Windows Group Policy Management Console
Group Policy Management Console
The Group Policy Management Console (GPMC) unifies Group Policy management across an enterprise. it is known as Active Directory Group Policy Management because it is a built-in Windows administration tool that enables administrators to manage Group Policy in Active Directory, a directory service developed by Microsoft for the easy management of Windows domain networks.
A Group Policy Object (GPO) is a collection of settings applied to computers and users. An Organizational Unit (OU) is a collection of computers and users that settings are applied to. GPOs control Computer and User settings and contain settings that are individually set for each policy. GPOs and the GPMC do not work without a domain controller (and associated domain) and domain admin credentials. Security Filter restricts the application of a GPO to a particular user, group, or computer, and is configured for each GPO.
Install Group Policy Management Console
Installing a group policy management console from a windows server (2012 and above) requires the following steps.
- Go to Start, then Control Panel and select Turn Windows features on and off under Programs.
- In the Add Roles and Feature Wizard window that opens, select Features.
- Check Group Policy Management and click Next.
- Click Install.
Opening Group Policy Management Console
Once the group policy management console has been installed, it can be opened through the Server manager under the Tools section. It can also be opened using one of the following steps.
- Go to Start, the Run. Type gpmc.msc and click OK.
- Go to Start, type gpmc.msc in the search bar, then hit Enter.
- Go to Start, then Administrative Tools, then Group Policy Management.
Group Policy
Group Policy is a feature of Microsoft Windows that acts primarily as a security tool and controls the working environment of user and computer accounts. It allows for centralized management of operating systems through Active Directory. With Group Policy, administrators can configure operating systems, applications, and various user settings. A Group Policy Object provides a snapshot of how the system will function. GPOs are created in the Microsoft Management Console (MMC).
Creating a new Group Policy Object GPO
To create a new group policy object, an individual must have permission or be a member of the Domain Administrators group. They can create the GPO by following the steps below.
- Open the Group Policy Management console.
- In the navigation pane, expand Forest:YourForestName, expand Domains, expand YourDomainName, and then click Group Policy Objects.
- Click Action, and then click New.
- In the Name text box, type the name for your new GPO.
- Leave Source Starter GPO set to (none), and then click OK.
- If the GPO will not contain any user settings, then performance can be improved by disabling the User Configuration section of the GPO by clicking the new GPO in the navigation pane followed by the details tab and changing the GPO status to "User configuration settings disabled".
A starter GPO provides a template-like function for Group Policy Objects. They were created to help administrators with the quicker creation of Group Policy Objects. Settings in the Administrative Templates part of the Group Policy can be configured by the administrator when a starter GPO is established. Starter GPOs contain settings that other policies can reference.
How to Edit Group Policy?
The steps on how to edit group policy using the edit window in GPMC include:
- Open the Control Panel on the Start Menu
- Click the Windows icon on the Toolbar, then click the widget icon for Settings.
- Start typing "group policy" or "gpedit"
- Click the "Edit Group Policy" option
Editing a GPO
The following steps can be followed to edit group policy objects using GPMC.
- Start the Group Policy Management application. Press (Windows Key + R), type "gpmc.msc", then click "OK"
- Navigate to the Domain to be managed then to the Group Policy Objects container.
- To begin editing a GPO, right-click the GPO and select "Edit". The GPO will open in the Group Policy Management Editor.
Deleting a GPO
Steps to delete group policy objects using the GPMC include:
- In the Group Policy Management Console tree, click Change Control in the forest and domain in which the GPO is to be managed
- On the Contents tab, click the Controlled tab to display the controlled GPOs.
- Right-click the GPO to delete, and then click Delete.
Linking a GPO
The following steps can be used to link group policy objects if already created.
- Locate the OU or Domain that the GPO should be applied to, then right-click it
- Select Link an Existing GPO, then select the GPO from the list and click OK.
A GPO link is enabled by default but can be enabled or disabled in the GPMC. If it is enabled, right-click the GPO under the OU and uncheck the option "Link Enabled" to disable it.
Managing GPO Backups
To manage group policy object backups
- Go to Start and navigate to Administrative tools.
- Navigate to Group Policy Management
- In the GPMC window, expand the Group Policy Objects folder that contains the GPO to be backed up.
- Right-click the GPO, and then click Back Up.
