In Active Directory Tutorial, we are talking about GPOs. Group Policy is a method of controlling settings across your network. Group policy consists of user and computer settings on the Windows Server 2008, Windows Server 2003 family, Microsoft Windows 2000 family, Windows Vista, Windows 7, and Microsoft Windows XP professional platforms that can be implemented during computer startup and shutdown and user logon and logoff. You can configure one or more GPOs within a domain and then use a process called linking, which applies these settings to various containers within Active Directory. You can link multiple GPOs to a single container or link one GPO to multiple containers throughout the Active Directory structure.
In this article we have shared the benefits and overall architecture of Group Policy Objects (GPOs). You will be able to describe the Group Policy Container and Group Policy Templates, as well as the use of the Group Policy Management Console (GPMC).
The following managed settings can be defined or changed through Group Policies:
- Registry-based policies: Such as user desktop settings and environment variables, provide a consistent, secure, manageable environment that addresses the user’s needs and the organization’s administrative goals. As the name implies, these settings modify the Windows Registry.
- Software Installation Policies: This can be used to ensure always have the latest versions of applications. It application files are inadvertently deleted, repairs are made without user intervention.
- Folder Redirection: It allows files to be redirected to a network drive for backup and makes them accessible from anywhere on the network.
- Offline File Storage: It works with folder redirection to provide the ability to cache files locally. This allows files to be available even when the network is inaccessible.
- Scripts: Scripts including logon, logoff, startup, and shutdown scripts, can assist in configuring the user environment.
- Windows Deployment Services (WDS): It assists in rebuilding or deploying workstations quickly and efficiently in an enterprise environment.
- Microsoft Internet Explorer settings provide quick links and bookmarks for user accessibility, in addition to browse options such as proxy use, acceptance of cookies, and caching options.
- Security settings protect resources on computers in the enterprise.
Depending on the organization’s needs, you can choose which features and settings you wish to implement. For example, you may need to create a policy for a public access computer in a library that configures the desktop environment with a proprietary library-access system. In addition, you might wish to disable the ability to write to the computer’s hard drive. As you determine the needs of different users and address those needs within corporate security and computing policies, you can plan the best methods to implement Group Policy.
Although the name Group Policy Object implies that policies are linked directly to groups, this is not the case. Group Policies can be linked to sites, domains, or OUs to apply those settings to all users and computers within these Active Directory containers. However, an advanced technique, called security group filtering, will allow you to apply GPO settings to only one or more users or groups within a container by selectively granting the “Apply Group Policy” permission to one or more users or security groups.
Now we will learn about the benefits that Group Policy offers to Active Directory administrators and the users and computers they support.
Benefits of Group Policy Objects
For the most part, corporations no longer use the pen-and-paper method of recording their accounting activities. Conversely, they also do not want to spend money needlessly in the implementation and management of their corporate systems. Rather, corporations always consider two criteria when evaluating technologies such as Group Policy: return on investment (ROI) and total cost of ownership (TCO).
Return on Investment (ROI) can be measured by tangible benefits, such as implementation costs and ongoing support. In addition, it can be measured by intangible benefits, such as increased user productivity and other factors that are difficult to measure from a financial standpoint. In financial terms, ROI is the amount of money gained (or lost) relative to the amount of money that was invested in a particular project or technology. Total cost of ownership (TCO) is designed to access the cost of implementing computer software or hardware, both in terms of direct and indirect costs. TCO can be calculated based on how much ownership costs over the lifetime of business resources. For example, the TCO of a network includes costs such as the original purchases of equipment, upgrades, implementation costs, and management costs, spread out over the life of the network. The goals of implementing Group policies are to increase a company’s ROI and decrease its TCO in terms of managing end-user workstations. These two benefits can be achieved by carefully planning your Group Policies to align with company policies and administrative goals.
Users may initially view Group Policies as a heavy-handed management tactic to keep them from using certain computer functions. However, if the concept is presented appropriately, users will understand that they also benefit from Group Policies. The following are just some of the benefits to users of Group Policy implementation:
- Users can access their files, even when network connectivity is intermittent. This is accomplished by using folder redirection and offline files.
- The user environment can be set up to be consistent, regardless of which workstation or location is used as the login computer.
- User files can be redirected to a server location that allows them to be backed up regularly, saving users from the headaches of lost data due to the failure of their workstations.
- Applications that become damaged or need to be updated can be maintained automatically.
Group Policies probably have their largest impact on reducing TCO due to their administrative benefits. Administrators find that group Policy implementation helps them to achieve centralized management. The following list identifies administrative benefits of Group Policy implementation:
- Administrators have control over centralized configuration of user settings, application installation, and desktop configuration.
- Problems due to missing application files and other minor application errors often can be alleviated by the automation of application repairs.
- Centralized administration of user-files eliminates the need for and cost of trying to recover files from a damaged drive.
- The need to manually make security changes is reduced by the rapid deployment of new settings through Group Policy.