Professional Documents
Culture Documents
Implementing and Administering Active Directory: Practical 7 Group Policy Object (GPO)
Implementing and Administering Active Directory: Practical 7 Group Policy Object (GPO)
Practical 7
Group Policy Object (GPO)
Introduction
Group policies are collection of user and computer configuration settings that specify
how programs, network resources, and the operating system work for users and
computers in an organization. Group policy can be set up for computers, sites, domains,
and OUs. For example, using group policies, you can determine the programs that are
available to users, the programs that appear on the user’s desktop, and Start menu
options. Although the name “Group Policy” suggests that you might set policies for
global, domain local, or universal groups, this is not the case. Instead, think of Group
Policy as groupings of policy settings that are linked to computers, sites, domains, and
OUs.
Learning Outcomes:
Creating a GPO
Step:
1. Click Start, point to Administrative Tools, and then click Group Policy
Management
2. Right-click domain, or OU for which you want to create a GPO, and then click
Creat a GPO in this domain an d Link it here..
3. Create a new GPO and type the name you want to use for this GPO.
4. Click OK.
Step:
1. After creating a GPO, right click the GPO and choose Enforced.
Applying Block Inheritance to an OU
Step:
1. Go to Group Policy Management.
Step:
1. At the Group Policy Management, right click a GPO you have created before and
choose edit.
2. Under User Configuration -> Administrative Templates -> Start Menu and
Taskbar.
5. Choose Enable.
6. Click OK.
Step:
1. Log off administrator.
2. Log–on as an user belongs to the OU that have been linked with the GPO.
Refreshing a GPO
Each GPO is refreshed when you restart your computer. When you modify the settings
in a GPO, they are refreshed every 90 minutes on a workstation or server agpnd every
five minutes on a domain controller. The setting are also refreshed every 16 hours,
whether or not there are any changes. To refresh GPOs immediately,
Step:
1. Click Start, and then click Run.
2. In the Run dialog box, type gpupdate and then click OK.
EXCERSICE
In your current domain (zombie.com), create five OUs (UTeM, FTMK, FKEKK, DIT and
BITC) as shown in Figure 1 below. In each OU, create one domain user account with
details as shown in Table 1. Ensure that all domain user accounts (Prof1, Prof2, Prof3,
Prof4, and Prof5) are member of Print Operator in the domain.
Table 1
OU USERNAME PASSWORD
UTeM Prof1 yGhs72bs
FKEKK Prof2 yGhs72bs
FTMK Prof3 yGhs72bs
BITC Prof4 yGhs72bs
DIT Prof5 yGhs72bs
Figure 1
Table 2
Domain/OU Configuration
zombie.com ● User Configuration>Administrative Templates>Desktop>Desktop>Desktop
Wallpaper
Enabled with wallpaper name C:\WINDOWS\Web\Wallpaper\img1.jpg
(stretch)
● Config1
UTeM ● User Configuration>Administrative Templates>System>Logon>Run these
program at user logon
Enabled with item to run at logon = Calc
● User Configuration>Administrative Templates>Start Menu and
Taskbar>Remove Run menu from Start Menu
Enabled
FTMK ● User Configuration>Administrative Templates>Desktop>Desktop>Desktop
Wallpaper
Enabled with wallpaper name C:\WINDOWS\Web\Wallpaper\img2.jpg
(stretch)
● Config2
DIT ● User Configuration>Administrative Templates>System>Logon>Run these
program at user logon
Enabled with item to run at logon = Notepad
● Config3
List all the policies applied at each OU in terms of wallpaper, item run at logon, and Run
menu availability when
Do not forget to refresh a GPO or restart your system after creating/altering GPOs.