Active Directory Domain Services (AD DS)
Lesson 12

Group Policy Overview and Preferences


By Sai Kurada
September 15, 2023
Group Policy Overview:

Group Policy is a powerful tool in Windows operating systems that allows administrators to implement specific configurations and settings for users and computers within an Active Directory environment.

Centralized Management:
  • Group Policy provides a centralized way to manage the configuration settings of users and computers in a network.
Hierarchy:
  • Group Policies are applied in a hierarchical order. Policies can be defined at different levels, including Local Group Policy, Site, Domain, and Organizational Unit (OU). Policies at lower levels override conflicting settings at higher levels.
GPOs (Group Policy Objects):
  • A Group Policy Object is a collection of settings that define how a system behaves. GPOs can be linked to Sites, Domains, and OUs.
Computer Configuration and User Configuration:
  • Group Policy settings are divided into two main categories: Computer Configuration and User Configuration. Computer Configuration settings apply to the computer itself, while User Configuration settings apply to the user logging on to the computer.
Settings and Preferences:
  • Group Policy can be used to enforce specific settings, such as disabling USB ports or setting desktop wallpaper. It can also be used to deploy software and scripts.
Group Policy Inheritance:
  • Policies are inherited down the hierarchy, with settings at lower levels taking precedence. Conflicting settings can be resolved through the order of precedence.
Group Policy Processing:
  • Group Policy is processed during computer startup and user logon. It can also be forced manually using the gpupdate command.
Loopback Processing:
  • Loopback processing allows policies to apply to users based on the computer they are using, rather than their individual user accounts.
Security Filtering and WMI Filtering:
  • GPOs can be targeted to specific groups, users, or computers using security filtering. Additionally, WMI (Windows Management Instrumentation) filters can be used to further refine targeting based on system attributes.

Group Policy Preferences:

Group Policy Preferences extend the capabilities of Group Policy by allowing administrators to deploy and manage settings that go beyond what is possible with traditional Group Policy. Here are some key points about Group Policy Preferences:
Additional Settings:
  • Group Policy Preferences can be used to configure a wide range of settings, including mapped drives, printer connections, scheduled tasks, and registry settings.
Granular Control:
  • Preferences provide more granular control over settings compared to traditional Group Policy. They allow for more complex configurations and conditional behavior.
Item-Level Targeting:
  • Group Policy Preferences can be targeted to specific users, groups, or computers based on a variety of criteria, such as Active Directory attributes, IP address ranges, or time of day.
Client-side Extensions (CSEs):
  • Preferences use specific client-side extensions to process and apply settings. These extensions are part of the Group Policy infrastructure and must be supported by client computers.
Fallback Behavior:
  • Preferences have a configurable fallback behavior, allowing administrators to decide whether to apply, replace, or remove settings if the preference is no longer in effect.
Cross-Platform Support:
  • Some preferences are cross-platform and can be applied to non-Windows systems, extending the management capabilities to other operating systems.

Conclusion:

Group Policy provides a powerful framework for managing system settings and configurations in a Windows environment. Group Policy Preferences enhance this capability by offering even more granular control and additional settings that go beyond what is possible with traditional Group Policy. Together, they form a comprehensive