Part 2. Managing Group Policy

In chapter 1 you saw that Active Directory is used to control access to resources in your environment. Active Directory can also be used to manage the security and configuration of computers (servers and workstations) in your domain. This is accomplished through Group Policy, which is the subject of the first two chapters in this part.

Chapter 8 introduces Group Policy and teaches you how to create these objects. You’ll also learn how to modify Group Policies. Logon scripts have been a feature of networked environments for many years. Group Policy preferences offer an alternative that can simplify your environment.

Chapter 9 examines how to apply these polices to the users and computers in your domain. As you’ll see, Group Policy can be applied to the domain or to an OU tree. The application of the policy can be controlled by blocking inheritance of the policy from OUs higher in the tree. The blocking can be overridden, which can potentially lead to a bewildering set of conflicting settings. Best practice for dealing with this will be presented.

Part 2 closes with chapter 10, where Fine Grained Password policies (PSOs) are discussed. PSOs, which were introduced with Windows Server 2008, enable you to overcome the restriction of only having a single password policy in a domain. You’ll learn how to create and manage these objects, along with practical advice for when to use them.