Group Policy

Applies To: Windows Server 2008

Group Policy is an infrastructure used to deliver and apply one or more desired configurations or policy settings to a set of targeted users and computers within an Active Directory environment. This infrastructure consists of a Group Policy engine and multiple client-side extensions (CSEs) responsible for reading specific policy settings on target client computers.

Aspects

The following is a list of all aspects that are part of this managed entity:

Name Description

Application of Group Policy

Group Policy uses the information collected during preprocessing to apply settings to the computer or user. The Group Policy service cycles through each client-side extension, sharing the previous collected information. Each client-side extension then applies its specific policy settings to the computer or users. During this process, one or more client-side extensions may report problems when attempting to apply policy settings.

Group Policy Preprocessing (Active Directory)

Group Policy processing requires Active Directory. The Group Policy service reads and updates information stored in Active Directory. The absence of Active Directory (or a domain controller) prevents Group Policy from applying to the computer or user.

Group Policy Preprocessing (General)

The Group Policy service, during the preprocessing phase, ensures that Group Policy is not configured beyond the scope of the service. An improper configuration could prevent Group Policy from applying to a computer or user.

Group Policy Preprocessing (Networking)

Group Policy processing requires network connectivity to one or more domain controllers. The Group Policy service reads information from Active Directory and the sysvol share located on a domain controller. The absence of network connectivity prevents Group Policy from applying to the user or computer.

Group Policy Preprocessing (Security)

Group Policy preprocessing uses security to act on behalf of the computer or user. Incorrect permissions or security failures can prevent Group Policy from applying to the computer or user.

Group Policy Preprocessing (WMI)

Group Policy processing depends on the Windows Management Instrumetation (WMI) service. During preprocessing, the Group Policy service evaluates WMI filters to determine if a Group Policy object is within scope of the computer or users. Failures with WMI can prevent Group Policy settings from applying as well as cause inaccurate reporting results.

Group Policy Reporting

The Group Policy service maintains a reporting system. This allows client-side extensions to report the policy settings they apply to the user or computer. Tools such as the Group Policy Management Console (GPMC) and GPResult display this reporting information to the user. Usually, Group Policy reporting problems do not prevent Group Policy from applying. However, reporting information may be incomplete if reporting errors occur.

Group Policy Service

The Group Policy service is responsible for applying Group Policy to computers and users. By default, the service starts during computer startup and remains operating until computer shutdown. Errors occurring within the core service usually result in a failure of Group Policy processing.

Group Policy Infrastructure