Creating Group Policy Objects

2 Table of Contents
Table of Contents

Creating Group Policy Objects..................................................................................................................3
Exercise 1 Showing the Default Group Policy Objects.......................................................................................4
Exercise 2 Resetting the Default Group Policy Objects......................................................................................8
Exercise 3 Creating a Marketing Users GPO.....................................................................................................11
Exercise 4 Viewing the Results of the Marketing Desktop GPO.......................................................................13
Exercise 5 Blocking Inheritance of the Marketing Desktop GPO.....................................................................17

Creating Group Policy Objects 3

Creating Group Policy Objects
Objectives After completing this lab, you will be able to:
Show the Default Group Policy Objects.
Set the Default Group Policy Objects.
Creating a Marketing Users GPO.
Viewing the Results of the Marketing Desktop GPO.
Blocking Inheritance of the Marketing Desktop GPO

Scenario In this lab, we will review the Group Policy Management Console and discuss
many of its features. The Group Policy Management Console significantly
improves the overall management of Group Policy by consolidating several
features located in other MMCs, into one, easy and intuitive user interface.
We will also compare the difference between the Group Policy Management
Console and the Group Policy Object Editor.
We will create new Group Policies and apply the settings to target users and
computers. In previous sessions, we have seen the beginnings of Group Policy
object creation. In this session expose the core aspects of Group Policy object
creation.
Finally, we will edit Group Policy objects and see how the edited settings
overwrite previous settings.

Estimated time to
complete this lab: 60
minutes
4 Creating Group Policy Objects

Computers used in this lab:

SEA-DC-01

WRK-SEA-001

The password for both computers is: Passw0rd

Exercise 1
Showing the Default Group Policy Objects
Scenario
Windows Server 2003 domain controllers include two default polices: the Default Domain Policy
and the Default Domain Controllers Policy. Both policies are linked to their respective Scopes of
Management, or SOMs.
Windows Server 2003 includes a more secure default install, derived from these default policy
settings.
SEA-DC-01

Tasks Detailed steps
1. Open the Group Policy
Management Console.
a. Click the SEA-DC-01 link in the My Machines browser.
b. Click in the virtual machine window.
c. Press Right-ALT + DEL.
d. Logon as Administrator with a password of Passw0rd.
e. Double-click the Group Policy Management icon on the desktop.
f. The Group Policy Management window appears; maximize the
window.
2. View at the Default Domain
Policy. The link for this
policy resides on the domain
container, contoso.com.
a. In the console-pane, expand Forest: contoso.com | Domains |
contoso.com.
b. Hover the mouse over Default Domain Policy.
c. Hover the mouse over contoso.com.
3. View the settings of the
Default Domain Policy.
a. In the console-pane, click Default Domain Policy.
b. Hover the mouse over the details-pane.
c. In the console-pane, expand Group Policy Objects and click Default
Domain Policy.
d. Hover the mouse over the details-pane.

The properties shown on the link are the same properties shown if we
access the group policy object directly by clicking on the object in the
Group Policy Objects container.
4. As we just saw, this policy
is linked to the contoso.com
container.
a. In the details-pane, under Location, hover the mouse over
contoso.com.
Note that this policy applies only to the Authenticated Users group, which
is likely everyone who logs into the domain.
b. Under Security Filtering, hover the mouse over Authenticated Users.
Note that this policy applies only to the Authenticated Users group, which
is likely everyone who logs into the domain.
c. Under WMI Filtering, hover the mouse over <none>.
No WMI Filters have been applied to the Default Domain Policy.
We will expand upon security settings and WMI Filters in a future lab.
d. In the details-pane, click the Details tab.
Lets quickly view the globally unique identifier, or GUID of this policy.
As you may recall, this information is located on the Details pane. We will
use this GUID in a later task.
Note that this GUID begins with 31B2F340.
e. Hover the mouse over Unique ID and 31B2F340.
5. View the settings configured
on the Default Domain
Policy. Since this policy is
linked to the domain
container, all users and
computers that reside in
contoso.com will receive
these settings.
a. In the details-pane, click the Settings tab and click show all.
A good practice to employ is keeping the settings simple on policies
designed to be applied to large groups, such as all domain users. Use
policies linked to organizational units or child organizational units to
configure more exact settings for your user community.
b. In the details-pane, under Account Policies/Password Policy, hover
the mouse over Maximum Password Age.
c. Hover the mouse over Minimum Password length.
By default, Windows Server 2003 enforces a stringent password policy.
Here, domain user account passwords must be changed every 42 days,
must be at least 7 characters in length, and must meet complexity
requirements.
d. Hover the mouse over Password must meet complexity
requirements.
Complex passwords must not contain part of the users account name, and
must contain at least three of these types of characters: English upper case
letters, English lower case letters, base digits, or 0-9, and non-alphabetic
characters, such as & or !.
These settings decrease the chances of a person or a program successfully
guessing a user account password.
e. In the details-pane, scroll down to Account Policies/Account Lockout
Policy.
f. Hover the mouse over Account lockout threshold.
An additional security setting includes locking a users account after any
invalid logon attempts. This setting prevents programs or users from
continuously attempting to guess a user account password.
It is important to note that an account lockout duration has not been
defined.

