What is Group Policy?
Group Policy is a toolset inside the Microsoft Windows Server operating systems that enables IT administrators to centrally manage many aspects of both their domain user accounts, as well as domain-joined computer accounts. In fact, it can even be used without a domain in the mix, but we'll talk more about that in a few minutes.
Most of the time, Group Policy is used when you need to publish or issue out settings to a wide (or narrow) base of users or client desktop computers within a corporate environment. Group Policy is incredibly useful for these kinds of tasks, and can save IT departments countless man-hours as opposed to putting these same settings into place on all of their computers in a manual fashion. While Group Policy provides desktop administrations with a ton of flexibility and extra free time, it can become even more powerful when you realize that computer accounts inside Active Directory include desktop/laptop computers as well as servers. Most companies have separated roles for Desktop Administrators and Server Administrators, but both can benefit greatly from the powers that are stored inside Group Policy. In today's information-security-focused mindset, where are we most often putting that focus? Certainly, we are somewhat putting that focus on the users and their devices, making sure that those computers aren't influenced in a negative way from outside forces, but I would say that the majority of our network-security provisioning is placed on the server infrastructure side. The servers in your network are the devices that are providing services and storing your data. Keeping that data safe is a big, big deal. Securing your servers is essential in today's world, and there are many ways that Group Policy can be used to enforce that security.
All of this sounds good on paper, but that doesn't mean anything unless you know how to set up, configure, and really use Group Policy. That is the entire purpose of this book. We will be hands-on, as much as possible, as we discuss Group Policy, its management consoles, and the ways that you can use it right now in your network. There will be many step-by-step examples of establishing and distributing common settings that companies are using to secure their environments. We will also cover examples of settings that are not so commonly used, but probably should be. There are many ways to spend money on third-party solutions to have management capabilities of your company devices, but for anyone who really takes some time to dig into Group Policy, I think you will be surprised at how many of those capabilities already exist and are just waiting to be tapped into.