Group Policy provides the ability to manage configuration and changes easily and centrally in Active Directory.

Allows configuration of :

• Security settings
• Registry-based policy settings
• Group policy preferences like startup/shutdown/log-on/logoff scripts settings
• Software installation

GPOs have two levels of settings application:

• Computer: settings that apply to the computer
• Users: settings that apply to the user

In addition, for each of these two categories we have a further classification:

• Policies: settings that CANNOT be changed by the user
• Preferences: settings that can be changed by the user

Refresh interval

According to Microsoft, by default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes, which forces the application of specific settings to any machines in an OU/site where the GPO is linked.

Restricted Groups

Let's imagine being system administrators of a company and having installed a new server on which the application system administrator will have to access with his own domain credentials and complete the configuration of the management system.

To avoid having to give Domain Admin permissions or having to create a local account with Local Admin permissions on one or more machines manually, it is possible to manage the local groups of individual machines through Restricted Groups.