Creating and Managing GPOs

Sign up to access this lesson

Click here to sign up and get access to this lesson!

Saving Progress...

In this lecture, you are going to learn how to create and manage Group Policy Objects commonly referred to as GPOs.

Now, GPOs contain settings and configurations that can be applied to users or computers that are stored within Active Directory. A Domain can contain several GPOs and you will almost never see a Domain that contains one GPO. It's also important to know that one individual GPO can be linked or applied to multiple OUs simultaneously.

GPOs are often used in a modular sense, meaning that the administrator might create several GPOs or one GPO and apply them to multiple OUs as needed.

Creating a GPO is very similar to creating a user account within Active Directory. All you need to do is right-click on Group Policy Objects and choose New.

Additionally, you can right-click on your Domain or an Organizational Unit and choose to Create a GPO in this domain, and Link it here...

The difference between these two methods is that the Domain/OU option makes a GPO and a Link. This means that the GPO will take effect wherever we create the link.

Let's create a GPO using both methods:

Domain Level GPO

  1. Right click the domain and choose to Create a GPO in this domain, and Link it here...
  1. A New GPO window will appear. Name it Test GPO:
  1. No starter GPO set. That means that all settings inside the GPO will be not configured.
  2. Now we can see the link is created, and if we expand GPO objects, we can see our GPO. 
  1. Right Click on the Test GPO link (under Instructorpaul.com) and choose Delete.

Note the very important pop-up we receive. We only delete the link, and not the GPO itself.

  1. Test GPO is still listed under Group Policy Objects; we just removed the link.
  2. Now let's delete the actual GPO. Right click and choose Delete and Yes to the pop-up.
  1. Now, let's link it, follow the same procedure, this time do it from the Group Policy Objects folder. Right click and select New and follow the same steps as before.
  1. Now, lets go ahead and link it to the domain : (Right click on instructorpaul.com and select Link an Existing GPO)
  1. Now, select our TEST GPO.
  1. Now we see the Test GPO linked.

Now let’s delete the link again.

What if we wanted to link the Domain Users + Domain Computers only :

  1. Right-click the Domain Computers and select Link an Existing GPO. 
  1. Now, repeat the same steps for Domain Users.

So we go ahead and link it to both OU’s and select our Test GPO. Therefore applying the GPO to both of those OU.

What Options do we have in the GPO? Right-click on Test GPO to see.

  1. Select Edit (Configure options)
  2. Enforced (Force the GPO)
  3. Enable and Disable (Only Disables, does not delete as we had done previously)
  4. Pull a report of the current GPO
  5. Delete/Rename/Refresh

Report Example :

What do we see on the right side window?

Scope Tab : 

Scope: Where is GPO being applied, we can delete links if required, and also do enforcing if required

Security Filtering: Only apply to certain user types, this allows us to target users and be specific. For example the administrators group:

Authenticated Users: Any user account/object that authenticates into the Domain.

WMI Filtering: Further Filtering, only certain OS, for example.

Details Tab :

Sign up to access the rest of this lesson

You must either log in or sign up to access this lesson.

Saving Progress...

0 0 votes
Lesson Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments

Group Policy & Security with Windows Server

0%

0/1 Lessons

Course Introduction

• 2min

0 / 1 lessons complete

Introduction to Group Policy Management

• 1hr 24min

0 / 6 lessons complete

Manage Your Workstations

• 1hr 46min

0 / 7 lessons complete

Securing Your Domain

• 1hr 1min

0 / 5 lessons complete

Group Policy Troubleshooting

• 53min

0 / 5 lessons complete

Course Conclusion

• 1min

0 / 1 lessons complete