System and method for implementing group policy

US 6,950,818 B2
Filed: 09/24/2002
Issued: 09/27/2005
Est. Priority Date: 08/14/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method, comprising:

placing policy settings into a plurality of group policy objects, each policy object associated with a directory container in a set of directory containers arranged in a hierarchy;

accumulating the policy settings of the plurality of group policy objects into an accumulated policy, wherein conflicting settings are resolved based on the hierarchy and inheritance data, and wherein the inheritance data indicates that policy settings of a first policy object hierarchically above a second policy object are suggested and are allowed to be blocked by the second policy object; and

associating the accumulated policy with a policy recipient associated with the set of directory containers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for implementing policy by accumulating policies for a policy recipient from policy objects associated with a hierarchically organized structure of containers, such as directory containers (sites, domains and organizational units) that includes the policy recipient. Based on administrator input, policy settings for the policy recipient may be accumulated into a specific order by inheriting policy from higher containers, which may enforce their policy settings over those of lower containers. Policy that is not enforced may be blocked at a container. The result is an accumulated set of group policy objects that are ordered by relative strength to resolve any policy conflicts. Policy may be applied to a policy recipient by calling extensions, such as an extension that layers the policy settings into the registry or an extension that uses policy information from the objects according to the ordering thereof.

217 Citations

30 Claims

1. A computer-implemented method, comprising:
- placing policy settings into a plurality of group policy objects, each policy object associated with a directory container in a set of directory containers arranged in a hierarchy;
  
  accumulating the policy settings of the plurality of group policy objects into an accumulated policy, wherein conflicting settings are resolved based on the hierarchy and inheritance data, and wherein the inheritance data indicates that policy settings of a first policy object hierarchically above a second policy object are suggested and are allowed to be blocked by the second policy object; and
  
  associating the accumulated policy with a policy recipient associated with the set of directory containers.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the inheritance data indicates that policy settings of a first policy object hierarchically above a second policy object are enforced and must be inherited.
  - 3. The method of claim 1 wherein the inheritance data indicates that non-enforced policy settings of a first policy object hierarchically above a second policy object are to be blocked.
  - 4. The method of claim 1 wherein accumulating the policy comprises arranging the policy objects into a master list for applying to the policy recipient.
  - 5. The method of claim 1 further comprising, applying policy settings to the policy recipient, including inheriting at least one policy settings from a policy object that is hierarchically above the policy recipient.
  - 6. The method of claim 1 further comprising, applying policy settings to the policy recipient, including blocking at least one policy settings from a policy object that is hierarchically above the policy recipient.

7. A computer-readable medium having computer-executable instructions for performing a method, comprising:
- placing policy settings into a plurality of group policy objects, wherein each of the policy objects is associated with a directory container organized in a hierarchy of directory containers;
  
  inheriting at least some of the settings from at least one policy object associated with a directory container hierarchically above a policy recipient;
  
  blocking the inheritance of settings from at least one other policy object associated with a directory container hierarchically above the policy recipient;
  
  ordering the group policy objects based on the hierarchy of directory containers; and
  
  associating the ordering of the group policy objects with the policy recipient, wherein at least one policy object includes an exclusion list of at least one user to which the policy will not apply.
- View Dependent Claims (8, 9)
- - 8. The computer-readable medium of claim 7 further comprising, applying policy settings to the policy recipient based on the ordering of the group policy objects.
  - 9. The computer-readable medium of claim 7 wherein at least one policy object includes an inclusion list of at least one user to which the policy will apply.

10. A computer-readable medium having computer-executable instructions for performing a method, comprising:
- placing policy settings into a plurality of group policy objects, wherein each of the policy objects is associated with a directory container organized in a hierarchy of directory containers;
  
  inheriting at least some of the settings from at least one policy object associated with a directory container hierarchically above a policy recipient;
  
  blocking the inheritance of settings from at least one other policy object associated with a directory container hierarchically above the policy recipient;
  
  ordering the group policy objects based on the hierarchy of directory containers; and
  
  associating the ordering of the group policy objects with the policy recipient, wherein at least one policy object includes an inclusion list of at least one user to which the policy will apply.
- View Dependent Claims (11, 12)
- - 11. The computer-readable medium of claim 10 further comprising, applying policy settings to the policy recipient based on the ordering of the group policy objects.
  - 12. The computer-readable medium of claim 10 wherein at least one policy object includes an exclusion list of at least one user to which the policy will not apply.

