Working with GPOs

Jump to: navigation, search

This page will help you to understand how GPOs are working.

What is a GPO?

A Group Policy Object (GPO) is a set of settings, which your clients will apply automatically. These settings can define how the system will act and can even define which settings a user is allowed to change and which settings are fixed.

How are GPOs working?

In a Microsoft network with Active Directory network administrators can define sets of settings -the so called Group Policy Objects- and assign them to users/computers or link them to organizational units. In the latter case any computer and user assigned to the OU gets the GPO applied.

On Windows clients a service called "Group Policy Client" (gpsvc) is running. This service checks frequently if the domain controller(s) have new or changed GPOs for the computer and for the user. It then reads the settings from the store (a shared folder on the domain controller or a central store in the domains distributed file system) and applies them.

What can GPOs do?

GPOs can generally change the way Windows or other applications behave (Restrict the start menu, install printer, deploy wireless lan configurations, etc). Additionally system objects like registry keys, files or shortcuts can be made available or all or some of the computers or users.

GPOs are updated with each new version of Windows and Windows Server. For other Microsoft products like Office additional sets (So called Administrative Templates) are available and even third party applications like Chrome sometimes offer administrative templates, which can be easily integrated into the domain structure.