For most computer users, managing computers is basically done with some third-party tools, or even by manually modifying the registry. In fact, Windows XP Group Policy has integrated these functions into one, and we can fully realize the functions we need through Group Policy and related tools. First, the group policy basis 1. What is the group policy registry is a database of system software and application software configuration in the Windows system, and with the increasing functionality of Windows, the configuration items in the registry are more and more, many Configurations can be customized, but these configurations are distributed in every corner of the registry. If it is manually configured, it can be imagined how difficult and complicated it is. The group policy integrates the important configuration functions of the system into various configuration modules for the user to directly use, thereby achieving the purpose of conveniently managing the computer. In fact, simply put, the group policy setting is to modify the configuration in the registry. Of course, Group Policy uses a more complete management organization method, which can manage and configure settings in various objects, which is far more convenient, flexible, and more powerful than manually modifying the registry. 2. The version of Group Policy For Windows 9X/NT users, the concept of "system policy" is known. In fact, group policy is a high-level extension of system policy. It is developed from the "system strategy" of Windows 9X/NT. With more management templates, more flexible settings and more functions, it is currently mainly used in the Windows 2000/XP/2003 operating system. The early system policy was run by defining a specific POL (usually Config.pol) file through a policy management template. When the user logs in, it overwrites the settings in the registry. Of course, the System Policy Editor also supports modifications to the current registry, as well as connecting to a network computer and setting up its registry. Group Policy and its tools are directly modified from the current registry. Obviously, the network function of Windows 2000/XP/2003 system is its biggest feature, so its network function is naturally indispensable, so the Group Policy tool can also open the computer on the network for configuration, and even open an Active. A Directory (Active Directory) object (that is, a site, domain, or organizational unit) and set it up. This was not possible with the previous System Policy Editor tool. Of course, whether it is "system strategy" or "group policy", their basic principle is to modify the corresponding configuration items in the registry, so as to achieve the purpose of configuring the computer, but some of their operating mechanisms have changed and expanded. 3. Run Group Policy in Windows XP On Windows 2000/XP/2003, the system has already installed the Group Policy program by default. In the "Start" menu, click the "Run" option and enter "In the dialog box that opens" Gpedit.msc" and OK, you can run Group Policy. As shown in Figure 1. Using the above method, the opened Group Policy object is the current computer, and if you need to configure other computer Group Policy objects, you need to open the Group Policy as a separate MMC snap-in: (1) Open the Microsoft Management Console (available in Enter "MMC" directly in the "Run" dialog box of the "Start" menu and confirm). (2) Click the "File → Add /Remove Snap-in" menu command, click the "Add" button in the dialog box that opens. (3) In the Available Standalone Snap-in dialog box, click the Group Policy option and then click the Add button. (4) In the Select Group Policy Object dialog box, click the Local Computer option to edit the local computer object, or click Browse to find the desired Group Policy object. (5) Click the "Finish" button, the Group Policy snap-in opens the Group Policy object to be edited. (6) Locate the location of the option you want to change in the left pane, right-click the specific option you want to change in the right pane, click the "Properties" command to open its properties dialog, select "Enabled" The "Unconfigured", "Disabled" option allows you to manage your computer policies. 4. Administrative Templates in Group Policy Several ADM files are included in Windows 2000/XP/2003. These files are text files called Administrative Templates that provide policy information for items under the Administrative Templates folder in the Control Tree of the Group Policy snap-in. In Windows 2000/XP/2003, the default Admin.adm administrative template is located in the INF folder of the system folder, which contains the four template files under the default installation, which are: (1) System.adm: installed by default In Group Policy, for system settings. (2) Inetres.adm: Installed by default in Group Policy for Internet Explorer (IE) policy settings. (3) Wmplayer.adm: for Windows Media Player settings. (4) Conf.adm: used for NetMeeting settings. In the Policy Management Console, you can add a "policy template" multiple times. Let's take a look at the specific operations: First run the "Group Policy" program, then select "Computer Configuration" or "User Configuration" under "Administrative Templates". Right-click, select the "Add/Remove Templates" command, then click the "Add" button in the opened dialog box, and select the corresponding ADM file in the opened dialog box. Click the Open button to open the selected script file in the System Policy Editor and wait for the user to execute. After returning to the main interface of the "Group Policy" editor, open the directory "Local Computer Policy → User Configuration → Administrative Templates" option, and then click the corresponding directory tree, you will see the configuration generated by our newly added management template. The project is over. Note: The following operations are all performed in Windows XP. 2. Personalize my computer 1. Delete