Logo

Group Policy Types

In this video from ITFreeTraining, we will take a look at the different Group Policy types; of which there are three. Understanding what these are used for will help you later on in the course when more advanced topics are discussed.

Show lesson content
Group Policy Types
0:18 – The three Group Policy types are Local, Non-local, and Starter. Local GPOs (GPO stands for Group Policy Object) apply to the local computer only and are often referred to as LGPO which stands for Local Group Policy Object. Non-local GPOs are essentially Group Policies that are stored in Active Directory and deployed to computers in the domain. Starter GPOs are essentially a GPO template that you can use to create other GPOs.

Local (LGPO)
0:54 – Local Group Policy applies only to the local computer. The advantage of local Group Policy is that the computer does not need to be in a domain. There is no central control of local Group Policy so the administrator will need to visit each computer in order to apply local Group Policy. To make the process easier, once a computer has been configured the administrator can export the Group Policy and import it on another computer. After Windows 2008 R2 and Windows Vista, multiple Group Policies are supported. However, the additional Group Policies can be applied only to users. It is not possible to create multiple local Group Policies for the same computer.

 

To look at the look Group Policy on a computer, right click on the start and select Run from the menu. From the run menu, enter in GPEdit.msc, this will run the local Group Policy editor. Local Group Policy editor can also be added to the MMC console. To add it to the MCC console, run ‘MMC’ from the Run menu. Once MMC has started, select “Add/Remove Snap-in” from the file menu. Select from the snap-ins “Group Policy Object Editor”. If RSAT is installed on the computer, there will be additional Group Policy snap-ins that would not normally be present but ‘Group Policy Object Editor’ will always been present. Press add to add the snap-in. Windows will prompt to choose which local Group Policy I want to edit. By default, Group Policy is configured to edit the Local Computer. The browse button will give you the option to change the computer that I want to edit. If I select the Users tab, I can select which user’s Group Policy I want to edit. Currently there are no additional Local Group Policies. If you wanted to, you can create a Group Policy for just the administrators and another one just for “non-administrators”. Once this screen exited, Group Policy Editor will be added to MMC. Once added, notice that by expanding all the Local Group Policy settings that can be configured.

Non-Local GPOs
3:12 –Non-local GPOs are Group Policy which are stored in Active Directory. Since it is stored in Active Directory it is replicated to all other Domain Controllers. This enables the administrator to have more ease of control and deployment of Group Policy in their domain. For this to happen, each computer must be a member of the company domain. The advantage of Non-local GPOs, which I will often just refer to as Group Policy, is that multiple Group Policies can be applied. There is an order in which the Group Policy objects can be placed that will determine their priority. When conflicts occur, there is a predictable way that the settings are applied. In a later video, I will go through the order in which they are applied. These multiple Group Policies can be applied to both users and computers. Non-local GPOs provide the easiest way for the administrator to manage computers and users in the domain.

Starter GPOs
4:10 – The last Group Policy type is Starter GPOs. These were introduced in Windows Server 2008. They’re essentially a template for Group Policy settings. When a new Non-local GPO is created you have the option to create the Group Policy Object from the starter GPO. This new Group Policy Object will start with all the settings from the Starter GPO. The administrator is free to change any of the thousands of Group Policy settings that exist as they see fit. Their control can range from printer configuration, to how data storage is handled, and can even cover how users access and control their PC. It is absolutely essential to utilize GPO in a corporate client for consistent settings across Windows machines.

 

References
“Installing and Configuring Windows Server 2012 R2 Exam Ref 70-410” pg 318 – 319
 

Credits
Trainer: Austin Mason http://ITFreeTraining.com
Voice Talent: HP Lewis http://hplewis.com
Companion Document: Phillip Guld https://philguld.com
Video Production: Kevin Luttman http://www.KevinLuttman.com
Quality Assurance: Brett Batson http://www.pbb-proofreading.uk

Lesson tags: 70-410-windows-server
Back to: 70-410 Installing and Configuring Windows Server 2012 > Group Policy

Installing and Configuring Windows Server 2012

Modules

DNS

Lessons