6. Add an account lockout
policy threshold to the
domain policy. Notice that
when you edit a GPO, the
Group Policy Editor, or
GPOE is launched.
a. In the console-pane, under Group Policy Objects, right-click Default
Domain Policy and click Edit.
b. The Group Policy Object Editor window appears; maximize the
window.
c. In the console-pane, expand Computer Configuration | Windows
Settings | Security Settings | Account Policies and click Account
Lockout Policy.
d. In the details-pane, double-click Account lockout duration.
e. The Account lockout duration Properties window appears; check
Define this policy setting.
f. Hover the mouse over 30 and click OK.
30 minutes is a duration long enough to discourage a person from
continually trying to guess a user account password, but short enough to
allow a user unfortunate enough to mistype their password to continue
working within a reasonable amount of time.
g. The Suggested Value Changes dialog box appears; hover the mouse
over 5 invalid logon attempts and 30 minutes and click OK.
Since we have changed the default setting for the account lockout duration,
Windows presents suggested values for the remaining account lockout
related settings. We will accept the new setting of 5 invalid logon attempts
and Reset account lockout counter after 30 minutes.
This means users will have 5 attempts to logon on correctly before their
account is locked out.
The account lockout counter, if there are less than 5 invalid attempts, will
reset after 30 minutes.
h. Close the Group Policy Object Editor.
7. View other settings.

a. In the details-pane, scroll down to Account Policies/Kerberos Policy.
b. Hover the mouse over Maximum tolerance for computer clock
synchronization.
Note the Maximum tolerance for computer clock synchronization. This
setting states that all Windows 2000, XP, or Server 2003 machines that
authenticate to contoso.com, must have their computer clock configured
correctly.
If a machine that has a time setting discrepancy greater than 5 minutes
between it and the domain controller, the user wont be able to logon onto
the domain.
This security setting helps prevent replay attacks on the network.
This setting can be extended to a longer time threshold, or you can employ
time synchronization tools such as the Windows Time Service to ensure
users can authenticate to contoso.com.
c. In the details-pane, slowly scroll to the bottom of settings.
The remaining settings configured on the Default Domain Policy include
Public Key Policies, which are closely related to Certificate services, and
settings related to Remote Installation Services. These settings are beyond
the scope of this WebCast session, but will be further discussed in a future
WebCast.
8. View the Default Domain
Controllers policy.
a. In the console-pane, expand Domain Controllers.
b. Hover the mouse over Default Domain Controllers Policy.

This policy is linked to the Domain Controllers OU that is created by
default on Windows Server 2003 Active Directory domains.
c. In the console-pane, under Domain Controllers, click Default
Domain Controllers Policy.
When we viewed the Default Domain Policy properties, we clicked on the
policy object directly. This time, we will use the link to view the policy
settings.
d. Click the Scope tab and, in the details-pane, under Location, hover the
mouse over Domain Controllers.
The Default Domain Controllers policy is linked to the Domain Controllers
OU.
e. Under Security Filtering, hover the mouse over Authenticated Users.
f. Under WMI Filtering, hover the mouse over <none>.
Again, only Authenticated Users are allowed to access this policy and there
are no WMI Filters applied to the policy.
g. In the details-pane, click the Settings tab.
h. Click show all.
This policy contains only computers settings and not user settings. So, it
will apply only to computers placed in the Domain Controllers OU.
i. In the details-pane, under Local Policies/Audit Policy, hover the
mouse over all audit settings.
The Default Domain Controllers Policy contains an audit policy for the
domain controllers.
The audit results are written to the Security event log on the domain
controller.
The audit settings are defined to track things such as logon events and
policy changes. This helps keep track if someone makes changes such as
disabling audit policies, as well as system events such as a server reboot.
j. In the details-pane, scroll down to Local Policies/User Rights
Assignment.
k. Slowly scroll down through the list of policies to Local
Policies/Security Options.
The list of settings is too long to present in detail, but we can browse
through the list. These settings include who can log on to a domain
controller, either locally or remotely, who can back up files on the
machine, change system time, add users, and other important functions.
l. In the details-pane, slowly scroll down to the bottom of the page.
The remaining settings configure how communication channels are
configured between servers. Future Webcasts will delve into these settings
as part of a server hardening demonstration.
m. Close Group Policy Management.


