When working with servers whose operating system is Windows Server 2019 , without a doubt we are working with a reliable, secure, scalable system that will allow us to carry out various functions of both configuration and element management in a much more centralized and direct way for each available role..
Among the basic tasks, but fundamental, to maintain the best performance of the server , is to assign, edit or delete permissions and actions to both users and teams in the organization. If this were done individually it would involve too much time so that Microsoft has developed the Group Policy (GPO) in order for any change or order to be created, it is automatically replicated to all the teams in the organizational unit. where said GPO was created or throughout the domain.
TechnoWikis will analyze in detail what the GPOs are and how we can make use of their administration console to understand all their features and thus carry out the control tasks in a much more organized way. For this we will use Windows Server 2019 ..
What are the GPOs?
A GPO (Group Policy Object) is a virtual collection of various policy configurations that can be applied to both elements and computers or domain users. Each GPO has a unique name which is known as GUID.
The basic group policy settings are stored in a GPO and therefore each GPO can represent multiple policy settings both in the file system and in the Active Directory. The local group policy object, also called Local GPO, is stored on each computer individually, in the hidden Windows directory on the path:
C: \ Windows \ System32 \ GroupPolicyUsers
With this environment, all computers whose Windows operating system will have a local GPO , whether or not this computer is part of an Active Directory environment. All local GPOs are always processed because Active Directory-based GPOs have much higher priority than the others because of their domain performance.
Now, in the case of setting up a domain in Windows Server 2019, in this domain the GPOs are formed as a collection of group policy settings, which are stored as a virtual object; which is defined by two values ​​that are a group policy container and a group policy template.
With the Group Policy container, where the information associated with the properties of a GPO is hosted, it is stored in Active Directory on each domain controller of the selected domain. While the group policy template is responsible for storing the data in a GPO and storing it in the SYSVOL folder in the / Policies subdirectory..
For this reason, when a GPO is created or edited, it will affect all users and teams that are located within sites, domains and OU (Organizational Units).
Within the management tasks on GPOs, it is important to mention that, since GPOs contain group policy settings, these GPOs can be configured, restored, copied and delimited using the GPMC or policy management console; which allows to take a much more direct control over them.
Let's start to see and learn from all the chapters of this great tutorial.
1. How to install the GPMC console on Windows Server 2019, 2016
Step 1
To install the Group Policy Console (GPMC) in Windows Server 2019, we must go to the "Server Administrator" utility and use one of the following options:
- Go to the "Manage" menu> "Add roles and features".
- Click on the "Add roles and features" line located in the central panel of the administrator.
Step 2
In the window that will appear, we will go to the "Features" section and there activate the "Group policy management" box. Click on "Next" and follow the steps of the assistant.
Step 3
To open the GPMC console we have two alternatives that are:
- We can go to the "Tools" menu and there select the option "Group Policy Manager".
- Using the key combination:
+ R
Now we can execute the command:
gpmc.msc
Press "Enter" or "Accept" [/ panelplain]
Step 3
The environment we will see will be the following:
In the administration console we find our domain, the sites and the different options of organizational units that we have created in the domain.
We can carry out various tasks from the console; which we will analyze in detail.
Login Join up!