GROUP POLICY
————–
a set of configuration setting implemented for users/computer objects. for example, security, install sw, deploy sw to users, general admin (like running scripts). Mainly its used for automation. For example, instead of doing someting on 500 computer, we will do it on one and it will apply to all. Group policy has nothing to do with Groups, it can not be implemented on groups. its only for users or computers. We can define it at differnet levels. Group policy by default are inherited.
1. computer level -> effects only that comp
2. site level -> effects all domain with in site
3. domain level -> effect all ou, users in that domain
4. ou level -> effect all sub ous
5. sub ou level
if there is a conflict, then the last one(lower level) will be applied. For example, if on domain level we define Deny Control pannel access and on Sub-Ou level we say Allow Control pannel access, then it will allow. Because in this case allow is on lower access.
We can set "BLOCK ACCESS" it will ignore the higher level configurations. On some policies we can set NO-OVERRIDE Option, this will implement policy and it will ignore lower level and BLOCK settings.
computer policies are refreshed every 90 min, some policy may require a reboot. On DC policies are refreshed every 5min. User policies are refreshed when user logs in or 90min.
Practically implement and configure Group Policies:
USER POLICY:
ad->ou->eng prop->new->edit->usr conf->CONTROL PANNEL->PROHIBT ACCESS TO CP->ENABLED
THEN RUN gpupdate /force TO REFRESH THE POLICIES
COMPUTER POLICY:
SHARE A FOLDER FROM VM USING VM MENUE->SETTINGS->OPTIONS->SHARE FOLDER.
THEN GO TO YOUR HOST AND RUN .HOST
YOU CAN DOWNLOAD A SW FROM MS WEBSITE CALLED "gpmc.msi" TO SEE GROUP POLICY IN A NICE WAY. WHEN YOU INSTALL THIS THEN GO TO ADMIN TOOLS AND SELECT GROUP POLICY MANAGEMENT TOOL