Implementing GPOs in a Domain Environment
You can use Group Policy in an AD DS
environment to provide centralized configuration
management. Domain-based GPOs are created
and linked to objects within an AD DS
infrastructure. The computers and users that are
within those objects then are affected by the
settings in the GPO, depending on how the application of GPO is configured. Domain-based GPOs have several characteristics that do not apply to local GPOs policy objects.
GPO Storage
AD DS GPOs are stored as two components: a Group Policy container and a Group Policy template.
The Group Policy container is an AD DS object that is stored in the Group Policy Objects container in the AD DS database. The Group Policy container defines basic attributes of a GPO, but it does not contain any of the settings.
GPO Linking
AD DS GPOs can be applied to an AD DS infrastructure by linking the GPO. A GPO can be linked to an AD DS site, an AD DS domain, or to an AD DS OU. This enables you to apply GPO settings to specific computers within an AD DS structure, or to the entire domain.
GPO Inheritance
GPO settings are inherited from parent objects in AD DS so that GPOs applied at a higher level are passed down to computers and users in child objects in AD DS. This behavior ensures that settings applied at a high level—like the domain—are applied to all computers. In special cases, inheritance can be modified or blocked to provide a very specific configuration environment for certain computers or users.
GPO Application
By default, AD DS GPOs apply to all users and computers within the parent object where the GPO is linked. This application can be modified by filtering the application of GPOs by Windows Management Instrumentation (WMI) filters or security groups.
environment to provide centralized configuration
management. Domain-based GPOs are created
and linked to objects within an AD DS
infrastructure. The computers and users that are
within those objects then are affected by the
settings in the GPO, depending on how the application of GPO is configured. Domain-based GPOs have several characteristics that do not apply to local GPOs policy objects.
GPO Storage
AD DS GPOs are stored as two components: a Group Policy container and a Group Policy template.
The Group Policy container is an AD DS object that is stored in the Group Policy Objects container in the AD DS database. The Group Policy container defines basic attributes of a GPO, but it does not contain any of the settings.
GPO Linking
AD DS GPOs can be applied to an AD DS infrastructure by linking the GPO. A GPO can be linked to an AD DS site, an AD DS domain, or to an AD DS OU. This enables you to apply GPO settings to specific computers within an AD DS structure, or to the entire domain.
GPO Inheritance
GPO settings are inherited from parent objects in AD DS so that GPOs applied at a higher level are passed down to computers and users in child objects in AD DS. This behavior ensures that settings applied at a high level—like the domain—are applied to all computers. In special cases, inheritance can be modified or blocked to provide a very specific configuration environment for certain computers or users.
GPO Application
By default, AD DS GPOs apply to all users and computers within the parent object where the GPO is linked. This application can be modified by filtering the application of GPOs by Windows Management Instrumentation (WMI) filters or security groups.
Implementing GPOs in a Domain Environment
Reviewed by Unknown
on
8:27 PM
Rating:
No comments: