Group Policy in Windows

Using group policy, we can implement security policies, software deployment, folder redirection, Internet explorer maintenance.

Group policies enable the users either to access or to be denied of an object.

Group policy can be implemented on computers &users.

 

Group Policy Object

Group Policy Object defines policies applied to be implemented for the objects. One group policy object can be linked with multiple objects like site, domains, DCs, OUs, etc…

 

Group Policy Object Components

 

Group-Policy-Objects1

 

Policies applied under Computer configuration will be applied to the computers in OU.

For example,we have a group policy object such as,     

o a user will not have the access to shut down a system
    o He/she can’t access specific settings.

 

Note:

We need to reboot the computer to refresh the policies applied on computers.

Policies applied under user configuration will be applied to the users in OU.

For example,
    o Certain directories and drives for the users to store their files.

 

Note:

The user needs to log off and log in back to refresh the policies applied to users.

 

Group Policy Management

Group policy management is done by System admin by applying some security setting on the users or computers in a domain with the help of Management tool.

 

Implementing Policy on Active Directory OU

We will see the group policy implement step by step with an example case.

 

Requirement:

We want to assign a wallpaper to all of the desktop machines running under a particular domain.

To do that, let’s go to.

Administrative toolsOpen Group Policy ManagementRight Click On Sales Create a new GPO in the domain and link on here.

 


Group-Policy-Objects2

 

Group-Policy-Objects3

 

 

On the GPOenter the GPO name and Click OK Button.

Right, Click on GPO and select Edit.

 

Group-Policy-Objects4

 

It will open the Group Policy Management Editorselect user configuration-->Expand Administrative TemplatesDesktopDesktopselect ‘Desktop Wallpaper’.

Then enable it and give the shared path of the wallpaper which you want to load on users’ desktop.

 

Group-Policy-Objects5

 

Click the Enable Button and Apply→OK.

Login from client check if the selected wallpaper is applied.

 

Sequence of Group Login Policy Applied

When a user is a login these are the policies will be applied in sequence.

  • Local Policy

  • Site Policy

  • Domain Policy

  • OU Policy

 

We can remember it in easy way“L-S-D-OU”.

For example when the user enters his username and password it loads these policies in this sequence .. Local >> Site >> Domain >> OU

Now, Let’s talk about,

 

Policy Inheritance

Policy inheritance proofs to be a very good feature in windows administration.

Policies applied on parent object will be applied to its child objects.

This makes sure the uniform nature of group policies to the major extent and will be very well for organizing the policies.

 

Example: 

If you implement a Policy on the sales site. It applies to all the domain and OU within the site.

 

Note:

Policy Inheritance is by default applied to child objects.

At child objects, we are always provided with options to override those parent level inherited policies.

 

Block Policy Inheritance

It is just opposite to the Policy inheritance. We can block the policies inheriting from the parent object.

 

For example:

In OU there is a group for the High-level management team and they don’t want these policies applied to their group.

So, the system admin can block inheritance on child OU from Parent OU.

Now, let’s put up one more query in our mind to understand,

 

Applying Block Policy Inheritance

Right, click on OU >> select Block Policy Inheritance.

 

Group-Policy-Objects6

 

No Override:

It is an option available from group policy.No Override is useful when we want to override all the policies implemented on the child objects with parent policies. It is a force approach to push uniformity of policies on all child objects.

  • In the Console tree, Right-Click on the Site -> Domain or organizational unit to which the Group Policy object is linked.

  • Click Properties -> and then Click the Group Policy tab.

  • In the Group Policy Object Links list -> Right-Click the Group Policy object link that you want to enforce -> Click No Override -> and then Click OK.

  • A check mark appears in the No Override column.

 

Group-Policy-Objects7

 

Topics Summary