Microsoft Windows Registry Guide, Second Edition
Chapter 7
Using Registry-Based Policy
IT professionals use Group Policy to manage users' desktop environments. First introduced in Microsoft Windows 2000, Group Policy enables you to dramatically reduce the cost of deploying and managing desktops. This involves deploying standard desktop configurations rather than wasting money to support individual users. Using Group Policy in this way enforces corporate standards and configures users' computers, freeing them from this task and enabling them to do their jobs. For example, you enhance productivity by configuring users' applications, data, and settings so that they follow users regardless of where users log on to the network. Windows XP and Microsoft Windows Server 2003 (Windows) extend Group Policy with new settings, new features, and significant improvements.
In this chapter, I focus on local registry-based policies. Group Policy in the enterprise is a big subject, and one that requires familiarity with Active Directory. At the end of this chapter, however, you'll find a list of more resources that are useful for learning more about both Active Directory and Group Policy. Rather than teaching you about sites, domains, and organizational units (OUs), which are peripherally related to the Windows registry, I show you how to implement registry-based policies in a local Group Policy object. This information directly applies to network Group Policy. Because of the focus of this book–more or less quick and easy tricks for the IT professional–I also show you how to define your own policies and even deploy Windows policies on networks that aren't based on Active Directory, including Microsoft Windows NT and Novell Netware.
Whether you're an IT professional or a power user, this chapter is for you. If you're an IT professional, I assume that you understand the key Active Directory and Group Policy concepts. If you're not an IT professional, I don't anticipate that you will try to use this information in an enterprise environment, so this information is fairly complete. For example, power users often define local policies to customize their computers, and this doesn't require a lot of information about Active Directory or policy inheritance. In fact, some of the most popular and interesting customizations are available in Group Policy already, so you don't need to hack the registry at all.