Group Policy is a very powerful feature that allows administrators to exercise a high level of control over the client’s Windows systems that they manage in their domain. This course is updated as required to meet the Microsoft Certification exam requirements.
What Is Group Policy?
0:21 – So to begin, we should start with the question: What is Group Policy? Group Policy enables system administrators to have a centralized level of control over the users and computers that comprise their networks. Many different settings can be standardized and configured such as desktop settings, printers, and login scripts just to mention a few. The way Group Policy operates is that an administrator will create a Group Policy object in Active Directory and then they will have the option to configure just over three and a half thousand settings. These settings can be targeted very specifically toward users or computers or both. This can include desktops, laptops and servers. Once the group policy is configured, the policy will be downloaded to the clients and enacted. The administrator also has the capability to configure and assign group policy settings to specific users, or all of them. Like with the computers, the settings are configured and then applied to the specific users. Settings are stored in Active Directory and are automatically re-downloaded by the clients when changes are made. You can see how this feature in Windows allows the administrator to exercise a large amount of control over the computer as well as the user’s experience. Now that we understand what Group Policy is, we’ll dive deeper and take a closer look Group Policy’s history and how it functions.
Registry vs Group Policy
1:40 – Group Policy was first introduced in Windows 2000. If you want to configure Windows, you could make changes via the registry. However, changes made to the registry are permanent and would manually need to be updated for each change. In contrast, Group Policy is far more flexible. Changes in Group Policy are not permanent and can actually be rolled back at any time. To remove a change, the administrator would simply un-configure the group policy setting and Windows will handle the rest. The next consideration with using the registry is that the registry can change. This is common with new operating systems. If you control the user’s experience using the registry, there is no guarantee that that same registry setting would work in the newer versions of Windows. With Group Policy, changes in Windows and even new versions of Windows are supported. Although Group Policy is updated, in most cases Group Policy will continue to work the same from version to version. In some cases, you may need to configure some additional settings to support newer operating systems because they have new features; however, you should not have to change any existing settings. You can see the advantages of Group Policy over traditional registry editing to configure computers in you organization.
Group Policy Mechanics
With hearing of centralized control, it may surprise you to hear that Group Policy is in fact client driven. Group Policy settings utilize Client Side Extensions (CSE) which are configured on clients. Which CSE’s are install on the clients depends on which operating system is running. Newer operating systems currently have 4 CSE’s. All Windows versions that support Group Policy will have 3 CSE’s. If the 4th CSE is not shipped with the operating system, Microsoft does have this CSE available to be downloaded and installed. This download is able to be installed on all versions of Windows after and including Windows XP.
Group Policy essentially works like this. Group Policy settings are stored on a Domain Controller and replicated to all other Domain Controllers. A client on the network will reach out and download a copy of the Group Policies from the domain controller and apply it. These Group Policies will then be handled and processed by the Client Side Extension. If there is no Client Side Extension or if the CSE does not understand that setting, the setting will simply be ignored. This allows you to configure Group Policy without having to concern yourself with older operating system compatibility. If it’s not compatible, it will simply be ignored. Once you start learning about Group Policy, you discover that is it an extremely flexible system allowing backwards compatibility as well as future development. Well, that covers it for the introduction to Group Policy. Remember, this is only the first video in the series on Group Policy. For the rest of the videos, please see our web page or YouTube channel. Until next time, thanks for watching!
“Installing and Configuring Windows Server 2012 R2 Exam Ref 70-410” pg 317-318
Trainer: Austin Mason http://ITFreeTraining.com
Voice Talent: HP Lewis http://hplewis.com
Companion Document: Phillip Guld https://philguld.com