It used to be easy to manage computers, even a small group of computers, but Network Administrators are now asked to manage not just hundreds of computers, but computers located in different geographical areas. The way to do this effectively is with Active Directory and creating Group Policies.
The last thing that a network administrator wants is to setup users and computers blindly in the network infrastructure. Group Policy is an infrastructure that allows you to implement specific configurations for users and computers throughout the network. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to Active Directory directory service containers. These include sites, domains, or organizational units (OUs). The hierarchical nature of Active Directory allows the settings within GPO's to be managed. This means that Group Policy is one of the reasons to deploy Active Directory; it allows you to manage user and computer objects.
- A Site object in Active Directory represents a physical geographic location that hosts networks.
- A domain is a logical group of computers that share a central directory database. Their physical location is irrelevant as long as they can communicate.
- Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units. It is the smallest scope or unit to which you can assign Group Policy.
An Active Directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains.
Active Directory performs many functions. It provides information on objects. It organizes these objects for easy retrieval. It allows access for administrators and end users depending on the operation and it allows the administrator to set security up for the directory.
An object can be a piece of hardware such as a printer, or an end user or even security settings set by the administrator. Furthermore, objects can hold other objects within their file structure. All objects will have an ID, which is usually an object name, i.e. a folder name, and a set of attributes that characterize the object. Typically this is called the schema.
As computers have become more sophisticated, managing them and the users that use them has also become more challenging. Consider the types of users that used computers twenty years ago: there was only one type - PC users. Today administrators must deliver and maintain customized desktop configurations for many types of workers like mobile users, application workers, database users or developers or even for those with specialized operations like data entry.
Consider Security. This used to be confined only to login and password operations, but it must now be more critically managed. Security problems used to be limited to viruses, and introducing virus protection software usually took care of the problem. Not anymore. Problems like identity theft, hacking, online file theft plus the myriad of spam and new virus offering make security a top priority. So security settings, including updates, permissions, and firewalls, are some features must be delivered efficiently to all the computers and devices in the organization.
Change and configuration management is now the order of the day. New users must hit the ground running; they must be productive quickly without costly training. And if there is a computer breakdown or disaster, service must be restored quickly without or limited data loss or time lost. Furthermore, if there is a breakdown, the recovery should be at minimal cost. These considerations force administrators to set policies to implement change quickly and which therefore will affect large numbers of users and computers.
These are reasons why Group policy is needed. One policy for the group.
