Simply creating a GPO doesn’t modify any policy settings. If you don’t modify any settings, the GPO won’t have any effect. So now it’s time to set some policies in each of the test GPOs you just created. As mentioned before, you can get to the GPO through the properties for the object where the GPO is linked. Just right-click the object, choose Properties, click the Group Policy tab, select the GPO, and click Edit. In this example, however, we’ll use the custom console instead.

Open the branch containing the policy you want to edit. In this example, we’ll focus on the Test Support GPO. Expand the Test Support GPO branch, and you should see two items under it: Computer Configuration and User Configuration, each of which has several branches of its own.

Knowing where all the policy settings are is a pretty tall order at first. Actually defining the policies is pretty easy. Just expand the branch where the policy is located, double-click the policy, and select Define This Policy Setting. The GP console enables the associated policy setting, which varies from one to another. In some cases, you simply select either Enabled or Disabled. Other policy settings require other data that varies according to the policy’s function.

For example, you can configure policies that define how services start, setting a particular service to Manual, Automatic, or Disabled. Or, you can define policies that determine the startup, shutdown, logon, and logoff scripts that apply within the selected GPO.

Another example of policies that require much more than a simple Enable/Disable toggle is the IP Security (IPSec) policies. You can define IPSec policies to force implementation of desired IPSec filters. Another good example is the User Configuration/Software Settings/Software Installation node, which enables you to define application installation packages for the Windows Installer that install automatically or are available for installation by users who fall under the influence of the selected GPO.

Explaining every branch in the GP editor, much less each policy setting would take a book in itself to present adequately. For now, just understand that the GP editor lets you define group policies and that you can access the GP console through the properties for the container where a given GPO is linked or through a custom MMC to which you’ve added the group policy snap-in focused on a specific site, domain, or OU (or the local GPO).