How To Create A Group Policy In Windows Server 2012

This article explains what Group Policies are and shows how to configure Windows Server 2012 Active Directory Group Policies. Our side by side article will cover how to properly enforce Group Policies (Group Policy Link Enforcement, Inheritance and Block Inheritance) on computers and users that a function of the visitor's Active Directory.

Complimentary Hyper-V & VMware Fill-in: Easy to use - Powerful features - Just works, no hassle: It's FREE for Firewall.cx readers! Download Now!

Before nosotros dive into Grouping Policy configuration, allow's explain what exactly Group Policies are and how they can aid an administrator control its users and computers.

A Grouping Policy is a computer or user setting that can be configured by administrators to apply various computer specific or user specific registry settings to computers that have joined the domain (active directory). A simple example of a group policy is the user password expiration policy which forces users to change their password on a regular basis. Another example of a group policy would be the enforcement of a specific desktop background picture on every workstation or restricting users from accessing their Local Network Connection backdrop so they cannot modify their IP address.

A Group Policy Object (GPO) contains one or more group policy settings that can be practical to domain computers, users, or both. GPO objects are stored in active directory. You lot can open and configure GPO objects past using the GPMC (Group Policy Direction Panel) in Windows Server 2012:

Effigy ane. GPO Objects

Grouping Policy Settings are the actual configuration settings that tin can exist applied to a domain calculator or user. Most of the settings have three states, Enabled, Disabled and Not Configured. Grouping Policy Management Editor provides access to hundreds of computer and user settings that tin be applied to make many organization changes to the desktop and server environment.

Group Policy Settings

Group Policy Settings are divided into Computer Settings and User Settings. Computer Settings are applied to computer when the arrangement starts and this modifies the HKEY Local Machine hive of registry. User Settings are applied when the users log in to the computer and this modifies the HKEY Local Machine hive.

Figure 2. Grouping Policy Settings

Computer Settings and User Settings both have policies and preferences.

These policies are:

Software Settings: Software tin can be deployed to users or figurer by the administrator. The software deployed to users will be available only to those specific users whereas software deployed to a estimator volition be available to any user that on the specific computer where the GPO is applied.

Windows Settings: Windows settings tin can be applied to a user or a computer in order to modify the windows environment. Examples are: password policies, firewall policy, account lockout policy, scripts then on.

Administrative Templates: Contains a number of user and computer settings that can be applied to control the windows environment of users or computers. For example, specifying the desktop wallpaper, disabling admission to non-essential areas of the computers (e.1000 Network desktop icon, command console etc), folder redirection and many more than.

Preferences are a group policy extension that does the work which would otherwise require scripts. Preferences are used for both users and computers. Y'all tin can use preferences to map network drives for users, map printers, configure internet options and more than.

Next, let's take a look at how we can create and apply a Group Policy.

Gratis Hyper-5 & VMware Backup: Easy to use - Powerful features - Just works, no hassle: Information technology'due south Gratis for Firewall.cx readers! Download Now!

Creating and Applying Group Policy Objects

By default, GPOs can be created and applied by Domain Admins, Enterprise Admins and Group Policy Creator Owner user groups. After creating the GPO, y'all can apply or link the GPOs to sites, domains or Organizational Units (OUs), however you cannot apply GPO to users, groups, or computers. GPOs are processed in following top to bottom order:

1. Local Group Policy: Every windows operating system has local group policy installed past default. Then this local grouping policy of the computer is applied at first.
2. Site GPO: The GPOs linked to the Site is and so processed. By default, there is no site level grouping policy configured.
3. Domain GPO: Next, the GPO configured at domain level is candy. By default, GPO named default domain policy is applied at the domain level. This applies to all the objects of the domain. If there is policy disharmonize between domain and site level GPOs, then GPO practical to domain level takes the precedence.
4. Organizational Unit of measurement GPO: - In the stop, GPO configured at OU is applied. If there is whatsoever disharmonize between previously applied GPOs, the GPO practical to OU takes the almost precedence over Domain, Site and Local Group Policy.

Let's now take a expect at a scenario to use a group policy to domain joined computers to modify the desktop background. We have a domain controller named FW-DC01 and two clients FW-CL1 and FW-CL2 as shown in the diagram below. The goal here is to gear up the desktop wallpaper for these ii clients from a grouping policy:

Figure three. GPO Scenario

In our before articles nosotros showed how Windows 8 / Windows eight.1 bring together an Active Directory domain, FW-CL1 and FW-CL2 are workstations that accept previously joined our domain – Agile Directory. Nosotros have two users MJackson and PWall in the FW Users OU.

Open the Group Policy Management Console (GPMC) by going into Server Manager>Tools and select Grouping Policy Management as shown below:

Effigy four. Open up GPMC

Equally the GPMC opens up, you lot will run into the tree hierarchy of the domain. At present aggrandize the domain, firewall.local in our case, and you will see the FW Users OU which is where our users reside. From here, right-click this OU and select the starting time selection Create a GPO in this domain and Link it hither:

Figure 5. Select FW Users and Create a GPO

Now blazon the Proper name for this GPO object and click the OK button. We selected WallPaper GPO:

Figure 6. Creating our Wallpaper Group Policy Object

Adjacent, correct-click the GPO object and click edit:

Effigy 7. Editing a Grouping Policy Object

At this point we get to see and configure the policy that deals with the Desktop Wallpaper, withal discover the number of different policies that permit u.s.a. to configure and tweak various aspects of our domain users.

To discover the Desktop Wallpaper, go to Aggrandize User Configuration> Policies> Administrative Templates> Desktop> Desktop. At this point we should be able to encounter the setting in right window. Right-click the Desktop Wallpaper setting and select Edit:

Figure 8. Selecting and editing Desktop Wallpaper policy

The settings of Desktop Wallpaper will now open. Outset nosotros need to activate the policy past selecting the Enabled option on the left. Next, type the UNC path of shared wallpaper. Retrieve that nosotros must share the folder that contains the wallpaper \\FW-DC1\WallPaper\ and configure the share permission so that users tin can access it. Find that nosotros can fifty-fifty select to middle our wallpaper (Wallpaper Style). When ready click Use and so OK:

Figure nine. Configure Desktop Wallpaper

Now that we've configured our GPO, we demand to utilize it. To do so, nosotros can just log off and log back in the client reckoner or type following command in domain controller's control prompt to utilize the settings immediately:

C:\>gpupdate /force

In one case our domain user logs in to their computer (FW-CL1), the new wallpaper policy will be practical and loaded on to the computer's desktop.

Figure x. User Login

As nosotros can see below, our user's desktop now has the background image configured in the group policy we created:

Figure 11. Calculator Desktop Wallpaper Inverse

This example shows how one small-scale configuration setting can exist applied to all computers inside an organization. The power and flexibility of Group Policy Objects is truly unbelievable and equally we've shown, it'due south fifty-fifty easier to configure and apply them with just a few clicks on the domain controller!

Free Hyper-V & VMware Fill-in: Easy to use - Powerful features - Just works, no hassle: It's Gratis for Firewall.cx readers! Download Now!

This article explained what Group Policies Objects are and showed how to Configure Windows 2012 Active Directory Grouping Policies to control our Active Directory users and computers. We as well highly recommend our commodity on Group Policy Enforcement, Inheritance throughout the Agile Directory structure. More than articles on Windows 2012 & Hyper-Five tin can be plant at our Windows 2012 Server section.

Back to Windows 2012 Server Section

Source: https://www.firewall.cx/microsoft-knowledgebase/windows-2012/1055-windows-2012-group-policies.html

Posted by: morrisonnotilen.blogspot.com

Share this post