In Parts 2 through 5 of this series of articles, I described the many security settings in Microsoft Internet Explorer (IE) 5.0. (To locate Parts 1 through 5 of this series, select one of the related articles from the Article Information box at the right.) You've probably now identified some areas where you need to improve browser security. Like many administrators, however, you might have hundreds or even thousands of workstations where you need to make these changes. In addition, you need to prevent users from going back and reversing your stricter security settings. To accomplish all this in Windows 2000 (Win2K), you can use Group Policy Objects (GPOs) that you link to your Active Directory (AD) domain or to organizational units (OUs) in your domain.
Editing GPOs
To begin, you need to edit a GPO. For instance, to define IE settings for all users in your domain, open Active Directory Users and Computers, right-click the root of the domain, and select Properties. Select the Group Policy tab and edit the Default Domain Policy GPO, which contains several settings that pertain to IE configuration. First, maneuver to User Configuration, Windows Settings, Internet Explorer Maintenance, as Figure 1 shows. In this area you can edit the same configuration settings that you access in IE through the Tools, Internet Options menu. The difference is that Win2K automatically applies the policies you define here to all the applicable users in the domain—you don't need to configure each user separately. The Browser User Interface folder lets you customize IE’s title, animated bitmaps, logo, and tool bar buttons. The Connection folder lets you configure how IE reaches the Internet, including proxy server settings. The URLs folder lets you configure Favorites, define standard home and search pages, and specify channels. The Programs folder lets you can tell IE which email client to use or where to find contacts. . . .
Register
