In a nutshell, a Group Policy is a collection of settings, which determine how a unit of users/computers should behave.
The Two Types of Group Policies:
Administrators can use Group Policies to enforce a set of configuration settings to both the computer and the user. Through Group Policies, administrators can control a myriad of settings like Software Installation, Security Settings, Scripts, Internet Explorer maintenance, desktop settings and many more. There are two types of Group Policies. They are:
- Local Group Policy and
- Non-local Group Policy
Local Group Policy
Each computer running the windows line of operating system has exactly one local group policy. It is available only to the particular computer in which it resides and to users who log on to that computer. The local group policy objects reside in the %systemroot%\System32\Group Policy folder. It has only a subset of settings that are available in the non-local group policy.
Non-local Group policy
Each domain controller has one or more non-local group policies. They are available to all the machines and users in the Active Directory environment. A non-local group policy can be applied to all users and computers in a domain or to a particular OU depending on where the group policy is linked.
Need for Group Policies
As organizations seek to increase productivity and revenues through technology, they are also trying to minimize the complexity of managing a huge IT infrastructure. The following are some of the reasons that illustrate why group policies are a necessity:
Uniform User experience
Users are no longer confined to a single computer in their workplace. They use different computers for different tasks. So, all their files and folders along with their personalized settings such as taskbar location, wallpaper settings, desktop icons, etc., have to be made available in all the machines the user logs on to.
Even with all the authentication protocols and authorization techniques involved in AD, a malicious user, can still gain access to network resources, if the attacker comes to know about a user’s password. So, it is very important to have a strong password setting for all the users in an organization. It is also important to record certain events like user logon, access to a particular folder, etc., for auditing purposes.
Organization wide Policies
Most organizations use wallpapers, screen savers, interactive logon messages, etc., in an effort to establish a standard among all its employees. Organizations also have Internet policies that all users in the organization should adhere to.
Cost and Time
Tasks like software installation consume a lot of time. Installing and updating software in all computers, for all users, will not only take time, but also affects productivity, as employees lack access to their computers when the installation is taking place.
Group Policies play a crucial role in ensuring that the employees of an organization can have a hassle free experience when it comes to using the IT resources to accomplish their tasks.