In this book, we have already discussed a few recipes that call for the modification of Group Policy Objects (GPOs), but we have not taken the time to discuss why Group Policy is important in the first place. To those who have worked within Active Directory for a while, Group Policy may be familiar territory. I still find, though, that many IT folks working in the Server Administrator role are not overly familiar with Group Policy and how it can benefit them. Particularly in smaller companies, this incredibly powerful feature of Windows tends to be overlooked. It is easy to think of Active Directory as the storage container for your user and computer accounts, because those are the core necessary tasks that it accomplishes. But as soon as you install the Domain Services role to configure your first Domain Controller, you have automatically included Group Policy capabilities into that domain.
Let's walk through some recipes together to make sure you are able to interact with Group Policy comfortably and begin to explore its underlying capabilities:
Group Policy is a centralized administration tool for your domain joined systems. To summarize its capabilities, you can create policies in Active Directory, assign those policies to particular users or computers, and within those policies change any number of settings or configurations that are within the Windows operating system. The item inside Active Directory that contains these settings is called a Group Policy Object (GPO), so we will be focusing on the creation and manipulation of these in order to make some centralized management decisions that will affect large numbers of computers in our environment. GPOs can be utilized for user accounts, client computer settings, or for putting configurations onto your servers. Any domain joined system can be manipulated by a GPO, and typically settings put into place by GPOs cannot be overridden by users, making them a very integral part of security for companies familiar with making use of Group Policy regularly.
We will place a number of different configuration settings inside the GPOs that we create throughout this chapter, but we will not come close to covering even a fraction of the available settings that could be manipulated. For full coverage Group Policy settings that are available, please check out the following link: http://www.microsoft.com/en-us/download/details.aspx?id=25250.
3.22.217.193