gpo 软件限制策略
Group Policyis a feature provided by Windows operating systems in order to manage the different operating systems, user, account, and similar settings. Group policy mainly used for centralized management and configuration of operating systems, applications, and users setting in an Active Directory (AD) environment. Group Policy Object or GPO is an object used to set configuration objects which can be the background setting, password size or the process thread count, etc.
Group Policy是Windows操作系统提供的一项功能,用于管理不同的操作系统,用户,帐户和类似设置。 组策略主要用于集中管理和配置Active Directory(AD)环境中的操作系统,应用程序和用户。 组策略对象或GPO是用于设置配置对象的对象,这些对象可以是后台设置,密码大小或进程线程数等。
Group Policies are organized as containers, sites, domain, or organizational units. Group policies have some operations likeenforcement,inheritancesorfiltering.
组策略被组织为容器,站点,域或组织单位。 组策略具有一些操作,例如enforcement,inheritances或filtering。
组策略(GP)的优势 (Group Policy (GP) Advantages)
Group Policy and Group Policy Objects are so popular because they provide some advantages while administrating single or multiple windows operating systems. Alternatively, group policies can be implemented in the non-Active Directory infrastructure.
组策略和组策略对象之所以如此受欢迎,是因为它们在管理单个或多个Windows操作系统时提供了一些优势。 或者,可以在非Active Directory基础结构中实施组策略。
Ease of management: Ease of management is one of the biggest advantages of group policy. Group policy is used to group multiple computers, users, or different attributes and set configurations about these components easily with a single step.
Ease of management:易于管理是组策略的最大优势之一。 组策略用于对多台计算机,用户或不同属性进行分组,并只需一步即可轻松设置有关这些组件的配置。
One-stop administration: One-stop administration is similar to the ease of management where deploying patches, software updates and installation builtin or 3rd party software is very easy.
One-stop administration:一站式管理类似于轻松管理,部署补丁程序,软件更新和内置内置或第三方软件非常容易。
Easy Security Management: Security is an important part of today’s IT. We can configure different security-related features and configurations with the group policy and easily apply them to multiple systems. As an example password policy can be enforced easily with the group policy.
Easy Security Management:安全是当今IT的重要组成部分。 我们可以使用组策略配置不同的与安全性相关的功能和配置,并将其轻松地应用于多个系统。 例如,可以使用组策略轻松实施密码策略。
组策略对象(GPO)限制 (Group Policy Object (GPO) Limitations)
Even group policy provides advantages there are some limitations for group policy usage.
即使组策略提供了优势,组策略的使用也有一些限制。
LEARN MORE How To Secure Windows From Malware and Unwanted Executables With Applocker?了解更多信息如何使用Applocker保护Windows免受恶意软件和有害可执行文件的侵害?
Latency and Network Traffic: By default group, policy objects take 90-120 minutes to completely distributed. This interval may seem high and we can set lower intervals like 7 seconds. As GPO updates received via network this will burden the network.
Latency and Network Traffic:默认情况下,策略对象需要90-120分钟才能完全分发。 这个间隔似乎很高,我们可以设置较低的间隔,例如7秒。 由于通过网络接收到GPO更新,这将给网络增加负担。
GPO Editor: GPO editor is used to creating, update, and manage group policy objects. Even it provides a good user experience it is not perfect. In some cases finding specific objects can be a nightmare. Alternatively, Powershell provides a more easy and straightforward configuration.
GPO Editor:GPO编辑器用于创建,更新和管理组策略对象。 即使它提供了良好的用户体验,它也不是完美的。 在某些情况下,找到特定对象可能是一场噩梦。 另外,Powershell提供了更简单直接的配置。
组策略对象(GPO)类型 (Group Policy Object (GPO) Types)
There are two types of group policy objects. First one is the centralized group policy object which is created and used in an Active Directory environment that is calledCentralized Group Policyand the second isLocal Group Policywhich is used in the local system.
有两种类型的组策略对象。 第一个是在Active Directory环境中创建和使用的集中式组策略对象,称为“Centralized Group Policy,第二个是在本地系统中使用的Local Group Policy。
Centralized Group Policyis mainly used with the AD in order to manage multiple computers. The group policy objects are distributed via the AD according to the hierarchy and attributes of the AD objects.
