If you have had any experience with the Active Directory in Windows 2000 Server, you probably know that the AD makes the application of group policies possible. Group policy is extremely useful in helping you accomplish a wide range of tasks, including managing user settings and restricting access to workstation changes. In effect, you can think of group policy as a template applicable to a user’s computer and account to control permissions, software behavior, change control, and more.

As useful as group policy is, many administrators—particularly in smaller companies—do not use group policy. Understanding how group policy is applied is the first step in implementing group policy.

One can apply group policy at four levels: local, organizational unit (OU), domain, and site. First applied are local policies, followed by site, domain, and OU. For that reason, a higher level can override policies. For example, a policy set at the local level can be overridden by an OU policy.

In addition, policies fall into two categories: machine and user. Machine policies apply to the user’s computer and the user policies apply to the user account.

The application hierarchy described above applies for both
machine and user policies.

Miss a tip?

Check out the Windows 2000 Server Archive,
and catch up on the most recent tips from this newsletter.

Want more Win2K tips
and tricks? Automatically
sign up for our free Windows 2000 Server newsletter
, delivered each