Configure Windows Server 2016 Group Policy

Group Policy is a feature of the Microsoft WindowsNT family of operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users’ settings in an Active Directory environment. Group Policy is the key to consistent and secure Windows account configuration. It’s a major part of Active Directory.

Active Directory is Microsoft’s user management service that simplifies the administration of large amounts of users. It uses a central server (known as a domain controller) to manage other machines. IT administrators can modify Group Policy settings on the server and they’ll update on all workstation computers shortly. When someone logs into a domain computer, that machine checks in with the domain controller and grabs any recent Group Policy changes. When it does this, it’s downloading the latest GPO from the server.

Lets start with creating AD OU (Active Directory Organizational Unit )and users. So, basically this is my scenario:

My configuration scenario

Start AD and prepare AD structure as follows. You can obviously change it with your own structure.

AD Structure

Before going to next step, assign client and users in AD OUs.

AD Computers & Users List

Start Group Policy Management from Server Manager.

Group Policy Management

Time to create GPO and link them with our AD OUs.

Create GPO

Right click on newly created GPO –> Edit. It will open new window for Group Policy Management Editor. For example, we will install google chrome and grepwin using GPO. It is better to use UNC as a software path for installation. For this, required files and folders from the server must be shared before going for next step.

Creating GPO for Software Installation

Close Group Policy Management Editor. You can enforce this policy checking Enforced option. After that start cmd and run gpupdate /force on the server.

The Enforce setting is a property of the link between an Active Directory container and a GPO. It is used to force that GPO to all Active Directory objects within a container, no matter how deeply they are nested. The settings within a GPO that is enforced override other settings that would prevail because they are applied later. If there are conflicting settings in GPOs that are enforced at two levels of the hierarchy, the setting enforced furthest from the client prevails. This is a reversal of the usual rule, in which the setting from the nearest-linked GPO would prevail. 

Restart Client ( for now Client01) and it should get chrome and grepwin installed. If they are not being installed automatically, please run gpupdate /force . 

Chrome & Grepwin installed using GPO

For all other configurations, you can use same concept.

Additional: For changing Desktop Background.

Set Desktop Background using GPO

Anup Chhetri

IT system administrator

You may also like...

error: Content is protected !!