Adding Registry ACLs to Group Policy Objects
One of the most useful features in Windows 2000 is the new Group Policy mechanism, explained in more detail in Chapter 7. The GPO mechanism allows you to designate a wide range of settings that you want applied to users and computers in your administrative domain. One feature of GPOs that’s worth a special mention in this chapter is that you can assign ACLs to Registry keys, then propagate those ACLs to computers throughout your domain as part of the domain GPO.
The actual process of adding Registry ACLs to a GPO is pretty straightforward:
Open the MMC and navigate to the Group Policy snap-in that owns the scope over which you want to apply these restrictions.
Expand the GPO’s node; you’re looking for the Computer Configuration→Windows Settings→Security Settings→Registry node.
Use the Add Key... command (available by right-clicking the Registry folder, from the Action menu, or right-clicking in the right half of the MMC console window).
The Select Registry Key dialog (see Figure 9-3) appears. Use it to either navigate directly to the key of interest or to specify the path by typing it into the Selected key field, then click OK.
Figure 9-3. Select the Registry key to which you want a new ACL applied
The standard Registry security dialog then appears (jump way back to Figure 5-12 if you need to see it again). Use it to apply the ACEs you want on ...
Get Managing The Windows 2000 Registry now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