Exercise 2
Resetting the Default Group Policy Objects
Scenario
In the first exercise, we edited the Default Domain policy and modified some account lockout
settings. In doing so, we changed the number of invalid logon attempts before lockout from 0 to 5.
Consider a scenario where other administrators have been making changes to the Default Domain
policy and unexpected restrictions have been occurring. A change management process has not
been followed, so we have no way of knowing the number or types of changes that have been made
on the Default Domain policy.
What we need to do is reset the Default Domain controller policy to the original settings to resolve
a number of policy related issues.
This exercise introduces us to some advanced topics regarding Group Policy and how it works. We
will touch on these topics, but not go into them in great detail yet. Future WebCasts will further
explain the backend mechanics of Group Policy in greater detail.
SEA-DC-01

1. View the GptTmpl.inf file. a. On the desktop, double-click My Computer.
b. The My Computer window appears; maximize the window.
c. Navigate to
C:\WINDOWS\SYSVOL\sysvol\contoso.com\Policies\{31B2F340-
016D-11D2-945F-00C04FB984F9}\MACHINE\Microsoft\Windows
NT\SecEdit.
d. Hover the mouse over GptTmpl.inf.
The Default Domain Policy settings are stored in a template file called the
Gpttmpl.inf.
This file contains plain text information that configures the registry. Notice
that the file resides in the SYSVOL directory, in the GUID directory that
corresponds to our Default Domain policy. This is the same GUID we saw
earlier.
Remember, we edited the account lockout setting in the Computer
Configuration container. This setting is a machine based setting.
e. Right-click Gpttmpl.inf and click Open.
f. The Notepad window appears; maximize the window.
g. In the Gpttmpl.inf window, highlight text beginning with
LockoutBadCount and ending with LockoutDuration = 30.
Note this file is plain text. Here are the three settings we changed in the
first task.
h. Minimize Gpttmpl.inf.
2. Use a default copy of the
Gpttmpl.inf file to reset the
a. In Windows Explorer, navigate to C:\Technet Content\TNT4-
03\Demos\Demo Files.

policy settings. A default copy of the Gpttmpl.inf file has been saved as a text file to a
Technet Content folder for this demonstration. The default copy of the
Gpttmpl.inf file was obtained through a restored copy of the orginal file.
b. Double-click GPTTMLE.txt.
c. The Gpttmpl.txt window appears; maximize the window.
One way to reset all settings in the Default Domain Policy, is to simply
copy the settings from the backup file and paste them into the existing
GptTmpl.inf file.
d. Click the Edit | Select All menu command.
e. Click the Edit | Copy menu command.
f. Close Gpttmpl.txt.
g. Restore Gpttmpl.inf.
h. Click the Edit | Select All menu command.
i. Click the Edit | Paste menu command.
j. In Gpttmpl.inf, highlight LockoutBadCount = 0.
The account lockout settings we changed in the first task have now been
reset.
k. Close Gpttmpl.inf.
l. The Notepad dialog box appears; click Yes.
We will save the edited Gpttmpl.inf file.
m. Close the Explorer window.
3. Ensure the Gpttmpl.inf file
we just updated is replicated
to all domain controllers in
contoso.com.

