Group policy (Windows)
Group policy (Windows)
Group policy is a functionality in Windows that enables IT administrators to customize what users' computers look like in an automated way.
IT administrators can use group policy to automate and centralize management of users, computers, operating system, and applications that run on the operating system. Group policy is a feature in modern Windows that provides centralized management and configuration.
Using the power of group policy, an IT administrator can define the form and shape of users' work environment once and rely on the system to enforce the policies that he or she defines.
Group policy can also be defined as an infrastructure used to deliver and apply one or more desired configurations or policy settings to a set of targeted users and computers within an Active Directory environment.
What is the benefit of group policy?
Group policy simplifies administrative tasks and therefore reduces IT costs. Administrators using group policy can efficiently distribute software, implement security settings, and enforce IT policies accross a great range of domains or organizational units.
What is the difference between group policy settings and user profile settings?
The difference is in the power that is behind both. User profile settings are often specified by a user. Users have the ability to modify their desktop picture, screen saver, start menu, and many other things.
On the other hand, group policy settings are specified by the administrator who can modify them either ad-hoc on a particular computer or via a centralized automated management process.
Group Policy also uses so called directory services and security group membership. That means that an IT administrator can define policies for a selected group and then just ad individual users to the group. This way, the administrator does not need to change or implement the policy for every new user that comes to the company individually which provides great savings.
Group policy provides flexibility and supports extensive configuration capabilities.
How do I modify group policy?
Group policy settings are created using the Group Policy snap-in in Microsoft Management Console (MMC).
Two types of policies: Computer versus User Configuration
Administrators can use Computer Configuration to set policies that are applied to a computer, regardless of who logs on to the computer. The Computer Configuration branch usually contains items for software configuration, Windows settings, and administrative templates.The User Configuration can be used to set policies that apply to users, regardless of which computer they log on to. User Configuration typically contains sub-items for software settings, Windows settings, and administrative templates.
How is group policy used in Windows XP?
Ok, let's get to some details. Windows XP provides the ability to create a specific desktop configuration for a particular group of users and computers.
You can modify group policies using the Microsoft Management Console (MMC) snap-in or the Group Policy Editor.
To find out how this tool is used, see the How to edit group policy? page.
The group policy settings that you see in the editor are contained in so called Group Policy Object (GPO). These objects are in turn associated with selected Active Directory containers, such as sites, domains, or organizational units (OUs).
You can use the Group Policy Editor to define policies in the following areas:
Registry-based policies include group policies related to the Windows XP operating system and its components. Registry-based policies also include group policies for programs. You would use the Administrative Templates node that you can find in the left pane of the Group Policy snap-in to do this type of configuration.
Security options include configuration settings for local computer, domain, and also network security settings, such as automatic proxies, default gateways, and others.
Software installation and maintenance options...
Group policy can also be used to centrally manage program installation, updates, and removal. This is a very important feature which helps large corporations to save millions of dollars in installation and maintenance costs.
Group policies related to scripts options include scripts for computer startup and shutdown, and user logon and logoff.
Folder redirection options...
Folder redirection policies allow administrators to redirect users' folders to the network folders.
Group policy configuration example
Now that we know what a group policy is, we can try it out. Let's review an example. See this page: