Overview of Group Policy

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Group Policy enables Active Directory–based change and configuration management of user and computer settings on computers running a member of the Microsoft® Windows® Server 2003 or Microsoft Windows® 2000 families of operating systems, or the Microsoft® Windows® XP Professional operating system. You use Group Policy to define configurations for groups of users and computers, including policy settings for registry-based policies, software installation, scripts, folder redirection, Remote Installation Services, Internet Explorer maintenance, and security. You can also use Group Policy to help manage server computers, by configuring many server-specific operational and security settings.

The Group Policy settings that you create are contained in a Group Policy object (GPO). To create a GPO, use the Group Policy Management Console (GPMC). To edit a new GPO, use the Group Policy Object Editor snap-in for the Microsoft Management Console (MMC), which you can start from GPMC. By using GPMC to link a GPO to selected Active Directory system containers — sites, domains, and organizational units (OUs) — you apply the policy settings in the GPO to the users and computers in those Active Directory containers.

To guide your Group Policy design decisions, you need a clear understanding of your organization’s business needs, service level agreements, and security, network, and IT requirements. By analyzing your current environment and users’ requirements, defining the business objectives you want to meet by using Group Policy, and following this chapter’s guidelines for designing a Group Policy infrastructure, you can establish the approach that best supports your organization’s needs.

To see example standard desktop configurations and the actual policy settings used for those configurations, see the Group Policy scenarios in the whitepaper at the Implementing Common Desktop Management Scenarios link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources. For a list of these sample configurations, see Table 2.3 later in this chapter.

IntelliMirror refers to the ability to provide users with consistent access to their applications, application settings, roaming user profiles, and user data, from any managed computer – even when they are disconnected from the network. IntelliMirror is delivered by means of a set of Windows features that enable IT administrators to implement standard computing environments for groups of users and computers.

IntelliMirror can significantly boost user productivity and satisfaction by doing the following:

  • Allowing users to continue working efficiently in intermittently connected or disconnected scenarios by enabling uninterrupted access to user and configuration data under these conditions.

  • Delivering a consistent computing environment to users from any computer when their desktop or laptop computer is unavailable or in scenarios where users are not assigned a specific computer.

  • Minimizing data loss by enabling centralized backup of user data and configuration files by the IT organization.

  • Minimizing user downtime by enabling automated installation and repair of applications.

Implementing IntelliMirror also boosts administrator efficiency and reduces IT costs by doing the following:

  • Eliminating the need to manually configure user settings, install applications, or transfer user files to provide users access to their computing environments on any computer.

  • Enabling scenarios where users do not have an assigned computer but log in to any available computer in a pool of computers. This helps reduce hardware and administration costs.

  • Easing the IT task of implementing centralized backup of user files while satisfying the need for these files to be available on the user’s computer.

  • Reducing support costs by using Windows Installer to automatically repair broken application installations.

  • Enabling rapid deployment of security settings to ensure resources on the network are secure.

Windows features that implement IntelliMirror include Active Directory, Group Policy, Software Installation, Windows Installer, Folder Redirection, Offline Folders, and Roaming User Profiles.