Server Features

System Requirements

Comparisons

Pricing and Licensing

Solutions

Which Server to Choose

Group Policy is a key component of IntelliMirror^TM management technologies in the Windows� 2000 operating systems. Group Policy helps administrators control user access to desktop settings and applications by group rather than by individual user and computer. Group Policy allows Windows 2000 network administrators to define and control the amount of access users have to data and applications and to their organizations� networks. As a result, administrators spend less time on everyday tasks such as fixing problems caused by novice users. Using Group Policy, Windows 2000 administrators can tailor users� access to the following:

Sandra, the Windows 2000 network administrator for a large city hospital, needs to set up several desktop computers to help volunteers at the hospital�s information desk provide basic information to visitors. In order to provide this information, the volunteers need to have access to the hospital�s staff list and the patient roster.

Sandra creates a group called Info Volunteers on the network. She installs Windows 2000 on the desktops that the volunteers share, and she assigns the appropriate policies, applications, data, and settings to the group. In this example, the group�s access to the information on the hospital�s Windows 2000-based network will be relatively limited. Because the Info Volunteers group�s computers are in a very public area of the hospital, and because the group is composed of novice computer users who only need access to a few applications in order to provide the information that visitors request, Sandra locks down the computers as much as possible. Users will not be able to change desktop settings, access the Control Panel, or use any applications or databases other than those that Sandra assigned to the group.

Not only is Sandra able to use Group Policy to set up the new group from her desktop, she will also be able to update the group�s policies whenever she needs to do so, from any computer on the hospital�s Windows 2000 network. For example, if the hospital administration decides to provide volunteers with additional applications in the future�perhaps an application that allows volunteers to print a map of the hospital, complete with large-print directions for visitors with limited eyesight�Sandra can update the Info Volunteers group policies, data, applications, and settings.

Sandra, the hospital�s network administrator, uses Group Policy to make the nursing station computer available to different groups with different needs. The employee team that uses the computer includes not just nurses, but doctors, residents, interns, physician assistants, and administrative personnel. The team uses various core applications--the software that controls the database of patient records, the prescription-writing application, the software that controls the database of health insurance information, the hospital�s online catalog for the medical library, the staff scheduling application, and the hospital�s e-mail application. However, not every team member needs access to all applications. All the groups need access to patient records and scheduling information, but doctors, interns, and nurses also need to be able to access and update patients� records. Doctors also use the prescription-writing software, which feeds information into the health insurance database. Doctors don�t need access to the health insurance information database, but administrative staff members do. All team members use the hospital�s online medical library catalog for research, and everyone uses e-mail.

Group Policy allows Sandra to control each group�s access to the applications on the hospital�s Windows 2000-based network. She sets up groups according to members� responsibilities and the applications they need. Each Windows 2000 user�s policies, settings, applications, and data are assigned as a member of a particular group. When a team member�for example, a nurse�logs on to the nursing station computer, he has access to the applications assigned to his group. He updates a patient�s information and logs off. An intern logs on immediately after the nurse leaves the computer station. He checks a patient�s record; uses the medical library catalog to check the symptoms of an unfamiliar disease he noticed in the patient�s history; answers e-mail from a colleague; and logs off. Later that day, Sandra updates the computer to reflect several organizational changes�two interns have left the team, three more have joined, and two nurses have become nurse practitioners, which means that they can now write prescriptions.

Group Policy�s value in this scenario lies in its flexibility as well as its control. It�s easy for Sandra to change the policies that apply to each group, regardless of the group�s size, as well as the policies that apply to individual team members. Group Policy makes her job easier, and it helps the hospital�s IT department get the most out of its budget by helping Sandra spend more time managing users and desktops and less time fixing them.

In order to understand what is particularly useful about Windows 2000 and Group Policy from an administrator�s point of view, it helps to look at the Zero Administration Kit, or ZAK. ZAK is a standard set of predefined policies and profiles in the Windows NT� 4.0 family of operating systems. Microsoft delivered ZAK to help customers reduce the total cost of ownership of Windows-based computing. This was done by creating two standard lockdown scenarios�TaskStation and AppStation. TaskStation mode completely locks down the desktop. It hides areas of the Windows-based user interface, preventing users from accessing any applications or data other than those they need to work. AppStation mode is appropriate for organizations with knowledge workers who typically run three or four business applications but don�t have the experience or the need to access system configurations or to install additional applications.

Group Policy is a component of IntelliMirror that goes several steps further than ZAK. In addition to simplifying and centralizing the administration of policy, network administrators can use Group Policy to choose how much freedom to allow each user on the network. Group Policy allows administrators to set these policies according to the resources needed by users in different business roles and locations. When an administrator sets up appropriate Group Policies for an organization, the policies that apply to each user will be applied each time a user logs on to the network. Data, applications, and settings follow the user on the network to any computer.

Group Policy is a key component of the IntelliMirror feature of Windows 2000 operating systems. Group Policy helps administrators control users� access to desktop settings and applications for a group rather than for an individual user or computer. Group Policy allows Windows 2000 network administrators to define and control the amount of access users have to data and applications and to the organizations� networks.

As described in this overview, network administrators can tailor the data and applications that different groups may access. The appearance of the desktop, printer settings, system settings, and so on, can be preset. Security settings can be configured for user groups at the local, domain, and network levels.

Further, files from users� computers can be automatically redirected to a server specified by an administrator. And, if users are working offline, or if the connection to the network breaks, offline files can be set to be saved in the cache store. Then, when users log back on to the network, the Synchronization Manager automatically synchronizes offline files with those on the server.

� 2000 Microsoft Corporation. All rights reserved. Terms of use.