13. A computer-readable medium having computer-executable instructions for performing a method, comprising:
- placing policy settings into a plurality of group policy objects, wherein each of the policy objects is associated with a directory container organized in a hierarchy of directory containers;
  
  inheriting at least some of the settings from at least one policy object associated with a directory container hierarchically above a policy recipient;
  
  blocking the inheritance of settings from at least one other policy object associated with a directory container hierarchically above the policy recipient;
  
  ordering the group policy objects based on the hierarchy of directory containers; and
  
  associating the ordering of the group policy objects with the policy recipient, including developing an ordered master list of group policy objects; and
  
  applying policy settings to the policy recipient, including writing settings from the group policy objects into a database from weakest to strongest based on the ordered master list.
- View Dependent Claims (14, 15, 16)
- - 14. The computer-readable medium of claim 13 further comprising, seeking a defined policy setting to apply to the policy recipient by evaluating policy settings from the group policy objects from strongest to weakest based on the ordered master list.
  - 15. The computer-readable medium of claim 13 wherein at least one policy object includes an exclusion list of at least one user to which the policy will not apply.
  - 16. The computer-readable medium of claim 13 wherein at least one policy abject includes an inclusion list of at least one user to which the policy will apply.

17. A computer-readable medium having computer-executable instructions for performing a method, comprising:
- placing policy settings into a plurality of group policy objects, wherein each of the policy objects is associated with a directory container organized in a hierarchy of directory containers;
  
  inheriting at least some of the settings from at least one policy object associated with a directory container hierarchically above a policy recipient;
  
  blocking the inheritance of settings from at least one other policy object associated with a directory container hierarchically above the policy recipient;
  
  ordering the group policy objects based on the hierarchy of directory containers;
  
  associating the ordering of the group policy objects with the policy recipient, including developing an ordered master list of group policy objects; and
  
  seeking a defined policy setting to apply to the policy recipient by evaluating policy settings from the group policy objects from strongest to weakest based on the ordered master list.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The computer-readable medium of claim 17 further comprising, applying policy settings to the policy recipient based on the ordering of the group policy objects.
  - 19. The computer-readable medium of claim 17 further comprising, applying policy settings to the policy recipient, including writing settings from the group policy objects into a database from weakest to strongest based on the ordered master list.
  - 20. The computer-readable medium of claim 17 wherein at least one policy object includes an exclusion list of at least one user to which the policy will not apply.
  - 21. The computer-readable medium of claim 17 wherein at least one policy object includes an inclusion list of at least one user to which the policy will apply.

22. A computer-readable medium having computer-executable instructions for performing a method, comprising:
- placing policy settings into a plurality of group policy objects, wherein each of the policy objects is associated with a directory container organized in a hierarchy of directory containers;
  
  inheriting at least some of the settings from at least one policy object associated with a directory container hierarchically above a policy recipient;
  
  blocking the inheritance of settings from at least one other policy object associated with a directory container hierarchically above the policy recipient;
  
  ordering the group policy objects based on the hierarchy of directory containers; and
  
  associating the ordering of the group policy objects with the policy recipient;
  
  disabling at least part of the association between a directory container and a group policy object.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
- - 23. The computer-readable medium of claim 22 further comprising, applying policy settings to the policy recipient based on the ordering of the group policy objects.
  - 24. The computer-readable medium of claim 22 wherein associating the ordering of the group policy objects with the policy recipient comprises, developing an ordered master list of group policy objects.
  - 25. The computer-readable medium of claim 24 further comprising, applying policy settings to the policy recipient, including writing settings from the group policy objects into a database from weakest to strongest based on the ordered master list.
  - 26. The computer-readable medium of claim 24 further comprising, applying policy settings to the policy recipient, including seeking a defined policy setting to apply to the policy recipient by evaluating policy settings from the group policy objects from strongest to weakest based on the ordered master list.
  - 27. The computer-readable medium of claim 22 wherein disabling at least part of the association comprises disabling the computer settings but not the user settings.
  - 28. The computer-readable medium of claim 22 wherein disabling at least part of the association comprises disabling the user settings but not the computer settings.
  - 29. The computer-readable medium of claim 22 wherein at least one policy object includes an exclusion list of at least one user to which the policy will not apply.
  - 30. The computer-readable medium of claim 22 wherein at least one policy object includes an inclusion list of at least one user to which the policy will apply.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Flo, Eric R., Plastina, Daniel, Corrington, Robert E., Kays, David E. Jr., Freed, Michele L., Dennis, Michael W.
Primary Examiner(s)
Rones, Charles
Assistant Examiner(s)
Veillard, Jacques

Application Number

US10/254,155
Publication Number

US 20030023587A1
Time in Patent Office

1,099 Days
Field of Search

707/1, 707/3, 707/9, 707/10, 707100-102, 707/103.R, 707/104, 707/104.1, 707/204, 709/203, 709/220, 709/223, 709/225, 709/226, 709/246, 713/200, 713/201, 711/147, 711/163, 717/176, 715/513
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

G06Q 10/10   Office automation; Time man...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99939   Privileged access

Y10S 707/99942   Manipulating data structure...

Y10S 707/99945   Object-oriented database st...

Y10S 707/99953   Recoverability

System and method for implementing group policy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

217 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for implementing group policy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

217 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links