Dec 21, 2005

Group Policy Basics

Key Points

1. Group Policy is a mechanism to manage a wide range of settings from a central point
2. You can create multiple group policies. You can link one group policy to different level
3. You can link a same group policy to different places, you can also link multiple policies to one place
4. Group policy linked to different level has different precedence
5. Group Policy is applied in the order of local, site, domain, and OU, meaning GPO that is linked to OU has highest priority
6. Besides the above precedence, ?no override? and ?block policy inheritance? settings will affect the behavior of group policy application
7. Group policy can be filtered by security group or WMI filters
8. Under some special circumstance, you may want to enable ?loopback process?.
9. IMPORTANT: do NOT unlink/remove ?Default Domain Policy? and ?Default Domain Controller Policy?

For account policy, it can be set either on domain-level (AD environment) or local-level (workgroup). Account policies defined on other level will not take effect against domain user accounts, but it will take effect against local user accounts on the computer that is under the OU.