Group Policy Overview

Group Policy Overview

August 29, 2021 Active Directory 0

Group Policy that allows you to specify manage configurations for Users and Computers through Group Policy settings and Group Policy Preferences.

There are 2 parts to a GPO
One part is an object in AD (Called the Group Policy Container, or GPC)
Another part is a set of files/folder within SYSVOL, on each DC (Called the Group Policy Template, or GPT)

Logon/Log off scripts can be applied to User Level.
Start-up/Shutdown scripts can be applied to Computer Level.

Policies which AD Admin controls the settings and user can’t modify
Preference which AD Admin suggest the settings and later user can able to modify.

Preferences as “SUGGESTIONS” and Polices as “COMMANDS”

Group Policy Linking order Local > Site > Domain > OU
Group Policy Background and Foreground Processing (Sync/Async)
Block Inheritance – Block the Policy which is applied in parent to stop apply particular OU
Enforce – To overcome block inheritance also apply

Group Policy Settings are always PULLED from AD & Settings are never pushed TO the client

Client Side Extensions – CSEs under HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtensions

If any GPO settings Conflicts within same OU or Domain. Link Order “1” always WIN. Its Highest Priority.

Security Groups – Could be computer or user groups

WMI Filters – Allow filtering based on WMI queries (e.g. OS version or memory configuration)

Loopback, When a computer first starts up, it will process all computer side policies that are linked to the computer’s OU (and above). When a user logs on, any user side settings will process that are linked to the user’s OU (and above). When loopback is enabled, this process has one more additional step. After the user side items process, any user side settings linked to the computer’s OU (and above) are also applied.

 2,229 total views,  4 views today

Leave a Reply

Your email address will not be published. Required fields are marked *