a. In Windows Explorer, navigate to
C:\WINDOWS\SYSVOL\sysvol\contoso.com\Policies\{31B2F340-
016D-11D2-945F-00C04FB984F9}.
b. Right-click GTP.ini and click Open.
c. The GPT.ini window appears; maximize the window.
The Gpt.ini file controls the GPO template version numbers. We will edit
the Gpt.ini file to increase the GPO template version number so the
Gpttmpl.inf file is properly replicated.
d. Increase the Version number by an increment of one. For instance, if
the Version number is 65549, edit it to state 65550.
This will force the domain controllers to pull down the latest version of the
Default Domain policy.
e. Close GPT.ini.
f. The Notepad dialog box appears; click Yes.
g. Close Windows Explorer.
4. Refresh Group Policy on
this computer by running
GPUpdate.

a. On the desktop, double-click Command Prompt.
b. The Command Prompt window appears; type GPUpdate /force and
press Enter.
c. When the refresh has completed, close Command Prompt.
5. Look at the Default Domain
Policy settings to view our
changes.
a. On the desktop, double-click Group Policy Management.
b. In the console-pane, under contoso.com, click Default Domain Policy.
c. In the details-pane, click Settings and click show all.
d. Under Account Policies\Account Lockout Policy, hover the mouse

over 0 invalid logon attempts.
Notice that the Account Lockout settings have reverted back to the settings
we saw earlier.
Resetting the Default Domain Controller policy is the same process
performed just now, but we would edit a different file located in a different
GUID based directory.


Exercise 3
Creating a Marketing Users GPO
Scenario
We have created some GPOs in prior labs to show features of Group Policy, the GPMC, and Group
Policy settings.
In this exercise, we will create a new GPO and follow the process from its initial creation to the
application of the GPO.
We will create a fairly simple GPO with just a few settings. This Group Policy will configure users
desktop environment to fit Contosos company standards. This GPO will be linked to the Sales and
Marketing OU.

SEA-DC-01

1. Create and Link a new
GPO.
a. In the console-pane, expand Sales and Marketing.
b. Right-click Sales and Marketing and click Create and Link a GPO
Here.
c. The New GPO window appears; for Name, type Marketing Desktop
and click OK.
Notice that the new GPO is now listed under the Sales and Marketing OU
with the other GPOs.
2. View the link order. a. In the console pane, click Sales and Marketing.
b. In the details-pane, hover the mouse over Marketing Desktop.
c. Hover the mouse over the Link Order.
You can see that it listed as third in the link order. Link ordering allows
you to apply GPOs in a certain order, with last GPO that is processed
settings taking precedence.
3. Display the properties of the
Marketing GPO.
a. In the console-pane, double-click Marketing Desktop.
b. In the details-pane, hover the mouse over the properties.
4. Edit the Marketing GPO
settings to meet Contosos
company standards for user
desktops, including
removing the Run menu,
setting up a bitmap
wallpaper, and routing
users My Documents
folders.
a. In the console-pane, right-click Marketing Desktop and click Edit.
b. Navigate to User Configuration | Administrative Templates and
click Start Menu and Taskbar.
c. In the details-pane, double-click Remove Run menu from Start
Menu.
d. The Remove Run menu from Start Menu Properties window
appears; click Enabled and click OK.
This will help prevent users from easily accessing applications that run
from a command line such as the Registry Editor. However, this will not
prevent users from actually launching the Run application.
The company standard is to just remove easy access to this tool, not to

prevent it from working.
e. Navigate to User Configuration | Administrative Templates |
Desktop and double-click Active Desktop.
Contoso has a standard desktop bitmap that is to be placed on desktops.
We will use the Active Desktop to enforce the use of this desktop
background.
f. In the details-pane, double-click Enable Active Desktop.
g. The Enable Active Desktop Properties window appears; click
Enabled and click OK.
h. In the details-pane, double-click Active Desktop Wallpaper.
i. The Active Desktop Wallpaper Properties window appears; click
Enabled.
We will enter a Universal Naming Convention path, or UNC path to where
our standard desktop bitmap resides and we will leave the bitmap centered.
j. For Wallpaper Name, type \\SEA-DC-01\Public\Contoso.bmp and
hover the mouse over Center and click OK.
k. In the console-pane, collapse Administrative Templates.
l. Navigate to User Configuration | Windows Settings | Folder
Redirection | My Documents.
m. In the console-pane, right-click My Documents and click Properties.
n. The My Documents Properties window appears; for Setting, expand
the drop-down menu and click Basic- Redirect everyones folder to
the same location.
This will route all users My Documents Folder to the same location.
o. Hover the mouse over Create a folder for each user under the root
path.
p. For Root Path, type \\SEA-DC-01\Public and hover the mouse over
\\SEA-DC-01\Public\Claire\My Documents.
q. Click the Settings tab.
r. Click to select the Redirect the folder back to the local userprofile
location when policy is removed radio button and click OK.
Our Marketing Desktop policy has been configured
s. Close Group Policy Object Editor.


