Windows 7 / Networking

---

Managing Computers with Domain Policies

Managing the configuration and settings of domain servers and workstations can be standardized using domain group policies. Domain group policies offer the advantage of taking user error and mistakes out of the loop by pushing out the configuration and security of computers from a single or a set of group policies. Of course, with this much control it is essential that group policies are tested and tested again to verify that the correct configuration and desired results are achieved with the policies. In the early days of Active Directory domain based group policies, a few organizations, found themselves locked out of their own computers and Active Directory domain controllers because of overrestrictive Group Policy security settings and application of these settings to all computers and users, including the domain administrators. When this situation occurs, a domain controller can be rebooted into Directory Services Restore mode and an authoritative restore of Active Directory might be required.

Before domain group policies can be created and managed, the Group Policy Management Console needs to be installed. Also, if printers will be installed using the Deploy Printer function of Group Policy, the Print Services Tools should also be installed. To install the GPMC and Print Services Tools, perform the following steps:

1. Log on to a designated administrative system running Windows Server 2008 R2.
2. Open Server Manager from the Administrative Tools menu.
3. After Server Manager loads, click on the Features node in the tree pane.
4. Select Add Features in the right pane.
5. Scroll down and check the box next to Group Policy Management.
6. Expand Remote Server Administration Tools and expand Role Administration Tools.
7. Check the box next to Print and Document Services Tools and click Next.
8. Confirm the selection and click Install to begin the process.
9. After the process completes, click Close to complete the installation.

Creating a New Domain Group Policy Object

To create a new domain Group Policy Object, perform the following steps:

1. Log on to a designated Windows Server 2008 R2 administrative server.
2. Click Start, click All Programs, click Administrative Tools, and click on Group Policy Management.
3. If necessary, expand the forest node, the domains node, and the correct domain.
4. Right-click the Group Policy Objects container, and select New.
5. Type in a name for the new GPO.
6. If the starter GPO functionality in the domain is enabled and if a suitable starter GPO exists, click the Source Starter GPO drop-down list arrow, and select either (None) or the desired starter GPO.
7. Click OK to create the GPO. In the tree pane of the Group Policy Management Console window, expand the Group Policy Objects container to reveal the newly created GPO.
8. After the GPO is created, it can be edited by right-clicking on the GPO and selecting Edit.
9. Close the Group Policy Management Console and log off of the server.

Creating and Configuring GPO Links

After a GPO is created and configured, the next step is to link the GPOs to the desired Active Directory containers. To link an existing GPO to an Active Directory container, perform the following steps:

1. Log on to a designated Windows Server 2008 R2 administrative server.
2. Click Start, click All Programs, click Administrative Tools, and click on Group Policy Management.
3. Add the necessary domains or sites to the GPMC as required.
4. Expand the Domains or Sites node to expose the container to which the GPO will be linked.
5. Right-click the desired site, domain, or organizational unit, and select Link an Existing GPO.
6. In the Select GPO window, select the desired domain and GPO, and click OK to link it.