Chapter 8. Group Policy Primer
Group Policy is a large topic that deserves a book in itself (and there are several of those) to be properly covered. We will discuss group policy as it applies specifically to the design and administration of an Active Directory in this book, but not Group Policy as it applies to the actual settings and operations on an Active Directory client.
The goal of policy-based administration is for an administrator to define the environment for users and computers once by defining policies, and then to rely on the system to enforce those policies. This chapter is an introduction to the Group Policy and how to manage it. Chapter 12 covers how to begin designing Group Policy and the OU structures in support of Group Policy.
The scope and functionality of Active Directory group policies encompasses a number of key points:
They can be targeted to individual computers and users, sites, domains, and Organizational Units.
They can apply to users, computers, or groups of either.
They can set values and automatically unset them in specified situations.
They can do far more than just a desktop lockdown.
With group policies, an administrator can define a large number of detailed settings to be enforced on users throughout the organization and be confident that the system will take care of things. Let’s take an example from Leicester University. Administrators wanted the Systems Administrator toolset to be available on workstations they worked from. While they could install ...
Get Active Directory, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.