🛠️

GPMC Overview and Best Practices

Jun 20, 2025

Overview

This lecture covers the Group Policy Management Console (GPMC) for managing Group Policy Objects (GPOs) in Active Directory, including best practices for editing, testing, and backing up GPOs.

Introduction to GPMC

  • GPMC is the main tool for creating and viewing Group Policy Objects (GPOs).
  • Access GPMC via Server Manager > Tools or by running gpmc.msc.
  • The GPMC interface mirrors Active Directory's structure and adds its own management containers.

GPMC Containers and Tools

  • The Group Policy Objects container holds all GPOs in the domain.
  • WMI filters use Windows Management Instrumentation properties to target GPOs to specific computers.
  • Group Policy Results helps troubleshoot which policies apply to a user or computer.
  • Group Policy Modeling predicts policy application outcomes before making changes.

GPO Linking and Organization

  • GPOs can only be linked to domains, sites, and Organizational Units (OUs), not default user/computer containers.
  • Organize users and computers into OUs for more targeted policy application.

Default GPOs in New Domains

  • Two default GPOs: Default Domain Policy (applies to the entire domain) and Default Domain Controller Policy (applies to domain controllers).
  • These default GPOs enforce domain-wide policies like password requirements and audit settings.

Navigating and Editing GPOs

  • GPOs divide settings into Computer Configuration and User Configuration, each with policies and preferences.
  • All GPOs have access to the same settings.
  • Use the settings report in GPMC to see which policies are configured.

Safe GPO Management Practices

  • Always back up GPOs before making changes, using a secure folder accessible only to administrators.
  • Changes take effect as soon as "Apply" or "OK" is clicked; there is no undo button.
  • Restoring from backup can revert accidental or unwanted changes.

Testing GPO Changes

  • Test GPO changes by creating a test OU with test accounts or machines.
  • Copy the target GPO, modify the copy, and link it only to the test OU.
  • After confirming the changes work, backup the test GPO and import it into production.
  • Advanced Group Policy Management (AGPM) provides revision control for GPOs.

Key Terms & Definitions

  • GPMC (Group Policy Management Console) — Tool for creating and managing GPOs.
  • GPO (Group Policy Object) — A set of rules for controlling user and computer settings in a domain.
  • WMI Filter — A filter that applies GPOs based on device properties.
  • OU (Organizational Unit) — An Active Directory container for organizing users and computers.
  • AGPM (Advanced Group Policy Management) — Microsoft add-on for GPO version control.

Action Items / Next Steps

  • Practice navigating GPMC and locate default GPOs.
  • Back up an existing GPO before making any changes.
  • Set up a test OU and follow the procedure for safely testing GPO modifications.

View note sourcehttps://d3c33hcgiwev3.cloudfront.net/hi7L39ZiTYyUvVXaAmN0vg.processed/full/720p/index.mp4?Expires=1750550400&Signature=H3pEy5rj1Bj2gfu7RKzLuGmFhwpdn-ZApVKnIehcLkdNbM-jEWw9C2k64bWrdDY4KfBq43EdM3qJt2bvvTf5OwXiajIVxJA~ynAocPRUv5fPTNU38qDIhLWAKQ5YAJFBs2~ykOcOuyb6jvA4XP0VHhrw3OiteQ3R~oEp~UUYsmc_&Key-Pair-Id=APKAJLTNE6QMUY6HBC5A