Win 2003 Group Policy and Security Template Application

Group Policy is used to configure multiple Microsoft Active Directory directory service users and computer objects from a single point. By default, a policy affects not only the objects in the container to which the policy is applied, but also the objects in the child container.

Group Policy includes security settings under "Computer Configuration, Windows Settings, Security Settings". You can configure the settings by importing pre-configured security templates into the policy.

Apply Group Policy

The following steps show how to apply Group Policy and how to assign security groups to "user rights assignments".

Apply Group Policy to an Organizational Unit or Domain

1. Click "Start","Administrative Tools","Active Directory Users and Computers" "Active Directory Users and Computers".

2. Highlight the relevant domain or organizational unit, click the "Actions" menu, and select "Properties".

3. Select the "Group Policy" tab.

Note: Multiple policies can be applied per container. The order in which these policies are processed is from the bottom of the list. If a conflict occurs, the last applied policy takes precedence.

4. Click "New" to create a policy and give it a meaningful name, such as "Domain Policy".

Note: Click the "Options" button to configure "Disable Override" Settings. "Forbidden substitution" is configured for each individual policy, not for the entire container; "block policy inheritance" is configured for the entire container. If the "Forbidden override" and "block policy inheritance" settings conflict, "prohibit substitution" set priority. To configure "block policy inheritance", select the checkbox in the OU property.

Group Policy is automatically updated, but to start the update process immediately, use the following GPUpdate command at the command prompt: GPUpdate /force

To "User Rights Assignment" Add Security group