Group Policy Implementation
Now that you know the components of GP, let's look at how they are implemented. Like NTFS permissions, GPs are cumulative and inherited—cumulative in that the settings modified by a policy can build upon other policies and "amass" configuration changes, and inherited in that objects below other objects in Active Directory can have any GPs that are applied to their parent object be applied to themselves automatically.
GPOs are associated with, or linked, to any number of objects, either within a directory or local to a specific machine. To implement a GP on a specific type of object, follow these guidelines.
- Local computer
Use the Local Security Policy snap-in inside Control Panel → Administrative Tools. Or, for a more complete look, use Start → Run →
gpedit.msc.- A specific computer
Load the MMC, and then select Add Snap-in from the File menu. Browse in the list and add the Group Policy Object Editor to the console. On the Select Group Policy Object screen, peruse the list to find the specific object you want.
- Entire domain
Install and launch the Group Policy Management Console, and then right-click on the domain and create or edit a policy from there.
- OU within Active Directory
Install and launch the Group Policy Management Console, right-click on the OU, and create or edit a policy from there.
- Active Directory site
Launch Active Directory Sites and Services, right-click the site's name, and select Properties from the context menu. Navigate to the Group Policy tab, ...
Get Windows Server 2008: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
