Windows Server 2008 R2 : Administering group policy (part 1) - Overview of Group Policy

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Group Policy is widely used in Windows networks of all sizes to manage various user and computer policies. In this section, we will explore Group Policy and how to properly deploy it within an AD domain.

1. Overview of Group Policy

Group Policy was first introduced in Windows Server 2000 AD and was widely adopted as the standard method to manage user and computer configurations for Windows networks. Group Policy allows administrators to set and enforce settings on users and computers within the domain. These settings include security settings, restricting access to specific parts of the OS, and deploying software. At the core of the Group Policy is GPOs. GPOs contain the settings you wish to apply to computers or users and are applied locally or to sites, domains, or OUs within AD.

Group Policy links and security filtering

GPOs can be linked to AD sites, domains, or OUs. They can also be set up locally on individual computers. As you develop your GPOs, you will need to understand what objects you wish to apply the settings to. For example, if you want to prevent access to the Windows control panel for all users in the HR department, you could apply a GPO with those settings to the OU containing all the users in HR. Maybe you want to configure a specific Internet Explorer homepage for every user in the New York location. You could create a GPO with the IE settings defined and apply it to the New York AD site.

In addition to linking GPOs, you can also filter them based upon security. A user or computer must have read and apply permissions to a GPO before it applies to him. You can limit which users or computers can apply a specific GPO by adding or removing them to the GPO permissions as seen in Figure 1.

Notes from the field

GPOs apply to users and computers only

GPOs apply to users and computers only. They do not apply to groups. Groups can be used to security-filter GPOs but you cannot apply a GPO to an AD group.


Figure 1. GPO permissions.

Group Policy user and Computer Settings and preferences

Every GPO has a User Settings section and a Computer Settings section which means it can apply settings to user objects, computer objects, or both. As you expand each section, you will see various settings that can be applied to user or computer objects. You can configure the following groups of settings within a GPO:

  • Software Settings—Software Settings allow you to use GPOs to deploy applications such as Microsoft Office.

  • Windows Settings—Windows Settings allow you to configure basic windows settings such as startup and shutdown scripts, folder redirection, and Public Key Policies.

  • Administrative Templates—Administrative Templates allow registry keys to be modified on systems applying the policy. This allows administrators to configure detailed settings for Windows and other applications, including Microsoft Office.

Group Policy Preferences were first introduced in Windows Server 2008 R1. Group Policy Preferences allow for even more granular control of various Windows settings. Group Policy Preferences additionally have better targeting techniques such as applying the GPO to only specific OSs, specific hardware specs, or IP address ranges.

Group Policy processing order

It is important that you understand how Group Policy is applied and the processing order is used to apply GPOs. As mentioned earlier, GPOs can be set up on the local computer or applied to AD Sites, Domains, and OUs. When multiple GPOs are configured, the order in which they are applied to a user or computer is important. In the event of a conflict, the next policy applied will override the one that was applied before it. GPOs are applied in the following order:

  1. Local Policies created on the computer

  2. GPOs applied to AD Sites

  3. GPOs applied to Active Directory Domains

  4. GPOs applied to AD OUs

  5. GPOs applied to AD child OUs

Top 10
Free Mobile And Desktop Apps For Accessing Restricted Websites
TOYOTA CAMRY 2; 2.5 : Camry now more comely
KIA SORENTO 2.2CRDi : Fuel-sipping slugger
How To Setup, Password Protect & Encrypt Wireless Internet Connection
Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
Backup & Restore Game Progress From Any Game With SaveGameProgress
Generate A Facebook Timeline Cover Using A Free App
New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
- Messages forwarded by Outlook rule go nowhere
- Create and Deploy Windows 7 Image
- How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
- Creating and using an unencrypted cookie in ASP.NET
- Directories
- Poor Performance on Sharepoint 2010 Server
- SBS 2008 ~ The e-mail alias already exists...
- Public to Private IP - DNS Changes
- Send Email from Winform application
- How to create a .mdb file from ms sql server database.......
programming4us programming4us