{"id":2733,"date":"2020-04-27T12:10:39","date_gmt":"2020-04-27T12:10:39","guid":{"rendered":"https:\/\/wiki.thomasandsofia.com\/?p=2733"},"modified":"2020-04-28T01:40:50","modified_gmt":"2020-04-28T01:40:50","slug":"4-introduction-to-group-policy-management","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=2733","title":{"rendered":"4 Introduction to Group Policy Management"},"content":{"rendered":"<p><a href=\"\/what-is-active-directory-users-computers\/\">&lt; 3 Introduction to Active Directory<\/a> | <a href=\"\/active-directory-and-group-policies\/\">Home<\/a> | <a href=\"\/5-group-policy-troubleshooting\/\">5 Group Policy Troubleshooting &gt;<\/a><\/p>\n<h1>18: What is Group Policy<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8371484#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8371484#content<\/a><\/p>\n<h2>What is Group Policy<\/h2>\n<p>Used to deploy configuration changes to thousands of users or computers at one time.<\/p>\n<ul>\n<li>Restrict some users from accessing specific computers<\/li>\n<li>Allow access to some users to specific files<\/li>\n<li>Deploy software to specific computers<\/li>\n<\/ul>\n<h2>How does Group Policy Work<\/h2>\n<ul>\n<li>Applies a GPO (Group Policy Object) to OUs<\/li>\n<li>GPOs contain User and Computer configuration settings<\/li>\n<li>When a setting is applied to a GPO, it is instantly applied to all users or computers that are members of that OU<\/li>\n<\/ul>\n<h2>GPO Recursion<\/h2>\n<ul>\n<li>A GPO will apply recursively to all sub OUs and Objects<\/li>\n<\/ul>\n<h2>Accessing Group Policy Management<\/h2>\n<ul>\n<li>Server Manager &gt; Tools &gt; Group Policy Management<\/li>\n<li>Default Domain Policy\n<ul>\n<li>Group Policy Management &gt;Forest: tas.local &gt;Domains &gt; tas.local &gt;Default Domain Policy &gt; [OK]<\/li>\n<li>Will apply to ALL OUs &amp; sub OUs under tas.local<\/li>\n<li>Is actually a link to a Group Policy Object<\/li>\n<\/ul>\n<\/li>\n<li>Group Policy Objects\n<ul>\n<li>Contains all GPOs in the domain, whether they are active or not.<\/li>\n<\/ul>\n<\/li>\n<li>WMI Filters\n<ul>\n<li>Allow you to add specific rules when a GPO should or should not be applied\n<ul>\n<li>Example: Apply a specific GPO rule when a computer is running Windows 7 or newer.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Starter GPO\n<ul>\n<li>Used to import or export GPOs for distribution to other environments.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>19: Creating and Linking Group Policy Objects (GPOs)<\/h2>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8371614#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8371614#content<\/a><\/p>\n<h2>How to Create and Manage Group Policy Objects<\/h2>\n<ul>\n<li>GPOs contain configurations and settings that can be applied to Users or Computers that are stored within Active Directory<\/li>\n<li>A domain can contain several GPOs<\/li>\n<li>A single GPO can be linked or applied to several OUs simultaneously\n<ul>\n<li>A GPO could be created to install Anti-virus software, then applied to all computer OUs that need it<\/li>\n<li>A GPO could be created that prevents access to Internet Explorer, then applied to any user OUs where these users should not have that access.<\/li>\n<\/ul>\n<\/li>\n<li>Creating a GPO is similar to creating users in AD\n<ul>\n<li>Group Policy Objects [RtClk] &gt; New<\/li>\n<li>OR<\/li>\n<li>[RtClk] any OU &gt; &#8220;Create a GPO in this domain, and Link it here&#8230;&#8221;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Lab: Creating a GPO<\/h3>\n<h4>Adding directly to an OU<\/h4>\n<ul>\n<li>[RtClk] tas.local &gt; Create a GPO in&#8230;\n<ul>\n<li>Name: Test GPO<\/li>\n<li>Starter: None<\/li>\n<li>[Ok]\n<ul>\n<li>The GPO will be listed under the tas.local OU<\/li>\n<li>The GPO will also be listed under the Group Policy Objects OU<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>RtClk the link under tas.local and delete\n<ul>\n<li>It will be removed from under tas.local<\/li>\n<li>The actual Policy will still be listed under Group Policy Objects.<\/li>\n<\/ul>\n<\/li>\n<li>Delete the Policy\n<ul>\n<li>Group Policy Objects &gt; Test GPO [RtClk] &gt; Delete<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h4>Create the Policy, then add to an OU<\/h4>\n<ul>\n<li>Group Policy Objects &gt; Test GPO [RtClk] &gt; New\n<ul>\n<li>Name: Test 2 GPO<\/li>\n<\/ul>\n<\/li>\n<li>Link it to tas.local\n<ul>\n<li>tas.local [RtClk] &gt; Link an Existing GPO<\/li>\n<li>Test 2 GPO &gt; [OK]<\/li>\n<\/ul>\n<\/li>\n<li>Delete the Link<\/li>\n<\/ul>\n<h4>Link Test 2 GPO to both Domain Computers and Domain Users<\/h4>\n<ul>\n<li>Same process as above<\/li>\n<li>Same Policy, now applied to multiple OUs<\/li>\n<\/ul>\n<h2>GPO Link Options<\/h2>\n<ul>\n<li>Edit\n<ul>\n<li>Where User and Computer settings are configured<\/li>\n<\/ul>\n<\/li>\n<li>Enforced\n<ul>\n<li>Set it at a higher precedence\/priority vs. other GPOs<\/li>\n<\/ul>\n<\/li>\n<li>Link Enabled\n<ul>\n<li>Like deleting a link, but remains in place for testing.