Windows OS is one of the most common in the world. The operating systems of this family work both on home computers and on the most powerful research stations. However, in the latter case, they are much inferior to NIX systems. Although this does not prevent Windows from being perhaps the most recognizable brand in the global IT infrastructure.
However, this circumstance does not prevent home users from knowing almost anything about the principles of the system or its basic settings. Today we will find out what Windows Group Policy is, why it is needed and how to use it correctly.
What it is?
This is the name of a set of rules and settings by which the system administrator can change Windows settings using special settings for user groups. Important! They can be created only within the domain! Simply put, if a user's machine is listed in a different workspace, Windows Group Policy cannot be created for it.
The policy object itself has two separate components: a container and a template. They contain all the information necessary to form a specific settings area for individual user groups. This thoughtful and logical solution allows you to quickly and with minimal effort create the group policy necessary for the system administrator, limiting or expanding user rights.
Needless to say, how beneficial is this practice from an economic and practical point of view when it comes to large companies with thousands of working machines. Since most often they are part of the same domain, there are no problems with setting rights.
Launch Editing Tool
By the way, how do I start the Windows 7 Group Policy Editor ? Very simple. To do this, click on "Start", go to the "Control Panel", and then find the "Administration" option there. There is a point “Local politicians”. By clicking on it, you will be taken to the desired Editor.
Create a new policy
So, with the basic concepts we figured out. It's time to learn how to create a new Windows Group Policy. This is easy enough to do.
You should be aware that by default, not one, but two sets of rules are created: the basic (default) rights for machines belonging to the domain, and a special set of settings for the domain controller. It is the second policy that is intended for the container (we talked about it above).
If you want to create a new object, then your account in the system must have the necessary permissions to carry out such actions. By default, Windows allows administrators of the enterprise and the domain to create policies. To perform this operation, do the following:
- First, make sure your account belongs to either of the two types that we talked about above.
- It is very important that, in principle, the system has tools for its advanced administration. So, the Active Directory Users and Computers snap-in is required. You should be aware that the dsa.msc system file is responsible for its operation.
- Open a console with the name "Users and Computers", and then go to the item with the name of the organizational unit for which Windows Group Policy will be created.
- Right-click on the name, and then select “Properties” in the pop-up menu. A new working window will open in which you should be interested in the "Group Policy Object" tab.
- To make the new container belong to this particular item, left-click on the "New" button.
- After that, a new Group Policy line will appear, the name of which is open in edit mode. Give her some sane name, so that in the future to be able to quickly find the necessary.
How to use items
All this is good, but for the best use of group policies, you need to understand the algorithm for their application by the operating system itself. This is the question we will now consider. So, immediately after starting the computer, the following sequence of actions is performed:
- The registry is read first, after which the computer determines which resource it belongs to. After this, a request is sent to the DNS server to obtain the necessary domain IP addresses.
- After receiving them, the computer automatically connects to the domain in which it is registered.
- A request is sent immediately to existing group policies. The domain sends their list, and it is in that order in which they should be used.
- Accordingly, when a user logs in to the system, all those settings that were saved in the container will be applied to his account.
Update frequency
Simply put, they are used every time you boot the OS and any change of user account. In addition, a policy check occurs every 1.5 hours, and in some cases (group policies of Windows 2008, the server system) - once every half an hour. Domain controllers are updated every five minutes.
Group Policies in Windows 8
In many ways, Microsoft's new operating system, Windows 8, is a completely redesigned and improved version of the Seven. The Windows 7 group policy was not bypassed. It was also significantly optimized and accelerated, which largely explains the increased performance of the new system. The most important innovation is the completely redesigned “Group Policy Client” service, which is responsible for the group policies of the system.
Unlike the previous version, which was first used in Vista, from now on the service is not always started, but is loaded only if necessary. This option is called “Always On Always Connected”. Its abbreviation, AOAC, is found in the literature. How does this service work in Windows 8? Group policies that have not been used for a long time are frozen. In some cases, this allows you to achieve a truly excellent increase in performance. The developers report that the maximum interval during which the service waits for the resumption of policies is five minutes.
Other nuances
Important! If you need to update their list immediately, the GPUPDATE command can be used for this. In addition, the domain itself can send a request to immediately update Group Policies.
Many users are perplexed: “Windows 8 task manager does not have this service, so how is its background maintenance carried out?” The answer is simple - an improved
task scheduler. From now on, group policies themselves can create system buildings, indicating the time when you need to start the service. We emphasize once again that such tasks are created on behalf of the user “SYSTEM”, so you cannot see them.
Differences between the new server versions of Windows OS
Note that this approach only takes place in Windows 8. So, in Windows Server 2012 this function is constantly active and is not unloaded from memory (as with all previous versions of Windows). If the system administrator wants these policies to be constantly running in the Group of Eight, the “Turn off Group Policy Client Service AOAC optimization” service should be activated.
As practice shows, the constantly running local group policy of Windows 7 does not have too serious an impact on the speed of the operating system. Given the capabilities of modern computer hardware, its shutdown is quite capable of causing just the same increase in the time required to perform some operations in the system.
In a word, the point has not yet been set in this matter, and system administrators themselves can choose the options for this service.