Logo
HOW TO
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows Server

Windows Server 2012 Group Policies and Policy Management : Local Group Policies, Domain-Based Group Policies

7/5/2013 5:11:03 PM

1. Local Group Policies

You can apply two different types of policies to Windows systems and Windows system user accounts: local group policies and Active Directory domain-based group policies. Local group policies exist on all Windows systems, but domain-based group policies are available only in an Active Directory forest. Until the release of Windows Vista and Windows Server 2008, servers and workstations could contain and apply only a single local computer policy. This policy contained settings for both the local computer and the user who logged on to the computer.

In many environments, usually because of legacy or line-of-business application requirements, end users were often granted local Administrators group membership on workstations and essentially excluded from the application of the many configured security settings applied by the local computer group policy. End users with local Administrators group membership could override settings and make configuration changes that could compromise security or, more often, reduce the reliability of the system.

Starting with Windows Vista and Windows Server 2008, administrators could create multiple local computer policies, now known simply as local group policies. One useful feature of local group policies is that specific user group policies can be created for all users, for users who are not administrators, and for users who are members of the local Administrators group on the local computer. This feature increases the security and reliability of computers, both those configured in a workgroup or those configured as standalone. In domain configurations, computer and user-based policy settings are generally configured within domain-based group policies and applied to the Active Directory computers and users. By configuring local group policies, you can ensure that these computers have a base security configuration and user experience that supports the organization’s needs, even if the computer is not configured as part of an Active Directory domain.

Local Computer Policy

The default local computer policy contains out-of-the-box policy settings, as shown in Figure 2, which are available to configure the computer and user environment. This policy is applied first to both computer and user objects logging on to the workstation in workgroups or domains.

Image

Figure 2. Local computer policy settings.

Local User Policies for Nonadministrators and Administrators

Starting with Windows Vista and Windows Server 2008, and continuing with Windows 8 and Windows Server 2012, administrators now have the option to create multiple local user group policies on a single machine. In earlier versions, the single local computer policy allowed administrators to apply the single policy settings to all users logging on to a workstation that is part of a workgroup. Now, workgroup computers and domain computers can have additional policies applied to specific local users. Also, policies can be applied to local computer administrators or nonadministrators. This allows the workstation administrator to leave the user section of the default local computer policy blank and create a more-restrictive policy for local users and a less-restrictive policy for members of the local workstation Administrators security group. Local user-based group policies can be created for specific users, for all nonadministrator users and administrators to give a lot of different user configurations based on the user who is logging on to the system.

2. Domain-Based Group Policies

Domain-based group polices differ significantly from local group policies because you must have an Active Directory environment to create and apply these policies. The settings within the group policies include both policy and preference nodes, which is another major difference (because the local group policies do not include preference settings). After that, however, most of the settings remain the same. Domain-based group policies allow for more flexibility when it comes to actually configuring what criteria is used to apply the policy. With domain-based policies, they can be filtered to apply to specific members of Active Directory security groups, computers, or objects on a particular subnet or stored within an organizational unit (OU), or they can be applied to computers that are running a specific OS version. Also, with preference settings in a domain-based group policy, item-level targeting can be used to determine whether a setting will be applied based on many different types of criteria, as shown in Figure 2.

Image

Figure 2. Domain-based GPP item-level targeting.
Other -----------------
- Windows Server 2012 Group Policies and Policy Management - Group Policy Processing: How Does It Work?
- BizTalk Server 2010 : Installation of WCF SAP Adapter (part 4) - IDOC Deep Dive, Building a BizTalk application — Sending IDOC
- BizTalk Server 2010 : Installation of WCF SAP Adapter (part 3) - IDOC schema generation
- BizTalk Server 2010 : Installation of WCF SAP Adapter (part 2) - WCF-SAP Adapter vs WCF Customer Adapter with SAP binding
- BizTalk Server 2010 : Installation of WCF SAP Adapter (part 1) - SAP Prerequisite DLLs
- Exchange Server 2007 : Leveraging the Capabilities of the Outlook Web Access Client - Getting to Know the Look and Feel of OWA 2007
- Exchange Server 2007 : Leveraging the Capabilities of the Outlook Web Access Client - Logging On to OWA 2007
- Exchange Server 2007 : Leveraging the Capabilities of the Outlook Web Access Client - What’s New in OWA 2007?
- SQL Server 2012 : Data Architecture (part 2) - Smart Database Design
- SQL Server 2012 : Data Architecture (part 1) - Information Architecture Principle, Database Objectives
 
 
REVIEW
- First look: Apple Watch

- 10 Amazing Tools You Should Be Using with Dropbox

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
 
VIDEO TUTORIAL
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
 
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Popular keywords
HOW TO Swimlane in Visio Visio sort key Pen and Touch Creating groups in Windows Server Raid in Windows Server Exchange 2010 maintenance Exchange server mail enabled groups Debugging Tools Collaborating
Top 10
- Microsoft Excel : How to Use the VLookUp Function
- Fix and Tweak Graphics and Video (part 3) : How to Fix : My Screen Is Sluggish - Adjust Hardware Acceleration
- Fix and Tweak Graphics and Video (part 2) : How to Fix : Text on My Screen Is Too Small
- Fix and Tweak Graphics and Video (part 1) : How to Fix : Adjust the Resolution
- Windows Phone 8 Apps : Camera (part 4) - Adjusting Video Settings, Using the Video Light
- Windows Phone 8 Apps : Camera (part 3) - Using the Front Camera, Activating Video Mode
- Windows Phone 8 Apps : Camera (part 2) - Controlling the Camera’s Flash, Changing the Camera’s Behavior with Lenses
- Windows Phone 8 Apps : Camera (part 1) - Adjusting Photo Settings
- MDT's Client Wizard : Package Properties
- MDT's Client Wizard : Driver Properties
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro