Windows Group Policy: What Is It and How to Use It
Whatsapp Pinterest
Advertisement

If you’ve dug into the more technical corners of Windows or have heard chatter from your IT department, you may have heard of Group Policy. But unless you’ve worked in IT, you’ve probably never used it.

Let’s look at this important component of Windows. We’ll examine what Group Policy is, why it’s important, and how you can give it a look.

What Is Group Policy?

Group Policy is a function of Windows that allows you to control the operations of accounts, apps, and Windows itself. It’s primarily intended for enterprise use but can come in handy for home users too (which we’ll discuss shortly).

On its own, a setup in Group Policy only applies to a single computer. You could set up a whole configuration, but it doesn’t have a ton of use on its own. Thus, Group Policy combines with Active Directory in business settings.

As mentioned before when we explained Windows domains What Is a Windows Domain and What Are Its Advantages? What Is a Windows Domain and What Are Its Advantages? What is a Windows domain and what are the advantages of a computer joining one? Let's look at how domains work and why they're so useful. Read More , Active Directory is Microsoft’s user management service that simplifies the administration of large amounts of users. It uses a central server (known as a domain controller) to manage other machines. IT administrators can modify Group Policy settings on the server and they’ll update on all workstation computers shortly.

Because you need a Pro edition of Windows to join a domain, Group Policy is only available on Professional (or above) Windows versions. Home users must try a Group Policy workaround How to Access the Group Policy Editor, Even in Windows Home & Settings to Try How to Access the Group Policy Editor, Even in Windows Home & Settings to Try Group Policy is a power tool that lets you access advanced system settings. We'll show you how to access it or set it up in Windows Home and 5+ powerful Group Policies to boot. Read More to use it.

What Is GPO?

GPO stands for Group Policy Object. It refers to a collection of Group Policy configurations defined for a specific system.

When someone logs into a domain computer, that machine checks in with the domain controller and grabs any recent Group Policy changes. When it does this, it’s downloading the latest GPO from the server.

A company might set up multiple GPOs for different types of users. The standard group might lock down user accounts How to Lock Down Windows User Accounts How to Lock Down Windows User Accounts Letting people use your computer while you're gone could lead to problems. We show you how to restrict Windows features on standard or child accounts so others can't access sensitive info. Read More and have no access to shared folders on the server. Meanwhile, a group for executives would have a completely different GPO and thus, different Windows behavior.

Access the Local Group Policy Editor

A program included in Windows Pro called Group Policy Editor lets you review and make changes to local Group Policy. To access it, simply type gpedit.msc into the Start Menu or Run dialog or use another method to open the Group Policy Editor How to Open the Local Group Policy Editor in Windows 10 How to Open the Local Group Policy Editor in Windows 10 Need to know how to access a local Group Policy Editor window? We show you how to open this and what to do once inside. Read More .

In the Group Policy Editor, you’ll see the Computer Configuration and User Configuration fields. As you might guess, the former holds settings that apply to the entire machine, while User Configuration is only for the current user.

Windows 10 Group Policy Editor

You can adjust all sorts of options here; we’ll sample a few below.

Examples of Group Policy Uses

Most Group Policy tweaks simply change Registry values 5 Windows 10 Registry Tweaks to Improve & Unlock Features 5 Windows 10 Registry Tweaks to Improve & Unlock Features The registry editor is the only way to enable some of Windows 10's hidden features. Here we'll show you easy tweaks like enabling the dark theme or hiding folders. Read More . Since Group Policy is much more user-friendly (and less dangerous), there’s not much of a reason to go digging in the Registry for system admins.

Now that you know how to access Group Policy, what might a company use it for?

Folder Redirection

By default, Windows places your standard folders like Documents and Pictures at C:\Users[Username]. While this is fine, some companies might prefer their employees store documents on a server for easier retrieval or so a department can more easily share resources.

In this case, you can use Group Policy to easily redirect these user folders How to Move Your User Folders in Windows 10 How to Move Your User Folders in Windows 10 Want to tweak the location of your Windows user folders? It can help you free up space on your system drive or manage backups. Read More for everyone. When they click the Documents shortcut in the File Explorer, they’ll access a network resource instead of a local folder.

Change Computer Options

Windows lets you change all kinds of settings through both the Settings app and Control Panel. Administrators understandably don’t want users changing all of these as they see fit.

So you can use Group Policy to set these settings and lock users out of changing them. For example, you might set power options to turn off displays after a set amount of time, choose default programs, and lock users out of changing internet connection options.

Security Settings

Group Policy Password Settings

Group Policy allows you to set many criteria for account security. IT staff can set password policies that specify a minimum length, enforce complexity, and force users to change their passwords every so often. You can also use a lockout policy to freeze the user’s account if they enter incorrect credentials too many times.

Map Network Drives and Printers

You’re probably familiar with your local C: drive in the This PC window, but did you know you can add network locations as their own drives too? This makes it easy for users to access folders on a company server, as they don’t have to remember exact locations.

Instead of having to manually add network shares for each new user, Group Policy can simply map them automatically. And if a location ever changes, you can adjust it one time in the GPO instead of dozens or hundreds of times on individual computers.

It’s a similar story with printers. When a company installs a new printer, they can simply add it to Group Policy and install its drivers on all computers.

And Much More

You might be surprised at some of the available options in Group Policy. Some of them seem almost silly, but they really allow for fine-tuned control of Windows for any situation. We’ve covered the best Group Policy to improve your PC 12 Ways Windows Group Policy Can Make Your PC Better 12 Ways Windows Group Policy Can Make Your PC Better The Windows Group Policy grants you advanced control over your system, without having to mess with the registry. We'll show you how to easily customize Windows in ways you didn't think were possible. Read More .

Some of the deeper examples:

  • Deny read and/or write access to CDs or other removable drives
  • Remove all access to Windows Update
  • Remove all sorts of options from File Explorer
  • Prevent addition or removal of printers
  • Hide the clock and other Taskbar elements

What Is Group Policy Management Console?

The local Group Policy Editor mentioned above, gpedit.msc, only applies to one computer. To manage a domain, you must use the Group Policy Management Console (GPMC) installed on a domain controller.

GPMC provides many more options, including importing and exporting, searching for GPOs, and report creation. It’s an enterprise tool designed to apply GPOs across an entire network.

You can add Group Policy Management Console to Windows Pro (or better) if you want to look around at it. First, you’ll need to install Windows Remote Server Administration Tools (Windows 10 | Windows 7).

After that, type windows features into the Start Menu and open Turn Windows features on or off. Expand Remote Server Administration Tools and Feature Administration Tools below it, then make sure you have Group Policy Management Tools checked too.

To launch the tool, type gpmc.msc into the Start Menu or Run dialog. Then you can take a look, but remember that there’s not much point to using this on a non-server machine.

If you’re interested in mastering Group Policy for business use, take a look at Coursera’s System Administration and IT Infrastructure Services course, which includes information on Group Policy.

Now You Understand Windows Group Policy

We’ve taken a look at what Group Policy is, how to access the Group Policy editor, and what its purposes are. If you don’t remember anything else, just know that Group Policy allows system administrators to control all aspects of Windows across computers on a domain from one central location.

For the average home user, Group Policy isn’t something you’ll need to use. But it’s a vital part of Windows, and worth learning a bit about.

Like how Group Policy can tweak the system? Check out Windows 10 features you can safely disable on your own 9 Windows 10 Features You Can Safely Disable 9 Windows 10 Features You Can Safely Disable Windows 10 is packed with features, but a lot of them are unnecessary. Here's how to safely prune unwanted features off your Windows 10 system for a more streamlined experience. Read More .

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. KwaK
    October 5, 2018 at 10:20 am

    ... and if you have a Windows 7/10 "Home" edition, don't bother - you don't have the Group Policy settings available.

    • Ben Stegner
      October 5, 2018 at 2:09 pm

      Yes, I mentioned this in the first section so Home users would be aware.