Now that you know the components of GP, let’s take a look at how they are implemented. Like NTFS permissions, GPs are cumulative and inherited—cumulative in that the settings modified by a policy can build upon other policies and “amass” configuration changes, and inherited in that objects below other objects in Active Directory can have any GPs that are applied to their parent object be applied to themselves automatically.
associated with, or
linked, to any number of
objects, either within a directory or local to a specific machine. To
implement a GP on a specific type of object, follow these guidelines.
Use the Local Security
Policy snap-in inside Control Panel
→ Administrative Tools. Or, for a
more complete look, use Start → Run
Load the MMC, and then select Add Snap-in from the File menu. Browse in the list and add the Group Policy Object Editor to the console. On the Select Group Policy Object screen, peruse the list to find the specific object you want.
Launch Active Directory Users and Computers, right-click the domain name, and select Properties from the context menu. Navigate to the Group Policy tab, and create or edit a policy from there.
Launch Active Directory Users and Computers, right-click the OU’s name, and select Properties from the context menu. Navigate to the Group Policy tab, and create or edit a policy from there.