Disabling Unused Group Policy Settings
If the Computer Configuration or User Configuration node for a sy0-201 security has only settings that are Not Configured, then you can avoid processing those settings by disabling the node. Disabling unused Group Policy settings is recommended because it expedites startup and logging on for those users and computers subject to the GPO.
To disable the computer configuration or user configuration settings for a GPO, complete the following steps:
1.Access the Group Policy Object Editor for the GPO.
2.Right-click the root node, and then click Properties.
3.In the General tab in the Properties dialog box for the GPO, do one of the following:
To disable the computer configuration settings, select the Disable Computer Configuration Settings check box.
To disable the user configuration settings, select the Disable User Configura?tion Settings check box.
4.Click OK.
To specify the Block Policy Inheritance option, complete the following steps:
1.Open the Active Directory Users And Computers console to specify the Block Policy Inheritance option for a domain or OU, or open the Active Directory Sites And Services console to specify the Block Policy Inheritance option for a site.
2.In the console, right-click the site, domain, or OU for which you want to specify the Block Policy Inheritance option, click Properties, and then click the Group Policy tab.
3.In the Properties dialog box for the object, in the Group Policy tab, select the Block Policy Inheritance check box. By checking this box, you specify that all GPOs linked to higher level sites, domains, or OUs should be blocked from linking to this site, domain, or OU. You cannot block GPOs that use the No Override option.
You’ve been asked to configure five public access computers that run the Windows XP Professional operating system in the Humongous Insurance lobby. You configure a GPO called LockDown that restricts the options that people have in operating these systems. However, you are concerned that some of your domain users might log on to these systems, which would change the appearance of the desktop. You want to be sure that the user settings that you’ve configured for the LockDown GPO apply to anyone who logs on to the public computers. What can you do?
Create a new OU named Public and link the LockDown GPO to that OU. Move the computer accounts for each of those computers to the LockDown OU. Then, on the LockDown OU, enable the Computer Configuration, Administrative Templates, System, Group Policy, User Group Policy Loopback Processing Mode policy for Replace mode. This will ensure 70-640 that everyone receives an identical desktop configuration.