Group Policy Objects In Windows Server 2003 Group Part I
- 0
- Add a Comment
In previous series of articles, I introduced you to the concept of Windows Server 2003 group policies. In this series of articles, I’ll dig deeper into group policies by showing you how to create and work with them. I’ll cover the nuts and bolts of group policy object (GPO) creation and application to help you start to build and assign GPO objects and apply them across the enterprise.
Creating group policy objects
As a quick refresher, a GPO is a named collection of group policy settings that you link to specific containers in Active Directory (AD). You can link GPOs to sites, domains, or Organizational Units (OUs). Each computer also has a local GPO.
A given GPO can link to multiple objects at various levels in the AD. For example, a particular GPO might link to several domains in a site or to several OUs in a domain. Windows Server 2003 applies group policy using a hierarchical structure, applying the local GPO first, followed by the GPOs at the site, domain, and OU levels.
We’ll take a look shortly at the group policy (GP) snap-in. First, however, let’s create a few GPOs-one at the site level, one at the domain level, and another at an OU level. If you don’t have an OU in the domain in which you’re going to create your test GPOs, create one now. For this example, assume that you have an OU named Support in your domain.
To create the domain OU, open the Active Directory Users And Computers console. Right-click the domain in the left pane and choose Properties. Click the Group Policy tab. You should see one existing policy, the Default Domain Policy. Click New to create the GPO, type the name Test Domain Policy, and press [Enter]. Click Close.
Next, create a test OU GPO. Begin by creating a new OU within the domain called Support. Still in the AD Users And Groups console, right-click the Support OU and choose Properties, then click the Group Policy tab. Click New, type Test Support GPO, press [Enter], and click Close.
Finally, let’s create a GPO at the site level. Open the Active Directory Sites And Services console. Right-click the site in the left pane and choose Properties. Click the Group Policy tab, click New, type Test Site Policy, press [Enter], and click Close.
Now you have three GPOs created and linked to three objects: a site, a domain, and an OU. You could bounce back and forth between the AD Users And Groups console and the AD Sites And Services console to manage them, but why not save yourself a little work and combine them all into a single console? Read Part II to find out how.