Group Policy is used to configure multiple Microsoft Active Directory directory service users and computer objects from a single point. By default, the policy affects not only the objects in the container where the policy is applied, but also the objects in the child container.
Group Policy includes security settings under Computer Configuration, Windows settings, and security settings. You can import the preconfigured security templates into policies to complete the configuration of these settings.
Apply Group Policy
The following steps show how to apply Group Policy and how to add a security group to user rights assignment.
Apply Group Policy to an organizational unit or domain
1. Open Active Directory Users and Computers by clicking Start, click Administrative Tools, and then select Active Directory Users and Computers.
2. Highlight the related field or organizational unit, click the Action menu, and choose Properties.
3. Select the Group Policy tab.
Note: Multiple policies can be applied to each container. The processing order of these policies is from the bottom of the list up. If there is a conflict, the last applied policy takes precedence.
4. Click New to create a policy and assign it a meaningful name, such as Domain policy.
Note: Click the "Options" button to configure the "No Override" setting. "No Override" is configured for each individual policy, not for the entire container, and "Block Policy inheritance" is configured for the entire container. If the "No Override" and "Block Policy inheritance" settings conflict, the "No Override" setting takes precedence. To configure block Policy inheritance, select the check box in the OU property.
Group Policy can be updated automatically, but to start the update process immediately, use the following GPUpdate command at the command prompt: Gpupdate/force
To add a security group to user rights assignment
1. Open Active Directory Users and Computers by clicking Start, click Administrative Tools, and then select Active Directory Users and Computers.
2. Highlight related OUs (such as member server), click the Action menu, and choose Properties.
3. Click the Group Policy tab, select the relevant policy (such as the Member Server Baseline Policy), and then click Edit.
4. In Group Policy Object Editor, expand Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then highlight user rights assignments.
5. In the right pane, right-click the related user right.
6. Select the Define these policy settings check box and click Add Users and groups to modify the list.
7. Click OK.
Import a security template to Group Policy
The following steps show how to import a security template to Group Policy.
Import Security Templates
1. Open Active Directory Users and Computers by clicking Start, click Administrative Tools, and then select Active Directory Users and Computers.
2. Highlight the related field or OU, click the Action menu, and choose Properties.
3. Select the Group Policy tab.
4. Highlight the relevant policies and click Edit.
5. Expand Computer Configuration, click Windows Settings, and then highlight security settings.
6. Click the Action menu and select Import Policy.
7. Navigate to \security guide\job Aids, select the related template, and click Open.
8. In Group Policy Object Editor, click the File menu and choose Exit.
9. In the container properties, click OK.
Using Security Configuration and analysis
The following steps show how to use Security Configuration and analysis to import, analyze, and apply security templates.
Import Security Templates
1. Click "Start" and "Run" in turn. Type mmc in the Open text box, and then click OK.
2. In the Microsoft management console, click Files and select Add/Remove Snap-in.
3. Click Add to highlight Security configuration and analysis in the list.
4. Click "Add", "Close" and "OK" in turn.
5. Highlight security Configuration and analysis, click the Action menu, and choose Open Database.
6. Type a new database name (such as Bastion Host) and click Open.
7. In the "Import Template" interface, navigate to \security guide\job Aids, select the relevant template. Click Open.
Analyze imported templates and compare to current settings
1. Highlight security Configuration and analysis in the Microsoft snap-in, click the Action menu, and select Analyze Computer now.
2. Click OK to accept the default error log file path.
3. After completing the analysis, expand the node title to study the results.
Apply Security Templates
1. Highlight security Configuration and analysis in the Microsoft snap-in, click the Action menu, and select Configure Computer now.
2. Click OK to accept the default error log file path.
3. At the Microsoft Management console, click File, and then select Exit to turn off security configuration and analysis.