Join Ed Liberman for an in-depth discussion in this video Creating a Group Policy object (GPO), part of Windows Server 2016: Implementing Group Policy.
- [Voiceover] One of the first and most basic items to understand when it comes to group policy management is something called the Group Policy Object, or GPO for short. Now, a Group Policy Object is pretty much what it sounds like. In the active directory, we have Objects, so the Group Policy Object is an object in the active directory. And this particular object contains all the group policy settings that you may want to apply to various computers and users around the network.
So to take a look at how to create one of these GPOs, we need to jump over to a Domain Controller. And in this case, I'm going to go onto DC-1. Here in the Server Manager, we're going to jump up to Tools menu. And on this menu, you'll see we have an option for Group Policy Management. Here in Group Policy Management, you'll see that I have my landonhotel.local forest. If I expand that, I have a choice for Domains.
If I expand that, I get my landonhotel.local domain. That's the domain that we're working in here. And if I expand that, I start to see a lot of items that are in this domain. Now, right out of the gates here, I'm going to show you that, you'll see here that it says Default Domain Policy. And by the way, I clicked on it and then I get this little warning message that comes up saying that you selected a link and any changes you make here, you will make anywhere else it's linked. That is something that I will get into in a different video where we talk about linking these Group Policy Objects.
So, I'm going to click OK just to ignore that message. I just wanted to explain what that was that came on the screen. But coming back here, the Default Domain Policy is just that. It is one of our GPOs. So that is one that is there by default for the domain. Now below that, I will see any of my organizational unit containers that I have within my domain. So this particular domain has an organizational unit for Chicago, for Customer Service, one for Domain Controllers, which is actually built in Organizational Unit.
We have Los Angeles and we have New York. Below that, we have a container for the Group Policy Objects themselves. And if I were to click on that container, over on the right, you'll see that I have two policies that have been created by default. One was the Default Domain Policy that I mentioned a moment ago. And then there's also a Default Domain Controllers Policy and if I was forcing you to guess where you would find that, I bet you could figure it out. If you come back over here to the left, if I expand my Domain Controllers container, sure enough, inside of there I find my Default Domain Controllers Policy.
I don't want you to worry too much about those defaults yet. We'll talk about those later. For right now, I just want you to know that those are two GPOs that are there by default. If I continue on down the list here, there are a couple of other containers. One is called WMI Filters, which is a form of filtering that we'll get into in a later video. And then we have Starter GPOs. And I'm going to talk about that later on in this video.
Because you can use your Starter GPOs to help you create Group Policy Objects. But before I go there, I want to show you just the most basic form of creating a GPO. And that is, if I go to the Group Policy Objects container and right click on it, I can select New. And then, this takes me into the new GPO, I guess you could call it a Wizard, although it's really just a one screen Wizard.
So I can just give a name to this new GPO. So we'll just call it Demo First GPO. And then, this is where you'll notice that there is a Source Starter GPO. You might relate to what I just talked to you a moment ago at the Starter GPOs container. Right now, it says None and if I try to expand that, you'll see I don't have any options and I'll explain about that in just a moment. But for now, I'm just going to click OK. And at this point, you'll see that I now have my Demo First GPO.
That's really all there is to creating your Group Policy Object. From there, we have to understand how to do things like link the Group Policy Object, which I'll talk about in another video. And how to actually set all the settings for the GPO. We'll go into that in another video. But this is how you can create it. Now, let's talk about those Starter GPOs. If I click on the Starter GPO container, you'll see here that it says that this folder doesn't currently exist in the domain. If I click on Create the Starter GPOs folder, now, it creates a couple of Starter GPOs.
For now there's just a couple of basic ones that are there. It says Group Policy Remote Update Firewall Ports and Reporting Firewall Ports. You can go out on the Internet, you can go to Microsoft and you can get lists of these Starter GPOs and you can add them to this folder. The idea behind a Starter GPO is that these are basically just templates. In other words, there are generic settings, or we could say, starter settings that have already been put in place that would always make sense for this type of Group Policy Object.
And again, there are a number of them out there. Very often they are tied to specific client operating systems where you'll create a GPO that's a Starter GPO for Windows 10 or Windows 8 or whatever clients you may be using. You also have the ability, besides loading them in from the Internet, to go ahead and right click and just create a new Starter GPO. So Demo Starter GPO. And again, I could go in here and I could add settings and it just ends up being a form of a template that I'm going to use when creating other GPOs.
And to see how that would look, let me come back to my Group Policy Objects, and right click and select New. And this time, you'll see for Source Starter GPO, when I drop this box down, I have some choices. So, I don't want you to get too hung up on Starter GPOs. All they really are, are templates. Right? Just starting points. If you know that there's a certain basic starting point that you always want to go with. So, I'm going to cancel out of there. We're not going to create another GPO. At this point, I will tell you that's pretty much all there is to creating a GPO.
But please keep in mind that this is literally like step one of a whole series of steps when it comes to actually having these GPOs have an effect on your network.
Review the complete set of objectives for exam 70-742, Identity with Windows Server 2016, at https://www.microsoft.com/en-us/learning/exam-70-742.aspx.
- Creating Group Policy objects
- Understanding inheritance
- Adjusting Group Policy preferences and settings
- Running Group Policy update
- Troubleshooting Group Policy
- Adjusting security settings and policies