Overview
This lecture introduces Active Directory Group Policy Objects (GPOs) and explains how they are used to manage computers and users in a Windows domain environment.
Introduction to Group Policy Objects (GPOs)
- Group Policy Objects (GPOs) are sets of policies and preferences applied to objects in Active Directory.
- GPOs help standardize and manage configuration for different teams or groups within an organization.
- They can define software preferences, enforce security rules, and automate tasks through scripts.
GPO Application and Scope
- GPOs must be linked to domains, sites, or organizational units (OUs) to take effect.
- Once linked, GPOs apply to all users and computers within the targeted domain, site, or OU.
- Tools like security filtering and WMI filters can make GPOs apply more selectively.
Types of GPO Settings
- GPOs include both computer configuration and user configuration settings.
- Computer configuration applies at system startup when the machine joins the domain.
- User configuration applies each time a user logs onto a domain-joined machine.
- Policies are enforced and reapplied every 90 minutes to prevent configuration drift.
- Preferences provide default settings that users can change without being overwritten.
How GPOs Are Distributed and Applied
- When a device joins the domain, it receives a list of GPOs from a domain controller.
- GPOs and supporting files are downloaded from the sysvol network share on each domain controller.
- The sysvol folder is replicated between all domain controllers for consistency.
GPOs and the Windows Registry
- Many GPO settings are written as values in the Windows Registry.
- Windows and applications read registry settings to determine their configuration and behavior.
Key Terms & Definitions
- Active Directory (AD) — a directory service for storing information about network objects.
- Group Policy Object (GPO) — a set of rules and preferences for configuring users and computers.
- Organizational Unit (OU) — a container in AD used for grouping objects for management.
- Sysvol — a shared folder on domain controllers that stores GPO files and scripts.
- Windows Registry — a database that stores configuration settings for Windows and applications.
Action Items / Next Steps
- Review how to create, link, and manage GPOs in Active Directory.
- Learn to use security and WMI filters for targeted policy application.
- Prepare for hands-on practice with GPO management in the next session.