the "Documents" menu item in the "Start" menu. In a computer used by multiple people, some users do not want other users to see documents or other information that they have edited. Therefore, in order to delete the "document" menu item used to record historical documents, we can do this by modifying the group policy. Location: \\\\User Configuration\\Administrative Templates\\Taskbar and Start Menu \\\\ When this setting is enabled, the system saves the Document shortcuts but does not display them in the Document menu. If you disable this setting or set it to unconfigured later, the Document shortcut saved before the setting is enabled and when it is in effect appears in the Document menu item. as shown in picture 2. Note: This setting does not prevent Windows programs from displaying shortcuts in recently opened documents. Alternatively, you can set the history of recently opened documents to be automatically cleared when you log out of the system. Location: \\\\User Configuration\\Administrative Templates\\Taskbar and Start Menu \\\\ If you disable this policy setting, the system deletes the shortcut when the user logs out. Therefore, when the user logs in, the document menu on the Start menu is always empty. If you disable or do not configure this setting, the document shortcuts are preserved and the document menu when the user logs in appears exactly the same as when the user quits the system. Note: The system saves the document shortcuts in the user profile in the \\\\Documents and Settings\\\\\\\\Recent folder. 2. Delete the "Run" menu item in the "Start" menu There is a "Run" menu item in the "Start" menu, you can enter the program name to start the program. We can remove the Run menu item from the Start menu. Location: \\\\User Configuration\\Administrative Templates\\Taskbar and Start Menu\\ If this setting is enabled, the following changes occur: (1) The Run command is removed from the Start menu. (2) The new task (run) command is deleted from the task manager. (3) Prevent users from entering the following items in the IE address bar: UNC path: \\\\\\\\
\\\\. Access the local drive: for example, C:. Access local folders: for example, \\\\temp>. At the same time, the Run dialog box will not be displayed using the WIN+R key combination. If this setting is disabled or not configured, the user can access the Start menu and the Task Manager Run command and use the IE address bar. Note: This policy only affects the specified interface. It does not prevent users from using other methods to run programs. 3. Lose weight to the Start menu If you think Windows' Start menu is too bloated, you can completely remove unwanted menu items from the Start menu via Group Policy settings. Location: \\\\User Configuration\\Administrative Templates\\Taskbar and Start Menu \\\\ In the right pane of Group Policy, provide "Delete User Folder from 'Start' menu", "Delete to 'Windows Update' Access and links", remove the utility group from the 'Start' menu, delete the "My Documents" icon and other configuration items from the 'Start' menu. You only need to
enable the policy corresponding to the menu item you don't need. 4. Hide and disable all items on the desktop This policy removes icons, shortcuts, and other default and user-defined items from the desktop. Location: \\\\User Configuration\\Administrative Templates\\Desktop\\ This policy removes icons and shortcuts does not prevent the user from launching the program in another way or opening the icon and the item represented by the shortcut. 5. Do not save user settings when exiting This policy is used to prevent users from saving certain changes to the desktop. Location: \\\\User Configuration\\Administrative Templates\\Desktop\\\\ If you enable this setting, the user can make some changes to the desktop, but some changes, such as the location of the icon and open window, the location and size of the taskbar in the user Cannot be saved after logging out. 6. Enable/Disable "Active Desktop" Active Desktop is an advanced feature that comes with Windows 98 (and later) or IE 4.0. Its biggest feature is that you can set wallpapers in various image formats. You can even display the web page as a wallpaper. But for security and performance reasons, sometimes we need to disable this feature (and prevent users from enabling it). Location: \\\\User Configuration\\Administrative Templates\\Desktop\\\\Active Desktop Tip: If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting will be ignored. If the "Disable Active Desktop and Web Views" setting (in "User Configuration\\Administrative Templates\\Windows Components\\Windows Explorer") is enabled, Active Desktop will be disabled and both policies will be ignored. 7. Remove shared documents from "My Computer" When a Windows user is in a workgroup, a "Shared Documents" icon will appear in "Other Locations" and "Store on this computer" in the Windows Explorer's Web View. Other files". With this setting, you can choose not to display these items. Location: \\\\User Configuration\\Administrative Templates\\Windows Components\\Windows Explorer\\ If this setting is enabled, the "Shared Documents" folder will not be displayed in Web View or in "My Computer" . If this setting is disabled or not configured, when the user is part of a Workgroup, the Shared Documents folder will appear as a web view or in My Computer. 8. Do not move deleted files to the Recycle Bin When a file or folder in Windows Explorer is deleted, a copy of the file or folder is placed in the Recycle Bin. With this strategy, you can change this behavior. Location: \\\\User Configuration\\Administrative Templates\\Windows Components\\Windows Explorer \\\\ If this setting is enabled, files or folders deleted using Windows Explorer will not be placed in the Recycle Bin, so Was permanently deleted. If this setting is disabled or not configured, files or folders deleted using Windows Explorer will be placed in the Recycle Bin.