Group Policy is a feature in Active Directory (AD) environments that allows administrators to centrally manage and configure settings for users and computers. Here are some key Group Policy terms:
1. Group Policy Object (GPO): A collection of policy settings that can be linked to Organizational Units (OUs), domains, or sites within an AD environment. GPOs enable administrators to apply settings and restrictions to users and computers.
2. Group Policy Management Console (GPMC): A centralized interface for managing Group Policy within an AD environment. GPMC allows administrators to create, edit, link, and delete GPOs, as well as manage security filtering and delegation.
3. Security Filtering: A mechanism that allows administrators to target GPOs to specific users, groups, or computers. Security filtering is based on the permissions assigned to security principals (e.g., Read and Apply Group Policy).
4. WMI Filtering: Windows Management Instrumentation (WMI) filtering enables administrators to target GPOs to computers based on criteria such as operating system, hardware, or installed software. WMI filters are applied to GPOs using WMI Query Language (WQL) queries.
5. Loopback Processing: A Group Policy setting that allows administrators to apply user policy settings based on the computer account rather than the user account. This is useful for applying consistent settings to users on specific computers, such as kiosk or lab machines.
6. Resultant Set of Policy (RSoP): A tool for analyzing the cumulative effect of applied GPOs on a user or computer account. RSoP helps administrators determine which policy settings are being applied and troubleshoot potential issues.
7. Inheritance: The process by which GPOs are applied to child objects (e.g., sub-OUs) based on the settings applied to parent objects (e.g., parent OUs or domain). Inheritance can be blocked or enforced to control the propagation of GPO settings.
8. GPO Link: The association between a GPO and an OU, domain, or site in AD. The link determines where the GPO's settings are applied.
9. GPO Precedence: The order in which GPOs are processed and applied to users and computers. GPO precedence is determined by the link order, with lower numbers having higher precedence. If multiple GPOs have conflicting settings, the GPO with the highest precedence takes effect.
10. Delegation: The assignment of permissions to specific users or groups, allowing them to manage GPOs or parts of GPOs. Delegation enables administrators to distribute GPO management tasks to other users while maintaining control over sensitive settings.
Комментариев нет:
Отправить комментарий