RAM, Virtual Memory, PageFile and all that stuff

Group Policy stuff

Generic Windows stuff

Domain and Active Directory Stuff

Bruce's Printing pages

Links

Glossary

 

 

 

Bruce Sanderson's General Windows Information

GPO Basics or How to live happily with GPOs

GPOs - Group Policy Objects - are very useful for managing domain computers and users, but there are a few not necessarily obvious things to know to get started using them.

  1. The settings in the User Configuration part of a GPO are applied to the User whose User Account is in an OU to which the GPO is linked (or inherited) when that user logs on at any computer

  2. The settings in the Computer Configuration part of a GPO are applied to the computer whose Computer Account is in an OU to which the GPO is linked (or inherited) when that computer starts and periodically thereafter

  3. GPOs do not apply to Groups.  That is, if a GPO is linked to an OU that has a Group in it, but no actual User Accounts, the GPO will have no affect.  To be useful, the GPO has to be applied to an OU that has the actual User Account(s)

(Note that you can use the gpupdate command to get changes to Group Policies applied immediately (use the command gpupdate /? to see the options available)).

This is a fundamental, but not necessarily obvious, concept with Group Policies.  For this reason, to keep my life simple, I have established for myself, these simple rules:

  1. do not mix user accounts and computer accounts in the same OU
  2. do not mix User Configuration settings and Computer Configuration settings in the same GPO
  3. link GPOs with User Configuration settings only to OUs with User Accounts and link GPOs with Computer Configuration Settings only to OUs with Computer Accounts

Like all simple rules, there are some situations where setting them aside makes sense, but there must be a good, rational reason for doing so.  One such reason is when "loopback processing" is used.

If you haven't yet downloaded and installed the Group Policy Management Console, you should.  It is an essential tool for managing Group Policies.  The GPMC is available for free at http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en.

More general information about Group Policies can be found at:
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
http://www.microsoft.com/windowsserver2003/techinfo/overview/gpintro.mspx
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/default.mspx
 

Last updated 7 Jan 2005

Hit Counter