133 results about "Group Policy" patented technology

The disclosure provides a system and method for a client connected to a server to a resource in a network. For the system a virtual machine module is provided to access a library and to create virtual machine templates and to create virtual machines from the virtual machine templates. The virtual machine module provides to a host machine in the network access to machines, user profile settings and instances of an application in the network and to multiple operating systems. The client has: access to an instance of the resource; an access module to provide the client with communication to access to the server using load balancing algorithms to access the file using Remote Desktop Protocol (RDP) commands; and an authentication module providing access to a directory structure accessed by the server using Microsoft Group Policy Objects (GPOs) and Active Directory (AD) services to authenticate the client with the server.

A method and system for implementing policy by accumulating policies for a policy recipient from policy objects associated with a hierarchically organized structure of containers, such as directory containers (sites, domains and organizational units) that includes the policy recipient. Based on administrator input, policy settings for the policy recipient may be accumulated into a specific order by inheriting policy from higher containers, which may enforce their policy settings over those of lower containers. Policy that is not enforced may be blocked at a container. The result is an accumulated set of group policy objects that are ordered by relative strength to resolve any policy conflicts. Policy may be applied to a policy recipient by calling extensions, such as an extension that layers the policy settings into the registry or an extension that uses policy information from the objects according to the ordering thereof.

A computer system configured for policy-based management of software updates is disclosed. The system maintains group-policy objects, with which groups of computers are associated. The system obtains identities of software updates from a source of software updates. The system also obtains filter criteria for each update, for determining whether the update should be applied to a particular computer or not. The system assigns newly available updates to respective selected group-policy objects and adds the obtained filter criteria to each such group-policy object. The system performs necessary installations of updates by, for each group-policy object, determining whether, for each combination of a computer belonging to a group associated with that policy object and an update assigned to that policy object, the computer satisfies the filter criteria for the update, and if so, applying the update to that computer, but if not, refraining from applying the update.

To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a process's token. The rule includes an application-criterion set and changes to be made to the groups and/or privileges of a token. The rule is set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers. When a GPO containing a rule is applied to a computer, a driver installed on the computer accesses the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process.

A system and method comprising a reporting mechanism for outputting an HMTL and XML document from a collection of hierarchically maintained settings such as group policy object settings or resultant set of policy data. The reporting mechanism provides a substantially complete view of which settings are configured (enabled) in a given group policy object, or a view for a resultant set of policy (that is applied to a given SOM), along with the values of the settings. The markup language format enables viewing a flat representation of the settings, and printing, saving and/or transporting of the settings. XML schemas describe a valid representation of group policy settings, and a valid representation of resultant set of policy.

A system and method for managing group policy objects in a network, including interfaces that allow access by programs or a user interface component to functions of a group policy management console that performs management tasks on group policy objects and other related objects. The interfaces abstract the underlying data storage and retrieval, thereby facilitating searching for objects, and providing the ability to delegate, view, change and permissions on those objects, and check and save those permissions. Modeling and other test simulations are facilitated by other interfaces. Other interfaces provide dynamic and interactive features, such as to convey progress and rich status messages, and allow canceling of an ongoing operation. Still other interfaces provide methods for operating on group policy related data, including group policy object backup, restore, import, copy and create methods, and methods for linking group policy objects to scope of management objects.

A computer system characterized by a container hierarchy uses a workload manager to allocate computing resources to workloads. The workload manager can allocate resources as a function of aggregate characteristics of a group of workloads, even where the group does not conform to the container hierarchy.

A method and apparatus for facilitating instant messaging utilizes a secure instant message group policy certificate issued by an instant messaging public key infrastructure policy certificate issuing unit. The secure instant messaging group policy certificate is received, such as through a local instant messaging secure public key infrastructure proxy, and contains data defining the group members, references to other groups, security controls and relevant data such as allowed algorithms. The secure instant messaging group policy certificate defines a plurality of different instant messaging groups, each identified by an instant messaging group identifier. Each instant messaging group identifier is associated with a plurality of instant message group number identifiers.

The invention relates to a resource allocation system in a private cloud environment. The system comprises a global policy controller, cloud application policy controllers and group policy controllers, wherein a resource manager interacts with a resource exploring proxy, receives index data, judges whether an alarm is generated for the index data or not according to alarm conditions, and if so, submits the alarm to a policy control network; the group policy controller first processes the alarm, generates a resource adjusting plan if the alarm can be processed, and reports the alarm to the cloud application policy controller if the alarm cannot be processed; the cloud application policy controller processes the received alarm, generates the resource adjusting plan if the alarm can be processed, and reports the alarm to the global policy controller if the alarm cannot be processed; the global policy controller processes the received alarm and generates the resource adjusting plan; the policy control network returns the resource adjusting plan to the resource manager; and the resource manager executes the resource adjusting plan. By constructing graded control policies and assisting coordination mechanisms among the control policies in different grades, the invention effectively improves the utilization rate of private cloud resource.

