Describe the three types of GPOs and how they are deployed I

Describe the three types of GPO’s and how they are deployed. Is it necessary to have a maintenance strategy for GPO’s, why or why not?

Solution

Answer:-

Who gets Deploying Group Policies :-

Once you\'ve customized your Group Policy Objects, you need to incorporate them into Active Directory so that your users can receive the appropriate settings. You accomplish this by linking Group Policy Objects to various containers within Active Directory: sites, domains, and Organizational Units.

Once you\'ve linked a GPO to a container, every object within that container will receive the GPO settings by default. In this section we\'ll look at how to link GPOs throughout your AD infrastructure, and how GPOs interact with one another if you have multiple objects linked to different points in your AD tree.

We\'ll close with a look at some more advanced deployment topics such as controlling GPO inheritance and using security groups to fine-tune GPO deployment.

1) Configuring Policy Inheritance :

In a complex network, you may find yourself with numerous GPOs deployed at various points throughout the infrastructure. It\'s important to understand how these different policies will interact with each other and ultimately affect your users. Much like NTFS permissions in the Windows file structure, Group Policy settings adhere to specific rules of inheritance.

1. First, the Local Group Policy Object will be applied.

2. Second are any GPOs applied to the site the user and computer belongs to.

3. This is followed by any GPOs applied to the user\'s domain.

4. Finally, any GPOs linked to Organizational Units will be applied. If you have a nested OU structure, the GPO linked to the topmost OU will be applied first, and then the GPOs of any child OUs.

2) Customizing Policy Inheritance:

It\'s described is the default behavior of Group Policy inheritance. But like anything else within Active Directory, you can customize these rules to finely control the way that Group Policies are deployed throughout your network.

3) Blocking GPO Inheritance :

If you have an OU that requires a very specific configuration, you may decide that you only want a single GPO to apply to it, so as to avoid interactions with other policy objects. You can accomplish this by right-clicking the OU within the Group Policy Management Console and selecting Block Inheritance.

As the name suggests, this will prevent any GPO settings elsewhere in Active Directory from being applied within this particular OU; it will only receive settings from GPOs linked directly to the OU itself.