Mainos / Advertisement:

Group Policy Management

Kohteesta Taisto
Versio hetkellä 26. elokuuta 2015 kello 12.07 – tehnyt Frans (keskustelu | muokkaukset) (Ak: Uusi sivu: Path: Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Password Policy)
(ero) ← Vanhempi versio | Nykyinen versio (ero) | Uudempi versio → (ero)
Siirry navigaatioon Siirry hakuun
Muut kielet:
English • ‎suomi

Group Policy Management (GPO) is automatically installed when you install Active Directory Domain Services on the server. GPO can not be installed without AD DS.

GPO is used to manage workstations and servers connected to a domain. Using a simple and easy interface you can define each computer- or user groups specific settings.

GPO is used in nearly any organization or business.

GPO comes defined out of the box with Default Domain Policy and Default Domain Controller Policy.


Updating GPO in a workstation or server using the command line: 

 gpupdate

Part of the policies are updated immediately when this is run, but some of them require you to log in again and some even require you to reboot the PC to update.

Basic functions

  1. Open Group Policy Management
  2. Select Default Domain Policy, this policy is applied to the entire domain
  3. Select the Settings tab
  4. Here is a list of the default policies enabled in the domain
  5. You can edit policies by selecting them with the right mouse button and pressing EDIT
  6. You can now look for the policy you wish to edit

  • 1.

  • 2.

  • 3.

  • 4.

  • 5.

  • 6.

Domain Controllers

Domain Controllers have some default policies defined for them too.

  • Group policy management domain controller 1.png

List of default policies

In GPO policies are split to two groups, Computer and User policies. Part of the policies are available to both groups and part are available only to one group.

Password policies

These settings are defined by default in Default Domain Policy.

Path: 

 Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy -> Password Policy

From Password Policies you can also define password restrictions/definitions for the domain.

  • Enforce password history
  • Maximum password age
  • Minimum password age
  • Password must meet complexity requirements
  • Store password using reversible encryption

  • Overview of password policies.

User logout policies

Path: 

 Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy -> Account Lockout Policy
  • Account lockout duration
  • Account lockout threshold
  • Reset account lockout counter after
  • Group policy management account lockout policy 1.png

User policies

Path: 

 Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy

Supervisory policies

Path: 

 Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Password Policy
Noudettu kohteesta ”https://taisto.org/index.php?title=Group_Policy_Management/en&oldid=10705
Mainos / Advertisement: