UEU-co logo

ch11lev1sec4.html


Previous Page Next Page

Creating Group Policies

You will find in the Group Policy Management snap-in that certain Group Policy objects exist by default. For example, on a domain controller, the snap-in shows that a default domain policy and default domain controllers policy exist. These policies can be edited and can include settings that enable you to control Registry-based settings, security options, and software installation and maintenance options. The next section looks at editing GPOs. For example, to activate certain types of auditing on a domain controller, you must edit certain GPOs related to auditing events.

Before editing existing GPOs, it makes sense to create a new GPO and link it to a particular Active Directory container object. This also enables you to edit the settings for the GPO. For practice, you might want to create a new OU, using the Active Directory Computers and Users snap-in, and then link a new GPO to it (using the Group Policy Management snap-in, as discussed in a moment). You can then edit the settings for the new GPO. You can later delete the OU and its GPO without affecting any of the default Group Policies in force for your domain (creating OUs is discussed in Hour 9).

Did you Know?

The Group Policy Management snap-in also makes it easy to back up and restore individual GPOs. Right-click a GPO in the Details pane (when the Group Policy Objects node is selected) and select Back Up. You are asked to provide a location and description for the GPO backup. You then click Back Up. You can also restore backups of a GPO; right-click the policy and select Restore from Backup.

Two different options exist for creating new GPOs in the Group Policy Management snap-in. You can create a new GPO and simultaneously link it to an Active Directory object such as a domain or an OU. Or, you can create a new GPO in the Group Policy Objects folder and then link it to a container. The latter method provides you with the ability to “play” with the settings of the GPO before you actually link it to a particular Active Directory object.

Let’s look at creating the new GPO and link, and then look at creating a GPO in the Group Policy Objects folder.

To create a new GPO and a link simultaneously, follow these steps:

1. Open the Group Policy Management Console (Start, Administrative Tools, Group Policy Management).

2. Expand the various nodes in the snap-in tree until you see the container object that you want to link the new Group Policy to.

3. Right-click the object (such as an OU) and select Create a GPO in This Domain and Link It Here. The New GPO dialog box appears (see Figure 11.4).

Figure 11.4. Supply a name for the new GPO.

4. Enter a name for the GPO. You can also use the Source Starter GPO drop-down box to base the new GPO on a starter GPO (see Did You Know that follows). Then click OK.

Did you Know?

Starter GPOs can be created (just as any GPO can be created) in the Group Policy Object Editor (discussed later in this hour). You can use any of the policy settings from the various administrative templates to create the starter GPO. You can then base new GPOs on a starter GPO (kind of like using frozen pizza dough for a pizza rather than making the crust from scratch). You can still customize your new GPO, but the fact that the GPO is based on a premade starter GPO means that common settings that you want in your GPOs are already available in the starter GPO. To create starter GPOs you must first create the Starter GPOs folder; click on the Starter GPOs node in the Group Policy Management snap-in. Then click Create Starter GPOs Folder in the Details pane. You can then create starter GPOs by right-clicking the Starter GPOs node and then selecting New. The Group Policy Object Editor opens and you can configure the settings for the starter GPO.

The new GPO appears in the Details pane of the Group Policy Management snap-in, along with any other GPOs linked to the object that you selected when you created the new (and linked) GPO. Figure 11.5 shows a new GPO that has been linked to an OU named olive.

Figure 11.5. GPO linked to an OU.

[View full size image]

If you want to create a new GPO without linking it, right-click the Group Policy Objects folder in the Group Policy Management snap-in. Select New from the shortcut menu that appears. The New GPO dialog box opens. Supply a name for the GPO and then click OK. The GPO appears in the list of policies found in the Group Policy Object folder.

By the Way

All the GPOs in the forest appear in the Group Policy Objects folder. Policies linked to a specific object, such as a domain, also appear under that object in the Group Policy Management tree.

Previous Page Next Page

Leave a Reply


Time limit is exhausted. Please reload the CAPTCHA.

Categories

apply_now Pepperstone Group Limited