共用方式為


Overview of Security Policy Deployment

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Your organization’s data is subject to various types of risks, including user errors and malicious attacks. Attackers can gain access to the system, rendering systems useless or disrupting services. Attackers can also modify, delete, or steal information. As you analyze the potential security threats and how to handle those threats, consider how much time, money, and effort you want to invest in developing security strategies and controls for your organization.

Group Policy is one of the main tools that you can use to specify security policy for servers, workstations, and domain controllers. By using Group Policy, you can create and apply security policies to simplify and centralize the process for configuring and managing security for servers running Microsoft® Windows® 2000 Server and Windows Server 2003 and workstations running Microsoft® Windows® XP Professional and Microsoft® Windows® 2000 Professional.

You can use Group Policy to specify configuration options for IPSec, security settings (such as user rights, password policies, file and registry access control lists [ACLs], and service startup modes), software restriction policies, and wireless network configurations.

Before you deploy security policies by using Group Policy in an Active Directoryenvironment, you must complete your deployment design for the following areas:

  • IT requirements. Understand how domains and organizational units (OUs) are created and managed in your organization and obtain a list of the administrative owners.

  • Active Directory and security. You must have Active Directory to use Group Policy. While you are deploying Active Directory, design the OUs in your organization to delegate administration authority and to implement Group Policy. Create a security plan that includes authentication, password requirements, resource security (such as file security), auditing, and security group membership. For more information about Active Directory and creating a security plan, see Designing and Deploying Directory and Security Services of this kit.