Answer Posted / mani
It is not like Windows XP Professional Service Pack 2 added
enough settings to Group Policy, Vista is coming in with
even more new settings to Group Policy. There will be
approximately 2400 possible settings in a Group Policy
Object that is created for a Windows Vista computer. This
only adds about 800 settings, which is adding ½ again as
much settings compared to Windows XP Service Pack 2. Many
of the settings are being added in a response to customer
response, while others are there to support new features
that will be included in Vista. Some of the more important
additions include those listed under the following areas.
Power Management
By far the number one area of configuration that people
have wanted since the advent of Group Policy is the ability
to control Power Management. Finally, Microsoft has added
this capability in Windows Vista. The reasons for
controlling power can provide an immediate impact for
companies, since both Microsoft and the EPA have tested and
reported that you can save over $50 per computer, per year
by establishing power management settings on desktops. The
idea is simple: there is no reason to have the computer in
a full power state when the end user is not even at work.
Before Vista, companies had to look at products from
DesktopStandard and Full Armor to control power for Windows
2000 and XP.
Device Installation Controls
Most IT professionals that work in the area of security for
their company are very concerned about removable media
devices. These devices pose a looming threat to the desktop
and the network as a whole. Without control over the
installation and use of these devices, users can introduce
viruses, worms, and other malicious applications using
these media. Vista will include settings that will allow
control over the installation and use of USB drives, CD-RW,
DVD-RW, and other removable media.
Security Settings
In Vista, Microsoft has joined two security related
technologies together: Firewall and IPSec. This makes a lot
of sense to protect computes using IPSec within the
firewall. Protection can be gained for server-to-server
communications over the Internet, controlling which
resources a computer can access on the network based on the
computer health, and resource access based on some
regulatory requirement. As these security settings are
important to every computer, it only makes logical sense
that there are settings for them in Group Policy.
Printer Assignment Based on Location
Printer management is a nightmare for almost every company
and network admin. With most companies using a brigade of
laptop computers, printer management has become even more
complex as the users move from building to building or
campus to campus. Vista solves this issue by allowing
printers to be configured based on the current Active
Directory site the computer belongs to. Since Active
Directory sites typically map out the geographical or
physical network topology, it creates a perfect solution
for delivering printers as laptop users. Before Vista,
companies had to look at products from DesktopStandard and
Full Armor to control printers for Windows 2000 and XP.
Redesign of ADM Templates
If you administer Group Policy for your company, you have
most likely come face-to-face with an ADM template. These
ADM templates were first introduced with Windows NT4 using
markup language to define and implement changes to the
Registry. As Group Policy was introduced, the concept of
the ADM template did not change, although some new
capabilities did come along. ADM templates provide a needed
method to alter Registry values, but have their problems,
including:
• ADM bloat caused by the duplication of ADM
templates in every GPO
• ADM template version mismatches, many times caused
by the introduction of a service pack into the environment
on one or more computers
• Confusing “policies” or “preferences” settings,
depending on which portion of the Registry is being
modified
• Inability to control multi-string or binary
Registry values
Microsoft knows that ADM templates are really a stop gap
for your Registry “hacking” needs, but they had done a good
job until Vista. With Vista, the majority of these issues
are solved by the conversion of ADM templates into a new
XML-based format, as well as the introduction of a
repository for the templates. The new XML-based formatted
files will be called ADMX files, allowing for different
languages to be addressed in a single file. The ADMX files
will also take the large, bulky ADM templates and chop them
up into smaller, more manageable ADMX files.
One of my favorite features of Vista is the introduction of
the ADMX central store. This will provide a centralized
method for updating, storing, and managing ADMX files. ADMX
files will no longer need to be stored in each GPO.
Instead, each GPO will look to the central store for the
ADMX files. This will save space on domain controllers and
will allow for easier management of these files.
Network Location Awareness
Group Policy and the application of the settings in Group
Policy Objects rely heavily on the availability of the
network, as well as the connection speed of the network.
Vista takes a new approach to network awareness, allowing
faster boot times and more reliable application of policy.
The following areas of network awareness are tackled in
Windows Vista:
• When a computer is booting, the time that is spent
trying to apply policy even though the network is not yet
available can be daunting. Vista will provide indicators to
Group Policy application as to whether the NIC is enabled
or disabled, as well as indications as to when the network
is available.
• Vista will introduce the ability for a client to
detect when a domain controller is available or when one
becomes available again after a period of being offline.
This is ideal for remote access connections, such as dial-
up and VPNs.
• There will no longer be a reliance on ICMP (PING)
for determining the connection speed to the computer. This
was needed for slow network connections, but if ICMP was
disabled for security reasons, the computer would reject
the PING request, causing Group Policy application to fail.
Now network location awareness handles the bandwidth
determination, allowing policy refresh to succeed.
| Is This Answer Correct ? | 1 Yes | 4 No |
Post New Answer View All Answers
What are application partitions? When do I use them
What is POST?
What are sites? What are they used for?
Hi can any one help me for 70-562 dumps?
Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.
Types of routing groups
windows file/folder sharing ?
What do you do to install a new Windows 2003 R2 DC in a Windows 2003 AD?
How do you create a new application partition
Hi, I want to do asp.net certification. So please guide me how i can proceed.
Which is best insistute to learn IIS 6.0 and 7.0
mcse 2003 to mcitp upgrade paper
I want to clear the mcse in 2007. So could i get the latest dump of msce questions?
Which is best among dotnet and dotnet diploma? Friends Please answer this question as soon as possible.
HOW TO USE FSMO ROLES IN FOREST.. MEANS IF WE HAVE A THREE DOAMINS IN FOREST .....THEY R HYD.COM(FIRST ONE....PRIMARY DOMAIN IN THE FOREST),BANG.COM (SECOND DOMAIN),CSD.COM(THIRD DOMAIN). I WANT TO IMPLEMENT FSMO ROLES IN THIRD DOMAIN HOW TO IMPLEMENT IT ...MEANS HOW TO CONNECT WITH DOAMIN AND WHAT ROLES WE IMPLEMENT..
