Introduction to Group
Policy
Lesson 7
Technology Skill
Objective Domain
Objective #
Using the Group Policy
Management Console
Create and apply Group
Policy Objects (GPOs)
4.3
Configuring Group Policy
Settings
Configure GPO templates 4.4
Skills Matrix
Understanding the Benefits of
Group Policy

Users can access their files, even when network
connectivity is intermittent. This is accomplished
by using folder redirection and offline files.

The user environment can be set up to be
consistent, regardless of which workstation or
location is used as the login computer.
Lesson 7
Understanding the Benefits of
Group Policy (cont.)

User files can be redirected to a server location
that allows them to be backed up regularly,
saving users from the headaches of lost data
due to the failure of their workstations.

Applications that become damaged or need to
be updated can be maintained automatically.
Lesson 7
Understanding the Benefits of
Group Policy (cont.)

Administrators have control over centralized
configuration of user settings, application
installation, and desktop configuration.

Problems due to missing application files and
other minor application errors often can be
alleviated by the automation of application
repairs.
Lesson 7
Understanding the Benefits of
Group Policy (cont.)

Centralized backup of user files eliminates the
need and cost of trying to recover files from a
damaged drive.

The need to manually make security changes is
reduced by the rapid deployment of new
settings through Group Policy.
Lesson 7
Defining Group Policy Architecture

Local GPOs

Domain GPOs

Starter GPOs

Group Policy container (GPC)

Group Policy template (GPT)
Lesson 7
Viewing the Group Policy
Container

In Active Directory Users and Computers, click
the View menu.

Select Advanced Features, which allows you to
see additional objects in Active Directory.

In the left console pane, expand the System
folder.
Lesson 7
Viewing the Group Policy
Container (cont.)

In the System folder,
locate the Policies
folder and expand it
by clicking the plus
sign (+).
Lesson 7
Viewing Group Policy Templates

\Machine

\Machine\Microsoft \WindowsNT\SecEdit

\Machine\Scripts

\User

\User\Applications

\User\Scripts
Lesson 7
Creating and Linking a GPO to an
OU

To create an OU for this exercise, go to a
command prompt and key dsadd ou
ou=Training,<DomainDN>.

Click Start, and then click Administrative Tools.

Click Group Policy Management Console.
Lesson 7
Creating and Linking a GPO to an
OU (cont.)

Click the plus sign (+) next to domain.com.

Right-click the Training OU.

Select Create a GPO in this domain, and link it
here.
Lesson 7
Creating and Linking a GPO to an
OU (cont.)

Key a name for your
GPO, and press Enter.

Expand the Group
Policy Objects node.

Right-click the GPO
that you just created,
and click Edit.
Lesson 7
Configuring Group Policy Settings

Software Settings

Windows Settings

Administrative Templates
Lesson 7
Understanding Group Policy
Processing
1.
Local policies
2.
Site policies
3.
Domain policies
4.
OU policies
Lesson 7
Understanding Group Policy
Processing (cont.)

When a computer is initialized during startup, it
establishes a secure link between the computer
and a domain controller. Then, the computer
obtains a list of GPOs to be applied.

Computer configuration settings are applied
synchronously during computer startup before
the Logon dialog box is presented to the user.
Lesson 7
Understanding Group Policy
Processing (cont.)

Any startup scripts set to run during computer
startup are processed. These scripts also run
synchronously and have a default timeout of
600 seconds (10 minutes) to complete.

When the Computer Configuration scripts and
startup scripts are complete, the user is
prompted to press Ctrl+Alt+Del to log on.
Lesson 7
Understanding Group Policy
Processing (cont.)

Upon successful authentication, the user profile
is loaded based on the Group Policy settings in
effect.

A list of GPOs specific for the user is obtained
from the domain controller.

User Configuration settings also are processed in
the LSDOU sequence.
Lesson 7
Understanding Group Policy
Processing (cont.)

After the user policies run, any logon scripts
run. Unlike the startup scripts, these scripts
run asynchronously by default.

The user's desktop appears after all policies
and scripts have been processed.
Lesson 7
Configuring Exceptions to GPO
Processing

Enforce

Block Policy Inheritance

Loopback Processing
Lesson 7
You Learned

Group Policy consists of user and computer
settings that can be implemented during computer
startup and user logon. These settings can be
used to customize the user environment, to
implement security guidelines, and to assist in
simplifying user and desktop administration.
Group Policies can be beneficial to users and
administrators. They can be used to increase a
company's return on investment and to decrease
the overall total cost of ownership for the network.
Lesson 7
You Learned (cont.)

In Active Directory, Group Policies can be
assigned to sites, domains, and OUs. By
default, there is one local policy per computer.
Local policy settings are overwritten by Active
Directory policy settings.
Lesson 7
You Learned (cont.)
 Group Policy content is stored in an Active
Directory GPC and in a GPT. Whereas the GPC
can be seen using the Advanced Features view in
Active Directory Users and Computers, the GPT
is a GUID-named folder located in the
systemroot\sysvol\SYSVOL\domain_name\
Policies folder.
Lesson 7
You Learned (cont.)
 The Default Domain Policy and the Default
Domain Controller Policy are created by default
when Active Directory is installed.
 The Group Policy Management Console is the
tool used to create and modify Group Policies
and their settings.
Lesson 7
You Learned (cont.)
 GPO nodes contain three subnodes including
Software Settings, Windows Settings, and
Administrative Templates. Administrative
templates are XML files with the .admx file
extension. Over 100 ADMX files are included
with Windows Server 2008.
Lesson 7
You Learned (cont.)
 The order of Group Policy processing can be
remembered using the acronym LSDOU: local
policies are processed first, followed by site,
domain, and, finally, OU policies. This order is an
important part of understanding how to
implement Group Policies for an object.
Lesson 7
You Learned (cont.)
 Group Policies applied to parent containers are
inherited by all child containers and objects.
Inheritance can be altered by using the Enforce,
Block Policy Inheritance, or Loopback settings.
Lesson 7