Windows Server: How to Create and Link a Group Policy Object Using the Group Policy Management Console

This article provides instructions for creating and linking a Group Policy Object using the Group Policy Management Console.

In order for Group Policy settings to be applied, Group Policy Objects (GPOs) must be created and linked to domains, sites or organizational units (OUs) in Active Directory. The Group Policy Management Console (GPMC) is the native tool of choice for performing these actions.

In a new domain, there are two preexisting GPOs: the Default Domain Policy and Default Domain Controllers Policy. As implied by their names, the Default Domain Policy is linked to the domain, and the Default Domain Controllers Policy is linked to the Domain Controllers OU. Therefore, policy settings in the Default Domain Policy affect all user and computer accounts in the domain, while those in the Default Domain Controllers Policy affect only the contents of the Domain Controllers OU, which typically contains the computer accounts of domain controllers in the domain.

It is, of course, possible to modify the preexisting GPOs, but Group Policy best practices advise against doing so; it is preferable to create a new GPO instead. To do so, perform the following steps:

  1. Open the Group Policy Management Console from the Administrative Tools menu or by typing gpmc.msc at a command prompt.
  2. Do one of the following to create a new GPO:
    • In the left pane, right-click the domain, site, or OU to which the GPO will be linked and select Create a GPO in this domain, and link it here…

In the left pane, right-click the Group Policy Objects folder and select New.

  • With the Group Policy Objects folder selected, select New from the Action menu.

Give the new GPO a name, and select a starter GPO if applicable. Click OK.

The new GPO will appear in the Group Policy Objects folder, but it will not have any policy settings associated with it. To configure the policy settings associated with the new GPO, do the following:

  1. Right-click the GPO in the Group Policy Objects folder and select Edit. The Group Policy Management Editor appears.

In the left pane, drill down to the container of the policy settings you wish to change. The settings themselves will appear in the right pane.

  1. Double-click the policy setting you wish to change or right-click it and select Properties.
  2. Check the box labeled Define this policy setting, then configure the setting as you wish
  1. Click OK to close the properties window and save the changes to the policy.
  2. Close the Group Policy Management Editor window when done.

If the GPO was not linked to a domain, site, or OU when it was created, it must be linked to one of these before its policy settings will take effect. To link the GPO, perform the following steps:

  1. Right-click the domain, site, or OU to which it should be linked and select Link an existing GPO…

Select the GPO from the list that appears and click OK.

Policy changes you have made will take effect the next time Group Policy is refreshed. The default refresh rate is once every 90 minutes, plus a random offset from 0 to 30 minutes. To manually refresh Group Policy, use the gpupdate /force command.

If you have any situation in following these steps comments us. We solve your problems.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

Create your website at WordPress.com
Get started
%d bloggers like this: