Active Directory GPOs can be linked to sites, domains, or organizational units (OU) at the domain level. An OU is a container assigned to a company’s resources, services, or accounts, such as a server, printer, or user account belonging to a department.
GPOs link and inherit
For example, an organizational unit called "Notebooks" may contain a GPO whose settings affect only notebooks, but no other machines.
All clients grouped under a site, a domain, or an organizational unit must adhere to the instructions of the assigned GPO. Administrators can also assign multiple group policy objects. With this method, the individual distribution of rights through Active Directory can be fine-tuned.
However, to work at the Active Directory level with group policies, an appropriate operating system such as Windows Server 2003 or 2008. requires both tools such as the group policy management console gpmc.msc to distribute group policies in the Active Directory network Code>
The tool also allows you to define your own wizard-driven policies - an ability that's lacking in common Windows versions like Vista and 7. Both support the group policy management console, but require a user account at the domain level for use.
If certain group policies apply to all employees or computers, regardless of the department, it is worth to create a group policy link.
To do this, administrators first set the appropriate settings in an organization-wide GPO, and then link it to the department organizational units defined in the Active Directory. If you want to change a setting at a later stage, you only have to adjust the organization-wide GPO.
Policies that an administrator has enabled or disabled are inherited by all the parent and child containers of the parent group policy container. The bottom level is the local group rules, then the ascending order follows the group policies of the site, the domain, and the organizational units.
If a group of different hierarchies is used on a PC, Windows is working from bottom to top, so first start with the local group guidelines.
No comments:
Post a Comment