The Group Policy (GP) is the center of change and configuration features in Windows operating system. Also, You can specify settings for both users and computers inside your network. Settings include registry-based policies, security, script, and software installation.
Group Policy affects groups of users or computers. Hence it is called Group Policy. You simply make a policy and link the policy to an OU (Organizational Unit). Also, you link a policy to the domain. When you link a policy to the domain, it applies the policy settings on all computers and users in the entire domain.
Furthermore, if you don’t want the policy affect a specific user or computer, you can do that.
Consequently, policy affects users when they log on to the domain. It affects computers when they start. Of course, when computers are started, and users are working, group policy can affect them. Users just open the Command Prompt and run the “gpupdate” command. The policy would be applied to them.
Topics covered in this article
- Group policy Advantages
- Group Policy Management Console
- Create Group Policy Object (GPO)
- Link GPO to an OU
- Group Policy Management Editor
- Computer Settings
- User Settings
- Edit GPO
Group Policy Advantages
- Control User Experience: It seems like you can make any kind of changes on desktop computers. For example you can lock the Taskbar, Control Panel, etc. Nobody can open the Control Panel or unlock the Taskbar. No one can escape the policy except the people you specify.
- Configure Security: You specify how people should choose passwords for themselves. How many characters the password should have. In addition, you force users to change there password after an specific period of time and many more security settings.
- Configure System: Administrator force the computers to use the printer they want. You specify which radius server they can use and many more system configurations.
- Install Software: Administrator easily can install software through group policy.
- Run Script: Administrator can write an script and apply the script on users and computers. For example administrator makes an script to restart computers at specific time.
Group Policy Management Console (GPMC)
GPMC is Microsoft Management Console (MMC) snap-in. GPMC is an scriptbale MMC snap-in. It provides a tool for centralized Group Policy in the network. In addition, it is the standard tool that Microsoft recommends to administrators.
While opened, expand Forest>Domains. Almost you see all the domain components. You can only see the OUs, not the users and computers that are inside the OU. For example, you see the OU itself not the users inside the OU.
In the left pane of GPM Console, you see Group Policy Objects. If you click on, all policies are visible there.
Group Policy Object (GPO) is collection of settings. In addition it defines how computers look and how they behave for specific group of users and computers. For example you define a group to have a special background image. You apply the policy, as a result of applying policy, the image will be applied on their desktops. It is not a matter which desktop a user logs on from. It means from every desktop computer they log in, the image will be applied on the background.
1. For creating a GPO, First of all, right-click on Group Policy Objects on the left pane. Select New option. A window pops up.
2. Type a name for the GPO you are creating. While finished click on OK button to close the window.
in the window, you can see the GPO you just created.
Link GPO to an OU
While done with creating new GPO, it is the time to link the GPO to an OU. If you don’t link it to an OU or the entire domain, it won’t work.
1. Right-click on an OU. Select Link an Existing GPO. It means you want to link this OU to a group policy object.
2. Select the group policy that you want to apply on the OU. While selected, click on OK button.
Group Policy Management Editor (GP Editor)
Group Policy Management Editor is a tool that helps administrators to manage policy settings. When you do settings using GP Editor, settings are stored in GPO to be applied on computers and users.
GP Editor has two different kinds of settings for computers and users. Computer Configuration is affecting computers and User Configuration affects users.
When administrators create a GP object, they add some settings to that. So, for editing GP object, right-click on the GP object and select Edit.
The new window which opens is GP Editor. Do the settings whether for computers or users. While done, close the window. If GP object is not linked to an OU, link it. If already linked, it applies to users and computers from 90 minutes to 120 minutes. If you are in hurry, just tell your clients to update the policy running the GP update command line on their Command Prompts.
Finally, you learned a few things about GP which will be really needed for our further lessons. For any kind of question, feel free and leave a comment.
Thank you for reading the post.