Windows Domain Group Policy
From Stadm
Jump to navigationJump to search
Contents
Group Policy
- Group Policy is a great way to configure commonly deployed settings to both Users and Computers, below we show some commonly used Group Policy settings and how to apply them to only certain users/groups or computers
- Open up Group Policy Management: gpmc.msc
- As shown above, all Group Policy Objects are stores in the Group Policy Objects folder where the red arrow is pointing, from there they are linked into individual Organizational Units(OU's) where the black arrows are pointing to
- You can have OU's nested inside of other OU's and apply a GPO only to the child OU by dropping it into the nested OU's folder as shown below in Common Group Policies
- Group Policy Objects should only be edited on Rumba, Limbo is set to pull SYSVOL data from Rumba every 5 minutes. If you make a change to Group Policy and wish to have it sync immediately run this from Limbo to pull the data from Rumba
rsync -XAavz --delete-after root@rumba:/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol
- To check which domain controller you are using in Group Policy Management click on Domains and look at the server under "Current Domain Controller"
- If the server is not Rumba, right click on the domain name name and click "Change Domain Controller" and change it to Rumba so we are editing GPO's on the correct server
Common Group Policies
- In many domain environments a lot of computers will have the same settings that have to be applied across all of them, a good example of this is networking and firewall rules
- While we can go individually to each computer and manually type in multiple search suffixes or a firewall rule to allow Incoming Echo requests(ping) it would take forever on multiple computers, in this example we show you how to apply a Group Policy Object to a set of computers
- In the example above, the group policy "ERI Network, Firewall, and Remote Desktop Policy" is dragged and dropped into the "CCBER Computers" OU which is in the "Machines" OU. This Links the Group Policy Object to the Organizational Unit. This setting will only apply to Computers that are in the "CCBER Computers" OU, not the "Machines" OU