New in Windows Server 2003: Group Policy Management

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

GPMC is a new tool that unifies management of all aspects of Group Policy across multiple forests in an enterprise. GPMC allows you to manage all GPOs, Windows Management Instrumentation (WMI) filters, and Group Policy-related permissions in your network. Think of GPMC as your primary access point to Group Policy, with all the Group Policy management tools available from the GPMC interface. The information presented in this book is based on using GPMC for Group Policy deployment and ongoing management.

GPMC consists of a set of scriptable interfaces for managing Group Policy and an MMC-based user interface (UI). The UI integrates all previous Group Policy tools into a unified Group Policy-management console. GPMC runs on 32-bit computers that are running a member of the Windows Server 2003 family operating system or Windows XP Professional with Service Pack 1 and the Microsoft® .NET Framework. This tool can manage both Windows Server 2003 and Windows 2000 Active Directory–based domains.

GPMC provides the following:

  • A new user interface that integrates existing Group Policy functionality currently accessible by using various tools such as the Active Directory Users and Computers snap-in, the Active Directory Sites and Services snap-in, the Delegation of Control Wizard, the RSoP snap-in, the Delegation Wizard, and the ACL editor. The UI also simplifies inheritance and enforcement of GPOs.

  • Access to the Group Policy Object Editor (previously known as the Group Policy MMC snap-in).

  • Importing and exporting GPOs.

  • Copying and pasting GPOs.

  • Backing up and restoring GPOs.

  • Searching for existing GPOs.

  • Integration of RSoP capabilities:

    • Group Policy Modeling. Allows you to simulate RSoP data for planning Group Policy deployments prior to implementing them in the production environment.

    • Group Policy Results. Allows you to get RSoP data for viewing GPO interaction and for troubleshooting Group Policy deployments.

  • Support for migration tables to facilitate the importing and copying of GPOs across domains and across forests.

  • Reporting GPO settings and RSoP data in HTML reports that you can save and print.

  • Scripting all operations that are available within the tool. You cannot, however, use scripts to edit individual policy settings in a GPO.

Note

  • To help you get started, the GPMC installation includes sample scripts that use COM interfaces. The sample scripts are installed in the folder \Program Files\GPMC\Scripts\.

GPMC deployment and troubleshooting operations are described throughout this chapter. For detailed, step-by-step information about using GPMC to deploy and manage your Group Policy infrastructure, see Help in GPMC. Full details of the scripting interfaces are documented in the Group Policy Management Console Software Development Kit (SDK), which is located at program files\gpmc\scripts\gpmc.chm on any computer where you install GPMC. The GPMC SDK is also available in the Microsoft® Platform SDK. For more information and to download SDKs, see the Microsoft Platform SDK link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources.

Before you begin planning your Group Policy design, install GPMC. It is available as a download from the Microsoft Web site. See the Group Policy Management Console link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources.