NIST's guidance for a Zero Trust Architecture

Active Directory Policies

Group Policy

In a nutshell, a Group Policy is a collection of settings, which determine how a unit of users/computers should behave.

The Two Types of Group Policies:

Administrators can use Group Policies to enforce a set of configuration settings to both the computer and the user. Through Group Policies, administrators can control a myriad of settings like Software Installation, Security Settings, Scripts, Internet Explorer maintenance, desktop settings, and many more. There are two types of Group Policies. They are:

  • Local Group Policy and
  • Non-local Group Policy

Local Group Policy

Each computer running the windows line of the operating system has exactly one local group policy. It is available only to the particular computer in which it resides and to users who log on to that computer. The local group policy objects reside in the %systemroot%\System32\Group Policy folder. It has only a subset of settings that are available in the non-local group policy. Windows uses a Microsoft Management Console (MMC) snap-in called the Local Group Policy Editor to let administrators interact, control, navigate and edit the local Group Policy Object (GPO) settings. Learn about Local Group Policy Editor from this article.

Non-local Group policy

Each domain controller has one or more non-local group policies. They are available to all the machines and users in the Active Directory environment. A non-local group policy can be applied to all users and computers in a domain or to a particular OU depending on where the group policy is linked.

Need for Group Policies

As organizations seek to increase productivity and revenues through technology, they are also trying to minimize the complexity of managing a huge IT infrastructure. The following are some of the reasons that illustrate why group policies are a necessity:

Uniform User experience

Users are no longer confined to a single computer in their workplace. They use different computers for different tasks. So, all their files and folders along with their personalized settings such as taskbar location, wallpaper settings, desktop icons, etc., have to be made available in all the machines the user logs on to.


Even with all the authentication protocols and authorization techniques involved in AD, a malicious user, can still gain access to network resources, if the attacker comes to know about a user’s password. So, it is very important to have a strong password set for all the users in an organization. It is also important to record certain events like user logon, access to a particular folder, etc., for auditing purposes.

Organization wide Policies

Most organizations use wallpapers, screen savers, interactive logon messages, etc., in an effort to establish a standard among all their employees. Organizations also have Internet policies that all users in the organization should adhere to.

Cost and Time

Tasks like software installation consume a lot of time. Installing and updating software on all computers, for all users, will not only take time but also affects productivity, as employees lack access to their computers when the installation is taking place.

Group Policies play a crucial role in ensuring that the employees of an organization can have a hassle-free experience when it comes to using the IT resources to accomplish their tasks.

People also read

Group Policy Results

How to force Group Policy update?

Active Directory Group Policy in a Nutshell

Related posts
Active Directory Policies

Group Policy Management Console (GPMC) – Part II

Active Directory Policies

Fine-Grained Password Policy: A Step-by-Step Configuration Guide

Active Directory Policies

Active Directory Account Lockout Policy

Active Directory Policies

Active Directory Password Policy