Group Policy Management
Group Policy Management (GPO) is automatically installed when you install Active Directory Domain Services on the server. GPO can not be installed without AD DS.
GPO is used to manage workstations and servers connected to a domain. Using a simple and easy interface you can define each computer- or user groups specific settings.
GPO is used in nearly any organization or business.
GPO comes defined out of the box with Default Domain Policy and Default Domain Controller Policy.
Updating GPO in a workstation or server using the command line:
gpupdate
Part of the policies are updated immediately when this is run, but some of them require you to log in again and some even require you to reboot the PC to update.
Sisällysluettelo
Basic functions
- Open Group Policy Management
- Select Default Domain Policy, this policy is applied to the entire domain
- Select the Settings tab
- Here is a list of the default policies enabled in the domain
- You can edit policies by selecting them with the right mouse button and pressing EDIT
- You can now look for the policy you wish to edit
Domain Controllers
Domain Controllers have some default policies defined for them too.
List of default policies
In GPO policies are split to two groups, Computer and User policies. Part of the policies are available to both groups and part are available only to one group.
Password policies
These settings are defined by default in Default Domain Policy.
Path:
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy -> Password Policy
From Password Policies you can also define password restrictions/definitions for the domain.
- Enforce password history (Salasanahistoria)
- Maximum password age (Salasanan pienin sallittu ikä ennen kuin sallitaan muutos)
- Minimum password age (Suurin sallittu salasanan ikä)
- Password must meet complexity requirements (Salasanan tulee noudattaa vaatimustasoja)
- Store password using reversible encryption (Talleta salasanat kryptattuna)
Käyttäjien uloskirjautumisen käytänteet
Polku:
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy -> Account Lockout Policy
- Account lockout duration (Aika, kuinka kauan käyttäjätili on lukittuna)
- Account lockout threshold (Maksimimäärä kirjautumisen yrityksiä)
- Reset account lockout counter after (Ajastimen nollaus, sallii taas yritykset)
Käyttäjien oikeudet
Polku:
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policy
Valvontakäytänteet
Polku:
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Password Policy