NIST's guidance for a Zero Trust Architecture

Editor's Pick

Group Policy Management Console (GPMC) – Part I

GPMC: An Introduction

The Group Policy Management Console (GPMC) is a one-stop solution for performing all the Group Policy functions an administrator has to deal with. This MMC snap-in provides all the information about Group Policies and allows one to view all the settings within a Group Policy Object (GPO). Many of the functions of the GPMC can also be scripted. The GPMC provides viewing, configuring, and analyzing GPO settings to know how they will affect target computers and users.

Here is a partial list of what administrators can do with GPMC:

  • Creating, modifying, deleting, reporting GPOs and controlling their application
  • Performing Group Policy searches across the forest and domain(s)
  • Check/control status of GPOs
  • Linking and unlinking GPOs
  • Performing backup, restore and import of GPOs
  • Executing GPO modeling sessions to understand the effects of GPOs
  • Setting and delegating permissions

The following are some of the highlights of the GPMC which make it such a handy tool:

  • Easy user interface with drag-and-drop functionality
  • Capability to backup, restore, import and copy GPOs
  • Incudes programmable interfaces
  • Execution of fully scriptable functions
  • Manages WMI filtering that helps in selectively applying GPOs

Opening the GPMC

To open the GPMC one of the following methods may be used:

  • Go to Start  → Run. Type gpmc.msc and click OK.
  • Go to Start → Type gpmc.msc in the search bar and hit ENTER.
  • Go to Start → Administrative Tools → Group Policy Management.

Creating an unlinked GPO

  • Within the GPMC, right click Group Policy Objects in the domain where the GPO is to be created and select New. Give it a suitable name.
  • Click OK.

Editing a GPO

  • In the GPMC, open the Group Policy Objects node.
  • Right click the appropriate GPO, and click Edit.

Deleting a GPO

  • In the GPMC, open the Group Policy Objects node.
  • Right click the appropriate GPO, and click Delete.
  • Click OK to confirm.

Note that it is a best practice to not edit/delete the Default Domain Controllers Policy or the Default Domain Policy.

In the next part , we will take a look at some of the other tasks that can be executed from the console.

Related posts
Editor's Pick

Locating Objects in AD

Editor's Pick

Group Policy Management Console (GPMC) – Part II

Leave a Reply

Your email address will not be published. Required fields are marked *