Exercise 4
Viewing the Results of the Marketing Desktop GPO
Scenario
Now that we have created a Marketing Desktop GPO and configured settings for the GPO, we will
see the GPO applied to our two users.
SEA-DC-01

WRK-SEA-001

Complete the following 2 tasks
on:
SEA-DC-01
1. To disable the link to the
Marketing Desktop GPO.
a. In the console-pane, under Sales and Marketing, right-click
Marketing Desktop and uncheck Link Enabled.
Since we created and linked the GPO to the OU that contains our users, if
we logged on right now, the GPO would be applied.
To prevent this from occurring, we will disable the link for now. To disable
the link, we simply uncheck Link Enabled in the context menu for the link.
b. Hover the mouse over the Marketing Desktop icon.
c. Minimize Group Policy Management.
2. Review where the two users
reside in the logical
structure of contoso.com.
a. On the desktop, double-click Active Directory Users and Computers.
b. The Active Directory Users and Computers window appears;
maximize the window.
c. In the console-pane, expand contoso.com | Sales and Marketing.
d. In the console-pane, click Sales and Marketing.
e. In the details-pane, hover the mouse over Marketing User.
The Marketing User resides in the Sales and Marketing OU.
f. Hover the mouse over Sales Team.
There is a child OU in the Sales and Marketing OU called Sales Team.
g. Double-click Sales Team, and in the details-pane, hover the mouse
over Sales User.
The Sales Team OU contains the Sales User object.
Its important to remember the Group Policy processing order: Site,
Domain, OU and then Child OU.
Viewing the user object location will help you to understand how to control
application of the Marketing Desktop GPO later on in this exercise.
h. Close Active Directory Users and Computers.
on:
WRK-SEA-001
a. Click the WRK-SEA-01 link in the My Machines browser.

3. View the settings on the
client computer for the
MarketingUser (note that
the link to the new GPO was
disabled, so the new settings
do not appear).
d. Logon as Contoso\MarketingUser with a password of Passw0rd.
e. On the desktop, hover the mouse over the desktop background.
Notice the desktop wallpaper is purple.
f. Click Start | Run.
g. The Run window appears; click Cancel.
We can access the Run command from the Start Menu.
h. On the desktop, right-click My Documents and click Properties.
i. The My Documents Properties window appears; next to Target,
scroll left to show C:\Documents and Settings and click Cancel.
The My Documents folder currently resides on the local drive.
4. Log off as the
MarketingUser.
a. Click Start | Log Off.
b. The Log Off Windows dialog box appears; click Log Off.
5. View the settings on the
client computer for the
SalesUser (note that the link
to the new GPO was
disabled, so the new settings
do not appear).
a. Click in the virtual machine window.
b. Press Right-ALT + DEL.
a. Logon as Contoso\SalesUser with a password of Passw0rd.
b. On the desktop, hover the mouse over the desktop background.
Notice the desktop wallpaper is teal.
c. Click Start | Run.
d. The Run window appears; click Cancel.
We can access the Run command from the Start Menu.
e. On the desktop, right-click My Documents and click Properties.
f. The My Documents Properties window appears; next to Target,
The My Documents folder currently resides on the local drive.
6. Well log off this user Log
off as SalesUser.
a. Click Start | Log Off.
b. The Log Off Windows dialog box appears; click Log Off.
Complete the following task
on:
SEA-DC-01
7. Enable the link to the
Marketing Desktop GPO.
a. Click the SEA-DC-01 link in the My Machines browser.
b. In the console-pane, under Sales and Marketing, right-click
Marketing Desktop and click Link Enabled.
c. Minimize Group Policy Management.

on:
WRK-SEA-001
8. Log back on as
MarketingUser to see the
new settings. Force
GPUpdate for the
MarketingUser.

