About GPO

Group Policy is a Microsoft Windows Operating System’s feature that controls user and computer accounts as per the organisation requirement. We can say that Group Policy is a centralized way to manage our domain users and computers located in Active Directory. With the help of Group Policy, IT Administrators can put granular level of settings over group of users in regards with what they can and can’t do with their system or what they can and can’t access on domain network. If you want to turn off cortana then that can be achieved using Group Policy see: How To Disable Cortana Through GPO and it can be achieved by few click withing a couple of minutes.

Purpose of Using GPO:

Basically, Group Policy is used to control domain users and computers so that they all can be managed centrally by an IT Administrator sitting over a single site. For example let’s say Password Policy. This can be configured and applied over all domain users centrally. Like – Complexity (Small & Capital letters, Special characters, Numbers 0-9 etc.), Password length, Minimum password age, Maximum password age etc. For details click on Domain Password Policy.

Take another example: let’s say your management decides to show a common wallpaper on all workstations including laptops in the company. Then this can be achieved via Group Policy rather than going to every machine and setting that common wallpaper manually. Group Policy helps to improve productivity by removing manual efforts on user’s workstations.

Way of Applying:

Group Policy Objects processed in the order of LSDOU i.e. L (Local), S (Site), D (Domain) and OU (Organizational Unit). Whenever a Group Policy is created, it goes through 3 steps. First of all we need to select an Organisation Unit where our object resides.  Second, security filtering where we select / define any group or single object. This group can be in-built group (Authenticated users) or manually created group. In case of manual created group object should be the part of this group. Single object can be either single user or computer. Third, WMI filtering comes into picture which is optional. It can or cannot be used in the GPO based upon requirement.

Once Group Policy creation task is done then can check on user’s workstations whether Group Policy applied or not. By default, Group Policy refresh interval is 90 minutes. But if it takes longer than expected then user can also initiate a request for refreshing Group Policy. The command to update Group Policy is “gpupdate” or “gpupdate /force” so that desired GPO apply immediately. Most of them will apply after finishing the command. But few of them become  effective after “user logoff / login” or “system startup”. So for these kind of policies got effective, user need to logoff and login again or system restart required.