Group Policy
From open-encyclopedia.com - the free encyclopedia.
| Contents |
Overview
What Is Group Policy?
Group Policy is a Microsoft technology that supports one-to-many management of machines and users in an Active Directory environment. By editing Group Policy Objects (GPOs) to contain policy settings and targeting the GPO at the intended machines or users, specific configuration parameters can be managed centrally. In this way, potentially thousands of machines or users can be updated via a simple change to a single GPO. This reduces the administrative burden and costs associated with managing these resources.
After creating and editing a GPO, the Group Policy administrator then targets the GPO to an appropriate Active Directory site, domain or organizational unit. Group Policy handles delivering the GPO to the appropriate machines or users, which are then configured according to the contents of the GPO.
Group Policy is also used as the basis for management of a group of technologies, referred to as IntelliMirror. These technologies relate to management of disconnected machines or roaming users and include Roaming User Profiles, Folder Redirection and Offline Folders.
Supported Platforms
Group Policy is supported on Windows 2000, Windows XP (Professional) and Windows Server 2003.
Group Policy Extensions
Group Policy supports the concept of a Client Side Extension (CSE). These are extensions to the Group Policy framework that provide specifical functionality to the Group Policy administrator (for the most part, CSEs are transparent to the administrator since the GPMC and GPEdit merge them into a unified "namespace"). The following extensions are supplied with the operating system:
- Administrative Templates extension - for the modification of registry keys
- Software installation extension - the centralized management of software
- Security extension - control of security policy
- Internet Explorer Maintainence - management of Internet Explorer
- Scripts extension - invocation of machine and user scripts.
The Three Phases of Using Group Policy
Group Policy can be considered in three distinct phases - GPO creation, targeting of the GPO and application of the GPO.
Creating and Editing GPOs
GPOs are created and edited through two complimantary tools - the Group Policy Management Console (GPMC) and the Group Policy Object Editor (GPEdit). In simple terms, GPMC manages everything about the GPO except its contents - creation of the GPO, how it it linked, copied, deleted, etc. By contrast, GPEdit is used to manage the contents of the GPO itself.
Targeting GPOs
After a GPO has been created it can be linked to an Active Directory site, domain or OU. It is most common for GPOs to be linked to OUs.
GPO Application
The Group Policy client operates on a "pull" model - every so often (a randomized delay of between 90 and 120 minutes) it will collect the list of GPOs appropriate to the machine and logged on user (if any). The Group Policy client will then apply those GPOs which will thereafter affect the behavior of policy-enabled operating system components and applications.
