Deploying Basic Settings by Using Group Policy
Published: November 2, 2007
Updated: December 7, 2009
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
You can use Group Policy to define and deploy specific configurations for groups of users and computers. These configurations are created by using the Group Policy Management Editor and are contained in one or more Group Policy objects (GPOs) stored in Active Directory. To deploy the settings, the GPO is linked to one or more Active Directory containers, such as a site, a domain, or an organizational unit (OU). The settings in the GPO are then applied automatically to the users and computers whose objects are stored in those Active Directory containers. You can configure the work environment for your users once, and then rely on Group Policy to enforce your settings.
For an overview of Group Policy, see the Group Policy technology review in this guide. For more information about Group Policy, see Windows Server Group Policy at http://go.microsoft.com/fwlink/?linkid=93542.
In this section, you create a set of OUs to contain your computer accounts. You then create GPOs that contain settings that are intended for a specific set of computers. You use the Group Policy Management Editor to configure a GPO that contains basic firewall settings, and then assign that GPO to the OU that contains your test computer. Finally, you create and apply a Windows Management Instrumentation (WMI) filter to restrict the application of the GPO to computers that are running a specified version of Windows. This enables you to have multiple groups of computers in a single Active Directory container (OU, site, or domain) that require different settings, and ensure that each receives the correct GPO.
The GPOs that you configure include some of the basic Windows Firewall with Advanced Security settings that are part of typical enterprise firewall settings.