If we take a step back and try to analyze the term Group Policy, it’s easy to become confused.
When I first heard the term, I didn’t know what to make of it.
I asked myself, “Are we applying ‘policy’ to ‘groups’? Is this some sort of old-school NT 4
System Policy applied to Active Directory groups?”
Turns out, “Group Policy” as a name isn’t, well, excellent. That’s because, at cocktail
parties, I have a hard time telling the person next to me what I teach and write about.
If I said something like “I teach databases,” he would cheerfully go back to his scotch and
soda and leave me alone. But because I say, “I teach Group Policy to smart people looking to
get smarter,” he (unfortunately) wants to know more. He’ll say something like “What does
that mean? I’ve never heard of Group Policy before.” And while I love talking about Group
Policy with you, my friendly IT geeks, at a cocktail party full of stuffed shirts, I just want to
get another canapé.
So, the name “Group Policy” can be kind of confusing, but it’s also intriguing. Microsoft’s
perspective is that the name “Group Policy” is derived from the fact that you are “grouping
together policy settings.” I don’t really love the name Group Policy—but it’s the name we
have, so that’s what it’s called. As Juliet might say, “What’s in a name? That which we call a
rose by any other name would smell as sweet,” (Romeo and Juliet, II, ii, 43–44).
Group Policy is, in essence, rules that are applied and enforced at multiple levels of Active
Directory. Policy settings you dictate must be adhered to by your users and computers. This
provides great power and efficiency when manipulating client systems.
Instead of running around from machine to machine, you’re in charge (not your users).
When going through the examples in this book, you will play the various parts of the
end user, the OU administrator, the domain administrator, and the enterprise administrator.
Your mission is to create and define Group Policy using Active Directory and witness it
being automatically enforced. What you say goes! With Group Policy, you can set policies
that dictate that users quit messing with their machines. You can dictate what software
will be deployed. You can determine how much disk space users can use. You can do pretty
much whatever you want—it is up to you. With Group Policy, you hold all the power.
That’s the good news.
And this magical power only works on Windows 2000 or later machines.
That includes Windows 2000, Windows XP, Windows Server 2003 (as a client),
Windows Vista, Windows Server 2008 and 2008 R2 (as a client), Windows 7, and
of course, Windows 8 and Windows Server 2012.
This shouldn’t be a problem, since you’ve expunged all the Windows 95, Windows 98,
or Windows NT workstations or servers. Hey, it is 2013 (or maybe later!), after all!
I’ll likely say this again in multiple places, but I want to get one “big ol’ misconception”
out of the way right here, right in the introduction. The Group Policy infrastructure
does not care what mode your domain is in. If you have only one type of Domain
Controller, or a mixture of Domain Controllers, 100 percent of everything we cover in
this book is valid.