Active Directory Policies

Fine-Grained Password Policies

In Active Directory, there can be only one Password Policy and Account-Lockout Policy per domain. Situations may arise in which setting different account policies for different types of users will be required. For example, employees in the finance department may need a…
Active Directory Policies

Force Group Policy Updates

Any changes made to a GPO will take somewhere between 90-120 minutes on domain members and 5 minutes on domain controllers to take effect. To apply the group policies immediately without waiting for the update interval, a command line utility called gpupdate can be used. The…
Active Directory Policies

Group Policy Results

It is always a good practice to know what policy settings are being applied to a user or computer, since GPO imposes a lot of restrictions and customizations on the user and computer. So, if something is amiss, a review of the policy settings will shed some light on the…
Active Directory Policies

GPO Delegation

Just like other AD objects, security principals can be assigned permissions to access a GPO. The following are the list of permissions that can be assigned: Read Edit Settings Edit Settings, Delete, Modify security The following steps illustrate how to set…
Active Directory Policies

Security Filtering and WMI Filtering

Security Filtering is used to apply policy settings to only a particular set of users and computers. By default, all authenticated users will receive the policy settings. To apply the GPO only to a particular set of users and computers, follow these steps: In the left…
Active Directory Policies

GPO Inheritance

A user or a computer in an OU can have multiple GPOs applied to it. For example, Local Group Policy, GPOs linked to the site, GPOs linked to the domain and GPOs linked to the OU. Also, multiple GPOs can be linked to any of these containers. The following is the order in…
Active Directory Policies

Creating a GPO in Active Directory

GPOs can be created and managed using the Group Policy Management Console (GPMC). The configuration settings can be edited using the Group Policy Object Editor (gpedit) console. The following steps illustrate how to create a GPO: Open the GPMC snap-in. Go to Start Menu…