Nội dung

4298book.fm Page iii Sunday, February 22, 2004 8:23 PM Group Policy, Profiles, and IntelliMirror ® for Windows 2003, ® Windows XP, ® and Windows 2000 Jeremy Moskowitz San Francisco London 4298book.fm Page ii Sunday, February 22, 2004 8:23 PM 4298book.fm Page i Sunday, February 22, 2004 8:23 PM Group Policy Category Features Where is it in this book? Folder Redirection These settings can anchor specific special folders, such as My Documents, to network shares. Chapter 9 Disk Quotas You can set up Group Policy to automatically protect your servers from users who gobble up all your disk space. Chapter 9 Encrypted Data Recovery Agents (EFS Recovery Policy) Use this Group Policy to dictate the recovery policy for different computers. Chapter 6 Internet Explorer Maintenance All sorts of user and computer settings for Internet Explorer can be set here. Chapter 6 IP Security Policies Use Group Policy to set local IPSEC filtering. Chapter 6 Software Restriction Policies This allows administrators to prevent users from running certain programs on Windows XP or Windows 2003. Chapter 6 Quality of Service (QoS) Policies These allow packets on the network to have higher priorities, say, for video conferencing. QoS is briefly touched on in “What’s New in Windows 2003 and Windows XP Group Policy” on the book’s website. 802.11 Policies Allows administrators to set Windows XP and Windows 2003 machines’ 802.11 wireless policies. Chapter 6 4298book.fm Page ii Sunday, February 22, 2004 8:23 PM 4298book.fm Page iii Sunday, February 22, 2004 8:23 PM Group Policy, Profiles, and IntelliMirror ® for Windows 2003, ® Windows XP, ® and Windows 2000 Jeremy Moskowitz San Francisco London 4298book.fm Page iv Sunday, February 22, 2004 8:23 PM Associate Publisher: Joel Fugazzotto Acquisitions Editor: Ellen Dendy Developmental Editor: Tom Cirtin Production Editor: Elizabeth Campbell Technical Editor: David Shackelford Copyeditor: Pat Coleman Compositor and Graphic Illustrator: Happenstance Type-O-Rama Proofreaders: Laurie O’Connell, Nancy Riddiough Indexer: Lynnzee Elze Book Designer: Bill Gibson, Judy Fung Cover Designer: Ingalls + Associates Copyright © 2004 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written permission of the publisher. First edition copyright © 2001 SYBEX Inc. Library of Congress Card Number: 2003115666 ISBN: 0-7821-4298-2 SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the United States and/or other countries. Screen reproductions produced with FullShot 99. FullShot 99 © 1991-1999 Inbit Incorporated. All rights reserved. FullShot is a trademark of Inbit Incorporated. TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer. The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book. Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 4298book.fm Page v Sunday, February 22, 2004 8:23 PM To my parents and grandparents. 4298book.fm Page vi Sunday, February 22, 2004 8:23 PM Acknowledgments Working to bring this book to you was one of the most rewarding experiences in my life. I would be lying if I took credit for all the juicy bits inside. I have a small army of people to thank. At the top of the list of thanks is the chief lieutenant of this army, Mark Williams within the Group Policy team at Microsoft. His raw dedication to make this book the best it can be is simply astounding. Mark took on the hard job of filtering my huge number of questions and finding answers to them throughout the various product teams within Microsoft. He located reviewers for each and every chapter—sometimes as many as four reviewers for a single chapter! In a nutshell: this book would not have been the same without him, and I’m incredibly grateful. Additionally, I want to thank Michael Dennis, Lead Program Manager for Group Policy at Microsoft, for so thoroughly endorsing my efforts and granting Mark the required time to assist me. To the other members of the Group Policy team, Steve Whitford and BJ Whalen, I thank you for helping me guide the book in the direction it took. Additional thanks to the battalion of technical reviewers at Microsoft: Mike Treit, Nick Finco, Anitha Bagyam, Judith Herman, Mike Danseglio, Chris Corio, Wei Wang, Craig dos Santos, John Lambert, Scott Cousen, Anshul Rawat, David Steere, Dan Boldo, Brian Aust, Navjot Virk, Vishal Ghote, Rajeev Nagar, Keith Hageman, Wes Miller, and many more people. These amazing people didn’t review these chapters because they had to; they did it because they wanted to. Each one has a clear dedication to their craft, and I’m thrilled that they took the time out of their work lives to help this book be its best. Special thanks goes to Todd Myrick and Jerry Cruz as my two “beta readers” for the heavyhitting Group Policy material. Their help was invaluable, and I’m very thankful to have