Servers Learn AD in 15 Minutes a Week: Active Directory Group Policy

Learn AD in 15 Minutes a Week: Active Directory Group Policy




by Jason Zandri

www.2000trainers.com


Welcome to the fifth installment of Learn Active Directory Design and Administration in 15 Minutes a Week, a weekly series aimed
at current IT professionals preparing to write the new Windows Active Directory Design and Administration exams (70-219 and 70-217 respectively), as well as newcomers to the field who are trying to get a solid grasp on this new and emerging directory service from Microsoft. I was going
to discuss the Lightweight Directory Access Protocol (LDAP)
this week, but I had a few people write to me about Group
Policy so I thought I would write about Active Directory Group Policy
instead and delay my Lightweight Directory Access Protocol (LDAP)
article until next week.


Jason Zandri’s latest article in the Learn Active Directory Design and Administration in 15 Minutes a Week takes an in-depth look at the topic of Active Directory Group Policy.

Group Policy

There are two types of group policy
settings within the Windows 2000 Active Directory; computer
configuration settings and user configuration settings.
There are also two types of scripts that are run at start up;
computer startup scripts and user logon scripts. The
following sections will give an overview of how these
configuration settings are applied.

[NOTES FROM THE FIELD] – Much
of this information is an Exam Requirement for both the

70-217
AND the

70-219
exams. Some would argue it is more so for the 219
and I would agree, but you need to know both the Group
Policy Administration pieces of 70-217 and the Group Policy
Design requirements for 70-219 and much of this overlaps
both exams. I took both exams singly and saw it for myself.

Computer Configuration Settings and
Startup Scripts Overview

Computer configuration settings are
used to set specific policies on local systems and are applied
when the operating system initializes. They are the first
things that are applied to any system due to the obvious
fact that the system needs to fully initialize before a user
can log on. The computer configuration settings are applied
to everyone that logs on to that system. There may be user
configuration settings (which are applied next) that
override the computer configuration settings, but this does
not mean they were not applied to the local system, only that they were
overwritten by a subsequent user configuration setting or
settings.

Computer configuration settings are processed synchronously
(one after another, after another) by default, but this setting can be changed by the domain
administrator. These settings are processed in a specific
order. Local GPOs are first, then site GPOs, followed by
domain GPOs, and finally OU GPOs. There is not an option to log
on while the computer configuration settings are being
processed.

Any computer startup scripts that are set to run for the
system start after all of the GPOs are processed. This is
also hidden from the user’s view and runs synchronously by default.
This is important because each script must complete or time
out before the next one starts. If there are issues with any
one single script, this will delay the startup competition of
the system, as the default timeout period is set for 600
seconds (10 minutes). It is not recommended to change the
synchronous execution nature of the scripts, as one may have
a dependency on another, but it can be done at the
administrator’s discretion. The default timeout period of
600 seconds can be changed and often is.

[NOTES FROM THE FIELD] – In
the following section titled Group Policy Settings Processing
Order,
I detail the full GPO processing as it follows
the GPO order and inheritance tree.

Latest Posts

How to Convert a Physical Computer to a Virtual Machine

Many organizations are implementing virtualization technology into their networks to convert physical computers to virtual machines (VM). This helps reduce overall physical hardware costs,...

HPE ProLiant DL380 Gen10: Rack Server Overview and Insight

The HPE ProLiant DL380 series has consistently been a market leader in the server space. The Gen10 released in 2017 further increased HPE's market...

Best Server Management Software & Tools 2021

Finding the best server management software tools for your organization can have a major impact on the success of your business operations. Manually handling...

IBM AS/400: Lasting the Test of Time

Some server operating systems (OS) were built to survive the test of time – the IBM AS/400 is one such system.  The AS/400 (Application System/400)...

What is Disaster Recovery?

The modern organization's heavy dependence on using data to drive their business has made having a Disaster Recovery (DR) plan in place a necessity....

Related Stories