System and method for implementing group policy
First Claim
1. A computer-implemented method, comprising:
- placing policy settings into a plurality of group policy objects, each policy object associated with a directory container in a set of directory containers arranged in a hierarchy;
accumulating the policy settings of the plurality of group policy objects into an accumulated policy, wherein conflicting settings are resolved based on the hierarchy and inheritance data, and wherein the inheritance data indicates that policy settings of a first policy object hierarchically above a second policy object are suggested and are allowed to be blocked by the second policy object; and
associating the accumulated policy with a policy recipient associated with the set of directory containers.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for implementing policy by accumulating policies for a policy recipient from policy objects associated with a hierarchically organized structure of containers, such as directory containers (sites, domains and organizational units) that includes the policy recipient. Based on administrator input, policy settings for the policy recipient may be accumulated into a specific order by inheriting policy from higher containers, which may enforce their policy settings over those of lower containers. Policy that is not enforced may be blocked at a container. The result is an accumulated set of group policy objects that are ordered by relative strength to resolve any policy conflicts. Policy may be applied to a policy recipient by calling extensions, such as an extension that layers the policy settings into the registry or an extension that uses policy information from the objects according to the ordering thereof.
217 Citations
30 Claims
-
1. A computer-implemented method, comprising:
-
placing policy settings into a plurality of group policy objects, each policy object associated with a directory container in a set of directory containers arranged in a hierarchy;
accumulating the policy settings of the plurality of group policy objects into an accumulated policy, wherein conflicting settings are resolved based on the hierarchy and inheritance data, and wherein the inheritance data indicates that policy settings of a first policy object hierarchically above a second policy object are suggested and are allowed to be blocked by the second policy object; and
associating the accumulated policy with a policy recipient associated with the set of directory containers. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable medium having computer-executable instructions for performing a method, comprising:
-
placing policy settings into a plurality of group policy objects, wherein each of the policy objects is associated with a directory container organized in a hierarchy of directory containers;
inheriting at least some of the settings from at least one policy object associated with a directory container hierarchically above a policy recipient;
blocking the inheritance of settings from at least one other policy object associated with a directory container hierarchically above the policy recipient;
ordering the group policy objects based on the hierarchy of directory containers; and
associating the ordering of the group policy objects with the policy recipient, wherein at least one policy object includes an exclusion list of at least one user to which the policy will not apply. - View Dependent Claims (8, 9)
-
-
10. A computer-readable medium having computer-executable instructions for performing a method, comprising:
-
placing policy settings into a plurality of group policy objects, wherein each of the policy objects is associated with a directory container organized in a hierarchy of directory containers;
inheriting at least some of the settings from at least one policy object associated with a directory container hierarchically above a policy recipient;
blocking the inheritance of settings from at least one other policy object associated with a directory container hierarchically above the policy recipient;
ordering the group policy objects based on the hierarchy of directory containers; and
associating the ordering of the group policy objects with the policy recipient, wherein at least one policy object includes an inclusion list of at least one user to which the policy will apply. - View Dependent Claims (11, 12)
-
-
13. A computer-readable medium having computer-executable instructions for performing a method, comprising:
-
placing policy settings into a plurality of group policy objects, wherein each of the policy objects is associated with a directory container organized in a hierarchy of directory containers;
inheriting at least some of the settings from at least one policy object associated with a directory container hierarchically above a policy recipient;
blocking the inheritance of settings from at least one other policy object associated with a directory container hierarchically above the policy recipient;
ordering the group policy objects based on the hierarchy of directory containers; and
associating the ordering of the group policy objects with the policy recipient, including developing an ordered master list of group policy objects; and
applying policy settings to the policy recipient, including writing settings from the group policy objects into a database from weakest to strongest based on the ordered master list. - View Dependent Claims (14, 15, 16)
-
-
17. A computer-readable medium having computer-executable instructions for performing a method, comprising:
-
placing policy settings into a plurality of group policy objects, wherein each of the policy objects is associated with a directory container organized in a hierarchy of directory containers;
inheriting at least some of the settings from at least one policy object associated with a directory container hierarchically above a policy recipient;
blocking the inheritance of settings from at least one other policy object associated with a directory container hierarchically above the policy recipient;
ordering the group policy objects based on the hierarchy of directory containers;
associating the ordering of the group policy objects with the policy recipient, including developing an ordered master list of group policy objects; and
seeking a defined policy setting to apply to the policy recipient by evaluating policy settings from the group policy objects from strongest to weakest based on the ordered master list. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A computer-readable medium having computer-executable instructions for performing a method, comprising:
-
placing policy settings into a plurality of group policy objects, wherein each of the policy objects is associated with a directory container organized in a hierarchy of directory containers;
inheriting at least some of the settings from at least one policy object associated with a directory container hierarchically above a policy recipient;
blocking the inheritance of settings from at least one other policy object associated with a directory container hierarchically above the policy recipient;
ordering the group policy objects based on the hierarchy of directory containers; and
associating the ordering of the group policy objects with the policy recipient;
disabling at least part of the association between a directory container and a group policy object. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
Specification