by May 5, 2003 0 comments

A major challenge in a large enterprise network is in managing the huge user base. Allocating resources, adding/removing accounts, setting security policies, are just a few of the headaches that network administrators face. Here we’ll talk about the group policy feature in the Win 2000 Server that helps network administrators with this mammoth task. This feature also lets you change registry settings, security parameters, and software installation for remote machines. Plus, you can even set up scripts to run during computer startup/shutdown, and even logon/logoff. All
these changes can be applied to specific groups of users on the network. 

The hierarchy of organization
structure in the Active Directory

We’ll take you through the step-by-step process of creating and implementing group policies. Please note that before you start, you must have implemented Active Directory on your Wins 2000 server with your organizational hierarchy in place. Plus, this feature will work with Win 2000 Professional clients and below. To give you a proper outlook of creating group policies, we mapped a sample organization in our test setup as shown in the figure below. 

Group policy is a part of  Active Directory services. You  can use Active Directory Users and Computer to create the group
policy from Start>Programs>

Administrative Tools, or create a custom MMC (Microsoft management Console) for easy navigation of Active Directory objects.

Create Custom MMC

Log on to your Win 2000 Server domain controller as administrator and type “mmc” from the Start>Run menu to launch the Microsoft Management Console. 

Adding snap-ins to MMC

Click on the console menu from the MMC and click Add and Remove Snap-in. from there, click on the Add button, which will open a selection window called “Available standalone Snap-ins.” Here select the snap-ins you require for the Active Directory. So from the list box, double click on Active Directory Users and computers and click the add button to include in

Again open Available standalone Snap-ins and double-click on group policy object. This will open a dialog box, which shows “local computer” written on its text box. Click Finish button to add it. 

Click on the Extensions tab from Add and Remove snap-in to ensure that all the extension check boxes are checked, and press the OK button. 

Lastly from the MMC console menu select save as option, and give any name to this MMC console, say GroupControl.
With this your custom MMC is created by the name of Groupcontrol.

Group policies 
To create a group policy, open the Groupcontrol MMC that you just created and do as follows: 

Configuring Internet
explorer settings for the client machine

Click on the + next to the Active Directory Users and Computers, and in the console tree you will find the name of your domain. Right-click either your domain or OU (organization unit) for which you need to create the access group policy. Next, click its properties and click ‘Group Policy tab. 

Here you can create, remove or even edit the scope for the existing group policy of users and computers. If you like to create a new group policy, click the New button and give a name for the new group policy.

To define the scope for the group policy, click the edit button. This will open a group policy edit sheet, which contains software settings, windows settings and administrative templates for computer and user configuration.

Here you can set the various restrictions over users and computers connected to this domain, which includes desktop settings for users, remote software installation, redirecting important folders like My Documents and mail to be stored on the network.

You can also assign login scripts to various groups from here. 

Let’s, take a small example to set the proxy setting for users’ machines. Open the Groupcontrol MMC that we created above, right-click the domain or OU for which you want to set the group policy, and click its properties. Then click on the group policy tab. This will open up group policy window. Click the edit button to open the group policy editor sheet. In this policy editor you will find User configuration. Click Windows settings>Internet Explorer Main- tenance. On the right panel, double-click on Connections and again double-click on the proxy settings. This will open a dialog box, from where select the Enable Proxy check box and specify your proxy settings. Lastly, click the OK button and close the group policy editor to apply the changes. 

Now this policy is set for the domain or Organization Unit. When users log on to their domain controller, the proxy settings of their Internet Explorer will be set automatically as you defined in the group policy.

Similarly, you can set many security settings including registry-based settings. So go ahead and try out the various settings as per your requirements. 

Sanjay Majumder

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.