Group Policy integration

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Group Policy integration

Group Policy can be used to define default settings that will be automatically applied to user and computer accounts in Active Directory. Policy settings can be used to manage desktop appearance, assign scripts, redirect folders from local computers to network locations, determine security options and control what software can be installed on particular computers and what software is available to particular groups of users.

Here are a few examples of how Group Policy settings can be used in Active Directory:

  • Set the minimum password length and the maximum length of time that a password will remain valid. This can be configured for an entire domain.

  • Administrators can automatically install an application on every computer in a particular domain or on all computers assigned to a particular group in a particular site. For example, you could automatically install Microsoft Outlook on every computer in the domain and automatically install Microsoft Excel only on those computers belonging to the Accounting group in a particular site.

  • Logon, logoff, startup, and shutdown scripts can be assigned based on the locations of the computer and user accounts in Active Directory.

  • If members of a particular group often use different computers, administrators can install the necessary applications on each of those computers.

  • Any user's My Documents folder can be redirected to a network location. Users can then gain access to their documents from any computer on the network.

Policy settings are stored in Group Policy objects. Group Policy settings from more than one Group Policy object can be applied to a particular site, domain, or organizational unit. For example, if a site contains three domains, one Group Policy object could control computer configurations for the entire site. A separate policy for each domain could determine specific security settings for the computers in each domain. If each domain contains an Accounting and a Marketing organizational unit, additional Group Policy objects could determine what software is installed on the computers used by the Accounting and Marketing groups throughout the entire site.

This ability to automatically configure and secure computers throughout your organization by selectively applied Group Policy objects is a very powerful administrative tool. For more information about controlling software installation with Group Policy and how to create a Group Policy object, see Group Policy (pre-GPMC).

You can use security groups to filter how Group Policy settings are applied to collections of users and computers belonging to a particular site, domain, or organizational unit. For more information about security groups, see Group types. For general information about Group Policy, see Group Policy overview.