How Group Policy Works
Unfortunately, Group Policy isn’t something you can just jump in and start using. Group Policy is heavily integrated with Active Directory and requires a good bit of planning before it can be used effectively. Most of that planning simply involves understanding how Group Policy works.
Because Group Policy works within Active Directory, you have a lot of
flexibility in applying Group Policy settings to your users and
computers. Active Directory allows you to create any number of
different Group Policy Objects, or
GPOs, which are a collection of
settings. You can link a GPO to an organizational
unit
(OU), site, or domain within Active
Directory. When a computer starts up or a user logs on to the domain,
any GPOs that are linked to the domain, site, or OU the computer or
user resides in are automatically applied.
Tip
Group Policy applies to both computers and users; however, some settings may apply only to computers or to certain users of a computer. Computer policies are always applied before user policies.
GPOs are applied in a specific order:
Settings from the local policy are applied first, if they’ve been configured.
If a GPO is linked to the computer’s site, it applies next. Because users don’t belong to sites, this is applicable only to computers.
If a GPO is linked to the user’s (or computer’s) domain, it applies next.
Any GPOs linked to the OUs that contain the user’s (or computer’s) account are applied next, in order. For example, suppose a user account is ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
