• 03/10/2006
    5:00 AM
  • Network Computing
  • News
  • Connect Directly
  • Rating: 
    0 votes
    Vote up!
    Vote down!

How To: Setting Up Active Directory Group Policies

AD's Group Policy lets you set up and control exactly how users and computers operate so you can easily institute changes and controls -- just be sure you test and

The policy settings framework is extensible using configuration files, also known as ADM templates. If a specific application in your organization has an ADM template, you can, for example, control that application's settings using Group Policy. Unfortunately, there are few third-party ADM templates, though more are being developed.

Step-By-Step Screencast
Click on the image to launch a video screencast presentation of Group Policy Management deployment.

To apply policy settings to users and computers in your AD environment you must first configure a Group Policy Object (GPO), which resides in a special folder called "Group Policy Objects" within the AD domain. A GPO is a named collection of configured policy settings. As a best practice, only configure those settings necessary to accomplish an administrative task inside a GPO. If as part of your corporate security policy you require Windows Firewall be enabled on each computer, for example, you could create a GPO titled "Default Windows Firewall Settings" and configure the policy settings to match the desired firewall behavior on the target workstations, just like you would in the Windows control panel. Note that if the targeted operating system doesn't understand the setting, it will ignore it.

The policy settings in the GPO don't get enforced until you link the GPO to an Active Directory site, domain or organizational unit (OU). Once the GPO is associated with a site, domain or OU, the policy settings take effect for the users and computers defined within the scope of that container. If we link our firewall GPO at the domain level, for example, the policy settings apply to all XP workstations and 2003 servers in the domain. If we instead link the GPO to the Product Management Group (PMG) OU, the firewall settings only apply to computers inside that OU. GPOs can be linked in multiple places such as two different OUs, and a site, domain or OU can even have multiple GPOs linked to it.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments