Group Policy Management in Windows Server 2022: Fundamental Concepts and Working Skills

Windows Server Group Policy Management is a crucial topic in all Active Directory network environments. Group Policy is a one-stop place for network administrators to control network users, groups, and computers. Administrators can apply policies of all types to network users and computers with group policies to further control users’ access and better align their work with the company’s policies.

Group Policy is available on both the server-side and client-side Windows OSes. (except the Home edition on the client side). On the client side OSes, you can utilize group policy using the Local Group Policy Editor window (gpedit.msc) to apply policies to your single computer. On the Server-side OSes, you manage Group Policy using a specialized management console called Group Policy Management Console (GPMC) to apply policies to your AD users and computers.

In a domain environment on the server side, Group Policy is more a part of Active Directory and works hand-in-hand with each other. When you install and configure Active Directory, you install the GPMC as an AD management tool. However, you can also install it separately if you haven’t done it along with the AD DS. Also, you create, link, and manage policies with consideration of AD objects.

With this overview said, this guide covers the basic tasks in managing AD group policy, such as installing Group Policy Management, launching it, creating a Group Policy, editing a Group Policy, linking a Group Policy, and some other conceptual and basic operational skills. So, stick to reading till the end to gain fundamental concepts and working knowledge of Group Policy in Windows Server 2022.

What is Group Policy?

Group Policy is a set of settings that gives you centralized management capabilities for both user accounts and computers that are part of your Active Directory network environment. Let’s say you want to disable the Control Panel and Settings for a collection of your Active Directory users. You can do so by using the related setting in the Group Policy for a GPO and linking that GPO to the AD container that holds the target users or computers.

What is Group Policy Object (GPO)?

A Group Policy Object (GPO) is an object that you create in your Active Directory and holds the Group Policy settings you apply to your AD users and computers. When applying a Group Policy in Active Directory, you first need to create a GPO. Then, you edit the GPO and define your desired Group Policy setting(s) inside that GPO. Finally, you link that GPO to the AD objects to which you want to apply the setting(s).

What is Group Policy Management Console (GPMC)?

Group Policy Management Console (GPMC) is a Windows Server management tool using which you can configure group policies in your Active Directory. This console is a one-stop and central place where you are engaged when managing Group Policy in your Active Directory. This management console works in correlation with your AD objects, such as domains, sites, OUs, etc. Above all, it is the interface where you can view, control, and manage AD Group Policies.

Install Group Policy Management in Windows Server 2022

As mentioned earlier, Group Policy Management gets installed along with Active Directory installation and configuration as one of its management tools. However, if you have not included it with Active Directory, you can separately install it. To do so, you can use both the GUI and PowerShell methods. The following are the steps for the GUI-based method.

1. Open Server Manager from the Start Menu.
2. On the Server Manager console, click Manage in the top-right corner and click Add Roles and Features.

3. Click Next on the first page.
4. Choose Role-based or feature-based installation and click Next.
5. Select the server machine on which you want to install the Group Policy Management feature and click Next.
6. Skip the Server Roles page and click Next.
7. Check out the Group Policy Management option on the Features page and click Next.

8. Click Install on the Confirmation page. It should take a little time to install the Group Policy Management feature.

9. Once finished with the installation, click Close to close the wizard.

To install the Group Policy Management features using PowerShell, follow the below steps.

1. Open Windows PowerShell with administrative privilege. You can right-click the Windows PowerShell in the Start Menu and choose Run as administrator. Alternatively, type powershell in the Run utility (Windows + R), press down Ctrl + Shift + Alt keys, and hit enter.
2. On the PowerShell session, type Install-WindowsFeature GPMC and hit enter. It should take a little time to install the GPMC, and it will show you the success message upon completing the installation.

3. To verify the GPMC installation, type Get-WindowsFeature GPMC and hit enter. See the Install State field.

4. If installed properly, type exit and hit enter to exit the PowerShell.

So, those are the procedure for the two methods you can install the Group Policy Management in Windows Server. Now you should be able to launch it and manage Group Policy in your AD environment.

Launch Group Policy Management Console (GPMC): Different Ways

Now that you know how to install the Group Policy Management in Windows Server, you can launch it using various ways. Here, I discuss four of these methods to open the GPMC.

First and foremost, search for the Group Policy Management in the Start Menu and open it once found. If you have installed the GPMC, you should be able to find it in the Start Menu by searching for it. Once found, you can click it to open it.

Second, the GPMC gets added to the Tools menu in the Server Manager. If you are used to using the Server Manager, this method may be your preferred one. To open the Group Policy Management using the Server Manager, click Tools in the top right corner of the Server Manager and click Group Policy Management.

Third, Group Policy Management also gets added to the Windows Administrative Tools, and you can launch it from there. To do so, search for Administrative Tools in the Start Menu and open it. Then scroll and find the Group Policy Management in the Administrative Tools window and open it.

Last and maybe the best way is to use the gpmc.msc command. You can use this command on PowerShell and Command Prompt sessions and also in the Run dialogue box to launch the Group Policy Management Console. Most often, we use the Run utility, which is a helpful shortcut way.

That is it with opening the Group Policy Management Console in Windows Server 2022.

