Configure Windows Server 2016 Group Policy
Group Policy is a feature of the Microsoft WindowsNT family of operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. Group Policy is the key to consistent and secure Windows account configuration. It's a major part of Active Directory.
Active Directory is Microsoft’s user management service that simplifies the administration of large amounts of users. It uses a central server (known as a domain controller) to manage other machines. IT administrators can modify Group Policy settings on the server and they’ll update on all workstation computers shortly. When someone logs into a domain computer, that machine checks in with the domain controller and grabs any recent Group Policy changes. When it does this, it’s downloading the latest GPO from the server.
Lets start with creating AD OU (Active Directory Organizational Unit )and users. So, basically this is my scenario:
Start AD and prepare AD structure as follows. You can obviously change it with your own structure.
Before going to next step, assign client and users in AD OUs.
Start Group Policy Management from Server Manager.
Time to create GPO and link them with our AD OUs.
Right click on newly created GPO --> Edit. It will open
Close Group Policy Management Editor. You can enforce this policy checking Enforced option. After that start cmd and run
The Enforce setting is a property of the link between an Active Directory container and a GPO. It is used to force that GPO to all Active Directory objects within a container, no matter how deeply they are nested. The settings within a GPO that is enforced override other settings that would prevail because they are applied later. If there are conflicting settings in GPOs that are enforced at two levels of the hierarchy, the setting enforced furthest from the client prevails. This is a reversal of the usual rule, in which the setting from the nearest-linked GPO would prevail.
Restart Client ( for now Client01) and it should get chrome and grepwin installed. If they are not being installed automatically, please run
For all other configurations, you can use same concept.
Additional: For changing Desktop Background.