Monday, 14 September 2015

Group policy – Basics explained

One of the followers of my blog requested to explain the basics of Group policy in simple words. Group policy itself is a very wide topic  in this single post. But let's start with basic first.

Group Policy is a feature from Microsoft server operating systems. It allows modifying working environment of user accounts and computer accounts. It offers centralized management and configuration of OS, applications and users’ settings in domain environment. You can outline, impose or modify configuration by using the settings in Group Policy Objects (GPO). Once you create relevant GPO, you can link it to site, domain, OU or child OU.

You can divide group policies into two categories:
  • Domain based policy: These types of policies are created in AD DS and stored in domain controllers. They are used to manage configuration of domain users and computers.
  • Local group policy: These types of policies are configured locally on a PC. You can configure users’ settings who log on to that PC or Computer settings.
If you are an administrator of your network or have administrator privileges, you can create new or edit existing group policy from Group Policy Management Console (GPMC). In the Group policy management editor, you can double click on policy to open policy’s properties box. Within properties box, you can select Not Configured, Enabled or Disabled for given settings. By default, policy setting is set to Not Configured in new GPO. When you modify it to either Enabled or Disabled, a change is made to user or computer configuration to which GPO is applied.

When PC is switched ON, computer configuration is been applied. When user logs in to PC, user configuration takes effect.

Group policy is been processed in following processing order:
  1. Local GPOs – The local policies apply first.
  2. Site-linked GPOs – Policies configured at Site level applies second in Domain joined PC/user.
  3. Domain linked GPOs- Policies that linked to Domain applied after Site-Linked GPOs.
  4. OU (Organization Unit) linked GPOs – Policies applied to OU applied after Domain linked GPOs.
  5. Child OU linked GPOs – Child OU linked policies apply fifth in processing order.
In case of configuring conflicting GPOs, whichever policy applies last wins. For example, between local policy and domain policy settings, domain policy settings are in effect.

As stated earlier, group policy is a huge topic to cover. If you would like to know more on this, please let us know. We will publish further posts with advance information on group policy including how to create, modify and link it to OU and many more.

1 comment:

  1. Hi,

    How do I backup a GPO? I'm also finding it frustrating that someone has configured my machine to have a really dodgy picture of me sleeping whilst at work and now I can't find a way to remove it. Can you help?

    ReplyDelete