a. Click the WRK-SEA-01 link in the My Machines browser.
a. Logon as Contoso\MarketingUser with a password of Passw0rd.
Note: If Group Policy has updated the WRK-SEA-001 computer, skip to
step f.
b. On the desktop, double-click Command Prompt.
c. The Command Prompt window appears; type GPUpdate /force and
press Enter.
Remember there is a refresh interval for pulling down the latest group
policy settings.
We will need to perform a forced update of the latest policy settings to view
the Marketing Desktop policy. Remember, use GPUdate to force the
update.
d. At OK to logoff?, type Y and press Enter.
The policy settings are user-based and require that the user log off and
back on.
e. Click in the virtual machine window.
f. Press Right-ALT + DEL.
g. Logon as Contoso\MarketingUser with a password of Passw0rd.
h. On the desktop, hover the mouse over the desktop background.
Notice the desktop wallpaper is now a Contoso approved background.
i. Click Start and hover the mouse over where Run used to be.
Now, we cannot access the Run command from the Start menu.
j. On the desktop, hover the mouse over the My Documents icon.
Notice the arrows indicating that the folder is being redirected.
k. On the desktop, right-click My Documents and click Properties.
l. The My Documents Properties window appears; next to Target,
scroll left to show \\SEA-DC-01\Public\MarketingUser and click
Cancel.
The My Documents folder now resides on the network share.
As you can see, the GPO settings have successfully applied to the
Marketing User.
m. Click Start | Log Off.
n. The Log Off Windows dialog box appears; click Log Off.
9. Now, check the settings for
SalesUser.
a. Click in the virtual machine window.
b. Press Right-ALT + DEL.
a. Logon as Contoso\SalesUser with a password of Passw0rd.
Since we forced an update earlier, the latest policy settings are applied to
the Sales User account.
b. On the desktop, hover the mouse over the desktop background.
Notice the desktop wallpaper is now a Contoso approved background.
c. Click Start and hover the mouse over where Run used to be.
Now, we cannot access the Run command from the Start menu.

d. On the desktop, hover the mouse over the My Documents icon.
Notice the arrows indicating that the folder is being redirected.
e. On the desktop, right-click My Documents and click Properties.
f. The My Documents Properties window appears; next to Target,
scroll left to show \\SEA-DC-01\Public\SalesUser and click Cancel.
The My Documents folder now resides on the network share.
As you can see, the GPO settings have also successfully applied to the
SalesUser.


Exercise 5
Blocking Inheritance of the Marketing Desktop GPO
Scenario
Before we wrap up this lab, we will use Block Inheritance to preserve the Sales Users original
desktop settings.
Ideally, you will want to design your OU structure to contain the use of Block Inheritance since the
use of Block Inheritance can complicate troubleshooting Group Policy application in a complex
environment. For now, we will use Block Inheritance for demonstration purposes only.
SEA-DC-01

WRK-SEA-001

on:
SEA-DC-01
1. Configure the Sales Team
OU to not inherit Group
Policies from the Sales and
Marketing OU.
a. Click the SEA-DC-01 link in the My Machines browser and restore
Group Policy Management.
b. In the console-pane, right-click Sales Team and click Block
Inheritance.
Child OUs inherit GPO settings from parent OUs. Clicking this setting
prevents inheritance.
c. Hover the mouse over the icon next to Sales Team.
Notice the icon for the Sales Team OU now has an exclamation mark to
show that the OU has been configured to Block Inheritance.
d. Close Group Policy Management.
on:
WRK-SEA-001
2. Log on as SalesUser (a
member of the Sales Team
OU) and check the desktop
settings.
a. Click the WRK-SEA- 01 link in the My Machines browser.
b. Double-click Command Prompt on the desktop.
c. Type gpupdate /force and press Enter.
d. At OK to logoff?, type Y and press Enter.
e. Log back on as Contoso\SalesUser with a password of Passw0rd.
f. On the desktop, hover the mouse over the desktop background.
Notice the desktop wallpaper is back to being teal.
g. Click Start | Run.
h. The Run window appears; click Cancel.
We can once again access the Run command from the Start Menu.
i. On the desktop, right-click My Documents and click Properties.
j. The My Documents Properties window appears; next to Target,
The My Documents folder once again resides on the local drive.
The Block Inheritance feature of Group Policy is powerful, but needs to be

carefully applied.

Creating Group Policy Objects

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Creating Group Policy Objects

Uploaded by

Copyright:

Available Formats

2 Table of Contents

You might also like