How To >> Browse Articles >> Windows
How To >> Browse Articles >> System Administration
Implementing Group Policies with Windows Vista
Featured Author:
InformIT
InformIT is the online presence of the family of information technology publishers and brands of Pearson Education, the world’s largest educational publisher. InformIT is home to the leading technology publishing imprints Addison-Wesley Professional, Cisco Press, ExamCram, IBM Press, Prentice Hall Professional, QUE, and Sams. There you will gain access to trusted and quality content and resources from the authors, creators, innovators, and leaders of technology. Whether you’re looking for a book on a new technology, a helpful article, timely newsletters or access to the Safari Books Online digital library, InformIT has a solution for you.
More articles from this author:
Paul McFedries / InformIT
February 12, 2008
Paul McFedries shows how to apply group policies in Windows Vista to keep dangerous tools out of the hands of novice users.
Group policies are settings that control how Windows Vista works. You can use them to customize the Windows Vista interface, restrict access to certain areas, specify security settings, and much more.
Group policies are mostly used by system administrators who want to make sure that novice users don’t have access to dangerous tools (such as the Registry Editor), or who want to ensure a consistent computing experience across multiple machines. Group policies are also ideally suited to situations in which multiple users share a single computer. However, group policies are also useful on single-user standalone machines, as you’ll see throughout this book.
== ==
This chapter is from the book
Microsoft® Windows® Vista™ Unleashed
Working with Group Policies
You implement group policies using the Group Policy editor, a Microsoft Management Console snap-in. To start the Group Policy editor, follow these steps:
- Press Windows Logo+R (or select Start, All Programs, Accessories, Run) to open the Run dialog box.
- Type gpedit.msc .
- Click OK.
- If the User Account Control dialog box appears, click Continue or type an administrator’s password and click Submit.
The Group Policy window that appears is divided into two sections:
- Left pane— This pane contains a treelike hierarchy of policy categories, which is divided into two main categories: Computer Configuration and User Configuration. The Computer Configuration policies apply to all users and are implemented before the logon. The User Configuration policies apply only to the current user and, therefore, are not applied until that user logs on.
- Right pane— This pane contains the policies for whichever category is selected in the left pane.
The idea, then, is to open the tree’s branches to find the category you want. When you click the category, its policies appear in the right pane. For example, Figure 10.4 shows the Group Policy window with the Computer Configuration, Administrative Templates, System, Logon category highlighted.
Figure 10.4 When you select a category in the left pane, the category’s policies appear in the right pane.
In the right pane, the Setting column tells you the name of the policy, and the State column tells you the current state of the policy. Click a policy to see its description on the left side of the pane. To configure a policy, double-click it. The type of window you see depends on the policy:
- For simple policies, you see a window similar to the one shown in Figure 10.5. These kinds of policies take one of three states: Not Configured (the policy is not in effect), Enabled (the policy is in effect and its setting is enabled), and Disabled (the policy is in effect but its setting is disabled).
Figure 10.5 Simple policies are Not Configured, Enabled, or Disabled.
- Other kinds of policies require extra information when the policy is enabled. For example, Figure 10.6 shows the window for the Run These Programs at User Logon policy. When Enabled is activated, the Show button appears; you use it to specify one or more programs that run when the computer starts.
Figure 10.6 More complex policies also require extra information such as, in this case, a list of programs to run at logon.
Example: Controlling Access to Control Panel
You can use group policies to hide and display Control Panel icons and to configure other Control Panel access settings. To see how this works, follow these steps:
- In the Group Policy editor, select User Configuration, Administrative Templates, Control Panel.
- Configure one or more of the following policies:
Hide Specified Control Panel Items— If you enable this policy, you can hide specific Control Panel icons. To do this, click Show, click Add, enter the name of the icon you want to hide (such as Game Controllers) or the name of the CPL file (such as Joy.cpl), and then click OK.
Force Classic Control Panel View— If you enable this policy, Control Panel is always displayed in the Classic View and the user can’t change to the Home Page view. If you disable this policy, Control Panel is always displayed in the Home Page view and the user can’t change to the Classic View.
Prohibit Access to the Control Panel— If you enable this policy, users can’t access Control Panel using the Start menu, Windows Explorer, or the control.exe executable.
Show Only Specified Control Panel Applets— If you enable this policy, you hide all Control Panel icons except the ones that you specify. To do this, click Show, click Add, enter the name of the icon you want to show (such as Game Controllers) or the name of the CPL file (such as Joy.cpl), and then click OK.
- When you’ve finished with a policy, click OK or Apply to put the policy into effect.
© 2008, InformIT
sniper4983
10 months ago
694 comments
does this not work with home premium or where is gpedit?
davidjohnsen
about 1 year ago
132 comments
Great tips.