Centralized Group Policy主要与AD一起使用,以管理多台计算机。 组策略对象根据AD对象的层次结构和属性通过AD分发。
Local Group Policyis used to change group policies on the local system. This can be also useful if there is no Active Directory. Local Group Policy can be used to change background image, user password, and other configuration about the local system. Windows operating system provides the tool namedLocal Group Policy Editorin order to manage Local Group Policy.
Local Group Policy用于更改本地系统上的组策略。 如果没有Active Directory,这也很有用。 本地组策略可用于更改背景图像,用户密码以及有关本地系统的其他配置。 Windows操作系统提供了名为“Local Group Policy Editor的工具,以便管理本地组策略。
组策略对象(GPO)首选项 (Group Policy Object (GPO) Preference)
We have listed two GPO types “local group policy” and “AD group policy”. But there some other GPO types which are subtypes of the “AD group policy”. They are called “Site policies”, “Domain policies” and OU policies”. What will happen if the same configuration or object is defined with different group policy types like local group policy and Domain policy? GPO provides the following order to preference.
我们列出了两种GPO类型:“本地组策略”和“ AD组策略”。 但是还有其他一些GPO类型,它们是“ AD组策略”的子类型。 它们称为“站点策略”,“域策略”和OU策略”。 如果使用不同的组策略类型(例如本地组策略和域策略)定义了相同的配置或对象,将会发生什么? GPO提供以下优先顺序。
Local Group Policy本地组策略 Site Policy网站政策Domain Policy域名政策OU PolicyOU政策LEARN MORE How To Run gpupdate /force On Windows?了解更多信息如何在Windows上运行gpupdate / force?
本地组策略编辑器 (Local Group Policy Editor)
In order to edit the local group policy object, the tool named Local Group Policy Editor is used. It can be opened from the Start menu by typing “local group policy” like below.
为了编辑本地组策略对象,使用了名为“本地组策略编辑器”的工具。 可以通过键入“本地组策略”从“开始”菜单中打开它,如下所示。
The local group policy editor provides two main categories for GPO configuration. Computer Configuration is used to set general and computer-related objects like security, printer, public keys, windows operating system, etc. User Configuration provides user-related objects like control panel, script, shared folders, start menu and taskbar, etc.
本地组策略编辑器为GPO配置提供了两个主要类别。 “计算机配置”用于设置常规和与计算机相关的对象,例如安全性,打印机,公共密钥,Windows操作系统等。“用户配置”提供与用户相关的对象,例如控制面板,脚本,共享文件夹,开始菜单和任务栏等。
如何更改组策略对象(GPO)?(How To Change Group Policy Object (GPO)?)
In order to change a GPO, we will find the GPO as below. In this example, we select theDesktop WallpaperGPO which is under “User Configuration” -> “Administrative Templates” -> “Desktop” -> “Desktop” and double click on it.
为了更改GPO,我们将找到以下GPO。 在此示例中,我们选择“用户配置”->“管理模板”->“桌面”->“桌面”下的Desktop WallpaperGPO,然后双击它。
We will see the following configuration screen where we will select theEnabledradio box below. By default, this group policy object is not enabled. In order to set the desktop wallpaper, we will provide the complete or full path of the wallpaper into the Wallpaper Name configuration like below. The last step will be clickingApplyin order to make this GPO change effective.
我们将看到以下配置屏幕,我们将在下面选择“Enabled单选框。 默认情况下,此组策略对象未启用。 为了设置桌面墙纸,我们将在墙纸名称配置中提供墙纸的完整或完整路径,如下所示。 最后一步是单击“Apply,以使此GPO更改生效。
翻译自: /what-is-gpo-group-policy-object-how-to-use-change-gpo-in-microsoft-windows/
gpo 软件限制策略
如果觉得《gpo 软件限制策略_什么是GPO(组策略对象)? 如何在Microsoft Windows中使用 更改GPO?...》对你有帮助,请点赞、收藏,并留下你的观点哦!
