Join Timothy Pintello for an in-depth discussion in this video An introduction to Group Policy objects (GPO), part of Creating and Managing Group Policy for Windows Server 2012.
- View Offline
- The main focus of this course are group policy objects. Group policy objects can be used to control and deploy operating system settings. These policy objects consists of computer and user settings. And are implemented during a computer's startup and shutdown phase. It is possible to create more than one group policy and apply it to objects within the domain. Group policy objects are applied to user and computer objects within a site, within a domain, and or within an organizational unit.
Group policies can also be linked to other active directory, directory service objects other than computers and users. When linked, all objects in the link container receive the same group policy object settings. Multiple group policy objects can be linked to a single active directory, directory services object. Alternatively, a single GPO can be linked to multiple active directory, directory services objects. There are a number of administrative benefits to using GPOs. One, they give you centralized control over user settings.
Two, they give you centralized control over application installations. Three, they give you centralized control over desktop configurations. Four, they give you centralized control of user files. And finally, they can be used to reduce the security settings that you have to manually set up when you are deploying more than one computer to a network. When talking about GPOs, there are several administrative tasks that you need to carry out. One you need to create GPOs.
Two, you need to specify where the GPOs are stored. And three, you have to manage the active directory, directory services links of the GPOs you create. A specialized type of GPO is a local GPO. All Windows operating system versions support local GPOs of one type or the other. Sometimes we will refer to local GPOs as LGPOs. Server 2008 R2, Vista, and later Windows operating systems, can also support multiple GPOs.
With multiple GPOs, you can specify diferent GPOs for different users. This is useful for computers in public locations that have multiple users. It is also useful for systems that exist outside of a traditional active directory infrastructure. Local GPOs have some limitations over domain GPOs. One of those limitations is that local GPOs contain fewer options than domain GPOs do. Local GPOs do not support folder redirection, they do not support Group Policy software installation, and they have fewer overall security settings that can be applied.
When there is a conflict with a non-local GPO, such as a domain GPO, and a local GPO, the local GPO will be overridden by the non-local GPO. Another type of GPO is a non-local GPO. Non-local GPOs are created in the active directory, directory services. Non-local GPOs are linked to sites, domains, and organizational units. When a non-local GPO is linked to a particular container, all the users and computers in that container use the settings of the non-local GPO linked to it.
A final type of GPO are starter GPOs. Starter GPOs were introduced in Server 2008. Starter GPOs are basically templates that are used for creating domain GPOs. Starter GPOs start with a standard collection of settings, and then allow you to modify those settings to create a specific domain GPO. Once a starter GPO is created, you then link it to a new group policy object. When you link the starter GPO to a new group policy object, the defaults of the starter GPO become the defaults for that new group policy object you created.
- Configuring the Group Policy central store
- Configuring Group Policy settings
- Setting GPO states
- Setting up security policies
- Configuring user rights
- Configuring local users and groups
- Configuring software restriction rules
- Configuring Windows Firewall