Group Policy–Enabled Applications

Many readers said they'd "like to see a policy of all applications and OS settings being incorporated in Group Policy to give total central management." Microsoft has started Group Policy-enabling its applications, such as Microsoft Office 2003, but enabling third-party applications is up to each application's developers. The Group Policy team encourages you to "lobby your software vendor if you want this capability in an application."

Mark Williams (program manager, Group Policy) told me, "We've heard loud and clear that customers want to manage more parts of the operating system and with more granularity." When I asked for examples of what the team is doing in response to this need, he said, "The number of policy settings in Windows XP Service Pack 2 (SP2) has increased significantly, to over 1300 in total. For example, you can use Group Policy to customize Windows Firewall. At a basic level, it's easy to use Group Policy to turn off Windows Firewall. But Microsoft doesn't recommend this (unless you have an alternative firewall installed). Instead, Group Policy lets you manage which programs can 'listen' on ports, which ports are opened, whether remote administration tools and file and print services are allowed, and so on. Internet Explorer (IE) is another example where we've listened to customers who want true policy setting support and a flexible model that fully recognizes the concept of the IE zone. Many new IE policy settings focus on security-whether ActiveX controls (signed or unsigned) can be downloaded, management of XP SP2's new pop-up blocker, add-in management, and so on." The white paper "Managing Windows XP Service Pack 2 Features Using Group Policy" (http://go.microsoft.com/fwlink/?linkId=31974) describes these policy settings.