Deploying Basic Settings by Using Group Policy

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

You can use Group Policy to define and deploy specific configurations for groups of users and computers. These configurations are created by using the Group Policy Management Editor and are contained in one or more Group Policy objects (GPOs) stored in Active Directory. To deploy the settings, the GPO is linked to one or more Active Directory containers, such as a site, a domain, or an organizational unit (OU). The settings in the GPO are then applied automatically to the users and computers whose objects are stored in those Active Directory containers. You can configure the work environment for your users once, and then rely on Group Policy to enforce your settings.

For an overview of Group Policy, see the Group Policy technology review in this guide. For more information about Group Policy, see Windows Server Group Policy at https://go.microsoft.com/fwlink/?linkid=93542.

Steps for deploying basic settings by using Group Policy

In this section, you create a set of OUs to contain your computer accounts. You then create GPOs that contain settings that are intended for a specific set of computers. You use the Group Policy Management Editor to configure a GPO that contains basic firewall settings, and then assign that GPO to the OU that contains your test computer. Finally, you create and apply a Windows Management Instrumentation (WMI) filter to restrict the application of the GPO to computers that are running a specified version of Windows. This enables you to have multiple groups of computers in a single Active Directory container (OU, site, or domain) that require different settings, and ensure that each receives the correct GPO.

The GPOs that you configure include some of the basic Windows Firewall with Advanced Security settings that are part of typical enterprise firewall settings.

Step 1: Creating OUs and Placing Computer Accounts in Them

Step 2: Creating the GPOs to Store Settings

Step 3: Adding the GPO Setting to Enable the Firewall on Member Client Computers

Step 4: Deploying the Initial GPO with Test Firewall Settings

Step 5: Adding the Setting that Prevents Local Administrators from Applying Conflicting Rules

Step 6: Configuring the Rest of Your Client Computer Firewall Settings

Step 7: Creating WMI and Group Filters

Step 8: Enabling Firewall Logging

Next topic: Step 1: Creating OUs and Placing Computer Accounts in Them