Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Group Policy Editor gpedit.msc

To Open

Start Run gpedit.msc

Description

One of the few features found only in Windows XP Professional, the Group Policy Editor goes far beyond the Control Panel, affecting settings that most users have never even heard of. While it does offer a number of quick fixes, such as removing the Recycle Bin from the desktop, it’s not intended as a replacement for tools like TweakUI or third-party shareware applications. Instead, it gives a system administrator the ability to create security policies for both individual machines and users, quickly rolling them out across a network and relying on Windows XP for enforcement (see Figure 4-41).

Figure 4-41. The Group Policy Editor gives you complete administrator’s access to Windows XP’s deepest settings


Unlike the Registry, which presents its arcane settings in a mountain of folders and sub folders, the GPE’s options are shown in a handful of folders in (mostly) plain English, such as “Do not automatically start Windows Messenger initially” and “Rename Guest Account.” (And there are obscure ones as well, such as “Add Run in Separate Memory Space checkbox to Run dialog box.”) Although the presentation is different, most settings here are indeed implemented as changes to values and keys in your Registry.

Before applying any option that you don’t recognize, make sure you understand exactly what it will do to your system. Double-click the entry in the right window to summon its full Properties dialog box, which is often accompanied by an Explain tab with details. Another good source: select Help Help Topics from the GPE’s menu bar. Failing that, go to Microsoft’s Knowledgebase at http://support.microsoft.com/ and search for “Group Policy Editor” for a list of articles.

Be very careful when using this tool. It makes it possible to restrict or reconfigure almost every security setting on your computer, which means that it’s very easy to break something. And there’s no undo feature.


Examples

Here’s a handful of the more entertaining settings you can play with in the Group Policy Editor:


Choose Places for your Places Bar

Go to User Configuration\Administrative Templates\Windows Components\Windows Explorer\Common Open File Dialog, and double-click the Items Displayed in Places Bar option. Click Enabled, and then type the full path names of up to five folders on your hard disk. Click OK, and these folders will appear in the gray “Places” bar on the left side of most File Open and File Save dialog boxes.

There aren’t any Browse buttons in this dialog, but you can specify folder paths without typing by opening Windows Explorer, navigating to the folders you want, highlighting the text in the Address bar, copying it, and pasting the text into the Group Policy Editor’s dialog box. Alternatively, you can use Creative Element Power Tools (http://www.creativelement.com/powertools/) to customize your Places Bar more easily, as well as the Places Bar in Microsoft Office file dialogs.



Startup and Shutdown Scripts

Go to Computer Configuration\Windows Settings\Scripts (Startup/Shutdown), and then double-click the Shutdown entry on the right. Click the Add button, choose a .VBS (VBScript) file on your hard disk, and that script will be run every time you shut down your computer.

You’ll also find corresponding settings in User Configuration\Windows Settings\Scripts (Logon/Logoff). These work similarly, except they’re activated every time you log on or off (as opposed to when you turn on your computer or shut it down).


Go to User Configuration\Administrative Templates\System\Scripts and Computer Configuration\Administrative Templates\System\Scripts for settings that affect how these scripts work.


Turn Off CD/DVD Autoplay

Go to Computer Configuration\Administrative Templates\System and double-click the Turn off Autoplay option on the right. If you enable this option, Windows will no longer play CDs and DVDs automatically when you insert them.


Pretty-up Internet Explorer

Go to User Configuration\Windows Settings\Internet Explorer Maintenance\Browser User Interface to choose your own images for the pulsing logo and toolbar background, and customize or remove the additional text shown in Internet Explorer’s title bar.


Improve Security Logging

Go to Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy and enable any of the settings here to log the corresponding events. For example, set both the Audit account login attempts and Audit login attempts settings to “Success,” and any failed attempt to log on to your system will be logged. To view these logs, open the Event Viewer (eventvwr.msc), discussed in the Microsoft Management Console section later in this chapter.

Each of the settings in this branch have two options: “Success” and “Failure,” and this can be somewhat confusing. Choose “Success” to log those instances in which the security policy has been successful, such as when your computer successfully keeps out an intruder. Conversely, select “Failure” to log only those instances when security has been compromised.



Disable User Tracking

Go to User Configuration\Administrative Templates\Start Menu and Taskbar, double-click the “Turn off user tracking” entry to the right, and click Enabled. This will stop Windows from recording every program you run, every document you open, and every folder path you view, thus hobbling such features as “personalized” menus and the Recent Documents menu.

Notes

If you aren’t comfortable playing with these features, or if you have the Home edition of Windows XP, you can use the safer TweakUI “PowerToy.” Note: it provides access to only a handful of the settings found in the Group Policy Editor. See Appendix D for details.

  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint