Home Add to Favorite Contact Submit  
             28 September, 2023

Category:  Articles » Computers


Group Policy and Group Policy Object (GPO)

         Views: 3014
2007-05-10 10:25:00     
Article by ucertify

What are group policies?

Group policies specify how programs, network resources, and the operating system work for users and computers in an organization. They are collections of user and computer configuration settings that are applied on the users and computers (not on groups). For better administration of group policies in the Windows environment, the group policy objects (GPOs) are used.

What is GPO?

Group policy object (GPO) is a collection of group policy settings. It can be created using a Windows utility known as the Group Policy snap-in. GPO affects the user and computer accounts located in sites, domains, and organizational units (OUs). The Windows 2000/2003 operating systems support two types of GPOs, local and non-local (Active Directory-based) GPOs.

Local GPOs

Local GPOs are used to control policies on a local server running Windows 2000/2003 Server. On each Windows 2000/2003 server, a local GPO is stored. The local GPO affects only the computer on which it is stored. By default, only Security Settings nodes are configured. The rest of the settings are either disabled or not enabled. The local GPO is stored in the %systemroot%SYSTEM32GROUPPOLICY folder.

Non-local GPOs

Non-local GPOs are used to control policies on an Active Directory-based network. A Windows 2000/2003 server needs to be configured as a domain controller on the network to use a non-local GPO. The non-local GPOs must be linked to a site, domain, or organizational unit (OU) to apply group policies to the user or computer objects. The non-local GPOs are stored in %systemroot%SYSVOLPOLICIESADM, where is the GPO's globally unique identifier. Two non-local GPOs are created by default when the Active Directory is installed:
Default Domain Policy: This GPO is linked to the domain and it affects all users and computers in the domain.

Default Domain Controllers Policy: This GPO is linked to the Domain Controllers OU and it affects all domain controllers placed in this OU.
Multiple GPOs

When multiple group policy objects are assigned, the group policies are applied in the following order:
The local group policy object is applied first.

Then, the group policy objects linked to sites are applied.
If multiple GPOs exist for a site, they are applied in the order specified by an administrator.

GPOs linked to the domains are applied in the specified order.

Finally, GPOs linked to OUs are applied.
The OU group policy objects are set from the largest to the smallest organizational unit, i.e., first the parent OU and then the child OU.
By default, a policy applied later overwrites a policy that was applied earlier. Hence, the settings in a child OU can override the settings in the parent OU.
Group policy settings are cumulative if they are compatible with each other. In case they conflict with each other, the GPO processed later takes precedence.

The following are the exceptions with regard to the above-mentioned settings:
No Override: Any GPO can be set to No Override. If the No Override configuration is set to a GPO, no policy configured in the GPO can be overridden. If more than one GPO has been set to No Override, then the one that is the highest in the Active Directory hierarchy takes precedence.

Block Policy Inheritance: The Block Policy Inheritance option can be applied to the site, domain, or OU. It deflects all group policy settings that reach the site, domain, or OU from the object higher in the hierarchy. However, the GPOs configured with the No Override option are always applied.

Loopback setting: By default, users settings override computer settings in case of any conflict in policy settings. By configuring loopback setting, an administrator can reverse the process of the application of policies. When the Loopback option is configured, the computer settings take precedence on the users settings. The Looback option can be set as Not Configured, Enabled, or Disabled. The enabled Loopback option can be set in the following two modes:
Replace mode: In this mode, the computer policy settings override the user policy settings.

Merge mode: In this mode, the computer policy settings are appended to the user policy settings
Note: The computers that are members of a workgroup are not affected by the non-local GPOs policy settings. They process only the local GPOs.

Group Policy Inheritance

The group policies are inherited from parent to child within a domain. They are not inherited from parent domain to child domain. The Following are the rules regarding group policy inheritance:
A policy setting is configured (Enabled or Disabled) for a parent OU, and the same policy setting is not configured for its child OUs. The child OUs inherit the parent's policy.

A policy setting is configured (Enabled or Disabled) for a parent OU, and the same policy setting is configured for its child OUs. The child OUs settings override the settings inherited from the parent's OU.

If any policy is not configured, no inheritance takes place.

Compatible policy settings configured at the parent and child OUs are accumulated.

Incompatible policy settings from the parent OU are not inherited.
Filtering Scope of GPOs

Although GPOs are linked to the site, domain, or OUs, and they cannot be linked to the security groups directly, applying permissions to the GPO can filter its scope. The policies in a non-local GPO apply only to users who have the Read and Apply Group Policy permissions set to Allow. By specifying appropriate permissions to the security groups, the administrators can filter a GPO's scope for the computers and users.

Note: The Apply Group Policy permission is not available with the local GPO.

Specialized in: Local Gpos - Non-local Gpos - Default Domain Policy
URL: http://www.ucertify.com
Print article      Bookmark this page
Related Articles 
Applicant tracking system provides best way of hiring (Popularity: ): The system was made to match resumes with the job postings that contain the perfect keyword phrases. The new system employs role-specific competencies that's the basis for future Teacher Career Pathways work. Picking a new applicant tracking system or moving to another one may be daunting endeavor. Some systems allow for the automated scanning and upload of information from a candidate resume in the ATS. Applicant Tracking system which is ...
The best ways to support your customers through managed IT services (Popularity: ): Most people tired of searching ways to please their customers have managed to overlook one critical aspect that always works, pleasing your customers. They must always keep in mind that the old ways are the best. Even if your business is not related to customer services you must at least act like serving them is your major priority. Now there are various ways in achieving the above stated objective yet ...
Using Network Monitoring Program for Estimating Employees Effectiveness (Popularity: ): A decent organization's supervisor ought to be constantly mindful of what number of assets his organization utilizes, what number of assets is spent, what are the present costs on power, communication, and different assets. In the last 10 or 15 years, one more vital cost thing was included: an advanced organization's task is incomprehensible without an association with the Internet. To know the amount you need to pay for it, ...
Benefits to use private proxies for browsing internet securely (Popularity: ): The internet is common use by the people of world. There are limitless users of internet but among them there are some hackers. These hackers are present on the web to steal your info or data and make misuse onto such info. Whenever, this happen then you may have to face biggest loses and uncertainties. At this time, the internet users need a solution which can work perfectly over it. ...
How the recruitment platform is valuable this time? (Popularity: ): Different businesses have different requirements or also diverse objective. But the recruitment process is common no matter the kind of business. But to get success is not possible without the proper staffing. There are various levels of recruitment but the recruitment must be adequate or according to the eligibility. For bringing modernity in the business or proper achievement of its objectives require to adopt the new technology time to time. ...

Related Business 
Migration Policy Group (Popularity: ): European immigration issues and policy advocay group. Site gives overview of group's activities and publications.
AD Audit Plus (Popularity: ): ManageEngine ADAudit Plus provides complete audit of Active Directory. This audit reporting and alerting software provides detailed change information on: user and computer accounts, user activity, user and group history, group memberships, logon activity, GPO changes, OU changes, administrative changes and domain policy changes. This is used by IT administrators for security audits and in meeting compliance demands like SOX, HIPAA & GLBA.
European International Policy Forum (Popularity: ): Series of advanced international policy seminars aiming to facilitate a policy dialogue that strengthens the partnerships between the European Union, the World Bank group and developing countries.
Centre for Policy Studies (Popularity: ): The institute develops and publishes public policy proposals and arranges seminars and lectures on topical policy issues, as part of its mission to influence policy around the world.
Public Policy Center (Popularity: ): The University of Iowa's Public Policy Center was formed in 1987 to facilitate interdisciplinary academic research on public policy issues including transportation policy, health policy and human factors.
H. John Heinz III School of Public Policy and Management (Popularity: ): Programs and research in Information and Technology, Criminal Justice Policy and Management, Public Policy Analysis, Public Finance and Budget, Environmental Policy Management, Social Policy and Nonprofit Management.
Center for National Policy (Popularity: ): Non-profit, non-partisan public policy organization located in Washington, DC. Contributes to policy debates on issues of U.S. national interest including economic analysis, equal opportunity, community studies and foreign policy.
Health Policy Monitor (Popularity: ): Provides reports on health policy reforms from 15 industrialized countries to enhance global discussions on policy making; resources include current health policy ideas, approaches, model projects, and legislation.
Thomas Bernauer's Research Group (Popularity: ): Research and teaching activities relating to international political economy, international environmental policy, European integration, arms control, and Swiss Foreign Policy
Foreign Policy In Focus: Internet Gateway to Foreign Policy (Popularity: ): Sponsored by the Institute for Policy Studies and the Interhemispheric Resource Center, this site hopes to further popular understanding of the impact of current U.S. policies by providing information and analysis of policy issues and recommending reforms or alternatives.