Group Policy in Windows Server 2012

Group Policy allows administrators to define options for what users can do on a network – including what files, folders and applications they can access.  The collections of user and computer settings are referred to as Group Policy Objects (GPOs), which are administered from a central interface called the Group Policy Management Console. Group Policy can also be managed with command-line tools such as gpresult and gpupdate.

To open Group policy management console, go to server manager then tools then goup policy management

1.png

Under Group policy objects there will be two default GPO’s

Default Domain Controller Policy :- This GPO will apply on all domain controller.

1.png

Default Domain Policy :- This GPO will apply on entire domain.

1.png

As you can see in the below screen shot my Organisational unit is present in the group policy management console, for example lets create and link a GPO in OU ( HR under India)

1.png

Right click on group policy object and select new

1.png

Specify the name of GPO , like “HR GPO” and click OK to create new GPO

1.png

we can link this newly created GPO to site, Domain or OU , currently this GPO is not linked with any other container.

1.png

When you make any changes in GPO the version number will increase base on user and computer configuration setting.

1

In active directory, every GPO has a unique ID number to identify the GPO

1.png

Note : By default all GPO of active directory stored in folder (C:\Windows\Sysvol) and also this folder is shared so user/computer can get GPO from shared location.

Now lets link our “HR GPO” to HR organisation unit under INDIA

Right click on HR and click on “Link to existing GPO”

1

select the GPO name and click OK

1

we can see that HR GPO is successfully linked to HR organisational unit

1

Click on setting tab to check which setting are configured/enabled.

As per the below screen shot , right now there is no setting attached to the GPO

1.png

let’s go and apply

Right click on “HR GPO” and click on edit

1.png

In the below group policy management editor there are two types configuration and both part have similar settings

  1. Computer Configuration : – These settings are applied on computer accounts , when computer start/restart.
  2.  User Configuration :- These setting will apply on user accounts when user log on to computer account.

For example : to day we are going to restrict the control panel for the HR users

Go to user configuration in group policy management editor and then go to Administrative template then click on control panel then go to right panel and click on “Prohibit access to control panel and PC settings”

1.png

Double click on Prohibit access to control panel and PC settings   then click on enable and then apply

1.png

1.png

Group policy applied on the users of HR organisational unit.

Now login the client computer with HR user and we will not be able to open the control panel because we have restricted the control panel using GPO.

1.png


 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.