Group Policy Basics


Group Policy has been an extremly handy tool for last few years for System Admins, yet an equally complex topic to digest and you need to know it inside-out in order to effectively troubleshoot the problems that occur from time to time in your environment. Lets start with the basics of Group Policy Mechanism.

A GPO is a virtual object. The policy setting information of a GPO is actually stored in two locations: the Group Policy container (GPC) and the Group Policy template (GPT). The Group Policy container is an Active Directory container that stores GPO properties, including information about version, GPO status, and a list of components that have settings in the GPO. The Group Policy template is a directory structure within the file system that stores Administrative Template-based policy settings, security settings, script files, and information regarding applications that are available for Software Installation. The Group Policy template is located in Sysvol in the \Policies sub-directory for its domain. GPOs are identified by their globally unique identifiers (GUIDs) and stored at the domain level. Replication of a GPO to other domain controllers happens through two different mechanisms. The Group Policy container is replicated by using Active Directory replication (RPC), whereas the Group Policy template is replicated using File Replication service (FRS) in Windows Server 2003 and for Windows Server 2008 (native domain) DFSR. The settings from a GPO are only applied when the Group Policy container and Group Policy template are synchronized.

 More on Group Policy later.