How to Create a New Group Policy Object (GPO)?

The first skill in managing AD Group Policies is to create a new GPO. By default, there are two GPOs in each domain of your Active Directory: Default Domain Policy liked to the Domain and Default Domain Controller Policy linked to the Domain Controller OU. Also, note that these two GPOs are also present in the Group Policy Objects, as every linked and unlinked GPOs get stored in this container (Group Policy Objects). It is recommended not to edit these two default GPOs unless you know what you are doing.

To create a new GPO, you should decide whether to create a linked GPO or an unlinked GPO. You create a linked GPO directly on the Active Directory object you use for. This GPO also gets stored in the Group Policy Objects. You create an unlinked GPO in the Group Policy Objects, and you can later link it to the AD object of your desire.

To create a linked GPO, follow the steps below.

1. Open GPMC as discussed above.
2. Expand your forest and domain, and select the AD object to which you want to link your new GPO. Then, right-click the AD object and select Create a GPO in this domain, and Link it here.

3. Put a meaningful name for your new GPO and click OK.

Your new Linked GPO is created and also added to the Group Policy Objects.

To create an unlinked GPO, follow the following steps.

1. Open GPMC discussed above.
2. Locate the Group Policy Objects under your intended domain. Right-click it and select New.

3. Put a meaningful name for your GPO and click OK.

Your new unlinked GPO should be added to the Group Policy Objects.

Link a GPO to an Active Directory Object

A GPO does nothing if you do not link it to an object in Active Directory. You link the GPO to an AD object, mostly OUs, and the GPO applies the settings it holds to the users and computers located in that AD object. Depending on your needs, you may link the GPO to an OU, a Domain, or a Site in your Active Directory environment.

To link an OU to an AD domain, site, or OU, follow the below steps.

1. Open the GPMC as discussed in an earlier section.
2. Locate the OU, Domain, or Site to which you want to link an existing GPO. Right-click it and select Link an Existing GPO.

3. Select the GPO(s) you want to link and click OK.

That is how you can link and unlinked GPO to an AD object.

RELATED: Create and Configure an Active Directory User Account.

Edit a Group Policy Object

A GPO is a container for a collection of Group Policy settings. The GPO itself has nothing unless you edit it and set one or more Group Policy settings inside it. For example, to prevent your AD users’ access to Windows Settings, you need to edit the GPO and configure the related Group Policy setting. Then, it applies to the users inside the AD object to which your GPO is linked.

To edit a GPO, follow the below steps

1. Open the Group Policy Management Console.
2. Locate the GPO you want to edit, whether in the Group Policy Objects or in the AD object it linked. Then, right-click the GPO and click Edit.

3. On the Group Policy Management Editor window, you can find and configure your desired Group Policy setting. For example, the GP setting for blocking the external storage for users locates at User Configuration >> Policies >> Administrative Templates >> System >> Removable Storage Access path.

4. Once you find your intended Group Policy setting, open it, and depending on your needs, you can enable, disable, and put it to the Not Configured option.
5. Once set, close the GPME window.

So, that is how you can edit a GPO and configure group policies for it.

What is Group Policy Management Editor (GPME)?

Group Policy Management Editor (GPME) is a configuration console that opens up when you edit a GPO. It holds all the available policy settings you can configure for a GPO. All the group policy settings are either under Computer Configuration or User Configuration, which are the two levels for Group Policy settings.

Computer Configuration: All the settings under this level are called computer-level group policies and apply to the computers regardless of the user account logs in on the computer.

User Configuration: Settings under this level are called user-level policies and apply only to users regardless of the computers they log in with.

RELATED: Create and Configure an Active Directory Group.

Check Policies Set for a Group Policy Object

Another basic and helpful skill you should learn is to check what policies are set for a particular Active Directory GPO. For example, you want to check what policies are set for the Default Domain Policy GPO or any other GPO in your Active Directory environment.

To check the policies set for a GPO, click the target GPO in the Group Policy Objects on the GPMC window. Then, click the Settings tab on the right pane. Skip the warning window by clicking the Close button. Then, scroll down to the Computer Configuration section, and you can see what computer-level Group Policy settings are configured for your GPO and what their path are on the GPME window. Also, you can check the user-level group policies set for the GPO in the User Configuration section below the Computer Configuration section.

All right! That is how you can check the Group Policy settings a GPO holds.

RELATED: How to Create and Configure an AD Organizational Unit.

Wrap Up

Group Policy Management provides a central way of administering AD network users and computers efficiently. It is really a one-stop and helpful place to apply policies to a collection of AD users and computers. Group Policy Management is a crucial part of every Windows Server-enabled network.

With the superb role of Group Policy Management in mind, this article covered some beginner yet fundamental topics to configure Active Directory Group Policy in Windows Server 2022. The article started with discussing the key concepts, such as Group Policy, GPO, and GPMC, and continued on to practical working skills, such as installing GPMC, launching it, creating a GPO, editing a GPO, and linking a GPO. These working skills were the basic but a great place to start with.

I hope this guide could be helpful to you. Feel free to ask your questions and put your thoughts in the comment section. Also, to support us, share this guide with those who can find it helpful. Thank you.