Featured Article — Windows Server Reduce group policy objects to simplify administration
Group policy enables administrators to apply restrictions and define users’ working environments across a site, domain, or organizational unit (OU). The concept of controlling user environment and applications is referred to as change control.
You develop group policy by creating and modifying group policy objects, or GPOs. You can define multiple GPOs at a site, domain, or OU level. Each GPO contains the same change control potential, meaning they each contain the same possible group policies. You might configure a particular set of policies in one GPO and configure a different set in a different GPO.
The more GPOs Windows must process during logon, the longer the logon process takes and the more overhead is involved in apply group policy. You can streamline group policy application by reducing the number of GPOs overall.
One way to reduce the number of GPOs is to apply a single GPO to multiple objects. For example, you can use a single GPO to apply a specific set of policies to multiple OUs—you don’t need to create a separate GPO for each one.
Follow these steps to assign an existing GPO to an OU:
1. Open the Active Directory Users and Computers console, right-click the OU on which you want to apply the GPO, and choose Properties.
2. Click the Group Policy tab, then click Add.
3. From the Look In drop-down list, select the domain.
4. Double-click the container in the object list where the GPO is defined.
5. Select the GPO and click OK.
6. Click OK to close the properties for the OU.
Effectively managing GPOs requires keeping track of where they are used. If needed, you can view the links for a particular GPO to determine where in the domain it is used. In the AD Users and Computers console, right-click an OU where the GPO is linked and choose Properties. Click the Group Policy tab, click the GPO, and click Properties. Click the Links tab and click Find Now to search the domain for links to the selected GPO. |
