We all want things to run smoothly, yet day-to-day operations sometimes get the better of us. As IT professionals we want to bring consistency to our role which we know is very seldom the case. Proper utilization of Group Policy found in Windows Server 2012 R2 can enables further regularity. Setting up a system by which all computers are created equally is such a time saver during the build and long into the support life as well.
Group Policy can seem intimidating at first (I know it scared me at first). So the first thing we need to do to conquer our fear is to see is where we go to open the management interface (see below). It is located in the Control Panel -> Admin Tools -> Group Policy Management. For this series I will be using screen shots from Windows Server 2012 R2 but the locations and terms are almost the same (some have been and a few removed but learning on one platform is highly portable to any other).
Once opened the first thing you will see is that the structure looks a lot like what you see in Active Directory. Group Policy works with AD. The policies you create here are tied to objects (groups but not containers) from Active Directory. That is one of the main strengths of Group Policy – it is tied to so many other tools you already know (or are surely looking to learn). What you see in the screen shot below is a mirror of AD on the same server. Notice that there is one Group Policy already listed (called “Default Domain Policy”). This is created by default. Other policies can be created and linked to other groups.
To see a list of all the group policies you have created you can open the “Group Policy Objects” group. You can see when the policy was last modified and if it is enabled. A disabled policy will not affect anything. In order for a policy to be effective it must be enabled and tied to an OU.
To create a new Group Policy you can right click on the root OU and click “New”
Or you can navigate to the OU to which you want to link the policy
So far we have covered where to find Group Policy and some of the ways to create policies but one of the remaining questions is how to know what the policy does.
There are of course multiple ways to do this. This first way is the best when the policy exists. Try this: go to the “Group Policy Objects” and click on any policy. There is a wealth of information here but for now just go to the “Settings” tab. Here you will see a structure that mirrors Group Policy itself. You can expand the sections to see what settings are controlled by the given policy.