Thursday, February 28, 2013

WINDOWS GROUP POLICY



Group Policy is a Windows feature that contains a variety of advanced settings, particularly for network administrators. However, local Group Policy can also be used to adjust settings on a single computer. Group Policy isn’t designed for home users, so it’s only available on Professional, Ultimate, and Enterprise versions of Windows.



Fig1: Local Group Policy Editor

Centralized Group Policy

If you are using a Windows computer in an Active Directory environment, Group Policy settings can be defined on the domain controller. Network administrators have one place where they can configure a variety of Windows settings for every computer on the network. These settings can also be enforced, so users can’t change them. For example, using group policy, a network administrator can block access to certain sections of the Windows control panel, or set a specific website as the home page for every computer on the network.
This can be useful for locking down computers, restricting access to specific folders, control panel applets, and applications. It can also be used to change a variety of Windows settings, including ones that can’t be changed from the control panel or require registry tweaks to change.

  

                                                  Fig2. Restrictions Windows

Many Group Policy settings actually change registry values in the background. In fact, you can see which registry value a group policy setting changes. However, Group Policy provides a more user-friendly interface and the ability to enforce these settings.

Local Group Policy (LGP)

Group Policy is not only useful for network of computers in businesses or schools. However, if you’re using a Professional version of Windows, you can use the local Group Policy Editor to change Group Policy settings on your computer. Using Group Policy, you can tweak some Windows settings that aren’t normally available from the graphical interface. For example, if you want to set a custom login screen in Windows 7, you can either use the Registry Editor or the Group Policy Editor – it’s easier to change this setting in the Group Policy Editor. You can also tweak other areas of Windows 7 with the Group Policy Editor — for example, you can hide the notification area entirely. The local Group Policy Editor can also be used to lock down a computer, just as you would lock down a computer on an enterprise network. 



Fig3: LGP Editor’s Screen


This can be useful if you have children using your computer. For example, you can allow users to run only specific programs, restrict access to specific drives, or enforce user account password requirements, including setting a minimum length for passwords on the computer.

Using Local Group Policy

To access the local Group Policy Editor on your Windows computer (assuming you’re using a Professional edition of Windows or better, not a Home version), open the Start menu, type gpedit.msc, and press Enter.



                                                            Fig4: gpedit Screen


If you don’t see the gpedit.msc application, you’re using a Home edition of Windows. Group Policy settings are broken up into two sections – the Computer Configuration section controls computer-specific settings, while the User Configuration section controls user-specific settings.

  
Fig5: Local Computer Policy

 For example, Internet Explorer settings are located under:

 Administrative Templates -> Windows Components -> Internet Explorer.

  

                                                 Fig6: LGP Settings Windows


You can change a setting by double-clicking it, selecting a new option, and clicking OK.

 

Fig7: Tabbed Browsing Window