Information Technology Reference
In-Depth Information
Figure 7-8
Multiple GPOs linked to a container
Creating a New GPO
There are two ways to create a new GPO with the GPMC. You can
right-click the container you're linking the GPO to and select “Create a GPO in this domain, and
Link it here,” or you can right-click the Group Policy Objects folder and click New. The latter method
is preferable for the reasons stated earlier. After creating a GPO, you can edit it and link it to an Active
Directory container, if necessary. Because several GPOs can be linked to the same container, the best
practice is to create GPOs that set policies narrowly focused on a category of settings, and then name
the GPO accordingly. For example, if you need to configure policy settings related to the Network
node under Computer Configuration, create a GPO named CompNetwork. If this policy will apply
only to a certain container, you could include the container name in the GPO name—for example,
TestOU-CompNetwork. Creating and naming GPOs in this manner makes it easier to identify the
GPO that sets a particular policy and to troubleshoot GPO processing problems.
7
Activity 7-4: Creating, Linking, and Unlinking GPOs
Time Required:
15 minutes
Objective:
Create, link, and unlink GPOs.
Description:
You want to be sure you know how to create and test GPOs, so you create a test
OU and a GPO linked to it.
1. Log on to your server as Administrator, if necessary.
2. Open Active Directory Users and Computers, and create an OU named
TestGP1
under the
domain node.
3. Open GPMC. Right-click
TestGP1
and click
Create a GPO in this domain, and Link it here
.
In the New GPO dialog box, type
TestGP1GPO
in the Name text box, and then click
OK
.
4. If necessary, click
TestGP1
. In the right pane, notice that TestGP1GPO is listed as Enabled.
Any changes you make to the GPO take effect on any client that updates its policies.
5. Right-click
TestGP1GPO
and click
Delete
. Click
OK
. This action deletes only the link to the
GPO, not the GPO itself.
6. Click the
Group Policy Objects
folder to see all your GPOs, including the default GPOs.
7. Right-click
TestGP1GPO
and point to
GPO Status
. You can enable or disable a GPO or just
disable the Computer Configuration or User Configuration settings.
8. Right-click the
TestGP1
OU and click
Link an Existing GPO
. In the Select GPO dialog box,
click
TestGP1GPO
, and then click
OK
.
9. To link the same GPO to another container, right-click
TestOU
and click
Link an Existing
GPO
. In the Select GPO dialog box, click
TestGP1GPO
, and then click
OK
.
10. Click
TestOU
. Notice that both TestOUGPO and TestGP1GPO are linked to TestOU. If
both GPOs had the same policy setting configured but with different values, the value of the
policy setting in TestOUGPO would take precedence because it would be applied last.
Search WWH ::
Custom Search