Home‎ > ‎CIS 195‎ > ‎

Lesson 11: Group Policy Objects

Presentation slides are here

Objectives
  • Configure a Central Store
  • Manage starter GPOs
  • Configure GPO links 
  • Configure multiple local group policies
  • Configure security filtering
Vocabulary
ADMX: An XML-based file format used to create administrative templates, replacing the token-based administrative template (ADM) files used with earlier versions of Group Policy. 

asynchronous processing: In Group Policy processing, the ability to run multiple logon scripts at the same time.

Block Policy Inheritance: A setting on a container object such as a site, domain, or OU that blocks all policies from parent containers from flowing to this container.

Central Store: A single copy of the ADMX files stored on domain controllers.

domain GPO: A nonlocal GPO created in Active Directory and linked to a site, domain, or OU.

Enforce: A setting on an individual GPO link that forces a particular GPO’s settings to flow down through the AD DS hierarchy without being blocked by child OUs.

folder redirection: A Windows Server 2012 feature that enables users to store local files on a network drive for backup, making them accessible from anywhere on the network.

GPO inheritance: The process by which GPO settings assigned to an AD DS object are passed down to all of its subordinate objects.

Group Policy: A mechanism for controlling and deploying operating system settings to computers all over your network.

Group Policy container (GPC): An Active Directory object that stores the properties of the GPO.

Group Policy Management console: A Microsoft Management Console (MMC) snap-in that you use to create GPOs and manage their deployment to AD DS objects.

Group Policy Management Editor: A Microsoft Management Console (MMC) snap-in that opens GPOs and enables you to modify their settings.

Group Policy Object (GPO): A file that contains the Group Policy settings to deploy to user and computer objects within a site, domain, or organizational unit.

Group Policy template (GPT): A folder that stores policy settings, such as security settings and script files.

linking: A process by which you can associate one or more Group Policy objects (GPOs) with specific Active Directory Domain System (AD DS) objects. 

local GPO: A GPO that contains settings for one specific system.

Loopback Processing: A Group Policy option that provides an alternative method of obtaining the ordered list of GPOs to be processed for the user.

LSDOU: an acronym referring to the order in which Windows systems receiving GPOs from multiple sources process them: local policies, site policies, domain policies, and then OU policies.

multiple local GPOs: A relatively new Windows feature that enables you to specify a different local GPO for administrators or to create specific GPO settings for one or more local users configured on a workstation. 

security filtering: An advanced technique that enables you to apply GPO settings to only one or more users or groups within a container by selectively granting the "Apply Group Policy" permission to one or more users or security groups.

starter GPO: A template for the creation of domain GPOs based on a standard collection of settings.

synchronous processing: In Group Policy processing, the tendency of a system to read and apply each policy completely before moving on to the next one.

SYSVOL bloat: A condition in which hundreds of megabytes of redundant information is stored on SYSVOL volumes, which then have to be replicated to all the domain controllers for the domain. 

Comments