When installing Windows Server-based servers and Windows client PCs in an enterprise, it's very common to use Group Policy (or GPO) to manage the configuration and security of all your servers and client PCs.
To do this, the first thing to do is obviously to deploy an Active Directory infrastructure (thanks to Active Directory Domain Services) and then link your servers and client PCs to your Active Directory domain.
Group policies (GPO) allow you to :
Although you can configure group policies from your Active Directory infrastructure (which is highly recommended in enterprise), you can also configure some policies locally on a client PC with the "Local Security Policy" (secpol.msc) or "Local Group Policy Editor" (gpedit.msc) program.
In addition, the Group Policy Objects (GPO) that you create on your Active Directory infrastructure can be linked to an Active Directory site, a domain, ...
It's therefore important to know in which order the policies are applied :
The 1st element of the list above is therefore the lowest priority and the last element of the list is the highest priority.
Important : it's essential to know that this order is the default one and that it can be altered if you use, for example, the "Enforced" option on one of your GPO object links.
Group policies are applied and then updated on a regular basis.
In both cases, you can force the update of the computer and user group policies using the commands: gpupdate and Invoke-gpupdate.
Important : when you are on a domain controller, the delay between 2 updates of the group policies is different : the group policies are updated every 5 minutes (and there is no additional delta used).
To manage existing Group Policies (GPOs) or create new ones, open the "Group Policy Management" console on a domain controller.
Knowing that you can also install this console on a client PC if you wish thanks to RSAT consoles.
As you can see in this "Group Policy Management" console, by default there are 2 GPOs :
You can also see that we only see one folder to which we could link other policy objects. This is the "Domain Controllers" folder.
In fact, for a "folder" to appear in your Active Directory and in the Group Policy Management Console, it must be an organizational unit (OU) and not a container (CN).
For this tutorial, we opened the "Active Directory Users and Computers" console and created a new "RH_Computers" organizational unit.
As you can see, the "Domain Controllers" and "RH_Computers" folders which are organizational units have a slightly different icon than the other folders which are containers (CNs).
To create a new Group Policy Object, select the "Group Policy Objects" folder and right click "New" in the list on the right.
Provide a name for this GPO.
Once the GPO is created, right-click "Edit" on it.
As you can see, Active Directory allows you to manage computer configuration, but also user configuration through policies and preferences.
Thanks to the many settings and policies available in these sub-folders, you will be able to configure many settings on the servers and client PCs.
In addition, you will also be able to download administrative templates in ADMX format from the Internet and use them here to configure, for example, Microsoft Office settings via group policies.
Windows Server 1/9/2013
Windows Server 6/11/2021
Windows Server 7/3/2021
Windows Server 7/9/2021
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2020 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.