Terms
Here are some basic terms
you need to be familiar with before
drilling down into Group Policy:
Local policy -
Refers to the policy that configures the
local computer or server, and is not
inherited from the domain. You can set
local policy by running gpedit.msc
from the Run command, or you can add
"Group Policy Object Editor" snap-in to
MMC. Local Policies also exist in the
Active Directory environment, but have
many fewer configuration options that
the full-fledged Group Policy in AD.
GPO - Group Policy
Object - Refers to the policy that
is configured at the Active Directory
level and is inherited by the domain
member computers. You can configure a
GPO – Group Policy Object - at the site
level, domain level or OU level.
GPC – Group Policy
Container - The GPC is the store of
the GPOs; The GPC is where the GPO
stores all the AD-related configuration.
Any GPO that is created is not effective
until it is linked to an OU, Domain or a
Site. The GPOs are replicated among the
Domain Controllers of the Domain through
replication of the Active Directory.
GPT - Group Policy
Templates - The GPT is where the GPO
stores the actual settings. The GPT is
located within the Netlogon share on the
DCs.
Netlogon share - A
share located only on Domain Controllers
and contains GPOs, scripts and .POL
files for policy of Windows NT/98. The
Netlogon share replicates among all DCs
in the Domain, and is accessible for
read only for the Everyone group, and
Full Control for the Domain Admins
group. The Netlogon's real location is:
C:\WINDOWS\SYSVOL\sysvol\domain.com\SCRIPTS
When a domain member
computer boots up, it finds the DC and
looks for the Netlogon share in it.
To see what DC the
computer used when it booted, you can go
to the Run command and type %logonserver%\Netlogon.
The content of the Netlogon share should
be the same on all DCs in the domain. |
