Seven tricks to prevent illegal users from invading Win 2000/XP system

        First, what is group policy
(a) What is the use of group strategy?
When it comes to group policy, you have to mention the registry. The registry is a database for saving system and application software in Windows. As Windows functions become more and more abundant, there are more and more configuration items in the registry. Many configurations are customizable, but they are published in every corner of the registry. If it is manually configured, it can be difficult and complicated. The group policy integrates the important configuration functions of the system into various configuration modules for the management personnel to directly use, thereby achieving the purpose of conveniently managing the computer.
Simply, group policy is to modify the configuration in the registry. Of course, Group Policy uses its own more complete management organization method, which can manage and configure the settings in various objects, which is far more convenient, flexible, and more powerful than manually modifying the registry.
(2) Version of Group Policy
Most Windows 9X/NT users may have heard of the concept of "system policy", and most of what we now hear is the name "group policy". In fact, Group Policy is a more advanced extension of the system strategy. It is developed by the "system strategy" of Windows 9X/NT. It has more management templates and more flexible setting objects and more functions. Windows 2000/XP/2003 system.
The operating mechanism of early system policies is to define a specific .POL (usually Config.pol) file through a policy management template. When the user logs in, it overwrites the settings in the registry. Of course, the System Policy Editor also supports modifications to the current registry, as well as connecting to a network computer and setting up its registry. Group Policy and its tools are directly modified from the current registry. Obviously, the network function of Windows 2000/XP/2003 system is its biggest feature, its network function is naturally indispensable, so Group Policy tool can also open the computer on the network for configuration, and even open an Active Directory. The object (that is, the site, domain, or organizational unit) and set it up. This was not possible with the previous System Policy Editor tool.
Either system strategy or group policy, their basic principle is to modify the corresponding configuration items in the registry, so as to achieve the purpose of configuring the computer, but some of their operating mechanisms have changed and expanded.
Second, the management template in the group policy
contains several .adm files in the Windows 2000/XP/2003 directory. These files are text files called Administrative Templates that provide policy information for Group Policy Administrative Template items.
In Windows 9X, the default admin.adm administrative template is saved in the same folder as the Policy Editor. In the inf folder of the Windows 2000/XP/2003 system folder, there are four template files in the default installation, which are:
1) System.adm: Installed in Group Policy by default. Medium for system settings.
2) Inetres.adm: Installed in Group Policy by default; used for Internet Explorer policy settings.
3) Wmplayer.adm: for Windows Media Player settings.
4) Conf.adm: For NetMeeting settings.
In the Group Policy console of Windows 2000/XP/2003, you can add a "policy template" multiple times, while under Windows 9X, only one policy template is currently open. The following describes how to use a policy template. First use the following in the Windows 2000/XP/2003 Group Policy Console:
First run the "Group Policy" program, then select "Computer Configuration" or "User Configuration" under "Administrative Templates", press the right mouse button, in In the pop-up menu, select “Add/Remove Template”, and the dialog box shown in Figure 1 will pop up.

Figure 1
then click the "Add" button in the dialog box, select the appropriate .adm file. Click the Open button to open the selected script file in the System Policy Editor and wait for the user to execute.
After returning to the main interface of the "Group Policy" editor, open the directory "Local Computer Policy → User Configuration → Administrative Templates", and then click the corresponding directory tree, you will see the results of our newly added management template. Configuration project (in order to facilitate the examples in the following article, we can work together, it is recommended to add other template files except the default template file).
Then look at the Group Policy Editor under Windows 9X. First select "Close" in the "File" menu in the Group Policy Editor to close the current script, then select "Template" in the "Options" menu, the dialog box shown in Figure 2 will pop up.

Figure 2
then click "Open Template" button in the dialog box, select the appropriate .adm file And click the "Open" button to open the selected script file in the editor and wait for the user to execute.

Third, the operation group strategy
(a) Windows 9X policy editor
According to the operating system, the strategy editing tools are divided into two, one for Windows 2000/XP/2003 group policy The management console, which is installed by default when the system is installed; the other is the Windows 9X system policy editor, which is not installed during system installation. The program files are \\tools\ eskit\\ on the Windows installation disk. In the netadmin\\poledit directory, it includes files such as Poledit.exe, Poledit.inf, and Windows.adm.
If the Windows 9X system uses the following method, you can perform a formal installation process.
1. In the Control Panel, double-click the Add/Remove Programs icon, click the Install Windows tab, and then click the Have Disk option.
2. In the From Disk Setup dialog box, click the Browse button and specify the tools\ eskit\ etadmin\\poledit directory on the Windows 9X installation CD.
3. Click the "OK" button and then click the "Confirm" button in the dialog again.
4. In the From Disk Setup dialog box, select the System Policy Editor and Group Policy check boxes, and then click the Install button.
After the installation is complete, click the "Run" command item, enter poledit, and then click the "Confirm" button (the interface after the operation is shown in Figure 3).

FIG. 3