What you will learn:
Group Policies in Active Directory (AD) simplify the administrative burden and make management a whole lot easier. When an administrator needs to control and configure settings on a local computer that is not part of AD, the settings specific to that computer can be configured in the Local Group Policy editor. In this article, will will take a look at what a Local Group Policy Editor is, how you can access it, and what settings are available that you can configure through the Local Group Policy Editor.
What is the Local Group Policy Editor?
The Local Group Policy Editor is a Microsoft Management Console (MMC) snap-in that Windows uses to let administrators interact, control, navigate, and edit the local Group Policy Object (GPO) settings. The Local Group Policy snap-in divided the settings into two categories, which are:
- Computer Configuration
- User Configuration
While the Computer Configuration settings allow administrators to set policies that are applied to the computer regardless of who logs on, the User Configuration settings allow administrators to set policies differently for different users who log on to the specific computer. A simple launch of the Local Group Policy Editor presents administrators with a hierarchical view for configuring settings in GPOs.
Opening the Local Group Policy Editor
There are several ways through which administrators can open the Local Group Policy Editor. Here are three:
Method 1: Through command prompt
- Go to Start and click Command Prompt. If it not available in the Start menu, you type command prompt in the search box and click on the result.
- In the cmd window, type gpedit.msc and press ENTER.
The Local Group Policy Editor window will open.
Method 2: From the Start menu
- Go to Start and type gpedit.msc in the search box
- Click on the Edit Group Policy search result
The Local Group Policy Editor window will open.
Method 3: Through MMC Snap-in
- Go to Start, type mmc in the search box, and press ENTER. The MMC console window will open.
- If the Local Group Policy Editor snap-in has not been added, you will have to add it. Click on File and select Add/Remove Snap-in.
- In the Add/Remove Snap-ins window, select Group Policy Editor from the list of available snap-ins, and click Add.
- In the Select Group Policy Object dialog box, click on Browse.
- To edit the Local Group Policies for the computer, click This Computer in the Computers tab, then click OK.
- If you want to configure the Local Group Policies for users, click the Users tab and choose among the available users for the computer, then click OK.
- Click Finish, and then click OK in the Add/Remove Snap-ins window.
The Local Group Policy Editor window has now been added.
How to edit Local Group Policies using the Local Group Policy Editor
The following steps illustrate how to edit a Local Group Policy object:
- Once you open the Local Group Policy Editor snap-in, in the left pane of the window, double-click on a folder to view the available policy settings.
- In the right pane, you will be able to view the available policies. Click on a policy to view its properties, and double-click on the policy to edit its properties as required.
Group Policy settings can also be modified with the Windows Registry Editor. However, the Local Group Policy Editor is a safer and easier option.
Computer Configuration and User Configuration
The Local Group Policy Editor is divided into Computer Configuration and User Configuration, both of which consist of Software Settings, Windows Settings, and Administrative Templates. Listed below are the details of each of the settings.
|Settings||Computer Configuration||User Configuration|
|Software Settings||Applies to all users who log on to the computer. It contains a Software Installation subcategory.||Applies differently to different users who log on to the computer. It contains a Software Installation subcategory.|
|Windows Settings||Applies to all users who log on to the computer. It has four subcategories: Name Resolution Policy, Scripts, Security Settings, and Policy-based QoS.||Applies differently to different users who log on to the computer. It has three subcategories: Scripts, Security Settings, and Policy-based QoS.|
|Administrative Templates||Contains all registry-based policy settings. It has the following subcategories: Control Panel, Network, Printers, System, Windows Components, and All Settings.||Contains all registry-based policy information. It has the following subcategories: Control Panel, Desktop, Network, Shared Folders, Start Menu and Taskbar, System, Windows Components, and All Settings.|
Administrative templates are a group of settings used by administrators to make changes to the registry by setting policies for the operating system, Windows components, and programs. In Windows XP and earlier, Administrative Templates were Unicode formatted text files with a .adm extension. The later versions offer Administrative Templates as a combination of ADMX and ADML file types. Every ADMX file has a unique language file called the ADML file to read out the policies.
Here is a quick comparison between ADM and ADMX/ADML:
|Adm file type||Admx/adml file type|
|Groups several complex settings into chunky files.||Logically splits settings into small and easy-to-handle files.|
|Demands higher storage space.||Needs lower storage space requirements.|
|Registry policies use ADM syntax.||Registry policies use XML syntax.|
|ADM files are stored in individual GPOs by default.||By default, ADMX/ADML files are obtained from the computer performing the GPO administration. After the central store is implemented, the files are centralized.|
|They can be found by default in the location C:\Windows\inf. The ADM template also gets added to the contents of the GPO itself.||They can be found by default in the file location C:\Windows\policyDefinitions.|
Multiple Local Group Policy
Multiple Local Group Policy is a collection of Local Group Policy objects. It is an enhancement to Local Group Policy. With Multiple Local Group Policy objects, the settings can be selectively applied to different users at different levels on a specific computer, thereby decentralizing the management of desktops. Multiple Local Group Policy objects on a computer comprise of the following:
- Local Computer Policy that applies to the computer and to everyone who logs on to the computer.
- Administrators Local Group Policy that applies to members of the built-in Administrators group.
- Non-Administrators Local Group Policy that applies to all users who are not members of the Administrators group.
- User-specific Local Group Policy that apply to specific users who logs in to the computer.