration settings.

In many environments, usually due to legacy or line-of-business application requirements, end users were frequently granted local Administrators group membership on workstations and essentially excluded from the application of many security settings applied by both the local and group policies. End users with local Administrators group membership have the ability to override settings and make configuration changes that could compromise the security, or more frequently, reduce the reliability of the system.

Starting with Windows Vista and Windows Server 2008, administrators now have the ability to create multiple local group policies. One of the new features is that specific user group policies can be created for all users, for users who are not administrators, and for users who are members of the local Administrators group on the computers. This new feature can be especially valuable for computers configured in workgroup or standalone configurations to increase the security and reliability of the computer. In domain configurations, computer security policies are usually specified using group policies and applied to the Active Directory computers.

Local Computer Policy

The default local computer policy contains out-of-the-box policy settings, as shown in Figure 1, which are available to configure the computer and user environment. This policy will be applied first for both computer and user objects logging on to the workstation in workgroups or domains.

Figure 1. Examining local computer policy settings.

Local User Policies for Non-Administrators and Administrators

Starting with Windows Vista and Windows Server 2008, and continuing with Windows 7 and Windows Server 2008 R2, administrators now have the option to create multiple local user group policies on a single machine. In previous versions, the single local computer policy allowed administrators to apply the single policy settings to all users logging on to a workstation that is part of a workgroup. Now, workgroup computers and domain computers can have additional policies applied to specific local users. Also, policies can be applied to local computer administrators or nonadministrators. This allows the workstation administrator to leave the user section of the default local computer policy blank, and create a more-restrictive policy for local users and a less-restrictive policy for members of the local workstation Administrators security group.

Other -----------------
- Windows Server 2008 R2 : Group Policy Processing—How Does It Work?
- Understanding DNS in Windows Server 2003 Networks
- Understanding Name Resolution in Windows Server 2003
- Windows Server 2008 R2 Administration : Managing Printers with the Print Management Console
- Windows Server 2008 R2 Administration : Managing Users with Local Security and Group Policies (part 3) - Troubleshooting Group Policy Applications
- Windows Server 2008 R2 Administration : Managing Users with Local Security and Group Policies (part 2) - Configuring and Optimizing Group Policy
- Windows Server 2008 R2 Administration : Managing Users with Local Security and Group Policies (part 1) - Viewing Policies with the Group Policy Management Console & Creating New Group Policies
- Windows Server 2008 R2 Administration : Creating Groups
- Examining Windows Server 2008 R2 Active Directory Groups
- Windows Server 2008 R2 Administration : Configuring Sites (part 2) - Establishing Site Links & Delegating Control at the Site Level
- Windows Server 2008 R2 Administration : Configuring Sites (part 1) - Creating a Site
- Windows Server 2008 R2 Administration : Examining Active Directory Site Administration
- Windows Server 2008 R2 Administration : Defining the Administrative Model
- Migrating to Windows Server 2008 R2 : Lab-Testing Existing Applications
- Migrating to Windows Server 2008 R2 : Verifying Compatibility with Vendors
- Migrating to Windows Server 2008 R2 : Researching Products and Applications
- Migrating to Windows Server 2008 R2 : Preparing for Compatibility Testing
- Migrating from Windows Server 2003/2008 to Windows Server 2008 R2 : Multiple Domain Consolidation Migration (part 5) - Migrating Other Domain Functionality
- Migrating from Windows Server 2003/2008 to Windows Server 2008 R2 : Multiple Domain Consolidation Migration (part 4) - Migrating Computer Accounts
- Migrating from Windows Server 2003/2008 to Windows Server 2008 R2 : Multiple Domain Consolidation Migration (part 3) - Migrating Groups & Migrating User Accounts
 
 
Most view of day
- Designing and Configuring Unified Messaging in Exchange Server 2007 : Monitoring and Troubleshooting Unified Messaging (part 3) - Event Logs
- BizTalk Server 2009 Operations : Disaster Recovery (part 2)
- Windows Server 2008 : Configuring Server Core after Installation (part 2) - Restoring the Command Prompt , Renaming the Computer
- Microsoft Visio 2010 : Modifying a Graphic (part 4) - Cropping a Graphic
- Windows Server 2003 on HP ProLiant Servers : Migration Case Studies (part 1) - County Government Office
- Exchange Server 2007 : Deploying a Cluster Continuous Replication Mailbox Cluster (part 2)
- Windows Server 2003 on HP ProLiant Servers : Logical Structure Design (part 4) - Group Policy
- Windows Small Business Server 2011 : Adding a Terminal Server - Adding a RemoteApp to Remote Web Workplace
- Understanding IPv6 (part 1) - Understanding IPv6 Terminology , Understanding IPv6 Addressing
- Microsoft Lync Server 2010 : Planning for Voice Deployment - Voice Resilience
Top 10
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 3) - Creating IPv4 DHCP Scopes
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 2) - Installing DHCP Server and Server Tools
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 1)
- Windows Server 2012 : DHCP,IPv6 and IPAM - Understanding the Components of an Enterprise Network
- Microsoft OneNote 2010 : Using the Research and Translate Tools (part 3) - Translating Text with the Mini Translator
- Microsoft OneNote 2010 : Using the Research and Translate Tools (part 2) - Translating a Word or Phrase with the Research Pane
- Microsoft OneNote 2010 : Using the Research and Translate Tools (part 1) - Setting Options for the Research Task Pane, Searching with the Research Task Pane
- Microsoft OneNote 2010 : Doing Research with Linked Notes (part 2) - Ending a Linked Notes Session, Viewing Linked Notes
- Microsoft OneNote 2010 : Doing Research with Linked Notes (part 1) - Beginning a Linked Notes Session
- Microsoft OneNote 2010 : Doing Research with Side Notes (part 3) - Moving Side Notes to Your Existing Notes
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro