Skip to main content

Group policy – Basics explained

One of the followers of my blog requested to explain the basics of Group policy in simple words. Group policy itself is a very wide topic  in this single post. But let's start with basic first.

Group Policy is a feature from Microsoft server operating systems. It allows modifying working environment of user accounts and computer accounts. It offers centralized management and configuration of OS, applications and users’ settings in domain environment. You can outline, impose or modify configuration by using the settings in Group Policy Objects (GPO). Once you create relevant GPO, you can link it to site, domain, OU or child OU.

You can divide group policies into two categories:
  • Domain based policy: These types of policies are created in AD DS and stored in domain controllers. They are used to manage configuration of domain users and computers.
  • Local group policy: These types of policies are configured locally on a PC. You can configure users’ settings who log on to that PC or Computer settings.
If you are an administrator of your network or have administrator privileges, you can create new or edit existing group policy from Group Policy Management Console (GPMC). In the Group policy management editor, you can double click on policy to open policy’s properties box. Within properties box, you can select Not Configured, Enabled or Disabled for given settings. By default, policy setting is set to Not Configured in new GPO. When you modify it to either Enabled or Disabled, a change is made to user or computer configuration to which GPO is applied.

When PC is switched ON, computer configuration is been applied. When user logs in to PC, user configuration takes effect.

Group policy is been processed in following processing order:
  1. Local GPOs – The local policies apply first.
  2. Site-linked GPOs – Policies configured at Site level applies second in Domain joined PC/user.
  3. Domain linked GPOs- Policies that linked to Domain applied after Site-Linked GPOs.
  4. OU (Organization Unit) linked GPOs – Policies applied to OU applied after Domain linked GPOs.
  5. Child OU linked GPOs – Child OU linked policies apply fifth in processing order.
In case of configuring conflicting GPOs, whichever policy applies last wins. For example, between local policy and domain policy settings, domain policy settings are in effect.

As stated earlier, group policy is a huge topic to cover. If you would like to know more on this, please let us know. We will publish further posts with advance information on group policy including how to create, modify and link it to OU and many more.

Comments

  1. Jedi-masta21 July 2017 at 15:10

    Hi,

    How do I backup a GPO? I'm also finding it frustrating that someone has configured my machine to have a really dodgy picture of me sleeping whilst at work and now I can't find a way to remove it. Can you help?

    ReplyDelete

Post a Comment

Popular posts from this blog

Windows 10 phone: This device has been locked for security reasons. Connect your device to a power source for at least two hours, then restart it to try again.

Hi All, this is my very first post on Windows 10 phone. I have a Windows 10 phone. Today, I saw following error message on phone. It didn’t allow me to unlock my phone using 4 digit pin I had set. The “Emergency calls” was the only option available to me. Error: This device has been locked for security reasons. Connect your device to a power source for at least two hours, then restart it to try again. I tried performing soft reboot but it didn’t fix. After doing a bit of research, I found a solution. Make sure that your phone is connected to Internet during this process. To fix this issue, follow these steps: Launch https://account.microsoft.com/devices on a web browser on another PC/Tablet or a smart phone Login using your Microsoft account (it is the same account you’ve used to configure your phone). Once you’ve logged in, Select your phone. On the next page, click on Lock button. A box will appear asking to enter 6 digit pin , a number where you can be reached (op
13 comments
Read more

Fixed: HTC One M8 USB driver doesn’t recognized by Windows 10

Hi friends, recently I upgraded my Windows 7 OS to Windows 10 on my laptop. Everything was working fine until I plugged my HTC One M8 (Android) phone to laptop using USB cable. A message box appeared stating that it could not detect the USB device. I never had any problem when I was using Windows 7. I used to plug my phone to PC using USB cable and access phone storage as USB drive. I typed my query in google and most of the articles suggested that I should installed HTC Sync Manager and then connect my phone. Well, I installed the required application but it did not resolve the issue. Hence, I removed it. This is my 3 rd HTC phone and I started to find out how I can enable USB debugging mode on my phone. This option is hidden by default. To enable this option, follow these steps:  Go to Settings \ About Select Software Information Click on More  option Now, tap on Build number  option six times in a row. A message will be shown saying “ You are now a developer! ” Go
9 comments
Read more

Virtual USB port is missing on Windows 7

Hi All, it has been a long time since I have posted last blog. I was away for a while during Christmas time. Today, I am going to share information about how to get virtual USB port in drop down list while installing local printer (USB) on Windows 7, if it’s not available by default. I followed below steps to add virtual USB port to add USB printer to Windows 7 PC.           Click on Start . Go to Devices and Printers .           Click on Add Printer .           Select Add a local Printer           In Choose a printer port box, select Create a new port option.           From the drop down list, choose Local port and click on Next button.           Port Name dialog box will appear. Type port name USB001 , click on OK           In the step, choose appropriate printer driver from list or provide a driver disk to complete printer driver installation process. I hope you may find this very useful. Disclaimer: www.TechieTalks.co.uk does not conceal the possibility of
8 comments
Read more