- When the Backup Group Policy Object window is opened, specify the path to the folder where the backed-up version of the GPO should reside and click Back Up.
- Once the GPO backup operation is done, click OK.
To restore Group Policy objects from a backup
- Go to Start and navigate to Administrative tools.
- Navigate to Group Policy Management
- Navigate to the Group Policy Objects container in the window that opens
- Right-click on the container and click on Manage Backups and a list of GPO backups will open
- Select the GPO to be restored
- Once the GPO settings have been verified, click the Restore button to start the GPO restoration process.
- Click on OK in the confirmation dialogue box that opens.
Importing settings from a GPO
The following steps can be used to import settings from a group policy object using GPMC.
- Navigate to the domain of the target GPO
- Expand the Group Policy Objects container
- Right-click on the target GPO and select Import Settings
- Click Next.
- Click the Backup button if a backup of the GPO is desired and click Next
- Select the backup folder location and click Next.
- Select the backup instance you want to import from and click Next.
- The system will scan for security principles and UNC paths in the GPO from which the import is being done and will provide an option to modify the settings if they exist. Click Next and Finish.
Windows Group Policy Editor
Windows Group Policy Editor is an administration tool that is used to configure certain settings (Group Policy Objects) on computers or networks such as password requirements, startup programs, and user access. Group Policy Editor is most often used by information technology (IT) administrators to quickly change settings on a computer network.
Open the Group Policy Editor
There are different methods to open Windows Group Policy Editor and issue the group policy command
- From the Run Window- Press Windows+R on the keyboard to open the "Run" window, type gpedit.msc, and then hit Enter or click "OK"
- From the Command Prompt- open a Windows Command Prompt and type "gpedit" or "gpedit.msc", then hit Enter.
- From Control Panel- launch Control Panel and click the search box in the upper-right corner of the window. Type "group policy" and click the "Edit Group Policy" link just below the "Administrative Tools" heading.
Purpose of Windows Group Policy Editor
Windows group policy editor's purpose is mainly for security. It allows an administrator to apply security settings to users and computers on a network. The GPMC is a tool that allows administrators to carry out these functions by managing group policy.
Lesson Summary
The Group Policy Management Console (GPMC) unifies Group Policy management across an enterprise. Group Policy is a feature of Microsoft Windows that acts primarily as a security tool and controls the working environment of user and computer accounts. A Group Policy Object (GPO) is a collection of settings applied to computers and users and an organizational unit (OU) is a collection of computers and users which settings will be applied to. GPOs control Computer and User settings.
GPOs contain settings that are individually set for each policy, while Starter GPOs contain settings that other policies can reference. GPOs and the GPMC won't work without a domain controller (and associated domain) and domain admin credentials. Security Filter restricts the application of a GPO to a particular user, group, or computer, and is configured for each GPO.
To unlock this lesson you must be a Study.com Member.
Create your account
What is GPO and how does it work?
A Group Policy Object (GPO) is a collection of settings applied to computers and users. GPOs control Computer and User settings, contain settings that are individually set for each policy and is mainly used by administrators.
How do I open Group Policy Editor in CMD?
Group Policy Editor can be opened from the Command Prompt. Open a Windows Command Prompt and type 'gpedit' or 'gpedit.msc', then hit Enter.
How do I open the Group Policy Editor in Windows 10?
There are different methods to open Windows Group Policy Editor. It can be opened using the command prompt, control panel, or run window.
How do I open the Group Policy Management Console?
Group policy management console can be opened through Server manager under the Tools section. It can also be opened by one of the following steps:
Go to Start, the Run. Type gpmc.msc and click OK.
Go to Start, type gpmc.msc in the search bar, then hit Enter.
Go to Start, then Administrative Tools, then Group Policy Management.
How do I manage group policy?
Group policy can be managed using the Group Policy Management Console (GPMC). It is a built-in Windows administration tool that enables administrators to manage Group Policy in Active Directory.
What is group policy management in Active Directory?
Active Directory is a directory service developed by Microsoft for the easy management of Windows domain networks. Group Policy in Active Directory is a hierarchical system that allows a network administrator to implement specific configurations for users and computers.
Register to view this lesson
Unlock Your Education
See for yourself why 30 million people use Study.com
Become a Study.com member and start learning now.
Become a MemberAlready a member? Log In
Back