Tools
There are multiple tools you use when working with Group Policy. The two primary tools have not changed much since Windows Server 2003 R2. The primary reason is they just work great, do what they are supposed to do and focus on key scenarios. This is a quick overview of the Group Policy Management Console or the GPMC, the first of the two primary tools. A follow-up post will explore the editor or the GPME.
Group Policy Management Console
The Group Policy Management Console or GPMC is the primary tool for managing Group Policy. This is where you create, link, secure, delegate control, report on, monitor status and more. It is a common tool for network administrators and desktop administrators alike and provides for a lot of scenarios.
 |
| GPMC |
In the GPMC you will see all domains and sites defined in your forest. Group Policy is primarily a domain specific technology. Keeping your management within a domain makes things easier but being able to apply policy across the enterprise, regardless of which domain a user or computer happens to be in is a very powerful feature.
The tool itself likes to focus its attention on the domain controller that holds the PDC emulator role. Some of us old people actually had to work with actual PDCs. In tools like GPMC if you choose to focus the attention on a different Domain Controller in your enterprise it is an easy change. Simply access the action menu from the Domain you are focused on and choose 'Change Domain Controller..."
 |
| Change DC |
Create Group Policy Objects
One important aspect to managing Group Policy is where the data is actually stored. This is important because GP is not the most forgiving of technologies. You want to know where you are placing a GPO and who/what it is affecting. There is a container under the Domain node in the GPMC called "Group Policy Objects". This container is where all GPOs are stored if they are 'linked' or not. I like to create my GPOs in this container and manage linking and delegating during my configuration process. To create a GPO;
- Right click on the "Group Policy Objects" node and select 'New'
- Give the GPO a Name
- Choose to start from scratch or pick a 'Source Starter GPO' (Starter GPOs will have to be another post)
- Click OK
 |
| New GPO |
Select the GPO you created in the list under the 'Group Policy Objects' container. The right hand side of the screen will contain the majority of information you need related to this GPO. The 'Scope' tab shows effectively which users and which computers may be affected by this GPO. I say may simply because there are additional caveats to cover in other posts. It will show which OUs the GPO is linked, what security groups will be affected by thsi GPO and even any WMI filters that will more granularly control application of the GPO.
The 'Details' tab shows version information, ownership, versioning and the GUID that references this GPO. This will be very important in other advanced scenarios.
The 'Settings' tab shows the native Microsoft settings configured in this Group Policy object. The 'Delegation' tab show which users will have access to this GPO for management purposes.
And the last tab, 'Status' is the newest piece of functionality here and it will show you the replication status of this GPO across other domain controller.
 |
| GPO Details |
There is a lot more to cover in the GPMC but for this overview that is a good start. Let's look at editing a Group Policy Object in a follow-up post.
No comments:
Post a Comment