|
To view and work with preferences, you must open a Group Policy Object for editing in the Group Policy Management Editor. Then you can manage preferences for either computers or users using the following techniques:
-
If you want to configure preferences that should be applied to
computers, regardless of who logs on, double-tap or double-click the
Computer Configuration node, double-tap or double-click the Preferences
node, and then select the preference area you want to work with. -
If you want to configure preferences that should be applied to users,
regardless of which computer they log on to, double-tap or double-click
the User Configuration node, double-tap or double-click the Preferences
node, and then select the preference area you want to work with.
Creating and Managing a Preference Item
You manage preference items separately by selecting the preference
area and then working with the related preference items in the details
pane. While you are viewing a particular preference area, you can create
a related item by pressing and holding or right-clicking an open space
in the details pane, pointing to New, and then selecting the type of
item to create. Only items for the selected area are available. For
example, if you are working with Printers under Computer Configuration,
you have the option to create a TCP/IP Printer or Local Printer
preference when you press and hold or right-click and point to New.
Once you’ve created items for a preference area, you can press and
hold or right-click an individual item to display a shortcut menu that
allows you to manage the item. Figure 1 shows an example.
Similar options are displayed on the toolbar when you select an item.
In addition to pressing and holding or right-clicking an item and
selecting Properties to display its Properties dialog box, you can
double-tap or double-click a preference item to display its Properties
dialog box. Then you can use the Properties dialog box to view or edit
settings for the preference item.
On clients, the Group
Policy client processes preference items according to their precedence
order. The preference item with the lowest precedence (the one listed
last) is processed first, followed by the preference item with the next
lowest precedence, and so on until the preference item with the highest
precedence (the one listed first) is processed.
Processing occurs in precedence order to ensure that preference items
with higher precedence have priority over preference items with lower
precedence. If there is any conflict between the settings applied in
preference items, the settings written last win. To change the
precedence order, select a preference area in the console tree, and then
tap or click the preference item that you want to work within the
details pane. You’ll then see additional options on the toolbar, which
include:
To lower the precedence of the selected item, tap or click Move The
Selected Item Down. To raise the precedence of the selected item, tap or
click Move The Selected Item Up.
Setting Common Tab Options
All preference items have a Common tab, on which you’ll find options
that are common to preference items. Although the exact list of common
options can differ from item to item, most preference items have the
options shown in Figure 2.
These common options are used as follows:
-
Stop Processing Items In This Extension If An Error Occurs
By default, if
processing of one preference item fails, processing of other preference
items will continue. To change this behavior, you can select Stop
Processing Items In This Extension If An Error Occurs. With this option
selected, a preference item that fails prevents the remaining preference
items within the extension from being processed for a particular Group Policy Object. This setting doesn’t affect processing in other Group Policy Objects. -
Run In Logged-On User’s Security Context
By default, the Group Policy client running on a computer processes user preferences
within the security context of either the Winlogon account (for
computers running versions of Windows prior to Windows Vista) or the
System account (for computers running Window Vista or later). In this
context, a preference extension is limited to the environment variables
and system resources available to the computer. Alternatively, the
client can process user preferences in the security context of the
logged-on user. This allows the preference extension to access resources
as the user rather than as a system service, which might be required
when using drive maps or other preferences for which the computer might
not have permissions to access resources or might need to work with user
environment variables. -
Remove This Item When It Is No Longer Applied
By default, when the
policy settings in a Group Policy Object no longer apply to a user or
computer, the policy settings are removed because they are no longer set
in the Group Policy area of the registry. Default preference items are
not removed automatically, however, when a Group Policy Object no longer
applies to a user or computer. To change this behavior, you may be able
to set this option for a preference item. When this option is selected,
the preference extension determines whether a preference item that was
in scope is now out of scope. If the preference item is out of scope,
the preference extension removes the settings associated with the
preference item.
Note
REAL WORLD Generally,
preferences that support management actions can be removed when they no
longer apply, but preferences that support editing states cannot be
removed when they no longer apply. If you select Remove This Item When
It Is No Longer Applied, the management action is set as Replace. As a
result, during Group Policy processing, the preference extension
performs a Delete operation followed by a Create operation. Then, if the
preference item goes out of scope (meaning it no longer applies) for
the user or computer, the results of the preference item are deleted
(but not created). Item-level targeting can cause a preference item to go out of scope as well.
-
Apply Once And Do Not Reapply
Group Policy writes
preferences to the same locations in the registry that an application or
operating system feature uses to store the related setting. As a
result, users can change settings that were configured using policy
preferences. However, by default, the results of preference items are
rewritten each time Group Policy is refreshed to ensure that preference
items are applied as administrators designated. You can change this
behavior by setting this option. When this option is selected, the
preference extension applies the results of the preference item one time
and does not reapply the results. -
Item-Level Targeting
Item-level targeting allows you to filter the application of a
preference item so that the preference item applies only to selected
users or computers. When the Group Policy client evaluates a targeted
preference, each targeting item results in a True or False value. If the
result is True, the preference item applies and is processed. If the
result is False, the preference item does not apply and is not
processed. When this option is selected, tap or click the Targeting
button to display the Targeting Editor, and then configure targeting as
appropriate.
Note
REAL WORLD Targeting
items are evaluated as a logical expression. The logical expression can
include environment variables so long as the environment variables are
available in the current user context. After you create your logical
expression, you’ll need to ensure that the expression makes sense. In
addition, if you hard-code a value when you meant to use an environment
variable, the targeting will not work as expected.
|
