In the Windows Server 2008 domain environment, two examples of group policy application


are Microsoft's latest server platform, and Windows Server 2008 is indeed powerful. The Server 2008D-based AD is more powerful and management is more granular, especially in terms of group policy. For example, the two applications that I will share with you can solve many problems in practice.

Users who have used Vista should know that group management can be used to manage the rights of the removable disk (USB storage device\\CD-ROM\\Mobile hard disk) on the local host. What if you want to implement unified permissions management for all client (Vista or non-Vista) mobile devices? In the Windows Server 2008 domain environment, this is easy to implement.

First configure Server 2008 as an AC (domain controller), and add all the clients to the domain, then just deploy the following on Server 2008. Open Start Group Management Manager by clicking Start→Administrative Tools→Group Policy Management; find the domain where you want to deploy the policy (in this case,, expand to locate the Default Domain Policy, and right click Select "Edit" to open the "Group Policy Management Editor", expand "Computer Configuration → Administrative Templates → System → Removable Storage Access"; find "Removable Disk: Reject Read Permission" and "Removable" on the right side. Disk: Deny write permission", double-click Enable Policy. Finally open the command line tool (cmd), enter the command "gpupdate /force" to update the group policy, so that the previous policy takes effect, so by default only the domain administrator has the right to read and write the mobile disk. (Figure 1)

Figure 1 Change the default domain policy

In order to verify the effect, I let a client log in to the fr domain and then insert the mobile device (such as a USB flash drive). Read and write files. As shown in the figure, the pop-up rejection window is rejected. Only the administrator has permission to perform the operation. Click the "Skip" button to enter a user with permission to operate. (Figure 2)

Figure 2 Refusal to access
Previous page 12 3 Next Read more

Copyright © Windows knowledge All Rights Reserved