Group Policy Implementation
Now that you know the components of GP, let’s take a look at how they are implemented. Like NTFS permissions, GPs are cumulative and inherited—cumulative in that the settings modified by a policy can build upon other policies and “amass” configuration changes, and inherited in that objects below other objects in Active Directory can have any GPs that are applied to their parent object be applied to themselves automatically.
GPOs are
associated with, or linked, to any number of
objects, either within a directory or local to a specific machine. To
implement a GP on a specific type of object, follow these guidelines.
- Local computer
Use the Local Security Policy snap-in inside Control Panel → Administrative Tools. Or, for a more complete look, use Start → Run →
gpedit.msc.- A specific computer
Load the MMC, and then select Add Snap-in from the File menu. Browse in the list and add the Group Policy Object Editor to the console. On the Select Group Policy Object screen, peruse the list to find the specific object you want.
- Entire domain
Launch Active Directory Users and Computers, right-click the domain name, and select Properties from the context menu. Navigate to the Group Policy tab, and create or edit a policy from there.
- OU within Active Directory
Launch Active Directory Users and Computers, right-click the OU’s name, and select Properties from the context menu. Navigate to the Group Policy tab, and create or edit a policy from there.
- Active Directory ...
Get Learning Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
