Active Directory 2008: Group Policy Facts…

Group Policy Facts

A policy is a set of configuration settings that must be applied to users or computers. Collections of policy settings are stored in a Group Policy object (GPO). The GPO is a collection of settings that includes registry settings, scripts, templates, and software-specific configuration values.

Each GPO has a common structure, with hundreds of configuration settings that can be enabled and configured. Settings are divided into two categories:

GPO Category Description
Computer Configuration Computer policies (also called machine policies) are enforced for   the entire computer. Computer policies include:

  • Software that should be        installed on a specific computer
  • Scripts that should run at        startup or shutdown
  • Password restrictions that        must be met for all user accounts
  • Network communication        security settings
  • Registry settings that apply        to the computer (the HKEY_LOCAL_MACHINE subtree)

Computer policies are initially applied as the computer   boots, and are enforced before any user logs on.

User Configuration User policies are enforced for specific users. User policy settings   include:

  • Software that should be        installed for a specific user
  • Scripts that should run at        logon or logoff
  • Internet Explorer user        settings (such as favorites and security settings)
  • Registry settings that apply        to the current user (the HKEY_CURRENT_USER subtree)

User policies are initially applied as the user logs on,   and often customize Windows based on user preferences.

Windows Server 2008 offers the Group Policy functionality enhancements described in the table below.

Feature Description
ADMX and ADML files The XML-based file format allows   multilanguage support and version control. This means that Group Policy tools   are displayed in the administrator’s operating system language and   facilitates either automated or manual change management processes.

Administrators also have the option of storing all the   ADMX files in a central location: a domain-wide directory created in the   Sysvol. This reduces replication traffic as the number of GPOs grows, and it   reduces the need for additional storage associated with large numbers of   decentralized GPOs.

Network Location Awareness Network Location Awareness allows   clients to be aware of and respond to changing network conditions. With   Network Location Awareness, Group Policy uses the operating system’s resource   detection and event notification capabilities, such as recover from   hibernation and standby, moving in and out of a wireless network, or a new   VPN connection. As an example of the latter event, Group Policy can detect   when a mobile user connects to a corporate network and detect the   availability of a domain controller. Group Policy can initiate a background   refresh over the VPN connection to update user and computer policy.
Group Policy preferences Group Policy preference extensions   are several (more than 20) Group Policy extensions that expand the range of   configurable settings in a GPO. Preference settings differ from policy   settings in that preference settings are not enforced, allowing the end user   to change any preference setting applied through a GPO. The end user cannot,   however, change policy settings. Preference items should work as supplements   to your policy settings.

 You should know the following Group Policy facts:

  • A      local GPO is stored on a local machine. It can be used to define settings      even if the computer is not connected to a network.
  • Group      Policy objects created in Active Directory are linked to Active Directory      sites, domains, or organizational units (OUs). Built-in containers (such      as the Computers container) cannot have GPOs linked to them.
  • GPOs      contain hundreds of configuration settings that can be configured.
  • Settings      within a GPO in Active Directory apply to the users and computers beneath      the object to which the GPO is linked. Through inheritance, the      settings apply to users and computers in all child OUs beneath the object      where the GPO is linked.
  • Group      policy settings take precedence over user profile settings. Group policy      settings in Active Directory take precedence over settings in the local      GPO.

2 thoughts on “Active Directory 2008: Group Policy Facts…

  1. Hiya, I’m truly glad I’ve found this info. Nowadays bloggers publish only about gossips and internet and this really is truly frustrating. A great website with interesting content, this really is what I need. Thank you for keeping this web site, I’ll be visiting it. Do you do newsletters? Cant find it.

    • No newsletters this is my first blog, I just thought I would post the kind of stuff that I search for, originally this blog was just for personal use, to post information on things I found difficult to find on the internet and it grew from there, I’m glad you enjoy the blog, keep coming back, it will keep growing 🙂

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s