Group policies in Microsoft Active Directory

Microsoft Active Directory allows you to use group policies to define user or computer settings for an entire group of users or computers at one time. The settings that you configure are stored in a Group Policy Object (GPO), which is then associated with Active Directory objects such as sites, domains, or organizational units.

Group policies cover many different aspects of the network, desktop, and software configuration environment, including:

• Application deployment policies: These policies assign or publish applications to users or computers, and affect the applications that users access on the network.
• File deployment policies: These policies allow an administrator to place files in special folders on the user's computer, such as the desktop or My Documents areas.
• Script policies: Using a script policy, an administrator can specify scripts that should run at specific times, such as login/logout or system startup/shutdown.
• Software policies: Administrators can use software policies to globally configure most of the settings in user profiles, such as desktop settings, Start menu options, and applications.
• Security policies: These policies allow an administrator to restrict user access to files and folders, configure how many failed login attempts will lock an account, and control user rights.

If you have questions about using Active Directory group policies at Indiana University, contact your local UITS support person, or have the local UITS support person contact Tier 2 Support.