Using group policy, we can implement security policies, software deployment, folder redirection, Internet explorer maintenance.
Group policies enable the users either to access or to be denied of an object.
Group policy can be implemented on computers &users.
Group Policy Object defines policies applied to be implemented for the objects. One group policy object can be linked with multiple objects like site, domains, DCs, OUs, etc…
⇒ Policies applied under Computer configuration will be applied to the computers in OU.
⇒ For example,we have a group policy object such as,
o a user will not have the access to shut down a system
o He/she can’t access specific settings.
We need to reboot the computer to refresh the policies applied on computers.
⇒ Policies applied under user configuration will be applied to the users in OU.
⇒ For example,
o Certain directories and drives for the users to store their files.
The user needs to log off and log in back to refresh the policies applied to users.
Group policy management is done by System admin by applying some security setting on the users or computers in a domain with the help of Management tool.
We will see the group policy implement step by step with an example case.
We want to assign a wallpaper to all of the desktop machines running under a particular domain.
To do that, let’s go to.
Administrative tools→Open Group Policy Management→Right Click On Sales→ Create a new GPO in the domain and link on here.
On the GPO→enter the GPO name and Click OK Button.
Right, Click on GPO and select Edit.
It will open the Group Policy Management Editor→select user configuration-->Expand Administrative Templates→Desktop→Desktop→select ‘Desktop Wallpaper’.
Then enable it and give the shared path of the wallpaper which you want to load on users’ desktop.
Click the Enable Button and Apply→OK.
Login from client check if the selected wallpaper is applied.
When a user is a login these are the policies will be applied in sequence.
We can remember it in easy way“L-S-D-OU”.
For example when the user enters his username and password it loads these policies in this sequence .. Local >> Site >> Domain >> OU
Now, Let’s talk about,
Policy inheritance proofs to be a very good feature in windows administration.
Policies applied on parent object will be applied to its child objects.
This makes sure the uniform nature of group policies to the major extent and will be very well for organizing the policies.
If you implement a Policy on the sales site. It applies to all the domain and OU within the site.
⇒ Policy Inheritance is by default applied to child objects.
⇒ At child objects, we are always provided with options to override those parent level inherited policies.
It is just opposite to the Policy inheritance. We can block the policies inheriting from the parent object.
In OU there is a group for the High-level management team and they don’t want these policies applied to their group.
So, the system admin can block inheritance on child OU from Parent OU.
Now, let’s put up one more query in our mind to understand,
Right, click on OU >> select Block Policy Inheritance.
It is an option available from group policy.No Override is useful when we want to override all the policies implemented on the child objects with parent policies. It is a force approach to push uniformity of policies on all child objects.