Book Image

Mastering Windows Group Policy

By : Jordan Krause
Book Image

Mastering Windows Group Policy

By: Jordan Krause

Overview of this book

This book begins with a discussion of the core material any administrator needs to know in order to start working with Group Policy. Moving on, we will also walk through the process of building a lab environment to start testing Group Policy today. Next we will explore the Group Policy Management Console (GPMC) and start using the powerful features available for us within that interface. Once you are well versed with using GPMC, you will learn to perform and manage the traditional core tasks inside Group Policy. Included in the book are many examples and walk-throughs of the different filtering options available for the application of Group Policy settings, as this is the real power that Group Policy holds within your network. You will also learn how you can use Group Policy to secure your Active Directory environment, and also understand how Group Policy preferences are different than policies, with the help of real-world examples. Finally we will spend some time on maintenance and troubleshooting common Group Policy-related issues so that you, as a directory administrator, will understand the diagnosing process for policy settings. By the end of the book, you will be able to jump right in and use Group Policy to its full potential.
Table of Contents (12 chapters)

Requirements for Group Policy

This really is quite simple: you need to be running a domain. This is almost assuredly already the case for anyone who works for any company that has any servers. The first server in any Microsoft-centric network is almost always a DC, and the act of having a DC implies that you have a domain, and if you have a domain, then you have Group Policy available to you.

If you want your users to receive settings from Group Policy, the user accounts that they use to log into computers need to be domain accounts, and I think it goes without saying that the same is true for computers. If you would like to enforce settings on to computers or servers inside your environment, they must also be domain-joined. A domain is the hub for so many things inside any company network, including Group Policy processing and settings.

While Group Policy hasn't been around since the beginning of time, I also don't think that it is very important to spend too much time hashing out the details of what versions of Windows Server Domain Controllers have Group Policy, or what client-operating systems can take advantage of Group Policy settings. The reason this is not so important these days is because any operating system, both client and server, that Microsoft is still currently supporting does have Group Policy capabilities. In the very near future, we will start losing Microsoft support for Windows 7, and Group Policy has certainly been around for a lot longer than that.

So, the requirements for Group Policy = One Domain Controller.

However, if you want to establish a GPO and put some settings inside it and actually test it, then we'll need another device or user to which we can apply those settings and really test them out—so perhaps a DC plus a workstation.

One DC is enough to get Group Policy up and running, but multiple DCs are even better and enhance the stability and resiliency of both the domain and Group Policy itself.

Who can use Group Policy?

Any IT administrator who is working within a Microsoft domain environment, or those who are building networks from the ground up can use Group Policy. It benefits everyone involved—the IT administrator as well as the end users. AD and domain administrators will interact with the Group Policy Management Console on a regular basis to establish settings and design the rollout process for those settings to get to their respective users and computers. End users benefit from Group Policy by having preconfigured workstations that they know to be company-appropriate and, most importantly, secure. In fact, in my eyes, the ability to place security settings and requirements on to users and computers is the single biggest reason that every company should be utilizing Group Policy. We will, of course, spend some time securing your devices within this book.