| System and method for implementing group policy -> Monitor Keywords |
|
|
 
System and method for implementing group policyRelated Patent Categories: Data Processing: Database And File Management Or Data Structures, Database Or File Accessing, Query Processing (i.e., Searching)System and method for implementing group policy description/claimsThe Patent Description & Claims data below is from USPTO Patent Application 20060167858, System and method for implementing group policy. Brief Patent Description - Full Patent Description - Patent Application Claims
[0001] The present application is a continuation of copending U.S. patent application Ser. No. 10/254,155, filed Sep. 24, 2002, which is a continuation of U.S. patent application Ser. No. 09/268,455, filed Mar. 16, 1999, now U.S. Pat. No. 6,466,932, which is a continuation-in-part of U.S. patent application Ser. No. 09/134,805 entitled "System and Method for Implementing Group Policy," filed on Aug. 14, 1998, now abandoned; all of the related applications are hereby incorporated by reference in their entireties. FIELD OF THE INVENTION [0002] The invention relates generally to computer systems and networks, and more particularly to an improved method and system for implementing policy for users and computers. BACKGROUND OF THE INVENTION [0003] Lost productivity at employees' computer desktops is a major cost for corporations, often resulting from user errors such as modifying system configuration files in ways that render the computer unworkable. Productivity is also lost when a computer desktop is too complex, such as when the desktop has too many non-essential applications and features thereon. At the same time, much of the expense of administering distributed personal computer networks is spent at the desktop, performing tasks such as fixing the settings that the user has incorrectly or inadvertently modified. [0004] As a result, enterprises such as corporations have established policies seeking to define settings for computer users. For example, a corporation may wish to have the same e-mail and word processing program on all their users' desktops, while certain users such as those in the engineering group have a common CAD program not available to users in the finance group. Another policy may selectively prevent a user from connecting to the Internet by writing information into the user's machine registry to prevent access. Centralized policy systems exist to allow an administrator some control over the settings that institute such policies, and provide benefits in scalability to assist in the administration of larger networks. For example, in networks organized into domains, (such as with Microsoft.RTM. Windows NT.RTM.4.0), such policies may be applied per domain, based on each domain user's membership in a security group. [0005] However, there are a number of drawbacks present with existing policy systems. One such drawback is that the policies are essentially static, whereby a user can change the settings and simply avoid the policy. It is cost prohibitive to have an administrator or the like go from machine to machine to check the settings on a regular basis. It is possible to force mandatory profiles on a user at each log-on based on the user's group membership. However such mandatory profiles are too inflexible, in that essentially all settings made by an individual user are lost whenever the user logs off. For example, with mandatory profiles, customizations to a desktop, such as window placement, adding words to a user's spell checker and the like, which most enterprises would consider permissible and even desirable because they tend to increase an employee's efficiency, are lost when the user logs off. [0006] Another significant drawback results from relying on a security group membership to determine the settings, particularly in that one group (the first group found for a user) determines that user's settings. Thus, if a user is a member of both the engineering and financial groups, the user will get only one set of policy settings. Present policy-determination systems, such as those basing policy on the domain plus membership in a security group, essentially follow a flat model, which does not fit well with a typical enterprise having a hierarchical organizational structure. SUMMARY OF THE INVENTION [0007] Briefly, the present invention provides a system and method for implementing policy for users and computers. Policy settings are placed into group policy objects, and each of the policy objects may be associated with one or more containers, such as hierarchically-organized directory objects (containers). e.g. a domain, site or organizational unit. Based upon administrator input, settings from policy objects are accumulated and associated with a policy recipient, whereby users' computers and the like receive the accumulated policy. To accumulate policy, the settings may be inherited from directory containers hierarchically above a policy recipient. The associated with other containers. The administrator's input also orders the group policy objects, whereby any conflicts are resolved by the ordering precedence, i.e., the policy's relative strength. Policy may be applied to a recipient by layering the policy settings, based on the ordering, weakest first such that strongest settings overwrite weaker settings, or by seeking policy information from the strongest to weakest policy until the desired policy is located. [0008] A number of very flexible conditions based on an Active Directory hierarchy may be included. By default, an object's parent container in the hierarchy is the strongest factor, but other containers to the parent may affect an object's policy, and by default, group policy affects each of the computers and users in a selected active directory container. A default inheritance evaluates group policy starting with the active directory container that is furthest away whereby the Active Directory container closest to the computer or user has the ability to override policy set in a higher level container, in the order of Site, Domain, Organizational Unit or Units (SDOU). Moreover, there is provided an option to block inheritance of policy from higher parent containers, however there are also options that allow policy of a specific group policy object to be enforced so that group policy objects in lower level containers cannot override the policy settings of higher level containers, i.e., an enforced option takes precedence. In addition, the effects of group policy may be filtered based on users or computers membership in a security group. [0009] Other advantages will become apparent from the following detailed description when taken in conjunction with the drawings, in which: BRIEF DESCRIPTION OF THE DRAWINGS [0010] FIG. 1 is a block diagram representing a computer system into which the present invention may be incorporated; [0011] FIG. 2 is a block diagram generally representing exemplary components for implementing policy in accordance with various aspects of the present invention; [0012] FIG. 3 is a block diagram generally illustrating hierarchical relationships between sites, domains organizational units and group policy objects of a network in accordance with one aspect of the present invention; [0013] FIG. 4 is a block diagram representing how a user may fit under a number of hierarchically organized directory containers associated with group policy objects; [0014] FIG. 5 is a representation of an exemplary user interface via which an administrator may associate group policy objects within the current Active Directory scoping; [0015] FIG. 6 is a block diagram representing a user under hierarchically organized directory containers associated with group policy objects; [0016] FIGS. 7A-7B comprise a flow diagram generally representing the steps taken to construct an ordered list of group policy objects for the user represented in FIG. 6 in accordance with one aspect of the present invention; [0017] FIGS. 8A-8M are representations of lists of group policy objects being used to construct the ordered list of group policy objects in accordance with one aspect of the present invention; [0018] FIG. 9 is the ordered list of group policy objects constructed for the user represented in FIG. 6 in accordance with one aspect of the present invention; [0019] FIG. 10 is a flow diagram generally representing the steps taken to apply policy to a registry during policy update events (e.g. machine boot or user logon) based on an ordered list; [0020] FIG. 11 is a block diagram representing how users may fit under hierarchically organized directory containers associated with group policy objects wherein one of the organizational units is linked to another; Continue reading about System and method for implementing group policy... Full patent description for System and method for implementing group policy Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this System and method for implementing group policy patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like System and method for implementing group policy or other areas of interest. ### Previous Patent Application: Semantic to non-semantic routing for locating a live expert Next Patent Application: System and method for improving online search engine results Industry Class: Data processing: database and file management or data structures ### FreshPatents.com Support Thank you for viewing the System and method for implementing group policy patent info. IP-related news and info Results in 0.1428 seconds Other interesting Feshpatents.com categories: Computers: Graphics , I/O , Processors , Dyn. Storage , Static Storage , Printers 174 |
 * Protect your Inventions * US Patent Office filing 
PATENT INFO |
|
