Microsoft Group Policy Management is a utility that allows you to configure Group Policy settings and provides an easy way to configure computer and user settings on computers that are part of a domain. It defines how users or groups of users can use their machines, restricting or allowing features as necessary.
Steps to Edit Group Policy Settings
The following steps explain how to use Group Policy Management to edit Group Policy Settings:
- Log in to the domain controller as administrator
It is important to log in as administrator as a standard domain user account is not in the local administrators group and so will not have the proper permissions to configure Group Policies.
- Launch the Group Policy Management Tool
From the Start menu, choose All Programs, Windows Administrative Tools, Group Policy Management
- Navigate to the required Organizational Unit (OU)
Group policy can be applied at domain level, OU level or at site level. Navigate to the default domain policies.
- Edit the Group Policy
Right click on the required Group Policy Object (GPO) to edit the group policy settings. The Group Policy Management Editor will open. Each GPO has two basic configurations:
- Computer configuration (applies to computers)
- User configuration (applies to user accounts)
Under each of these configurations are:
- Policies
- Preferences
Choose the configurations you want to modify and save them
Finally, link your GPO to an OU. The group policy settings you have configured will take effect only if you link them to the appropriate container. This could be a domain, site or an organizational unit.
How Lepide Helps with Group Policy Auditing
Given the risks associated with Group Policy changes, it is important that organizations have a structured and proactive approach to Group Policy auditing. Problems can start to arise when multiple Administrators can change Group Policy Objects without proper change tracking mechanisms in place.
Lepide Auditor for Group Policy provides a solution to this problem as it provides one of the easiest ways to pro-actively and continuously monitor and audit Group Policy Objects. It gives clear visibility over who, what, where and when changes are made, and it even allows you to roll back the entire Group Policy Object to its previous ideal state. More than 40 predefined Group Policy audit reports and real-time alerts are included in the Lepide Solution to provide a straightforward approach to what would otherwise be a very manual process.
An example of one of the many pre-defined reports available within the Lepide Auditor is the Group Policy Object Changes Report and this is shown below:
This report displays important information such as Who, When, Operation, Where, GPO Setting Path, GPO Setting, Old Value and New Value. Such reports help administrators take the necessary steps towards monitoring any Group Policy Object Changes.