Group Policy

 Group Policy objects (GPOs). You can link GPOs to domains, sites and organizational units (OUs). For even more control, GPOs can be applied according to the results of Windows Management Instrumentation (WMI) filters, although WMI filters should be used sparingly because they can significantly increase policy processing time.

The Group Policy Management Console (GPMC) is a built-in Windows administration tool that enables administrators to manage Group Policy in an Active Directory forest and obtain data for troubleshooting Group Policy. You can find the Group Policy Management Console in the Tools menu of Microsoft Windows Server Manager. It is not a best practice to use domain controllers for everyday management tasks, so you should install the Remote Server Administration Tools (RSAT) for your version of Windows.

Group Policy is an integral feature built into Microsoft Active Directory. Its core purpose is to enable IT administrators to centrally manage users and computers across an AD domain. This includes both business users and privileged users like IT admins, and workstations, servers, domain controllers (DCs) and other machines.

Organization Unit (OU)

Create a NEW OU-

Inside OU I am creating another OU.

Created multiple OU Structure

Now Applying Policy in Created OU.

Group Policy.

Open the Group Policy Management from server manager

So here creating and applying new policy as per privacy

Right click on particular Department and create GPO(Group Policy Object)

Here, applying restriction to access control panel

Created the group policy to particular department.

So now need to disable control panel access.

Right click and click to edit policy

Once you will edit GP Management edit will open.

Right click and edit and enabled

Once you have applied the policy also need to update the policy

So, open command promt as Administrator

Gpupdate /force

Disabled Network from OU

Now allowed to open advanced Network TCP/IP Setting

System Restriction

Not allowed to change password and task manager

Not allowed to redirecting profile folder

Creating new policy to Disable USB

Edit group policy.

User Configuration > Administrative Templates > System >

Removable Storage Access and click it.

Apply and click okay

Disable Taskbar

Backup Group Policy

As a sysadmin in a week or months take the full GPO Backup.

So here taking full GPO Backup.

 So, now taking particular policy backup.

USB Drive GP Backup and Taskbar.

Restore Group Policy

If by mistake I have deleted Taskbar Group policy

Go to group policy object click to restore from backup.

Select next

Select the backup restoration location

If by mistake policy deleted from Group policy objects

Need to right click on Group policy objects

Click on manage backups

And select the backup location

Click to restore

If by mistake deleted from Group Policy from ou.

So now deleted taskbar policy

In this scenario we can copy from Group policy objects.

Paste here,

So now again group policy restored in ou and group policy objects.

Leave a Reply

Your email address will not be published. Required fields are marked *