Group Policy Objects - With Great Power Comes Great Responsibility

Group Policy Objects (GPO's) can be a Network Administrators best friend; however, it takes some practice to truly harness their power.

Below is an example of the Group Policy Management Console. From here you can edit and manipulate all of the GPO's within your organization. Keep in mind, GPO's are applied to a specific Organizational Unit. The list of OU's on the left should mirror the OU's that have been created from within Active Directory Users and Computers. However, here you will only see which GPO's have been applied to an OU, not the actual Users/Computers the OU contains.

The OU called "Group Policy Objects" contains every GPO you have created regardless of where it is applied. Deleting it from this list will get rid of it forever; however, deleting it from a location where it has been applied will simply remove it from that OU while keeping the GPO itself for future use.

GPO's can be prioritized through their "Link Order"; however, this can be confusing for someone just starting out. You would expect policies to apply beginning with 1, then 2, and so on. This is not the case. A higher number actually represents a better priority, so the GPO with a Link Order of 10 will actually apply before a GPO with a Link Order of 3.

Once you create a GPO you can right click on it and select "Edit". This will bring up the "Group Policy Management Editor". From here you can apply numerous settings, applications, registry tweaks, etc. You can choose to create either a Computer or User based policy. Computer policies must be applied to an OU that holds computers, and User policies must be applied to an OU that holds Users. For example, if you were to create a User policy, and apply it to an OU that doesn't have any users in it, nothing would happen.

Group Policy can be a very powerful tool for managing all of the systems and users you administer. Once you truly master all that Group Policy has to offer every aspect of your network can easily be manipulated with relative ease.

For more information: http://technet.microsoft.com/en-us/windowsserver/bb310732.aspx

What do you think? Feel free to share your thoughts in the comments section, and remember to follow me on Twitter at http://twitter.com/TechnoTalk85.

Check back soon to learn even more about the exciting world of Information Technology.

See you next time.