Home |Applications |Networking |Systems |Imaging

Group Policy Editor

The Group Policy Editor (gpedit.msc) is a front-end to a number of configuration values stored in the Registry that can be used to enforce restrictions on the user environment.

Windows 2K/XP Professional

Group Policy settings define the various components of the user's desktop environment that a system administrator needs to manage, for example, the programs that are available to users, the programs that appear on the user's desktop, and options for the Start menu. To create a specific desktop configuration for a particular group of users, use the Group Policy snap-in. Group Policy settings that you specify are contained in a Group Policy object, which is in turn associated with selected Active Directory objects—sites, domains, or organizational units.

Group Policy applies not only to users and client computers, but also to member servers, domain controllers, and any other Windows 2000/XP professional computers within the scope of management.

Group Policy includes policy settings for User Configuration, which affect users, and for Computer Configuration, which affect computers.

By using Group Policy and its extensions, you can:

Manage registry-based policy with Administrative Templates. Group Policy creates a file that contains registry settings that are written to the User or Local Machine portion of the registry database. User profile settings that are specific to a user who logs on to a given workstation or server are written to the registry under HKEY_CURRENT_USER (HKCU), and computer-specific settings are written under HKEY_LOCAL_MACHINE (HKLM).

Assign scripts. This includes such scripts as computer startup, shutdown, logon, and logoff. For more information, see Use scripts.

Redirect folders. You can redirect folders, such as My Documents and My Pictures, from the Documents and Settings folder on the local computer to network locations. For more information about folder redirection, see Use the Folder Redirection snap-in.

Manage applications. With Group Policy you can assign, publish, update, or repair applications by using the Software Installation extension. For more information, see Use the Software Installation snap-in.

Specify security options.

Group Policy objects that exist by default Each computer that runs the Windows XP Professional or the Windows 2000 operating system has exactly one Group Policy object stored locally. This local Group Policy object contains a subset of the settings that are available in nonlocal Group Policy objects. For more information, see Local Group Policy.

Notes

Management of stand-alone computers: A Windows 2000 computer that is not joined to any domain is not subject to nonlocal Group Policy through Active Directory. The only Group Policy that applies to such a computer is local Group Policy, which contains settings for all users of that computer. For more information on local Group Policy, see Local Group Policy. To provide settings for multiple users, use System Policy Editor to write a Registry.pol file. Only the Windows 2000 version of System Policy Editor is compatible with Windows 2000.

"When you're outside of a domain environment, XP has some features missing. XP Home leaves you completely without the Group Policy Editor, while XP Pro lacks the ability to use the Group Policy Editor to selectively apply policies to specific users. Well, that's about to change. Doug's Windows XP Security Console allows you to assign various restrictions to specific users, whether you're running XP Pro or XP Home."

http://www.dougknox.com/xp/utils/xp_securityconsole.htm

Windows XP Home does not include GPEDIT; XP Home users can apparently run this program if they have access to files from an XP Pro (or possibly Win 2000?) installation, by doing the following:

* Copy the files gpedit.dll and fde.dll from \WINDOWS\System32 on the XP Pro machine to \WINDOWS\System32 on the XP Home machine.
* From a command prompt issue the following commands on the XP Home machine: regsvr32 C:\WINDOWS\System32\gpedit.dll

* regsvr32 C:\WINDOWS\System32\fde.dll Open the Microsoft Management Console (mmc.exe) and select File->Add/Remove Snap-in... Then click Add. Select the Group Policy snap-in from the list of installed snap ins.

You can now edit the Group Policy on the local machine. But XP Home doesn't support the same feature set as XP Pro, so the policies you are looking for might be missing.

Group Policy Editor

To open Group Policy, click Start > Run..., type gpedit.msc, and click OK.