System and method for implementing group policy
First Claim
1. A computer-readable medium having computer-executable instructions for performing a method, comprising:
- placing policy settings into a plurality of group policy objects, each policy object associated with at least one directory container;
accumulating the policy settings of the plurality of group policy objects into an accumulated policy for a policy recipient; and
associating the accumulated policy with the policy recipient.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for implementing policy by accumulating policies for a policy recipient from policy objects associated with a hierarchically organized structure of containers, such as directory containers (sites, domains and organizational units) that includes the policy recipient. Based on administrator input, policy settings for the policy recipient may be accumulated into a specific order by inheriting policy from higher containers, which may enforce their policy settings over those of lower containers. Policy that is not enforced may be blocked at a container. The result is an accumulated set of group policy objects that are ordered by relative strength to resolve any policy conflicts. Policy may be applied to a policy recipient by calling extensions, such as an extension that layers the policy settings into the registry or an extension that uses policy information from the objects according to the ordering thereof. Linking of group policy objects to one or more containers (e.g., sites, domains and organizational units) is provided, as is exception management. The effects of group policy may be filtered based on users'"'"' or computers'"'"' membership in security groups.
-
Citations
32 Claims
-
1. A computer-readable medium having computer-executable instructions for performing a method, comprising:
-
placing policy settings into a plurality of group policy objects, each policy object associated with at least one directory container;
accumulating the policy settings of the plurality of group policy objects into an accumulated policy for a policy recipient; and
associating the accumulated policy with the policy recipient. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable medium having computer-executable instructions for performing a method, comprising:
-
placing policy settings into a plurality of group policy objects, wherein each of the policy objects is associated with a directory container organized in a hierarchy of directory containers;
inheriting at least some of the settings from at least one policy object associated with a directory container hierarchically above a policy recipient;
blocking the inheritance of settings from at least one other policy object associated with a directory container hierarchically above the policy recipient;
ordering the group policy objects based on the hierarchy of directory containers; and
associating the ordering of the group policy objects with the policy recipient. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A computer-implemented method, comprising:
-
placing policy settings into a plurality of group policy objects, each policy object associated with a directory container in a set of directory containers arranged in a hierarchy;
accumulating the policy settings of the plurality of group policy objects into an accumulated policy, wherein conflicting settings are resolved based on the hierarchy and inheritance data; and
associating the accumulated policy with a policy recipient associated with the set of directory containers. - View Dependent Claims (27, 28, 29, 30, 31, 32)
-
Specification