AD Group Policy
- AD Group Policies are critical pieces of instructions in an AD environment that an IT administrator can configure.
- AD Group policies will determine the behaviour and privileges for users and computers.
- Group policies are primarily a security solution for the AD network.
- Administrators can configure these settings and then implement sets of these settings on sites, domains, or OUs containing users and computers.
Example
- Suppose there are two Organizational Units in the Active Directory, "Sales" and "IT".
- Now, we want that the "sales" OU should not access a particular resource in the AD but the "IT" OU should access it.
- This is how we implement Group Policy.
Group Policy Management Console (GPMC)
- It is a console which helps us in creating different types of settings (policies/configurations).
Group Policy Object (GPO)
- This is a collection of settings that are created by GPMC
- Example : Security configurations, password policies, Network deployment, desktop configuration etc.
Types of Group Policy
There are 2 types of group policy:
-
Local Group Policy :
- Affects only work station it is on.
- Each computer running the windows line of the operating system has exactly one local group policy.
- It is available only to the particular computer in which it resides and the users who log on to that computer.
- The local group policy objects reside in the
%systemroot%\System32\Group Policyfolder.
-
Centralized Group Policy :
- Each domain controller has one or more centralized group policies.
- They are available to all the machines and user in the AD environment.
- A centralized Group Policy can be applied to all users and computers in a domain, or to a particular OU depending on where the Group Policy is linked.
Advantages of Group Policy
- Strong password policy
- Regular health checks
- Management of system
- Centralized administration
- Help defend against both insider threats and external attacks.
