Get it on Google Play

Saturday, April 18, 2015

Configuring Group Policy settings

Group Policy settings enable you to customize the configuration of a user’s desktop, environment, and security settings. The settings are divided into two subcategories:
Computer Configuration and User Configuration. The subcategories are referred to as Group Policy nodes. A node is just a parent structure that holds all related settings. In this case, the node is specific to computer configurations and user configurations.
Group Policy nodes provide a way to organize the settings according to where they are applied. The settings you define in a GPO can be applied to client computers, users, or member servers and domain controllers. The application of the settings depends on the container to which you link the GPO. By default, all objects within the container to which you link the GPO are affected by the GPO’s settings.
The Computer Configuration and User Configuration nodes contain three subnodes, or extensions, that further organize the available Group Policy settings. Within the Computer Configuration and User Configuration nodes, the subnodes are as follows:


- Software Settings The Software Settings folder located under the Computer Configuration node contains Software Installation settings that apply to all users who log on to a domain using any computer affected by the GPO. The Software Settings folder located under the User Configuration node contains Software Installation settings that are applied to all users designated by the Group Policy, regardless of the computer
from which they log on.
- Windows Settings The Windows Settings folder located under the Computer Configuration node contains security settings and scripts that apply to all users who log on to AD DS from that specific computer. The Windows Settings folder located under the User Configuration node contains settings related to folder redirection, security settings, and scripts that apply to specific users.
- Administrative Templates Windows Server 2012 R2 includes thousands of Administrative Template policies, which contain all registry-based policy settings.
Administrative Templates are files with the .admx extension. They are used to generate the user interface for the Group Policy settings that you can set by using the Group Policy Management Editor.
To work with Administrative Template settings, you must understand the three different states of each policy setting. These three states are as follows:


- Not Configured No modification to the registry from its default state occurs as a result of the policy. Not Configured is the default setting for the majority of GPO settings.
When a system processes a GPO with Not Configured settings, the registry keys affected by the settings are not modified or overwritten, whatever their current value.
- Enabled The policy function is explicitly activated in the registry, whatever its previous state.
- Disabled The policy function is explicitly deactivated in the registry, whatever its previous state.


Understanding these states is critical when you are working with Group Policy inheritance and multiple GPOs. If a policy setting is disabled in the registry by default and you have a lower-priority GPO that explicitly enables that setting, you must configure a higher-priority GPO to disable the setting if you want to restore it to its default. Applying the Not Configured state will not change the setting, leaving it enabled.

No comments:

Post a Comment