none
How do they do it?

    Question

  • I've seen how you can use group policy, but how do administrators make group policy settings apply to all computers within a network or a member of a domain? Do they use Active Directory?

    I am from PMC; planetminecraft.com/member/dr__steve You should join!

    Thursday, November 5, 2015 2:03 AM

Answers

  • They use a domain controller which runs Windows Server.  This comes with management software that allows system administrators to make domain wide changes.

    If you find "Group Policy Management" under the Start menu, you can view the domains and edit the group policy for the default domain, which affects all domain users and computers.

    Thursday, November 5, 2015 2:50 AM
  • Hi Steve,

    Its depends on your OS version, Windows 2003 it was managed within ADUC. But from Server 2008, we have a dedicated console.

    Yes, GP is a active directory thing, they use the Domains,Sites, OU's to apply the policies to users and computer accounts residing in them.

    Start here:

    Group Policy

    https://technet.microsoft.com/en-us/windowsserver/bb310732.aspx


    Regards,

    Satyajit

    Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Thursday, November 5, 2015 4:34 AM

All replies

  • They use a domain controller which runs Windows Server.  This comes with management software that allows system administrators to make domain wide changes.

    If you find "Group Policy Management" under the Start menu, you can view the domains and edit the group policy for the default domain, which affects all domain users and computers.

    Thursday, November 5, 2015 2:50 AM
  • Hi Steve,

    Its depends on your OS version, Windows 2003 it was managed within ADUC. But from Server 2008, we have a dedicated console.

    Yes, GP is a active directory thing, they use the Domains,Sites, OU's to apply the policies to users and computer accounts residing in them.

    Start here:

    Group Policy

    https://technet.microsoft.com/en-us/windowsserver/bb310732.aspx


    Regards,

    Satyajit

    Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Thursday, November 5, 2015 4:34 AM
  • You said it was managed within AD Users & Computers on Windows 2003, but what about Windows 2012 R2? You said Dedicated Console; how do I get that?

    Also, how exactly do I change policy settings in AD Users & Computers? Further, can I stop certain computers from joining the domain based on Hostname or NetBIOS?

    Saturday, November 7, 2015 1:09 AM
  • Hi Steve,

    The Summit's answer was for the new dedicated console.

    Run->gpmc.msc

    You can run this on cmd or powershell console as well.

    Q.Also, how exactly do I change policy settings in AD Users & Computers?

    A. Please read the links I gave, understand what GP is and how it works. Please be cautious, as changes can impact the whole domain, all objects.

    Group Policy Management Console

    https://technet.microsoft.com/en-us/library/cc753298.aspx

    Group Policy Management Console (GPMC) is a scriptable Microsoft Management Console (MMC) snap-in, providing a single administrative tool for managing Group Policy across the enterprise. GPMC is the standard tool for managing Group Policy.

    Q. stop certain computers from joining the domain based on Hostname or NetBIOS?

    A. This should be a new question. My answer would be rather than blocking computers based on names, you should be restricting who has access to join the computer to the domain.

    Cause if Computer1 is not getting joined, I can easily rename it to Computer2 and join it, you can't keep on blocking all the names right.


    Regards,

    Satyajit

    Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Monday, November 9, 2015 4:41 AM