What is Group Policies
A Group Policy Object can contain
Computer Configuration, User Configuration, or both. These are applied at different times
What's a GPO?
It's a set of policies and preferences that can be applied to a group of objects in the directory.
When a domain-joined computer or user signs into a domain, how does the computer get the list of group polices?
The computer then downloads those policies from a special folder called Sysvol, that's exported as a network share from every domain controller. Once the computer has downloaded it's GPOs, it applies them to the computer.
Why are GPO reapplied on the machine every 90 minutes.
This ensures that computers on the network don't drift from the configuration that systems administrators define for them.
How do domain-joined computers actually get their GPOs?
When a domain-joined computer or user signs into the domain by contacting a domain controller, that domain controller gives the computer a list of group policies that it should apply.
many policies and preferences in GPOs are represented as values in the
Windows Registry.
example of different GPO settings for computers and user accounts.
You may want different software preferences for the marketing team, the legal team, and the engineering team.
User configuration is applied when
a user account is logged onto the computer.
Policies
are settings that are reapplied every few minutes, and aren't meant to be changed even by the local administrators.
Preferences
are settings that, in many cases, are meant to be a template for settings. System administrators will choose settings that should be the default on computers that apply the GPO. someone using the computer can change the settings from what's defined in the policy, and that change won't be overwritten.
With GPO you can install software that you want to be
available, and block software that you don't want to run.
The objects represent things in your network that you want to
be able to reference or manage.
GPOs contain settings for
computers and user accounts.
This folder's (Sysvol) replicated between all of the domain controllers and can also
contain things like log in and log off scripts.
GPOs don't do anything until they're linked to
domain, sites or OUs.
One of these object types in AD is
group policy object, or GPO.
The Windows Registry
is a hierarchical database of settings that Windows, and many Windows applications, use for storing configuration data.
With Computer Configuration and User Configuration, In each case, once a GPO is in effect, it's
it's checked and enforced every few minutes.
Computer Configuration will happen each time the computer boots into windows, unless
it's disconnected from the network at the time it's booted up.
With GPO you can configure the event log telling the computer what events should be
logged and where the logs should be sent.
You can use other tools like security filtering and WMI filters to
make group policies apply more selectively.
The GPO is applied by
making changes to the registry.
directory services are databases that are used to
store information about objects.
When you link a GPO, all of the computers or users under that domain, site, or OU will have
that policy applied
With GPO you can say how many times someone can enter the wrong password before
their account is locked.
Using group policy would help standardize the
user preferences for each of these teams and help make it more manageable for you to configure.
With GPO you can create log in and log off scripts and apply them to
users and computers.
The Windows Operating System and Windows applications read the registry settings to determine
what their behavior should be.
Computer Configuration is applied
when the computer signs into the Active Directory domain.
You can create as many group policy objects as
you want
