Remember that this section deals specifically with Group Policies which
lockdown the machine. As with all Computer Configuration Policies,
Administrative Templates affect all users who logon - including the
administrator.
Did you know that the newer Windows 200x Administrative policies remove the settings
from the registry when the user or computer is outside the scope?
To get started, launch the GPMC, or else use ADUC to edit a Group Policy. Now to view, add or remove the ADM files, simply right click the Administrative Templates folder.
(See screen shot.)
ADM
Administrative Template files started life in NT 4.0. The idea is that Group Policy
settings, which control the registry, can be imported to the GPO and so give
you command of the users environment.
Conf.adm - Just for Netmeeting
Inetres.adm - Internet Explorer, particularly the Maintenance Polices. Inetres doubles in size when you apply Windows Server 2003 SP1
System.adm - Most of the Group Policies, see how big this file is
Wmplayer.adm - Just the Media player settings
Wuau.adm - Controlling the update Service
To begin with no action is required, Windows Server 2003 automatically
loads 5 built-in templates. Later, you can add other ADM templates,
including Group Policy templates that you make yourself.
Guy
Recommends: Permissions Analyzer - Free Active Directory Tool
I like the
Permissions Monitor because it enables me to see quickly WHO has permissions
to do WHAT. When you launch this tool it analyzes a users effective NTFS
permissions for a specific file or folder, takes into account network share
access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are
troubleshooting authorization problems for users access to a resource.
On no account rename these templates. If you do rename the above original Group Policy templates, then when you apply a service pack your policies will be
deleted and replaced by default the above defaults.
Be aware that there are two sets of Administrative Templates, one for
Computers and another for Users. Should there be a conflict of
settings, then the Computer Configuration wins. For example, if
'Prevent Access to 16 bit applications' is enabled in the Computer
Configuration, but disabled in the User Configuration, then enabled wins
because it's in the Computer Settings. The logic being, by the
time the user logs on, too late, the Computer Configuration has already run.
If you like this page then please share it with your friends
*
Custom Search
Guy Recommends: Orion's NPM - Network Performance Monitor
Orion's performance monitor is designed for detecting network outages. NPM makes it easy to see what's working, and what needs your attention.
This utility guides you through creating network maps. It also helps troubleshooting by indicating whether the root cause is faulty equipment, or resource overload.
