What Are GPOs and Why Should You Be Using Them?

June 3, 2016 The TNS Group

Microsoft introduced Group Policy Objects (GPO’s) in 1999 as part Windows 2000 Active Directory.  Its main purpose then as now was to provide centralized, granular control over Domain member systems such as Servers and workstations, as well as end user Network accounts.  With each new iteration of Microsoft Active Directory Services comes new additions and updates to GPO options, so there’s always something new.

What Is a GPO?

A GPO is a policy that you can assign to an Active Directory Domain, Site or Organizational Unit “container” that controls various settings or behaviors of user and computer objects within these “containers”.  For example, creating a policy that mandates that all employee Internet Explorer Home Pages be directed to a specific Web Site can be easily set and enforced on end user Network accounts that reside in any given container.  Setting and implementing policies like this can be done quickly and centrally, and users cannot override or by-pass them.  GPO policies are applied to user Network accounts during the login process and to computers during the startup process, so implementing a new or updated GPO within your environment is as simple as having users restart their computers.

Due to the complexity and volume of options available, this post will provide only a primer for GPO’s and will barely scratch the surface of what can be achieved when well thought out and properly implemented GPO’s are in place.  To explore and discuss what Group Policy Objects can do for your Network, please contact The TNS Group.

Why Use GPO’s?

Standardize your Environment

By implementing policies that control end user and PC settings and behaviors, it is easy to achieve standardized and predictable configurations.   A short list of common examples are:

  • Assign Networked printers based on users physical location, department or other criteria of your choice
  • Map Network drives centrally and easily, and avoid using scripts or batch files to perform this task as they introduce risk
  • Set auto-save parameters for Microsoft Office files for everyone on your Network
  • Set Outlook to empty the “Deleted Items” folder when exiting

Secure Systems and Data

Your systems are constantly at risk from a variety of sources, be they user error, malicious intent or simple accidents.  A brief list of examples of how GPO’s can protect against some common risks follows:

  • Redirect end user “Documents” folders to a Server system that is backed up as opposed to leaving Company data on PC’s that are not backed up
  • Restrict UBS port usage to prevent users from connecting external storage devices such as thumb drives that might contain malware
  • Set and enforce strict password policies
  • Set PC’s to go to a locked screen saver after a specified period of idle time

Again, there are literally hundreds of GPO’s available that make managing your Network easier and more predictable.  This post is just an overview to introduce you to this important tool that may already be at your disposal.  If you already leverage the power of Group Policy Objects on your Network, keep in mind that Microsoft makes updates with each new version of Active Directory that they introduce.  If you upgraded your Active Directory Servers fairly recently but haven’t revisited GPO options in a while, you owe it to yourself to take a look to see what new items may have been added that you can take advantage of.

To learn more about Group Policy Objects or to find out if you are using them to their fullest potential, contact The TNS Group.

By:  Graham McClelland, Engineering, The TNS Group


, , , ,