GPOs

Instead of configuring each computer individually, admins use Group Policy Management Console (GPMC) which enables configuration from a central point. It can modify backgrounds, set security settings or apply configurations.

Group Policy Object (GPO)

A Group Policy Object is a collection of policy settings defining appearance and behavior of systems for a group of users or computers.

A GPO consists of:

• Group Policy Container (GPC): Represents GPO itself, configuration and settings. Distinguished name contains a GUID unique to GPO.

• Group Policy Template (GPT): Contains settings and configurations as files within the SYSVOL directory on a DC.

GPOs are applied through Organizational Units (OUs).

GPO Delegation

To delegate permissions to link GPOs to a site, domain, or OU, you must have Modify Permissions on that site, domain, or OU. By default, only Domain Administrators and Enterprise Administrators have this permission. Often these rights are delegated to other departmentes like Tech Support. Delegation can be done using gmpc.msc.

GPO Links

Creating a GPO doesnt apply it, its isolated untill we link it to parts in the AD structure like sites, domains, or OUs. Linking activates the rules. With settings that should effect entire network we link the GPO to domain level, marketing would be linked to their OU or site.

GPOs are processed in a particular order

• Local

• Site

• Domain

• Organization Units (OUs).

Example: Enable Firewal