Unified Communications

05:00 AM
Connect Directly
RSS
E-Mail
50%
50%

How To: Setting Up Active Directory Group Policies

AD's Group Policy lets you set up and control exactly how users and computers operate so you can easily institute changes and controls -- just be sure you test and

The Group Policy Management Console SP1 (GPMC SP1,) is a free download from Microsoft that addresses several shortcomings of the Group Policy management interface in Windows. GPMC separates where the GPOs actually live in the domain from the places where they are linked. So, for any given GPO, it's easy to determine where it's being used in AD and what policy settings are configured without having to open the Group Policy object editor. In addition, it lets the system administrator easily view the GPOs linked at the site, domain and OU levels, along with the processing order of the GPOs at these levels. Bottom line: This new user interface offers a clearer relationship between GPOs and the containers (AD site, domain or OU) where they are actually being targeted.

You also can more easily perform backups and restores of GPOs with GPMC, something severely lacking in the native GP management interface in Windows. It's also easy to manage multiple domains from within the GPMC and move GPOs from one domain to another. This feature is also useful if you need to test your GPOs on a separate domain and then migrate them into the production domain once they've been given a clean bill of health.

Despite the major improvements GPMC brings to Group Policy, there are still many complicated and counter-intuitive elements you'll have to contend with. Regardless of whether you click on the GPO link or the GPO itself using GPMC, you're manipulating the same thing--the GPO. There are only three things you can do to a GPO link without affecting the underlying GPO. First, you can toggle the enabled or disabled link, thereby controlling application of the GPO to the target container. Second, you can delete the link, which removes its association with the container. And third, you can enforce the GPO link. By enforcing the link, you're telling AD to process the GPO last. This setting is often used to prevent OU-level administrators from overriding domain level policy settings set by a higher-ranking administrator.

Previous
4 of 8
Next
Comment  | 
Print  | 
More Insights
Hot Topics
1
Closing The UC Gap: 4 Tips
Curtis Peterson, Vice President of Operations, RingCentral,  7/30/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 State of Unified Communications
2014 State of Unified Communications
If you thought consumerization killed UC, think again: 70% of our 488 respondents have or plan to put systems in place. Of those, 34% will roll UC out to 76% or more of their user base. And there’s some good news for UCaaS providers.
Video
Slideshows
Twitter Feed