J.J.Brown - Fotolia

Learn Group Policy basics for Windows administrators

Group Policy hasn't changed much since its introduction, but it can be overwhelming to beginners. Learn how to use Group Policy to manage users and computers.

Group Policy has been around for more than 15 years. New features have been introduced with each version of Windows Server, but the Group Policy basics have remained largely the same since the tool was introduced in Windows 2000.

Group Policy allows Windows administrators to implement specific configurations for users and computers, as well as define security, user and networking policies. The settings are grouped into collections called Group Policy Objects (GPOs).

The configuration process has been tweaked in Windows Server 2016, but settings are still applied at the local, site, domain and organizational unit (OU) level, in that order. Where a GPO falls in the hierarchy is important, because applying a policy overwrites the previously applied policy. In that case, admins should implement common settings higher in the hierarchy since they will affect more users. Conversely, unique settings should be set lower in the hierarchy, so they don't have to be filtered out later. 

There are a couple of ways administrators can manage Group Policy, including Local Group Policy Editor, Group Policy Management Console (GPMC) and PowerShell. Local Group Policy Editor is a snap-in for the Microsoft Management Console. PowerShell commands were introduced in Windows Server 2008.

With all of that power at your fingertips, it can be daunting to learn how to wield it. That's where Jeremy Moskowitz's book, Group Policy: Fundamentals, Security, and the Managed Desktop, can help administrators navigate Group Policy and all that it has to offer.

Group Policy nodes explained

Group Policy consists of two nodes: a Computer node and a User node. The Computer node contains policy settings that are relevant only for computers, such as startup and shutdown scripts. The User node contains policy settings that are relevant only for users, such as logon and logoff scripts.

Moskowitz recommends setting up a test lab, either with a real machine or virtual hardware, to work through the examples in the book and walks the reader through the configuration setup process. This excerpt from Chapter 1, available to download below, gives further details:

The first level under both the User and the Computer nodes contains Software Settings, Windows Settings, and Administrative Templates. If we dive down into the Administrative Templates of the Computer node, underneath we discover additional levels of Windows Components, System, Network, and Printers. Likewise, if we dive down into the Administrative Templates of the User node, we see some of the same folders plus some additional ones, such as Shared Folders, Desktop, Start Menu, and Taskbar.

In both the User and Computer halves, you'll see that policy settings are hierarchical, like a directory structure. Similar policy settings are grouped together for easy location. That's the idea anyway -- though, admittedly, sometimes locating the specific policy or configuration you want can prove to be a challenge.

Download the complete chapter now

Editor's note: Excerpted with permission from the publisher, Wiley, from Group Policy: Fundamentals, Security, and the Managed Desktop, 3rd Edition by Jeremy Moskowitz. Copyright © 2015.

Next Steps

A first look at Group Policy in Windows Server 2016

How to troubleshoot Group Policy setting issues in Outlook

Tools to verify Group Policy object settings

Dig Deeper on

Cloud Computing
Enterprise Desktop
Virtual Desktop