A registry of system information may have several sections. Group policies may be represented by entries in particular sections of the registry. A policy map may map group policies to the sections and entries of the registry. A policy map registry section field of the policy map may specify one or more sections of the registry to which group policies are mapped. The policy map may include one or more registry variable policy map fields, each of which may specify mappings for different types of registry variables. A configuration file repository may include sets and versions of policy configuration files that include policy maps. A group policy configuration tool may retrieve and parse policy maps, and update group policies corresponding to the policy maps.

The present invention teaches a methodology for provisioning and managing a network having many network devices. In certain embodiments, groups of member devices are created each having a group policy configuration inherited by member devices. A variety of rules regarding prioritization, versioning, system snapshot, redo and undo are also taught. This embodiment is useful when the network devices can be partitioned into groups of similar type devices for similar applications. Similar physical attributes can also be mappend into identical virtual attributes, enabling policy configurations to be applied to varying devices and physical attribute configurations can be resolved upon device installation.

The present invention addresses the management of user groups, user contact lists, and user access lists in a telecom-communication system whereby a user access to a group and list management server for creating, deleting or modifying a group, contact list and access list in terms of group policies and members. User groups, user contact lists, and user access lists are operated without any validation other than being syntactically correct, and without taking into consideration the users access capabilities, the users privacy, and even the user existence. In particular, the telecommunication system may comprise a number of networks operated by different network operators where the users hold subscriptions. The present invention offers a new interface between a group management server and a subscriber server of a network operator where the users hold their subscriptions, so that user policies in the subscriber server govern operations on groups, contact lists and access lists.

The invention provides a terminal equipment remote software version distribution method and system. A version link list is maintained for each set of terminal equipment managed by the system, the terminal equipment programs are supported to be split according to any number of software component types easy to manage, the version link list is established for each type of software component, different software component types have separately independent upgrading lines, and upgrading of all types of software components is not mutually dependent; a group policy mode is utilized, and automatic upgrading after registration of new equipment within group range can be supported; and a software distribution agent side acquires the real version number of the software components through the agreed program interface or system storage data to be matched with the version number recorded in a server side so that authenticity and uniqueness of the version link list can be guaranteed. Fine control and management of terminal equipment remote software distribution and unified version management can be efficiently, safely and conveniently performed.

A group event processing entity receives and processes a group event notification wherein a set of policy rules is determined that controls the performance of an action as relates to at least one of a member user equipment of a group session or an access network resource for the group session. Additionally, a group policy decision entity receives a request to establish a group access network resource for a group of user equipment and determines a set of applicable policy rules for establishing the group access network resource, wherein the set includes a policy rule that controls performance of an action when a base station in a wireless access network is unable to provide resources to support the requested group access network resource. The group policy decision entity provides the set of applicable policy rules to a group policy enforcement entity.

A mobile telecommunications network includes: a radio access network having radio means (2000) for wireless communication with a plurality of terminals (10) registered with the telecommunications network and control means (700) operable to control interaction of the terminals with the radio access network; and a core (2030) including a store of policy information comprising group policy data (2210) applicable to a group of the terminals and individual policy data applicable to respective ones of the terminals (10), and distribution means operable to provide to the control means associated with each of the terminals an indicator of the group policy data applicable to each of the terminals and the individual policy data applicable to each of the terminals.

Comprehensive change control and enhanced management of GPOs in a client-server environment is described. A Group Policy Management Console (GPMC) extension provides seamless integration with GPMC. The application or extension provides a secure archive for controlling changes to GPOs. To change a GPO, an administrator “checks out” the GPO from the archive or vault. When changes are complete, the GPO is “checked in” to the vault. Differences between archived versions and/or live versions are reviewed using GPMC-style reports. When a GPO is ready for deployment, it can be transferred to the live environment. At any time, one or more live GPOs can be “rolled back” to an archived version. GPO data in the secure archive is maintained in XML files, greatly reducing infrastructure requirements.

A policy application method for Machine Type Communication (MTC) and a Policy and Charging Enforcement Function (PCEF) are provided by the disclosure. The method comprises that in a course in which an MTC device attached to a PCEF establishes an Internet Protocol-Connectivity Access Network (IP-CAN) session, the PCEF locally obtains a group policy corresponding to a device group to which the MTC device belongs (S302); the group policy is applied in the IP-CAN session (S304). The technical solution of the disclosure reduces the time required by applying the MTC policy by the PCEF, saves network resources, and increases utilization of the network resources.

The embodiment of the invention provide a group policy and charging rule treatment method and device, and a communication system, wherein the group policy and charging rule treatment method comprises the steps of: obtaining at least one item of group identifiers or attribute information of user equipment; and generating a policy and charging rule or triggering an event according to the at least one item of group identifiers or attribute information of the user equipment. The device comprises an obtaining module used for obtaining the at least one item of group identifiers or attribute information of the user equipment, and a rule generating module used for generating the policy and charging rule or triggering the event according to the at least one item of group identifiers or attribute information of the user equipment. The embodiment of the invention also provides a communication system comprising the device. The method, device and system provided in the embodiment of the invention can improve the policy control efficiency and reduce the complexity of the policy maintenance and management.