A GPO (Group Policy Object - Group Policy Objects) is basically a set of policies to create in the domain, both on the local server and on the client computers, a series of conditions and restrictions focused on improving the security of the computers since in many organizations users can perform actions that go against good practices and these result in a global impact on Windows Server..
GPO use
As administrators we can use GPOs to control all this, if we want to implement a GPO we must take into account:
- The computers to be managed must be joined to the domain and the users must have the domain credentials for the login.
- The local network must be configured through AD DS, this implies that the server must have the AD DS (Active Directory) role already configured.
- Permissions are required to edit Group Policy in the domain.
GPO types
There are two types of GPO which are:
- Default Domain Policy: as its name implies, it is the default policy of the domain and integrates policy settings for all computers and users in the domain.
- Default Domain Controller Policy: it is another policy by default, but oriented to the domain controller.
GPO sections
When we configure a GPO these are divided into sections such as:
Each of these integrates at the same time a set of options to be managed as necessary.
To stay up to date, remember to subscribe to our YouTube channel! SUBSCRIBE
How to create and manage a GPO in Windows Server 2022
Step 1
We go to the Server Manager and there we will go to "Tools - Group Policy Management":
Step 2
This will display the following window where we see the current forest of the domain:
Step 3
We right click on the domain and select the option "Create a GPO in this domain and link it here":
Step 4
We assign the name to the GPO:
Step 5
Click OK to create it, we can see it in the domain structure:
Step 6
We right click on the GPO created and select "Edit":
Step 7
We will see the following:
Step 8
We go to the path "Computer Configuration - Policies - Administrative Templates - Start Menu and Taskbar":
Step 9
We select the policy "Remove and prevent access to the Shutdown, Restart, Suspend and Hibernate commands", double-click on it and we will see the following:
Step 10
We activate the "Enabled" box:
Step 11
Apply the changes by clicking Apply and OK:
Step 12
On a domain client computer, we can validate that the GPO has been applied correctly:
Step 13
Again in Windows Server 2022, we right click on the domain and select "Search":
Step 14
In the displayed window we select the search criteria to locate the GPOs on the server:
Step 15
We click on "Search" to list the matches:
Step 16
We can right click on the GPO to see the various options to use with the GPOs:
Step 17
To delete a GPO, we right-click on the GPO and select "Delete":
Step 18
The following message will be displayed:
Step 19
Confirm the operation by clicking OK and the GPO will have been removed from the server:
With these steps we have seen how to create and edit a GPO in Windows Server 2022..