What Is Group Policy?

What Is Group Policy?

Group Policy is a Windows feature that contains a variety of advanced settings, particularly for network administrators. However, local Group Policy can also be used to adjust settings on a single computer.

Group Policy isn’t designed for home users, so it’s only available on Professional, Ultimate, and Enterprise versions of Windows.

group policy

The settings that you configure are stored in a Group Policy Object (GPO), which is then associated with Active Directory objects such as sites, domains, or organizational units.

Group policies cover many different aspects of the network, desktop, and software configuration environment, including:

  • Application deployment policies: These policies assign or publish applications to users or computers, and affect the applications that users access on the network.
  • File deployment policies: These policies allow an administrator to place files in special folders on the user’s computer, such as the desktop or My Documents areas.
  • Script policies: Using a script policy, an administrator can specify scripts that should run at specific times, such as login/logout or system startup/shutdown.
  • Software policies: Administrators can use software policies to globally configure most of the settings in user profiles, such as desktop settings, Start menu options, and applications.
  • Security policies: These policies allow an administrator to restrict user access to files and folders, configure how many failed login attempts will lock an account, and control user rights.

How Group Policy Objects Processed

GPOs are applied in a the following order – a very predictable and logical order

  • Local
  • Site .
  • Domain
  • Organizational Units
  1. Local – Any settings in the computer’s local policy. Prior to Windows Vista, there was only one local group policy stored per computer. Windows Vista and later Windows versions allow individual group policies per user accounts.
  2. Site – Any Group Policies associated with the Active Directory site in which the computer resides. (An Active Directory site is a logical grouping of computers, intended to facilitate management of those computers based on their physical proximity.) If multiple policies are linked to a site, they are processed in the order set by the administrator.
  3. Domain – Any Group Policies associated with the Windows domain in which the computer resides. If multiple policies are linked to a domain, they are processed in the order set by the administrator.
  4. Organizational Unit – Group policies assigned to the Active Directory organizational unit (OU) in which the computer or user are placed. (OUs are logical units that help organizing and managing a group of users, computers or other Active Directory objects.) If multiple policies are linked to an OU, they are processed in the order set by the administrator.

The resulting Group Policy settings applied to a given computer or user are known as the Resultant Set of Policy (RSoP). RSoP information may be displayed for both computers and users using the gpresult command.

How Often Group Policy is updated

Group Policy is updated every 90 minutes, with a random timer up to 30 minutes. That means that, by default, there can be up to a 120 minute wait. Group Policy for the computer is always updated when the system starts. You can specify an update rate from 0 to 64,800 minutes(or 45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. Short update intervals aren’t recommended, because updates might increase network traffic.

As you can see, Group Policy is an essential tool for automating otherwise tedious and time-consuming tasks.  Do you have tried and true Group Policies that are indispensable to you as a sysadmin? If so, we’d love to hear about them in the comments!

If you have any questions feel free to contact me on admin@windowstechno.com also follow me on facebook @windowstechno to get updates about new blog posts.

 

How useful was this post?

Click on a star to rate it!

Leave a Reply