Group Policy is one of the best features of Microsoft Active Directory. Introduced in Windows 2000, Group Policy provides a way for administrators to apply consistent configurations to groups of users and computers. Group policies can help you enforce your organization’s written policies. For example, your company’s security manual might require that all computers in the research department display a message when users log on, informing them of increased security monitoring in that department. Group Policy allows you to centrally configure, implement, and manage such a warning message, and apply it to the necessary computers.

One of the greatest security-related features of Group Policy is the ability to deploy security templates across an enterprise. Security templates, which I’ll discuss throughout this chapter, make it possible to bundle an entire security configuration into a single file (the template). For example, you might create a security template for client computers in your organization and then use Group Policy to deploy the security template to the client computers. In this manner, you can centrally configure computers to have a consistent security configuration. You’re assured that the configuration will be enforced, thus protecting your computers. Because templates can be centrally managed, you can update, revise, and improve your security configuration over time as required by your organization.

Group Policy has many ...