<\/li>\n<\/ul>\n<\/li>\n<li>Save Report &#8230;\n<ul>\n<li>Save settings as a file<\/li>\n<\/ul>\n<\/li>\n<li>New Window from Here\n<ul>\n<li>Worthless<\/li>\n<\/ul>\n<\/li>\n<li>Delete<\/li>\n<li>Rename\n<ul>\n<li>Renames the entire GPO, Source, links, etc.<\/li>\n<\/ul>\n<\/li>\n<li>Refresh<\/li>\n<li>Help<\/li>\n<\/ul>\n<h2>GPO Options<\/h2>\n<ul>\n<li>Scope Tab\n<ul>\n<li>Links\n<ul>\n<li>Lists OUs where the GPO is applied<\/li>\n<\/ul>\n<\/li>\n<li>Security Filtering\n<ul>\n<li>Restricts the GPO from being applied to anything NOT listed here.<\/li>\n<\/ul>\n<\/li>\n<li>WMI Filtering\n<ul>\n<li>More advanced than Security Filtering\n<ul>\n<li>Only apply to Windows 7 and above&#8230;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Details Tab\n<ul>\n<li>General information about the GPO\n<ul>\n<li>Domain<\/li>\n<li>Owner<\/li>\n<li>User and Computer versions\n<ul>\n<li>Used for replication<\/li>\n<\/ul>\n<\/li>\n<li>GPO Status\n<ul>\n<li>All Disabled<\/li>\n<li>Computer disabled<\/li>\n<li>User disabled<\/li>\n<li>Enabled<\/li>\n<\/ul>\n<\/li>\n<li>Comments<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Settings Tab\n<ul>\n<li>Shows Settings report.<\/li>\n<li>Uses I.E. to display<\/li>\n<\/ul>\n<\/li>\n<li>Delegation Tab\n<ul>\n<li>People that can read, edit, modify or delete the GPO<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h1>20: Group Policy Precedence<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8351622#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8351622#content<\/a><\/p>\n<h2>Precedence Order (Lowest to Highest)<\/h2>\n<p>&#8220;The closer to the object, the higher the precedence.&#8221;<\/p>\n<p>&#8220;The setting applied Last wins&#8221; (They over-write other settings)<\/p>\n<ul>\n<li><strong>L<\/strong>ocal GP\n<ul>\n<li>First Applied<\/li>\n<\/ul>\n<\/li>\n<li><strong>S<\/strong>ite<\/li>\n<li><strong>D<\/strong>omain<\/li>\n<li><strong>O<\/strong>rganizational Unit\n<ul>\n<li>Sub Organization<\/li>\n<\/ul>\n<\/li>\n<li><strong>E<\/strong>nforced Group Policy Objects\n<ul>\n<li>Icon displayed with a LOCK<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>LSDOE<\/h3>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/04\/gp-precedence.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2742\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/04\/gp-precedence.png\" alt=\"\" width=\"538\" height=\"350\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/04\/gp-precedence.png 538w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/04\/gp-precedence-300x195.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/04\/gp-precedence-150x98.png 150w\" sizes=\"auto, (max-width: 538px) 100vw, 538px\" \/><\/a><\/p>\n<h2>Computer vs User<\/h2>\n<ul>\n<li>Computer applied first<\/li>\n<li>User applied second<\/li>\n<\/ul>\n<p>To remember, Computers are listed higher than Users<\/p>\n<h2>Blocked Inheritance<\/h2>\n<ul>\n<li>OUs can block inheritance<\/li>\n<li>Only GPOs inside the OU will apply\n<ul>\n<li>Except for Enforced GPOs above the OU<\/li>\n<\/ul>\n<\/li>\n<li>Icon displayed with an Exclamation Point<\/li>\n<\/ul>\n<h1>21: Editing Group Policy Objects<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8371636#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8371636#content<\/a><\/p>\n<ul>\n<li>Create a GPO<\/li>\n<li>[RtClk] &gt; Edit\n<ul>\n<li>Computer Configs vs User\n<ul>\n<li>Computer configs only apply to computers<\/li>\n<li>User configs only apply to users<\/li>\n<li>Some settings are the same for both, but many are different<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Lab:<\/h3>\n<ul>\n<li>Computer Configurations\u00a0 &gt; Policies &gt; Windows Settings &gt; Security Settings &gt;Event Log\n<ul>\n<li>All policies are default &#8216;Not Defined&#8217;.<\/li>\n<li>Select Policy [RtClk] &gt; Properties<\/li>\n<li>Select from the list of options available for the Policy\n<ul>\n<li>Click &#8216;Explain&#8217; tab for deeper explanation of what the Policy does.<\/li>\n<\/ul>\n<\/li>\n<li>[OK]<\/li>\n<li>This change will now be visible within the Group Policy reports.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>To know which\/how to set a policy, Google it!<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&lt; 3 Introduction to Active Directory | Home | 5 Group Policy Troubleshooting &gt; 18: What is Group Policy https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8371484#content What is Group Policy Used to deploy configuration changes to thousands of users or computers at one time. Restrict some users from accessing specific computers Allow access to some users to specific files Deploy software ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=2733\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-2733","post","type-post","status-publish","format-standard","hentry","category-active-directory"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/2733","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2733"}],"version-history":[{"count":6,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/2733\/revisions"}],"predecessor-version":[{"id":2746,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/2733\/revisions\/2746"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}