had their expertise and input on the material they reviewed! Special thanks goes to the dedicated folks behind the book. First, my “official” technical editor, David Shackelford, whose insights and comments were instrumental in making this book what it is today. To the Sybex magicians: Pat Coleman for smoothing out my raw text; Tom Cirtin for calming me down whenever I got panicky; and Elizabeth Campbell for allowing me to really be me in this project. Tom, Elizabeth, and Pat worked tirelessly to make this project a success, and I’m very grateful for their dedication to its success. Thanks to Jill Knapp and Jeff Knapp for loaning me your modems. You’re way more than just modems to me. Thank you, Mark Minasi, for allowing me to write about the subject I love most. Thanks to Bill Boswell for writing Chapter 7 (it’s awesome). Moreover, thanks for simply always being there for me to bounce an idea off (and thanks for your phone line simulator I borrowed for eight months). Mark and Bill: without your guidance—both technical and otherwise—I simply wouldn’t be the guy I am today. I want to give special thanks to current and previous contributors to this book. Derek Melber (MCSE) was a contributing author and technical editor of the first edition. Catherine Moya (MCT, MCSE) was a technical editor of the first edition. Conan Kezema’s (MCSE, MCT, CCA) material appears in “New Policy Settings for Windows 2003 and Windows XP” and “Security Options Comparison.” on the book’s website. Jeremy’s photo on the back cover appears courtesy of Windows & .NET Magazine. 4298book.fm Page vii Sunday, February 22, 2004 8:23 PM Foreword I first met Jeremy when he approached the Microsoft Group Policy team with a handful of questions for the first edition of this book. All of us were very busy getting Windows® XP ready to ship and Windows Server™ 2003 into beta; we couldn’t answer Jeremy’s questions right away. But with his own deadlines looming, Jeremy was persistent. He wanted answers to the toughest Group Policy questions, so he could deliver them to you. At Microsoft, we have a lot of downloadable documentation on Group Policy, Profiles, and IntelliMirror®. What Jeremy provides with this book is a “one-stop-shop” for practical, howit-works information, including real-world examples of implementing and troubleshooting Group Policy, Profiles, and IntelliMirror. Indeed, his digging and prodding into the Group Policy internals means that there is information in his book that you simply cannot find anywhere else. Jeremy has always provided an independent eye into how Group Policy works. Best of all, his writing style will keep you engaged throughout the entire book. The Goal of the Group Policy team is to give you the power you need to control your desktops and servers in the most efficient way possible. This vision began in Windows 2000 with an interface designed around how we built the underlying infrastructure. But it didn’t make it easy for administrators to use the power of Group Policy. Customers kept telling us that the way they used Group Policy just didn’t reflect the way the interface worked. We listened hard, and then we developed the Group Policy Management Console (GPMC), which is available for free to anyone with a Windows 2000 or Windows Server 2003 license. This is the single most important development in the evolution of Group Policy management. In keeping with this customerdriven approach, you can be involved in the continued evolution of Group Policy by sending your feedback and suggestions to GPWish@Microsoft.com. We look forward to hearing what you want next! Jeremy’s book uncovers the basics of Group Policy and GPMC and then reveals the hidden nuggets that truly unleash the power of Group Policy. He describes the many underlying and overt changes since Windows 2000 that make this book a valuable successor to his previous work. The practical, (often prescriptive) technical information just keeps rolling in—chapter after chapter. Many teams within Microsoft have provided input to Jeremy’s book: from our folks on the Group Policy team (Chapters 1, 2, 3, 4, 7, and Appendix B), to the Security team (Chapter 6), to the various constituent components of IntelliMirror (Chapters 8, 9, and 10), and RIS and Shadow Copies (Chapter 11). Jeremy kept feeding us the tough nuts to crack so that he could make it accessible to you in this book. At Microsoft, we’ve enjoyed working with Jeremy, and reviewing each chapter to make this the best book possible. It’s our hope that you enjoy the power and control Group Policy provides. It’s also our hope that you enjoy the additional power and control you’ll get after reading Jeremy’s very practical book on Group Policy, Profiles, and IntelliMirror. —Michael Dennis Lead Program Manager, Group Policy, Microsoft