FAQ

Group Policy settings FAQ: Why they matter

Microsoft's Group Policy infrastructure allows IT administrators to use Active Directory to specify configurations for computers, and it can be used to set policies for users, applications and networking at the machine level. Group Policy Objects and Group Policy settings are important for maintaining security at both the desktop and server levels, but you should know their limits.

Why use Group Policy to restrict access to the Control Panel?

In addition to the User Account Control feature in the Control Panel, IT admins should know how to lock down the Control Panel with Group Policy. This can help prevent users from making unauthorized changes to their machines. Group Policy is also useful for protecting Outlook 2010, regulating local admin groups and managing Active Directory.

How can I use Group Policy settings to manage desktops?

While much of IT's focus is on securing enterprise networks, don't forget to monitor endpoints such as desktops and mobile devices. For example, you can use Group Policy to automate BitLocker To Go, which is a whole-disk encryption program built into Windows. BitLocker requires users to enter a password to get access to files on removable drives such as USB memory sticks.

To properly manage desktops, it's best to perform a desktop audit to find out what IT assets the organization has. Note that Group Policy Objects and Group Policy settings vary among versions of Windows. Group Policy can restrict the use of desktop gadgets and provide security settings for Internet Explorer 8.

Are Group Policy settings also useful for virtual desktops?

The Group Policy Object Editor allows IT pros to modify configuration and security settings for Microsoft Office, which can only be done otherwise by editing the registry. You just need to learn to use the Office Customization Tool for client deployments and the administrative templates for Office 2010 in virtual desktop infrastructure.

Group Policy Objects, for example, enable admins to restrict virtual desktops through redirection of folders and even the start menu. In addition, there are ways for admins to use Group Policy to secure network endpoints, but not every mobile device is compatible.

How has Group Policy security changed with Windows Server?

Note that Group Policies for Windows Server 2008 should be backed up. Both Active Directory and Group Policy objects are valuable tools for securing Windows Server 2008 R2 installations.

In addition to the numerous Group Policy settings in the beta of Windows Server 2012 (formerly called the Windows Server 8 beta) are improvements in how the Group Policy Management Console distributes updates, how reports are provided about the Active Directory network and how to manage the Setting Sync feature. There are also Group Policy Objects specifically intended for Windows 8 and its Metro interface.

This was first published in May 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.