Windows Server 2003 Group Policy Infrastructure
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Intended for system administrators, architects, and others who need to create and manage Group Policy settings, this paper explains Group Policy infrastructure and shows how the new Group Policy Management Console (GPMC) fits into this infrastructure. The paper includes detailed information about Group Policy processing as well as many best practices useful to the Group Policy administrator.
Introduced in Windows® 2000 Server, Group Policy provides directory-based desktop configuration management. With Group Policy, you can specify settings for registry-based policies, security, software installation, scripts, folder redirection, Remote Installation Services, and Internet Explorer maintenance. The Windows Server 2003 family of operating systems, extends Group Policy in a number of ways— through GPMC, which includes scripting interfaces, Group Policy Results, Group Policy Modeling, and more.
The Group Policy settings that you create are contained in a Group Policy object (GPO). By linking a GPO with selected Active Directory® service system containers—sites, domains, and organizational units—you can apply these settings to the users and computers in those Active Directory containers. To create GPOs, you use GPMC in conjunction with the Group Policy Object Editor, an MMC snap-in, also known previously as the Group Policy snap-in, Group Policy Object Editor, or GPedit.
Administrative Requirements for Using Group Policy
In order to use of all of its features, Group Policy requires Active Directory and client computers running Windows 2000 or later. To set Group Policy for a selected Active Directory container, you must have a Windows 2000 or Windows Server 2003 domain controller installed, and you must have read and write permission to access the system volume of domain controllers (Sysvol folder) and modify rights to the currently selected directory container. The system volume folder is automatically created when you install a domain controller (or promote a server to domain controller).
Note
Group Policy depends on Active Directory; therefore, it is crucial to understand Active Directory and its structure. It is highly recommended that you familiarize yourself with Active Directory concepts before implementing Group Policy. To learn about Active Directory, see the Active Directory white papers at https://www.microsoft.com/ad. Information about planning and implementing Active Directory is available from the Windows Deployment and Resource Kits page at https://www.microsoft.com/reskit.
GPMC System Requirements
GPMC can manage both Windows 2000 and Windows Server 2003 domains with Active Directory. In either case, the computer on which the tool itself runs must be running Windows Server 2003 or Windows XP Professional (with Windows XP Service Pack 1 and the Microsoft .NET Framework). Note: When installing GPMC on Windows XP Professional with SP1, a post SP1 hotfix is required. This hotfix (Q326469) is included with GPMC. GPMC Setup prompts you to install Windows XP hotfix Q326469 if it is not already present.
Feedback on this Paper
If you have any comments about this paper, contact mailto:gpdocs@microsoft.com.
In This White Paper
What's New About Group Policy in Windows Server 2003
Overview of Group Policy Infrastructure and Mechanics
Group Policy Extension Snap-ins
Group Policy Modeling and Results
Group Policy Replication and Domain Controller Selection (Group Policy Infrastructure)
Local Group Policy (Group Policy Infrastructure)
Design Considerations for Organizational Unit Structure and Use of Group Policy Objects
IntelliMirror Features without Active Directory
Migrating Policy-Enabled Clients from Windows NT 4.0 to Windows 2000 or Windows Server 2003
Appendix A: Security Settings and User Rights
Appendix B: Group Policy Storage